Small Businesses, How Secure Are Your Payments?
As many new payment systems enter the market to allow people to pay by swiping through a mobile phone's attachment, waving a credit card over a wireless chip reader, or using mobile payment options, you have to consider how safe these options are. Although there are some built in security options, keep in mind that security is always a game of catch up; very smart people with either nothing better to do or the specific job of hacking your payment systems can dedicate a lot of time to getting around security. Here are a few security concerns to consider as you assess your Payment Card Industry (PCI) security strength.
Protection Against Interference
Wireless connectivity is a high-stakes battlefield of security. It's all about making sure that the encrypted data is as secure as possible, because anyone who can get in the middle of the data--or send a beam to read in the air gap between the card and the reader--can steal information.
At the personal, single transaction level, such spying is useless. It takes time to break into encrypted payment information, and by the time the encryption is cracked, the data is mostly useless. There's simply easier and more profitable ways to be a criminal.
Research for bigger crimes, however, is worth the time.
If your business isn't securing multiple attack vectors (methods and directions of hacking), you could be giving a local hacker all of the practice they need to break into the system. PCI compliance exists to make spying harder by establishing a system of inspections and corrective measures.
Although many parts of PCI compliance are based on data security and programmed techniques, a detailed walkthrough of your kiosk, single unit office, or even a review of how your phone and payment device work together can highlight a few different ways that hackers could abuse your systems.
System Scans Follow-Up Reports
How secure is your business network? Are all of your systems used for business purposes only, and are users properly restricted from accessing certain resources?
One way for hackers to gain access to your payment systems is to access less important, seemingly unrelated systems. If a hacker can send an email to you or an employee that seems trustworthy, but infects your system with a virus, the hacker can listen for information that could give them other ways to access the more secure systems.
To stop hackers from winning through a slow game of listening and creeping towards higher infiltration, allow an Information Technology (IT) PCI assessments team to perform system scans in your business. Penetration testing can figure out multiple angles of attack while highlighting ways that a seemingly innocent click could lead to disaster.
Contact an IT PCI assessment professional, such as from The Cyber Watch,
to schedule scans, assessments, and future projects for hardening businesses of any size.