We’ve been talking on the blog here about a comprehensive report of industry fraud compiled over the last year by one of the top QSAs (qualified security assessor) in the business. Some of their key points may enlighten you. Keep in mind that your best defense and preparation for the possibility of sensitive personal or authentication data being stolen is to be PCI compliant. The PCI DSS (payment card industry data security standard) is a list of goals and procedures that, when followed vigorously, inures your business against vulnerability of a data breach.
One interesting piece of data is indicates that hackers still often target electronically stored customer records. In fact of the breached data investigated while researching for the report, 89 percent of the data was customer records. Theft of intellectual property and trade secrets trailed customer records at only six percent. However, sophisticated and coordinated attacks bent on retrieving this type of data are increasing in frequency and rate of success. The QSA also says that its own investigation frequency has risen by 42 percent than the previous year. This included over 300 investigations involving breached data and spread over 18 countries around the world. The increased frequency of investigations follows an increased rate of cyber theft attacks, which are becoming more effective, as well as a rise in fraudulent activity in the Pacific Rim.
Unfortunately, for the second year running, the food and beverage industry claims the top spot for cyber-thief quarry. In 2011 this industry accounted for almost 44 percent of data breaches investigated by the QSA.
If you own a restaurant that takes credit cards and you are not currently PCI compliant, you are tempting fate. Just because you think you’re too small to attract notice doesn’t make you any less likely to be the victim of a data breach. If you are found to be PCI compliant at the time of a data breach, the industry affords certain protections and assurances and most processors include a modest amount of breach coverage. But again that is only if you are PCI compliant. If you are not PCI compliant, you’re on your own when it comes to the legal fees, industry fines and other liabilities that will sum up to a hefty bill that will most likely put you out of business…permanently. See our homepage to find out how your business can certify its PCI compliance today, absolutely free.