Tuesday, December 31, 2013

Lessons for cities from the Target breach

The theft of credit and debit card data from Target stores during the Christmas shopping season is a reminder of the necessity for merchants to incorporate rigorous safeguards into their payment acceptance environment.

The City of Decatur and any other government entities that accept credit card payments qualify as “merchants” under payment card industry (PCI) standards. 

Decatur handles over 10,000 credit card transactions representing over $1 million annually across different departments and facilities.  Although this is a tiny volume of transactions compared to big chain stores like Target, and although we do not use point-of-sale devices such as those suspected in the Target breach (keypads with magnetic stripe readers and digital signature pads), the City is not immunized from the risk of breaches.

We have been working over the past several months on enhancing protections of credit card data for our taxpayers and other paying customers, and have begun receiving vulnerability scans on a monthly basis.
Funds were approved in Decatur’s FY13-14 budget to have a formal PCI gap analysis conducted by a an approved scanning vendor, and we are close to entering an agreement for the service.  This analysis would be performed under new, more comprehensive payment card standards (PCI-DSS 3.0) standards that go into effect tomorrow.

No comments:

Post a Comment