Target Still a Target
Target continues to be a target as fallout from the massive data breach of 110 million customers’ data grows. Now getting into the act are Trustmark National Bank and Green Bank seeking damages of more than $5 million from Target and one of its security vendors, Trustwave, reports Reuters.
In the lawsuit it is alleged that Trustwave failed to discover weaknesses in Target's system. The lawsuit also claims that Trustwave reassured Target that it was protected against hacking or data breaches, according to the report. The banks are seeking class-action status in the suits which were filed March 24.
They claim that the breach cost card issuers over $1 billion and that $18 billion was lost by all bank and retailers combined. Other banking associations have previously estimated that Target's data breach has cost banks and credit unions more than $200 million.
The purpose of pointing out this ongoing saga of who breached whom, is not to rub salt into the wound of Target or Trustwave. It is, however, an effort to again point to the absolute seriousness of security and the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
Said another way, if any customer ever pays you for merchandise directly using a credit card or debit card, then the PCI DSS requirements apply to you. Also, the trend of data breaches seems to be shifting to smaller merchants.
According to www.pcisecuritystandards.org, criminals are shifting their sights to small merchants because many have lax security for cardholder data. Currently over 80% of attacks target small merchants.
Importance of compliance cannot be overstated and it is the duty of Point of Sale (POS) providers to explain that loss of customer data can result in fines and penalties, termination of ability to accept payment cards of any type, legal costs, settlements, judgments and higher compliance costs.
To help, at POS Plus we have developed an information sheet for merchants that detail steps for securing your general network, POS system, and administration of the system. It is just another step in making you aware of compliancy issues that you may have in your current system. If you have not received this free information sheet please contact us at firstname.lastname@example.org.