Quick, as a retailer, do you know what the acronym PCIDDS stands for? Not knowing could put you out of business.
It stands for Payment Card Industry Data Security Standards. Simsbury attorney Tegan Blackburn said too many retailers expose themselves to potentially disastrous financial results through their ignorance. “Usually the first time when they hear [the acronym] is when they have a problem,” she said in a recent interview. “If there’s a merchant who can’t tell me what PCIDDS is, they need to do their homework.”
PCIDDS is the basic agreement credit card companies like MasterCard, Visa and American Express have with retailers. Anybody who handles credit card transfers has to abide by the standards.
Credit card companies will notify retailers when it appears a serious breach in security has occurred. The retailers are then responsible for having a forensic investigation done on their computers at their own expense as part of their credit card processing agreement. The merchant then needs to have an information technology expert make improvements to their systems to prevent further problems. Plus, the credit card companies have fines built in their agreements, typically 60 pages long, starting at $5,000.
“The whole process can be a daunting nightmare,” Blackburn said. “For a lot of businesses it’s not a question of if but when this is going to happen.”
There’s a future complication that retailers need to consider. Suspected data breaches have to be reported to affected consumers. That sounds simple until one considers there are 48 different sets of state laws. What applies in Connecticut, for example, doesn’t in Massachusetts. A movement is underway to have a uniform, federal standard but until then, retailers need to meet the law of each state where they have customers: a huge problem for retailers selling on the Internet.
“If Google can get hacked, anybody can get hacked,” said Blackburn, who has represented retailers who had their customers’ credit card info hacked. “Criminals are creative individuals and are a step or two ahead of the technology. They know smaller merchants are going to have the most potential to harvest data.” She tells of one pet store, a company she did not represent, that didn’t even know a problem existed until a credit card company stopped accepting transactions without notice.
Retailers can protect themselves by encrypting data that is sent to the credit card companies. Currently, the standards only cover data that is stored by the retailer. PCIDDS does not apply to data in transit.
“They haven’t kept up with the technology and the criminal activity. Think of all the people you are going to protect if you have encryption on everything,” Blackburn said. “Anybody who has information fully encrypted is going to be better off.”
Encryption can’t end at a retailer’s desktop terminal. All mobile devices, such as laptops and smart phones, need to be encrypted. “If merchants are going to have any type of mobile technology, they need to pay attention to their whole network,” Blackburn added.
Once a suspected breach does occur, Blackburn, not surprisingly, recommends engaging the services of an attorney familiar with PCIDDS issues. Not getting the problem solved initially could lead to exposure to unfair trade practice lawsuits in each state where the retailer had a customer. “This is not something for [an attorney] to pick up and think they have time to learn the ropes,” she said.
Canton auto shop reboots
DentfixExpress LLC, formerly BodyParts LLC, has opened in Canton. It offers an economical, portable and efficient solution for removing dents, scratches and chips from vehicles. The company, which has been in business for 13 years, has changed its name and launched a new website, www.DentfixExpress.com, to reflect a shift from comprehensive reconditioning to paintless dent removal, and scratch and chip repair.
The business also is looking to expand into a new retail location in the Canton area as early as this coming fall, and will be hiring and training new technicians.
DentfixExpress, owner Steve Roberto said in a press release, evolved due to customer demand for a simple, convenient and affordable solution for fixing cosmetic damage that car owners or renters would normally ignore due to cost, inconvenience, insurance hassles and time constraints.
• • •
Burger empire nearing 100
Jake’s Wayback Burgers, which has franchising headquarters in Cheshire, announced that it opened five new franchises in August and has 13 under construction to add to its current total of 31 open locations. Jake’s Wayback Burgers is rapidly expanding, with over 100 newly expected franchises to be sold by 2011. It will open three new locations in Connecticut with a West Hartford restaurant opening in September followed by stores in Hamden and Stamford to follow.
“Jake’s Wayback Burgers is growing very quickly,” said Bill Chemero, executive vice president, Jake’s Franchising LLC. “We are now in 14 states and 82 stores have been sold, with many more under construction. The national expansion is well under way, with several stores opening soon on the West Coast.”
