Comments on: An Underappreciated Threat: The Bored Employee http://storefrontbacktalk.com/securityfraud/an-underappreciated-threat-the-bored-employee/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Sun, 20 May 2012 01:49:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Walt Conway http://storefrontbacktalk.com/securityfraud/an-underappreciated-threat-the-bored-employee/comment-page-1/#comment-67928 Walt Conway Fri, 05 Mar 2010 21:22:22 +0000 http://www.storefrontbacktalk.com/?p=4911#comment-67928 I, too, caught that article. I didn't know whether to laugh or cry when I read it. The message for retail CIOs everywhere - and especially franchise operations - is that some pretty weak (i.e., junk) payment systems out there. You don't want to be buying from the low priced provider; it will be too expensive. In fact, you don't want to be buying services or payment apps that aren't on the list of approved service providers (Visa website) or PA-DSS list (PCI Council website). My first reaction was that the vendor should be taken to the PCI woodshed (or worse), and the store owner who bought the POS system with him. But on reflection, maybe we should reserve some blame for those bank acquirers and processors who have thus far failed miserably to get the word out to their small/medium merchants that they are at risk and that PCI really does apply to them, too. I see too much of this every day. Looks like it's going to be a pretty crowded woodshed. I, too, caught that article. I didn’t know whether to laugh or cry when I read it. The message for retail CIOs everywhere – and especially franchise operations – is that some pretty weak (i.e., junk) payment systems out there. You don’t want to be buying from the low priced provider; it will be too expensive. In fact, you don’t want to be buying services or payment apps that aren’t on the list of approved service providers (Visa website) or PA-DSS list (PCI Council website).

My first reaction was that the vendor should be taken to the PCI woodshed (or worse), and the store owner who bought the POS system with him. But on reflection, maybe we should reserve some blame for those bank acquirers and processors who have thus far failed miserably to get the word out to their small/medium merchants that they are at risk and that PCI really does apply to them, too. I see too much of this every day.

Looks like it’s going to be a pretty crowded woodshed.

]]>