Are you scared? VeriFone Conference Update

Almost a full day into the conference and a common theme seems to be emerging... if your not scared, you should be!

When VeriFone brings in the Secret Service to talk about the online security threat, you realize this is so much bigger than PCI compliance. Criminals are out there operating online at organized levels. Data is being taken and sold on websites like Carders Market. Yes, you can actually buy credit card numbers online. Check out this article to get the full picture “Cybercrime More lucrative Than Drug Trade.”

Based on a Verizon white paper titled "2008 Data Breach Investigations Report," Chris Novak gave us a bird's eye view of the threat that is out there. Probably most notable was the fact that 62% of breaches were due to errors meaning miscommunications, omissions, technical failures, etc., and 90% of all breaches could have been avoided with a comprehensive patch deployment strategy. Referred to as the “Lucky Season,” Novak suggests that this time of year is more lucrative for hackers because retailers stop touching the stores for the holiday season and patches are not always up to date.

Just in case your still not scared, Dave Faoro opens up the Unattended and Automated Fuel Pump Dispenser Payments sessions by saying it is extremely unhealthy to enter your pin number in at a gas pump. Matter of fact, Gartner Group says that “using a credit card at a gas station poses more of a risk for data theft than shopping online.” Why? People actually replace card readers with skimmers or place cameras on pin pads in order to steal the credit card data.

While today was eye opening for many reasons, I think what stands out the most is the need to change our thought process. We need to stop asking “How to we get PCI compliant?” and start asking “How do we get secure?”

Jeff Wakefield of VeriFone, summed it up best. “You goal should not be to get PCI Compliant. Your goal should be to secure your payment processes and hopefully you get complaint in the process.”