WASHINGTON – Cyber criminals are increasingly targeting small and medium-sized businesses that don’t have the resources to keep updating their computer security, according to federal authorities.
Many of the attacks are being waged by organized cyber groups that are based abroad, and they are able to steal not only credit card numbers, but personal information — including Social Security numbers — of the card holders, said Michael Merritt, assistant director of the U.S. Secret Service’s office of investigations.
Merritt, in testimony prepared for the Senate Homeland Security and Governmental Affairs, said that as larger companies have taken on more sophisticated computer network protections, cyber criminals have adapted and gone after the smaller businesses who do not have such high-level security.
I don’t give out my regular credit card numbers any more. I use a single use credit card generated through PayPal, plus I have a digital device to log on so that, even if someone else has my password, they can’t log on without the digital number.
This problem is being addressed by the new PCI DSS 1.2 specs. In a merchant can’t prove they can meet the specs and protect their customer data, they are not allowed to accept credit cards for payment.
The new tighter specs went into effect late last year. The merchant banks are currently auditing the merchants for compliance.
I know a number of small merchants that have given up on direct CC payment because of the expense of meeting PCI DSS 1.2. Instead, they offload it all to payment processors such as PayPal.
The result is that this customer information is going to be harder and harder to attack as merchants either give up, or comply with the new standards.
Now.. that is in the US. I don’t know what is being done in other countries.
The disturbing part about his isn’t the problem itself, but the agency that saw fit to go public with it. These assholes should be doing something about it, instead of scaring off potential consumers. Of course there’s fraud, talking about it just damages confidence in eCommerce. Bad timing with so many sound eRetailers just barely making it in the middle of this crisis.