Merchant Processing
Sony Breach a Result of PCI Compliance Failure
August 23, 2011
As a result of Sony’s network security breach, as many as 2.2 million customers may have had their credit card information compromised. Certain sources allege that this data is now for sale on the black market. In the age of Payment Card Industry Data Security Standards, how could this information have been vulnerable and who is to blame?
The PCI Security Standards Council (https://www.pcisecuritystandards.org) would point the finger at Sony. Businesses have all the guidance and equipment at their disposal to keep customer information safe. if they fail to adhere to the standards or don’t take them seriously, we end up with dreadful situations like this. The Ponemon Institute estimates the average per customer cost of a data breach to be around $200. If indeed 2.2 Million customers have been compromised, then Sony will have about $440 Million at stake. And that’s just the tip of the iceberg. There are over 77 million Playstation Network players, all with varying levels of private information in the network’s files. With all considered, the potential damage could exceed $15 Billion.
And it’s already begun. Playstation gamers recently filed a class action lawsuit in Sacramento, CA. Ira Rothken, the lead attorney handling the case, is quoted in the Green Sheet as saying “I can’t think of a major data breach where the company was PCI compliant,” he said. “I think it is likely Sony was not PCI compliant. There were a lot of red flags that suggest Sony knew or should have known their system was vulnerable.”
It’s a shame Sony didn’t heed our advice earlier. In January we wrote that 60% of merchants are unaware of the costs they would incur for a data breach. Full Compliance involves a lot of things, including an annual self assessment test. Even the corner deli is subject to these mandatory procedures. For information on how to avoid the situation that Sony is in, please refer to the PCI Compliance section of our site.
Seriously. If Sony is vulnerable, you probably are too.
– deBanked
Jack Dorsey Reveals Tweeting Irrelevant with Square
August 23, 2011Posted on May 1, 2011 at 11:33 AM
Twitter co-founder Jack Dorsey built his original company with toothpaste makers in mind. He might even say, “Thanks to Twitter, people in Istanbul can finally get tips on what makes the smiles in Shanghai so white. Tips on scrubbing those molars are transmitted in real time from Rio de Janeiro to Moscow!”
That’s good news for companies like Colgate, but for companies involved in technology, Dorsey reveals that Twitter is basically useless. “No one is following your company’s mundane tweets. No one cares if the Square card reader got a thumbs up from a business owner in Maine.” Of course he hasn’t actually said this in words, but his actions speak volumes.
Dorsey is also the founder and CEO of Square (https://squareup.com/), a credit/debit card reader that can plug right into an iPhone, iPad, or Android. We follow them on Twitter to keep an eye on news that might be worth sharing. But the only news, is no news. What’s up with that?
We compared Square’s tweets to three POS hardware companies, Verifone, Ingenico, and Magtek. We threw in Colgate for good measure.
Square, led by Twitter’s Dorsey, ranks last among peers in average monthly tweet volume. As Square seeks a permanent place for itself in the electronic payments world, it has undertaken a massive public relations campaign. None of which includes tweeting. Thank you Mr. Dorsey for revealing what most of the world already suspected, that commercial tweeting is useless.
Verifone just ate a bologna sandwich #yum
Ingenico just donated a credit card machine to a school in Sudan #charity
Magtek was mentioned in a newspaper in Andorra #werule
Colgate just came out with purple toothpaste #purple
Square just stole everyone’s customers while our competitors were tweeting about bologna #winning
Follow:
http://twitter.com/#!/VeriFone
http://twitter.com/#!/ingenico
http://twitter.com/#!/ColgateSmile
– deBanked
A Business Charged Me a Fee for Paying By Credit Card
August 23, 2011A Business Charged Me a Fee for Paying By Credit Card!
Posted on May 4, 2011 at 1:00 AM
We received an e-mail from one of our readers today. It seems consumers are already being bit by the Government’s crusade against the electronic payment industry.
To: the merchant processing resource
Today I was charged a surcharge of 2% extra on a $2,099 purchase. I complained because I thought this was against the Mastercard rules but to no avail. How may I go about lodging a complaint regarding this merchant?
– Doug
==========================================
Hi Doug,
We understand your frustration. However, the Wall Street Reform and Consumer Protection Act that passed in July 2010, in addition to the Justice Department’s antitrust lawsuits nullified the payment network rules about surcharging. As we understand it, a business can now charge extra to customers that pay by credit card. This is allowed so long as they apply it to all their customers in a uniform manner (to avoid discrimination), they don’t selectively base it on card issuing bank, and don’t selectively apply it to a particular payment network.
That means if they do it to MasterCard customers, they have to do it for customers that have a Visa, Discover, and any other network. Banks that issue cards must be accepted equally as well. They can’t apply a surcharge to a customer with a Wells Fargo MasterCard, and fail to apply it to a customer with a HSBC MasterCard.
Although they can selectively surcharge customers with rewards, sky miles, or cash back. A customer with no rewards can legally be charged a lower price than a customer with a sky miles credit card. There are higher interchange fees associated with accepting a card with rewards and thus businesses now have the option to pass that cost on to the consumer.
It’s unfortunate the business charged you a fee, but they can do it if they want. Next time threaten to make the purchase with a direct competitor and see if that fee goes away.
We touched a bit on this topic in this article here: https://debanked.com/apps/blog/show/5603447-take-your-rewards-card-and-get-out-of-my-store-
==========================================
– deBanked
www.merchantprocessingresource.com
The End of Debit Cards is Real
August 23, 2011
Debit card fee reform isn’t just a silly debate between businesses and banks. CBS News discusses how consumers will be impacted. Undecided or against this reform? read more and get involved at dontmakeuspay.org. Forceful, harmful regulation isn’t the only solution to lowering the cost of debit card payments.
We would love to hear your feedback!
– deBanked
What is Square Credit Card Reader?
August 23, 2011Posted on May 6, 2011 at 12:18 AM
We’ve heard of Square, we’ve read about Square, and we think the Square concept is cool. The writers of this blog have yet to encounter a business actually using one though. On March 2nd, Square announced that $1 Million was being processed through their device on a daily basis. That’s not a whole lot but we’re interested to see if it really catches on.
deBanked
Credit Card Fees Hurt Waiters Tips
August 23, 2011
According to Fox Philadelphia, a few restaurants in the city are deducting the credit card processing fees from the waitstaff’s tips. “Basically, when you use a credit card to pay your bill and leave, say a 15 percent tip, your waiter may only get 12 percent.” It epitomizes the issue brought to light in an article we wrote back in March (Could Your Credit Card Tip Be Hurting Your Server?). Fox has no information at this time as to what restaurants are involved but a hearing is expected next month. We will keep you updated.
In the meantime, it never hurts to tip in cash.
Sony Unlikely to Face Criminal Negligence Charges in Breach
August 23, 2011
In light of Sony’s data breach, many people are making the case that their weak security constitutes criminal negligence. It may be appropriate considering Sony is an electronics company who should be held to a higher standard. Had they been an international supplier of lumber, we might be willing to give them more leeway. But let us not forget that Sony is the victim here. If a man walks into a bad neighborhood holding handfuls of cash and is robbed, it may very well be his own fault, but to argue his negligence was downright criminal will be a tough sell.
Sony is even less likely to be pursued criminally considering it’s already difficult enough to even convict perpetrators these days. Examine the financial crisis of 2008 and you’ll quickly realize that misdeeds were rarely handled outside of civil court. A shining example is the U.S. v. Deutsche Bank in a recent mortgage fraud case. In an excerpt about it by Fox:
by choosing to bring a civil case, instead of a criminal one, the feds have assured that more alleged fraud on Wall Street during the housing bubble will be met with fines rather than more serious sanctions. The reasons for the reluctance to charge Deutsche Bank or its employees with criminal charges are diverse, but likely come down to the higher burden of proof and collateral damage that go hand-in-hand with criminal charges. “Firms can do significant damage to themselves, to taxpayers and their customers without committing crimes. Negligence, recklessness and stupidity can go a long way,” said Dan Richman, a law professor at Columbia.
You hear that Sony? Stupidity isn’t criminal, even though many would like it to be. This doesn’t mean they’re off the hook completely since they are already liable for over $2 Billion as a result of customers (as calculated by the Ponemon Institute) canceling their current credit cards and having new ones issued. If card numbers have in fact been stolen, customers have no choice but to take this precaution at Sony’s expense.
Sony will have their day in court but no one will be going to jail…
– deBanked
Our Related Articles:
5/9/11 Sony Security Breach Reaches Our Doorstep
Mega Banks Enter Alternative Payments Market
August 23, 2011
The banks are losing the fight against the Durbin Amendment but don’t count them out yet. The threat of billions dollars losses from interchange fees revenue has inspired them to innovate. So much so that alternative payment processors such as PayPal will soon face the wrath of a sleeping giant.
Bank of America, JP Morgan and Wells Fargo have teamed up to form clearXchange, a payment system for simple bank to bank transfers. In what they have dubbed a ‘coopetition’ (cooperative competition), there’s no new bank or merchant account needed. “PayPal and other systems require you to create an account separate from your bank account to transfer money, this new service will let customers simply log in to their existing bank account and enter the recipient’s name and e-mail address or phone number. The person they’re paying will then instantaneously receive an alert that money is being sent their way.”
And this doesn’t just compete against PayPal, it threatens cash and check payments as well. No longer will you be able to tell your friend that you don’t have any cash on you when they ask for the $20 you owe. D’oh!
Major retailers like Walmart stand to win big as a result of the Durbin Amendment, a triumph that will ultimately come to haunt them. With no interchange fees to earn, banks will get bored of debit cards and eventually phase them out. clearXchange is the new dawn of electronic payments and revenue for the big banks. And guess what? Durbin’s laws aren’t applicable to it. What have we done?
– deBanked