
History of Merchant Services
July 5, 2015
The future is here (sort of)
April 14, 2016If you have watched the news you’ve seen a rash of data breaches lately. This unfortunately is not new but the two big ones that brought this into a national spotlight were Target and Home Depot. Both of those breaches had one thing in common: the thieves were able to access data using a third party’s access. In Target’s case, thieves were able to steal the credentials from a company that provided refrigeration and HVAC services to Target by having someone in the company open an infected email and once in, were able to move around freely on Target’s network and upload malware onto their POS system. Home Depot was similar, with the thieves using a third-party’s credentials, but that alone was not able to give them access to the POS system. They had to exploit a vulnerability in Windows (that has since been patched) to gain access.
You are asking yourself as a business owner, how can I stop that? After all the fault lies elsewhere. The simplest thing to do is to keep the customer’s information on a separate system. You wouldn’t give your cleaning crew your customer’s information, so why should their network credentials allow access to that? Only those on a need-to-know basis should have access to the customer’s information (whether it be email addresses or financial data or the like). And remember to keep all of your software updated, and while there are some vulnerabilities that Microsoft will find too late, at least that will make the thieves have to work harder. This is all part of PCI compliance and your customers will thank you for it.




