If you have been keeping up with our blog recently you’ll remember that last week I discussed the inherent vulnerabilities of non-PCI compliant peripheral devices. In particular the mobile MSR (magnetic stripe reader) devices being provided by a merchant processing service provider called Square Up. The free and convenient device is easy to use and an attractive payment solution for many budding entrepreneurs and e-bay hobbyists. What the customer isn’t told however is that the device does not comply with the PCI DSS (payment card industry data security standard) requirement regarding data encryption.
Strong data encryption measures are essential for wirelessly transmitted information due to its sensitive nature. Devices with easily defeated or compromised data encryption software put both the merchant and the cardholder at unnecessary risk. The fact of the matter is this: whether you see them or not, hear about them or not, the cyber world is teeming with thieves and opportunists looking for someone careless to take advantage of. And the criminals are getting more skilled, efficient and invisible as time goes on. All of the IT security and electronic payments industry experts agree without dissent on one sure fact, namely that computer and information security incidents are on a steady rise.
PCI compliance for your business is not only your obligation if you process electronic payments; it’s your duty as a responsible merchant and fellow hardworking American to perform the due diligence of sensitive authentication data protection. Becoming PCI compliant and regularly monitoring and maintaining PCI compliance benefits your business, your customer, and the overall integrity of the entire electronic payments system.
Will Square Up recognize the importance of the PCI compliance protocols before some kind of large scale, cooperative, synchronized data theft is perpetrated? One can only speculate about such matters. One does not need to speculate, now that you’ve read these words and know better, whether or not the use of non PCI compliant devices is worth the risk.
See our homepage to find out how to officially validate your PCI compliance absolutely free.