If you read this blog regularly, you know I attended the Transact conference in Las Vegas a couple of weeks ago. This is an event about credit cards, cashless transfer of money, and all related technology. But there was one area that screamed for attention: On Line Security.
Let’s face it. If money is flowing through fiber at ever increasing rates, the bad guys are looking for ways to grab that lucre and convert it to their nefarious use. But there are other things flowing through the internet pipes in addition to money. Think about the card and account numbers that must be attached to that money so it knows how to go to the right place.
In the minds of most parking facility owners this issue doesn’t raise a wrinkle. After all, they purchased high end PARCS equipment and were told that it met all the security requirements set by the transaction industry. Maybe so, maybe not.
While it may be true that when the data leaves the card reader or the device controlling it the information is secure, but what about further down the pipe. What about that ‘repeater’ located in a ceiling or closet. What about the computer that connects the card reader to the internet? Do all your procedures meet the security requirements of EMV and PCI? My guess is that you have no clue.
But, you say, its all encrypted and secure and no one can get to it. You have just decided that the person who designed and installed your system is smarter than everyone else on the planet and you do that at your peril.
I met a number of companies at Transact that can help you sleep at night. They claim to understand the security requirements of the credit card companies and banks and can check to see whether your systems meet those standards. If they do, and you are certified, you are most likely covered.
Remember that the old days of the bank taking responsibility for losses is gone. That responsibility now falls to the party who allowed the security breach to take place. So what, you say, its only a few bucks — how much can I lose?
I had a friend tell me the other day that the computer at a site he supervises collects upwards of half of a million dollars in monthly parking fees each month from parkers who have their credit cards on file. At midnight on a certain day, it processes thousands of transactions that exceed $350 each. That goes far beyond my definition of “a few bucks.”
I might suggest that you review the ways you collect money in your operation and then get someone who actually knows something about this and have them review your operation. The business you save could be your own.
JVH