SMBs Dealing in Credit Cards Need to Make Security #1 Priority

7/6/12 7:54 AM Eva Jacob Security, IT Governance


Credit Cards and IT Security

The US Attorney for New York's Southern District and the Federal Bureau of Investigation made a joint announcement this week that should be of interest to all companies concerned with the IT security of their credit card operations.  Two dozen suspects have been taken into custody for credit card fraud activities that were brought down by what is being praised as "the largest coordinated international law enforcement action in history directed at carding crimes.  In all, some 400,000 consumer accounts were compromised.

The investigation that brought the card scheme to light was called ‘Operation Card Shop’ and lasted for two years.  Its stated objectives included locating, researching, and exposing the activities of cyber criminals who seek to find and then disclose online credit card details such as card numbers, cardholder names, and card expiration dates.  Other information including bank account numbers was also put at risk by the activities of the 24 individuals apprehended in the operation.

The FBI has notified credit card companies about the accounts that were compromised; in all, more than 45 different issuers and other organizations were informed that their IT systems had been breached.  This would indicate a need for improved networking monitoring and other forms of IT support that would have helped to prevent such breaches.  The FBI's estimate of economic damage caused by the breaches is in excess of $200 million.

US Attorney Preet Bharara spoke to the need for improved cyber security among businesses that deal with or process cardholder information.  "The allegations unsealed today chronicle a breathtaking spectrum of cyber schemes and scams…  As alleged, the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software-enabling cyber voyeurs to hijack an unsuspecting consumer's personal computer camera.  To expose and prosecute individuals like the alleged cybercriminals charged today will continue to require exactly the kind of coordinated response and international cooperation that made today's arrests possible."

Small businesses face a particular challenge when it comes to securing their customer's financial information since SMBs sometimes lack the kind of IT resources that large corporations may be able to access.  This challenge can be met through the twin technologies of managed services and managed programs.  While the former can help to provide continuous remote network monitoring, the latter can see to it that on-site needs such as software updates for workstations are taken care of in a timely manner.

Whitepaper: 6 Do’s & Dont’s for Choosing the Right IT Service Provider