60 Minutes Story on Credit Card theft and Data Breach's

http://www.cbsnews.com/news/swiping-your-credit-card-and-hacking-and-cybercrime/

When you view the video, you will also see 2 major banks who expect breach's over the holiday season no matter how secure a company thinks their network is secure.  We can help minimize the financial damage created by credit card breaches.  PCI Compliance is huge and its not all network and equipment related as the 60 Minute video documents.

PCI Council looks for ways to stem data breaches after bad year

http://www.pcworld.com/article/2849012/pci-council-looks-for-ways-to-stem-data-breaches-after-bad-year.html

PCI NON-COMPLIANT CONSEQUENCES Noncompliance Fines- The consequences of not being PCI compliant range from $5,000 to $500,000, which is levied by banks and credit card institutions. Banks may fine based on forensic research they must perform to remediate noncompliance. Credit card institutions may levy fines as a punishment for noncompliance and propose a timeline of increasing fines. The following table is an example of a time-cost schedule which Visa uses. Month Level 1 Level 2 1 to 3 $10,000 monthly $5,000 monthly 4 to 6 $50,000 monthly $25,000 monthly 7 and on $100,000 monthly $50,000 monthly Breach Consequences- Even if a company is 100% PCI compliant and validated, a breach in cardholder data may still occur. Cardholder Breaches can result in the following losses for a merchant. $50-$90 fine per cardholder data compromised Suspension of credit card acceptance by a merchant’s credit card account provider Loss of reputation with customers, suppliers, and partners Possible civil litigation from breached customers Loss of customer trust which effects future sales

Customers worry about theft of their data. You should worry about business fallout.

https://www.pcisecuritystandards.org/smb/why_secure.html

From a Realtor Friend, for those caught in a breach, here's tips on how to protect your personal credit

http://newsletter.homeactions.net/archive/full_article/4563/1601948/792883/3671

SC Dept of Revenue data breach similar to Target's breach-Who's watching the Hen house?

http://www.paymentssource.com/news/banks-sue-security-vendor-trustwave-after-target-data-breach-3017401-1.html

Half of Holiday shoppers will avoid PCI breached retailers??

STUDY FINDS NEARLY HALF OF HOLIDAY SHOPPERS WILL AVOID BREACHED RETAILERS

MARITZA SANTILLAN

OCT 20, 2014

Share on kindleit12

A recent study by CreditCards.com has revealed that nearly half of major credit and debit cardholders are reluctant to shop at previously breached retailers this upcoming holiday season.

The study found 45 percent of respondents said they would “definitely” or “probably not” shop at a retailer that has recently exposed consumers’ personal or financial information, even if they were frequent customers.

Additionally, only one in eight respondents stated they were more likely shop with credit cards this season, while 48 percent of respondents plan to shop for the holidays with cash, instead.

Survey respondents included 865 randomly selected cardholders living in the United States contacted by phone from October 2-5 by Princeton Survey Research Associates International.

However, despite some hesitation from certain customers, not all shoppers are likely to boycott a retailer after being hacked.

The study also discovered that the highest-income households ($75,000 income or above) were the least likely to avoid impacted stores, compared to 56 percent of those with earnings of less than $30,000 per year.

The list of breached mega retailers continues to grow significantly following the highly-publicized breach that compromised the information of 40 million Target shoppers last holiday season, now including Home Depot, Kmart, Michaels and Neiman Marcus.

According to the Identity Theft Resource Center, there have been 606 data breaches in this year aloneamounting to more than 77 million records exposed.

Ken Westin,Tripwire security researcher, says the increasing number and variety of breaches and security incidents has become a reflection of consumers’ reliance on technology and connectivity.

“We are now living in an age where cybercrime has become conventional crime,” says Westin. “Criminals have moved online simply because that is where the money is. Most of the breaches we see today can be traced to one common motivating factor greed.”

Westin adds the retail breaches we are increasingly seeing have netted criminal syndicates millions of dollars as breaches have become a repeatable and recurring revenue source.

Why is PCI DSS Compliance Important?

Being compliant with PCI DSS means that you are doing your very best to keep your customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. Not holding on to data reduces the risk that your customers will be affected by fraud.

Don’t hold on to data that you don’t need to.
If you don’t need it, don’t store it.

If you lose card data i.e. suffer a data breach and you are not PCI DSS compliant you could incur Card Scheme fines for the loss of this data and may be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts. Your customers may also not want to do further business with you.

Unfortunately data breaches occur regularly and e-commerce sites are a very frequent target from hackers who often successfully compromise e-commerce sites. So please do not think that it won’t happen to you. It is imperative for you to ensure that you have implemented all of the relevant controls in PCI DSS.

PCI DSS is something that you MUST do.
Remember: you are responsible for looking after your customer’s card data, regardless who processes the data on your behalf.

HIPAA Settlements for Data Breach

Data Breach Results in $4.8 Million HIPAA Settlements

New York and Presbyterian Hospital

New York and Presbyterian Hospital (NYP) has agreed to pay OCR $3,300,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, and will adopt a corrective action plan to evidence their remediation of these findings.

• Read the Resolution Agreement
• HHS Press Release

Columbia University

Columbia University (CU) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, including a $1,500,000 monetary settlement and corrective action plan to address deficiencies in its HIPAA compliance program.

• Read the Resolution Agreement
• HHS Press Release

Home Depot Breach Updated-Now Includes Email addresses

http://www.paymentssource.com/news/risk-management/home-depot-fifty-three-million-email-addresses-were-taken-in-breach-3019647-1.html?utm_campaign=payments%20update-nov%2011%202014&utm_medium=email&utm_source=newsletter&ET=paymentssource%3Ae3323842%3A4453830a%3A&st=email

PCI Council Releases Staff Training Guidance

http://www.paymentssource.com/news/risk-management/pci-council-releases-staff-training-guidance-3019585-1.html?utm_campaign=payments%20update-nov%204%202014&utm_medium=email&utm_source=newsletter&ET=paymentssource%3Ae3288824%3A4453830a%3A&st=email