A lot has been written on how consumers that shopped at Target in the past few weeks can protect themselves. There has been a small amount written about how hackers pulled off the Target hack. Very little has been written about how small business owner’s can protect themselves and their business reputation.
If your unfamiliar with the story…Target stores have discovered that up to 40 million credit card records were recorded and accessed by someone outside of the company. The activity seems to have taken place beginning after Thanksgiving and running into this month. Even though the mainstream media gives you the idea that someone hacked the point of sale registers in the checkout lanes, most likely this was an attack carried out over the network in Target’s servers. Most information related to the story is speculation at this point while the investigation by Target and the U.S. Secret Service.
Stories like this are a good opportunity for everyone including small business owner’s to tune-up their security measures. You are beholden to your customers to protect their personal and financial information that they entrust to you. The first step is developing smart steps that you can take to lessen security risks. You also need to document these procedures and train employees on how to implement correctly. Lastly you will need to follow up to confirm that employees are following these procedures.
The industry has developed a very good system of guidelines and rules. It is called Payment Card Industry Security Council standards. This commonly referred to as PCI-Compliance. It governs how and where you can store credit card information. If you are out of compliance you can be fined. The fines are relatively small and the questioning is mostly on the honor system. It is a very important system that if followed does provide for strong security for not only credit card information, but your entire network infrastructure.
Visa has some great practical advise for point-of-sale systems in store sales areas:
- Anchor POS equipment securely to stands or counters
- Run wiring in conduit or through the structure of the sales counter
- Daily check for possible tampering such as loose screws or frayed wiring or damaged connectors
- Look for unauthorized video cameras in the sales desk area
- Use a closed circuit camera system to monitor the equipment and ensure employees are following security procedures
- Be sure to carefully position cameras so that they do not record PIN number entry