Processing credit cards is vital to efficiently running your restaurant or retail business, and that includes doing everything possible to protect the data being transferred over the Internet. However, criminal attacks are getting more and more advanced and the likelihood that restaurants and other small business establishments will fall victim to cybercriminals is increasing.

 Large data breaches receiving national news coverage are happening at restaurants, major clothing retailers, sporting goods stores and grocery chains. Although most of the recent push has been to ensure you are running a PA-DSS validated payment application, most of the current criminal threats are not targeted specifically at your POS. Criminals that gain access to the networks in stores and restaurants are now able to attack such sites even if they have the most up-to-date point-of-sale systems on the market.

 The data that the criminals want is not the data that you see on the front of your credit card. This visible data is known as the Primary Account Number (PAN) and is of little use to cybercriminals. They want the full track data that is embedded on the magnetic stripe on the back of the card and contains much more information and will allow them to create counterfeit cards.

 Ever since the PCI Security Standards Council implemented the Payment Application Data Security Standard (PA-DSS), payment applications are not allowed to store full track data. That is why all merchants who process or transmit credit card data are required to use PA-DSS validated payment applications. If you are using a PA-DSS validated version that was upgraded or implemented according to secure implementation standards, the criminals are not targeting the data stored in your payment application. In most cases when a breach occurs for a customer that is using a PA-DSS validated payment application, the payment application software itself has not been breached.

 Instead, the criminals are targeting holes in your overall payment environment. If your perimeter is not secure with protective measures such as a firewall, updated antivirus, and secure remote access, they’re going to get in. And when they get in, they’re going to install crimeware. This crimeware can then be used to steal full track data in many ways. It can extract the data from the Windows OS as it is being sent to the bank for processing. It can also mimic keyboard strokes to steal authentication credentials. In these crimeware scenarios and others as well, the criminals are not getting the full track data they want from the payment application.

 So, how do you keep them out? You definitely need to have a PA-DSS validated payment application to eliminate the low hanging fruit. After that, you need to secure your perimeter. If there are no holes in the wall around your payment environment, the criminals will not be able to get in.

 We're all in this together. The only people doing anything wrong are the criminals. What they do and how they do it is changing very rapidly. We need to fight them by educating ourselves, recognizing that a PA-DSS validated payment application by itself will not protect you, following security best practices, and by making sure our perimeter defenses are as strong as they can be.

 For additional information about data security, visit http://www.restaurantdatasecurity.com/  or http://www.retaildatasecurity.com/.