Visa revealed some good news recently when the credit card giant reported that 96 percent of the largest businesses that accept Visa cards are not storing prohibited information, known as track data. This includes PIN and CVV2 numbers.
This shows that some organisations are getting the concept that if you don’t need it, don’t store it. Of course, what Visa isn’t saying is that these large businesses are succeeding because they’re feeling the most heat from their acquirers, assessors and the major credit card companies to comply - or face some big-time fines.
Yet it’s the little guys - the more than six million Level Four merchants who are not required to validate PCI compliance - that are failing to purge their data banks of these sensitive records.
We all know attacks are getting more targeted by the day, so even the dry cleaners around the corner is susceptible to a hack. Attackers don’t necessarily want to hit a TJX jackpot every time they’re at work; they want to find the path of least resistance.
As Visa notes in its announcement Monday, “more than 80 percent of all identified compromises since 1 January, 2005 occurred at small businesses.”
That’s why the folks at Visa are making it a priority to educate smaller merchants about the risks of storing unneeded information.
I’m always amazed at how simple data security can be sometimes. Just get rid of the stuff that serves zero purpose. And then, once it’s gone, make sure not to store it again.
Everyone needs to pay attention to PCI
By Dan Kaplan on Aug 8, 2007 2:46PM