Because we offer credit card processing for small businesses, we keep up with the latest strategies in information security, such as tokenization and P2P encryption. We’re in a climate of, for lack of a better term, information warfare, in so many ways. Thus, safeguarding the sensitive information of our merchants and partners is of the utmost importance.
So when we read a recent news item about printer giant Hewlett-Packard and its latest initiative, we thought it was pure genius. HP is offering a bounty of up to $10,000 to anyone who can find vulnerabilities in their printers.
We love it. In doing so, HP is in a can’t lose situation:
- Among the qualities businesses and consumers look for in printers is security. HP is showing the utmost confidence in its products — daring hackers to penetrate their printers to find sensitive data.
- Additionally, HP is announcing to the world that it will stop at nothing to secure its printers by fostering crowd-sourced penetration testing.
HP’s offer works like this:
It has hired a third party security firm Bugcrowd, to which all cases of vulnerabilities are reported. Bugcrowd will verify the legitimacy of the vulnerabilities. If any of the vulnerabilities are justified, the originator will receive a financial reward of up to $10,000.
Allow us to set our collective imagination free…
A solution to warding off hackers: Hire one
We’re sure major companies don’t discuss it publicly, but we confidently say that many actually recruit and hire hackers for penetration testing, actually recruit them to use their ‘talent’ from the ‘dark side’ to legitimacy. We once met a colleague at a trade show in the U.K., who was a career hacker for an eastern European hacking group, but was hired by a major bank for that very reason: constant penetration testing.
We have no clue about if this is ambition of HP’s initiative. If it is to lure hackers from the dark side, it won’t be at a loss for candidates.
The challenge with small businesses
One of the big challenges in credit card processing for small businesses is the affordability of proper security measures to safeguard customer data. There are many effective security measures available — 3D secure transactions, PCI Compliance, outsourcing a payment platform — but not nearly every small business merchant can afford such measures. We fully believe there is a market for hackers to legitimately test the security measures of small businesses, particularly those that process credit cards online.
Why printers are attractive to hackers
Back in 2010, CBS News reported on a warehouse in New Jersey that was storing more than 6,000 used printers for resale. One of the printers was once used by a police department in western New York, its hard drive full of highly sensitive data, which a security consultant was able to extract within 30 minutes. Other printers had stored information that included pay stubs, medical records and social security numbers.
From clicking ‘PRINT’ to picking up the document off the printer tray, there is quite a bit that happens in between and sensitive information transmitted in the process. Think about what a printer does — translates messages from computers, scans documents, stores images and keeps them on file. Every printer has a ‘memory’ function that enables users to reprint documents they might have misplaced.
Credit card processing for small businesses has come a long way, but many merchants still print out full size receipts (one merchant that comes to mind is my local auto parts store). There is sensitive information in every transaction. Additionally, we know quite a few ‘old school’ merchants, who prefer to print and file information, rather than store them digitally.
How it affects credit card processing for small businesses
Since 2013, we’ve heard about countless major breaches: Equifax, Target, Home Depot…far too many to list in this blog. However, that is our very point: We hear about the large retailers that are hacked, but not the small businesses. More than 80 percent of businesses that suffer breaches are small businesses. And it’s online businesses that are the most attractive.
Why do hackers go for small businesses?
When offering credit card processing for small businesses, there is a degree of risk involved. Many small businesses operate on tight budgets, with minimal security measures. Some are easy targets. There may not be much to gain for a hacker by targeting small businesses, but it’s all about quantity: hitting one and moving on to the next.
Attention small business merchants
What security measures do you have in place? We’d love to know, so leave us a comment below.
For the best credit card processing for small businesses, Instabill offers online and storefront credit card acceptance solutions. We can also offer guidance on choosing the best IT firms to safeguard your transactions and information.
We’re always ready for a conversation at 1-800-530-2444.