Drop The Data

THE DATA

ARE YOU UNINTENTIONALLY PUTTING YOUR
BUSINESS AND CUSTOMERS AT RISK?
Data is the currency most coveted by criminals today.
Small businesses are now being targeted by these sophisticated and relentless criminals, who may be operating from down the street or half a world away. A Visa analysis found that small merchants accounted for more than 80 percent of the data security breaches in 2007.

WHAT DATA CRIMINALS ARE LOOKING FOR
The magnetic stripe on the back of payment cards contains two tracks of encoded payment data, also called “track data,” that are used by thieves to create counterfeit cards and commit other forms of fraud. This sensitive cardholder data from the magnetic stripe is received by point-of-sale (POS) systems when a merchant swipes a payment card. POS systems often store this sensitive data post-authorization without the small business owner’s knowledge, in violation of Visa rules.

In addition to magnetic stripe data storage, compromises have involved other prohibited-to-store data, such as the CVV2 value and PIN data. CVV2 is the three-digit number on the signature panel on the back of the card used for e-commerce transactions. The PIN is entered by a consumer for debit transactions, and encrypted PIN blocks are created by the PIN Entry Device for debit transactions.

If this information is stored and compromised, it can enable criminals to counterfeit cards and/or use the cards fraudulently online. This is exactly the kind of data that criminals covet for use in counterfeiting payment cards. The storage of this prohibited data is one of the top causes of data security breaches.

Visa has found that some payment application software stores this data by default, which is why business owners may not be aware that they’re retaining prohibited data.

CARD DATA THAT SHOULD NEVER BE STORED:

Three key pieces of payment card data should never be stored by any merchant:

1. FULL TRACK: The encoded data provided by the magnetic strip.
2. CARD VALIDATION VALUE (CVV2): The three-digit number printed unembossed on the front or back of a payment card.
3. PIN or ENCRYPTED PIN BLOCK: The personal identification number used with debit and some credit cards.