• slide1

Published on Wednesday, 26 November 2014 Published in Blog

TRI wants our merchant clients to be extra aware of the potential theft of data through the high shopping season.

The PCI Security Standards Council explains the following for your benefit:


"Malware has been the culprit behind many high profile retail breaches over the last year. And the holiday shopping season is a prime opportunity for hackers to take advantage of this and other vulnerabilities to steal valuable payment card data.


Check out this new infographic from the PCI Security Standards Council on tips retailers and others can take to protect their systems against malware attacks."


Click on image below to view the larger original




Published on Tuesday, 04 November 2014 Published in Blog

January 15, 2015: Is it a day like any other in the world of the merchant?


It will be if your payment processing is PCI DSS v3.0 compliant. "Not so much" if you have decided to put the steps of this updated global security standard on the back burner.


The security measures have been instated for your and your customer’s benefit. It is only after billions of dollars of losses as a result of data breaches, in all areas of commerce, have these compliancy measures been developed. As digital communications have eased and quickened many administrative tasks, so has it made merchants' data more vulnerable to theft. PCI DSS v3.0 is a means to protect your business.


Along the payment processing chain, the areas impacted most by v3.0, as identified in The Green Sheet, a Payment Industry publication, include:


 1. Penetration testing requirements for all merchants has been expanded. Before v3.0, small businesses could achieve compliancy by walling-off data-sensitive areas of networks from their larger information network. Now they will be required to perform penetration testing on those seemingly secure areas as well, just as medium and large businesses have and must still.


2. Responsibility of third-party service providers (any entity that stores, processes or transmits payment card data) has also expanded. In particular, value-added resellers (VARs) will now be required to have unique passwords and “employ two-factor authentication for each of their merchant [clients] in order to remotely access the networks of those merchants".


3. E-commerce businesses that redirect consumers to third-party payment providers, especially when it is not transparent to the customer that they have been transferred to a third party processor. For example, it is obvious that the customer has been sent to PayPal for payment, but it is not obvious if the 3rd party processor has a “frame” imbedded in the merchant’s website that is actually collecting data, processed at a remote website. E-commerce merchants will now have to fill in a substantially longer SAQ (Self-Assessment Questionnaire) to assure the security of the third party providers. You may want to brew a pot of coffee for this one!


Additional office administration, new work routines and staff training that result from the increased security measures are unavoidable, but the steps may save you from a myriad of time and money-wasting headaches if you are ever deemed responsible for a customer's data breach. We mentioned the following in the July newsletter, but the points bear mentioning now again as the date for the new requirements approaches.


If a data breach did occur at your business, depending on the breadth of the breach of customer data, your responsibilities could include:

  • Notifying customers and the attorney general
  • Monitoring credit for those customers who had been affected
  • A forensic examination to determine if and how a breach occurred, meaning that a shutdown of a POS might be required for some inconvenient length of time
  • Replacing cards whose data had been compromised may be required by the card issuers
  • Fines administered by those issuers whose cards were involved


First, learn more today about the Security Standards on the PCI SSC's website, including what you need to do in the near future to be compliant. 


The TRI website has more information you need to get started. 


The TRI Customer Service team is available to support and guide our customers as always.


The company at large is dedicated to keeping your business and its reputation preserved. We at TRI have embraced our obligation to our customers for their data’s security for over 20 years. TRI continues to affirm that trust by assuring our own PCI compliance.