In spite of stringent standards and procedures as dictated by the Payment Card Industry Data Security Standard (PCI DSS), the payment card system used by Wendy’s was hacked in the fall of 2015. Neiman Marcus, Home Depot, and Target, to mention a few, also suffered breaches within the past few years. The ensuing investigations are long and arduous with the primary goal being to stop the bleeding; that is, contain the breach and close the door on the hackers. Damage control continues long after the technicalities have been resolved.
How do Payment Card Security Breaches Happen?
Simply put, a customer notices a suspect transaction on their statement and calls the credit card company. They in turn start an investigation to find the Common Point of Purchase (CPP) – shops, chains, franchises with similar purchases and points of intersection. You, the company owner/manager, will most likely learn about the problem from your card processing company; hopefully within a matter of hours, not days.
If the breach is specific to one store, fraud detection can usually be detected quickly by a Technical Surveillance Counter Measure (TSCM) company like us, Michael Guadagno & Associates.
But if it’s a chain or franchise, where multiple storefronts are involved, it’s safe to say the company-wide payment system has been compromised and you need to call in the heavy guns. We’re just a phone call away.
PPC Malware and Hacking
And they are infuriatingly clever. Once they find an insecure doorway into your system, they plant malware that can permeate all aspects of your computers and networks. Worst of all, they cover their tracks as they go so it becomes very difficult to pinpoint exactly how and when they breached your company. Wendy’s determined their breach happened in the fall of 2015, but they have no idea precisely when.
TSCM Prevention – Get Out In Front
Your best prevention is to conduct an analysis on a regular basis: quarterly, or at least every six months. We have the expertise and latest technology for a thorough TSCM investigation; and we will team up with your IT staff to establish a plan for early detection and prevention.
It’s also a good idea for you to have a discussion with your insurer or broker to be sure you have the best cyber insurance policy as is reasonable. Many underwriters look favorably when your company has a plan for regular detection analysis in place which may have a good influence on a lower policy payment.
We can’t stress it enough: for breaches of your payment card system, a vital element to your company’s success, you need the experts.
To schedule a Network Security sweep call Michael Guadagno & Associates at:
Priority (716) 830-6757 or Office (919) 363-6321
