Encryption of credit card numbers does not mean breach free

  • Team Omega
  • June 13, 2013

It is a common misconception among merchants to think that encryption of card numbers is all that is necessary to prevent breaches, and all other PCI requirements for data security are unnecessary and can be ignored.

The worst fear of gas station operators is the skimming of data by hackers at the pump. Recent reports indicate that skimming is a quick and damaging security issue resulting in big bulk loss of credit card numbers and personal data. Hackers place skimmers in between the card reader and the pump computer where the number is encrypted or even on the card reader itself. 

In spite of all data security measures, skimming exists. So, if a breach still occurs and merchants have nothing else to show auditors, the damage to a business can be irreparable. Best practices mandate keeping your entire network compliant by securing remote sessions with 2FA, keeping the operating system completely patched and up to date, practicing policy and procedural compliance among many other requirements. This will minimize fines issued by the major card brands if you are proven compliant by the mandatory audit after a breach. Remember data security is different from PCI compliance but they should still occur concurrently.

If you need help in securing your network, call Omega at 636-557-7777.