Merchants and Card Security Executives Questioned in Hearings on Recent Payment-Card Security Lapses

Feb 12, 2014
target-neiman-marcus_main

Four Senate and House of representatives hearings were scheduled in Washington as a result of the December 2013 payment security breaches experienced by Target, the Neiman Marcus Group, and a number of other merchants. In these hearings titled “Safeguarding Consumers’ Financial Data,” the information-protection practices used by merchants and financial institutions were reviewed and evaluated by the Senate Banking Committee’s National Security subcommittee. In these hearings, the National Retail Federation and financial-institution trade groups, senior executives from both Target and Neiman Marcus, and the top executives from the PCI Security Standards Council, which is the entity that governs the main Payment Card Industry data-security standard and its related standards governing payment software, as well as PIN-accepting devices were called on to testify.

Executives Troy Leach and Bob Russo from the PCI council were expected to be questioned extensively regarding the effectiveness of PCI standards, considering that data breaches have continued to occur under the current PCI standards. In a statement by Russo to Digital Transactions, he says that he and other PCI executives believe that a multi-layered security approach is necessary to prevent these types of breaches in the future. He also believes that adopting new EMV chip technology to prevent these types of security breaches is only part of the answer. He stated that “PCI is in the best position” to stop would-be data thieves, although they have not had a great deal of success up to this point considering the fact that there was a breach of 40 million payment card numbers as well as non-card information on 70 million customers discovered in the December breach faced by Target.

Target cited placement of malware developed by hackers in Russia on its point-of-sale payment-processing system as the reason for the security breaches. PCI executive Troy Leach stated that EMV technology could not have prevented the complex malware-based attacks. The technology would not have prevented the unauthorized access, introduction of malware, and subsequent exfiltration of cardholder data. He said that “Failure of other security protocols required under Council standards is necessary for malware to be inserted.” Leach also stated that the PCI council “welcomes this hearing and the government’s attention on this critical issue,” but urges government to back off from directly setting security standards for the card industry. High-profile events such as the recent breaches are a legitimate area of inquiry for the Congress, but should not serve as a justification to impose new government regulations.” Leach went on to say “It is unlikely any government agency could duplicate the expansive reach, expertise, and decisiveness of PCI. Any government standard in this area would likely be significantly less effective in addressing current threats, and less nimble in protecting consumers from future threats, than the constantly evolving PCI standards.”

In PCI executive council member Russo’s opinion, the government should increase its research into areas of data-security, while increasing penalties against data thieves. He also believes that the response by government in informing parties affected by security breaches should be much faster to allow parties to determine how hackers were able to accomplish these breaches. Russo states that as it stands now, “In order to find out the causes and look at the forensics, you have to wait until a lawsuit is filed. We have to wait until it’s litigated, until everyone has paid their debt to society, to find out what’s happened.”

startnow

 

Let us help you get a high risk merchant account today!

Get Started

Award winning.

  • 2012
  • 2013
  • 2014
  • 2015
  • 2016

Having a merchant account allows an account holder to take advantage of merchant cash advances. When a merchant is approved for an advance, the business agrees to receive a lump sum of cash in exchange for an agreed-upon percentage of future credit card sales.

Pricing varies depending on the merchant’s industry, past credit card processing history, the type of business seeking the account, average ticket sales, and average transaction volumes.

Yes, EMB works with merchants who are building their credit, as well as those who have poor credit. EMB also approves merchants that have no credit card processing history and businesses that have lost their merchant accounts due to high chargebacks.

Several factors influence a merchant’s risk level. Though only one factor likely will not get a merchant classified as high risk, a combination of these may: business size, location, and industry, credit score, credit card processing history, a industry’s reputation for excessive chargebacks, a prior history of high chargeback ratios, and whether a merchant exclusively sells online.

Virtual terminals are stationed on a merchant’s website, making it easy for customers to make a payment or purchase online. Merchants or a payment processor can easily set up virtual terminals, so online businesses can accept credit and debit card and e-check transactions.

A merchant account is a business account with an acquiring bank. Without this business account, which actually works more like a line of credit, a merchant cannot accept and process credit and debit card transactions. Businesses need a merchant account to accept major credit cards via a static point-of-sale terminal, mobile card reader, or through a virtual payment gateway.

After filling out EMB’s simple online application and submitting any necessary, requested documents, many merchants get approved within 24 and 48 hours.

EMB specializes in working with high-risk merchants. EMB works with many merchants, including but not limited to businesses in these industries: gambling and gaming, adult entertainment, nutraceuticals, vaping and e-cigarettes, electronics, tech support, travel, high-end furniture, weight loss programs, calling cards, e-books and software, and telecommunications.

Live Chat