Login     Sign Up     |      Home      Regions      Verify a Certification     EBA Portal    

Is Your Business a Data Fraud Target?


The risk exposure for your business depends on how the business is operated. If any of the questions to the left of this article got a “yes” from you then you need to smarten up your data security practices. There’s still the chance that your business could become a target of data fraud even if you answered “no”. Visa has compiled a list of the four main vulnerabilities businesses need to be aware of if they want to avoid data fraud.
 
1. Storing Sensitive Data such as Magnetic Stripe Data
There are two strings of encoded payment data contained in the magnetic strip on payment cards. This data is known as “track data” and it can be used by data thieves to create a counterfeit card and for other kinds of fraud. The cardholder data on the magnetic stripe is received by the point-of-sale (POS) system when payment cards are swiped. The system will generally store the information after authorizing the transaction; sometimes without the knowledge of the business owner. This is a violation of the terms of service of Visa.
 
Other than storing data from the magnetic stripes, Visa has found compromises in other data that they prohibit storage of, including the CW2 number and PIN data. This CW2 number is the three-digit number on the back of the card that is used for online and telephone purchases. Customers enter their PIN number when making a debit transaction, and the Pin Entry Device creates an encrypted PIN block during debit transactions.
 
2. Outdated/Missing Security Patches
Hackers are always attempting to exploit software vulnerabilities. They also aim to find new and unknown vulnerabilities in commercial software products. These exploits are met with software patches and updates to close the vulnerability. It’s vital that you apply updates and patches as soon as you are offered them to reduce the chances of compromised security.
 
3. Default Settings and Passwords
Vendors sell their hardware and software products with preset passwords and settings. It’s easy for hackers to guess these passwords and settings, and they are even shared among hacker groups and chat rooms. After an attacker gains access to such a system, it’s easy to turn off security measures, access databases, and remove any traces of intrusion. The victim doesn’t even know anything has happened unless the damage is visible. Even then, they have no way to trace who did it.
 
4. Uncontrolled Access to Sensitive Information
A major risk for small business owners is that sensitive customer data can simply vanish. Paper files, laptops, and data files are portable. Without strict controls put in place, it’s easy for the information to just vanish and appear where it shouldn’t be.
 
Four Simple Questions for Ranking Your Risk Level
  1. Do you use computer-based payment applications or applications connected to the internet for card payments, rather than a dial-up terminal?
  2. Do you have several systems connected to the payment connection, and do any of these connect to the internet?
  3. Does your business have wireless internet access?
  4. Is there an e-commerce aspect of your business?