Anther data breach victim Part 2

Posted on January 4, 2010 by Tom

In my last post I gave a few details about Albert Gonzalez and his well-planned breaches of TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority and Dave & Buster’s, Heartland Payment Systems, Hannaford Brothers supermarket chain, 7-Eleven, and Target. That’s no small task and it has serious implications for online merchants that go well beyond the vast numbers of cards.

Small merchants are NOT immune to data breaches

What concerns me more about all the publicity surrounding this Gonzalez thing is that small merchants will look at the names of all the large retailers that were breached and think it can never happen to them. Wrong. It can. It does. The only reason we’re hearing so much about this one is the fact that they were large retailers and the perpetrator got caught. Don’t think for a minute that small merchants aren’t hacked. They are! But when they are, it won’t make any headlines. These are the hacks that the Secret Service, the FBI and even local law enforcement just don’t get involved with.

Albert Gonzalez is behind bars and may not be masterminding any more breaches for a while, but he wasn’t alone and he won’t be the last. And there’s a lot of small-time crooks out there with just as much know-how. We’re not going to see the end of data breaches any time soon and PCI compliance is an absolute must.

PCI compliance issues

Although we’ll probably never know for certain, most of the breached entities continue to argue that they were PCI compliant at the time of the on-going breaches. At the same time, the PCI Security Standards Council continues to argue that no compliant site has ever suffered a breach. One of them is wrong but one thing is clear; merchants had better be compliant. Being able to certify compliance is the only thing that might save a small merchant from certain death if a breach occurs. And if a merchant isn’t compliant by October, it’s certain death anyhow.

For those merchants that aren’t compliant, especially the small merchants that comprise 70% of Merchant911 members, the thought of getting there is daunting. That’s understandable but it doesn’t change the fact that all merchants must be compliant by October of 2010. You should be compliant already.

Similar Posts:

Bookmark and Share

About Tom

Tom Mahoney is the Founder and Director of Merchant911, a site dedicated to helping e-commerce merchants.
This entry was posted in Data Breach, Hacks, Heartland Payment Systems, PCI Compliance, credit card fraud, e-Commerce and tagged , , . Bookmark the permalink.

One Response to Anther data breach victim Part 2

  1. Pingback: Tweets that mention Anther data breach victim Part 2 | Credit Card Fraud Prevention for Merchants -- Topsy.com

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>