BROOKFIELD, Wis. — If your restaurant accepts Visa credit cards, beware. Visa USA issued a data security alert Aug. 31 to warn merchants about the risks associated with storing magnetic-stripe and other sensitive data on point-of-sale systems. The alert recommends specific actions that merchants can take to mitigate these risks.
 
To support compliance with the Visa USA Cardholder Information Security Program, Visa issues security alerts when vulnerabilities are detected in the marketplace, or as a reminder about best practices.  
 
Security vulnerability
 
Visa announced in a news release that it is aware of credit and debit compromises that resulted from the improper storage of mag-stripe data after transaction authorization was completed. The mag-stripe holds data in two tracks.
 
Track information is received by a merchant's POS system when a card is swiped. Some merchant POS systems improperly store that data after authorization, violating Visa's operating regulations. Hackers are aware of the vulnerability and are targeting certain POS systems to steal this information.
Visa also has observed compromises involving other data elements, namely card verification value 2 (CVV2), PINs and PIN blocks. CVV2 is the 3-digit number typically found on the signature panel of the card. PIN blocks are encrypted versions of PINs.
 
According to Visa, merchants may only store specific data elements, including the cardholder's name, primary account number, expiration date and service code, from the mag-stripe to support card acceptance. But that information must be protected in accordance with the Payment Card Industry Data Security Standard.
 
Merchants may mistakenly believe they need to store prohibited elements to process merchandise returns and transaction reversals, Visa says. Acquirers should ensure their merchants have proper processes for each type of transaction.
 
Recommended mitigation strategy
 
To safeguard their systems and reduce risk from a compromise, merchants should make sure that they are not storing prohibited data.
 
Visa offers the following suggestions:
 
· Ask the software vendor to verify that your software version does not store mag-stripe data, CVV2, PINs or encrypted PIN blocks. If it does, those data elements must be removed immediately.
 
· Ask the software vendor to share a list of files written by the application, and a summary of the content to verify prohibited data is not stored.
 
· Review custom POS applications for any evidence of prohibited data storage. Eliminate any functionality that enables storage of this data.
 
· Search for and expunge all historical prohibited data elements that may be residing within your payment-system infrastructure.
 
· Confirm that it's necessary to store the data you're keeping. If not, don't store it.
 
· Verify that your POS software meets Visa Payment Application Best Practices. A list of PABP compliant applications is available on Visa's Web site.

Related Content

User Comments – Give us your opinion!
Products & Services

HAND-PINCHED STYLE® Sausage and Beef Toppings

http://global.networldalliance.com/new/images/products/6785.png

6785/HAND-PINCHED-STYLE-Sausage-and-Beef-Toppings

Restaurant technology news, trends & best practices

http://global.networldalliance.com/new/images/products/5079.png

5079/Restaurant-technology-news-trends-best-practices

Remote Service | Content Management Service

http://global.networldalliance.com/new/images/products/6685.png

6685/Remote-Service-Content-Management-Service

Mexican-Style Meats

http://global.networldalliance.com/new/images/products/6795.png

6795/Mexican-Style-Meats

Digital Menu Boards

http://global.networldalliance.com/new/images/products/6681.png

6681/Digital-Menu-Boards

Custom Digital Signage Templates

http://global.networldalliance.com/new/images/products/6683.png

6683/Custom-Digital-Signage-Templates

Operations Support

http://global.networldalliance.com/new/images/products/6409.png

6409/Operations-Support

Advanced Wireless

http://global.networldalliance.com/new/images/products/6635.png

6635/Advanced-Wireless

See the latest in restaurant POS

http://global.networldalliance.com/new/images/products/1926.png

1926/See-the-latest-in-restaurant-POS

PeopleMatter LEARN™

http://global.networldalliance.com/new/images/products/4627.png

4627/PeopleMatter-LEARN

Digital Menu Boards and ROI
Fast Casual Executive Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.