With all the data breaches, retail fraud incidents and talk of PCI compliance in the media, I’m as surprised as Paul Green, the President and CEO of The Green Sheet, to learn that fewer than half of small merchants surveyed last fall considered themselves to be “very” familiar with the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. And 72% of these retailers said they considered the risk of data compromises at their business to be low or not possible.
Seriously? Do you really think that the risk of a data breach to your company is not possible? If so, here’s some tough love for you. If you do anything remotely related to working with credit card information and consumer identity, you are at a higher risk than you think. It’s not just retail and payment processing giants like TJX and Heartland the fraudsters attack. They’ll take money from anyone, anywhere. And the sooner you adopt a stronger security mindset the better. You absolutely owe it to your customers (and your business) to invest in security and fraud prevention tools.
The first step you should take is getting a crash course on the risks. I’d probably start with reading GSQ Security Report 2010 which was created to help merchants understand PCI compliance and better prevent fraud in their business. I consider myself knowledgeable on the subject of fraud prevention, and I still found a lot of useful and new information including a few terms around phishing I didn’t know. I thought I’d share them with you so you can store them in your fraud terminology library. (For those of you not familiar with phishing, it describes the trick to lure someone into revealing sensitive information like account numbers, usernames, and passwords. It’s called phishing because the fraudster sends an email, text message, or voicemail that appears legitimate to lure the person into responding with their personal details.)
- Whaling – when a phishing target is a high-net worth individual
- Spear Phishing – targets small and mid-sized businesses, government agencies and schools with emails that appear to come from a trusted source inside the organization.
You’ll find more terminology definitions in the publication as well as some interesting articles to help you navigate through the risks involved for your business.