Consumer Reports Issues Traveler’s Advisory to Choose Only PCI Complaint

Enterprises before Handing over Payment Information

For the last several years, Wesley Yuhn Chief Sales Officer at ACH Direct Processing DBA

ACHDP.com states consumers around the world have been providing credit card and other

payment information to various retailers, online entities and hotels without a second thought,

which brings us to their latest advisory issued in April 2014, “Are You Booked in a Hacker

Friendly Hotel?”

In 2012, Wyndham Hotel Group was charged

by the FTC for “failure to regulate deceptive

acts and practices involving data security

practices”. Wyndham Hotel Group operates

over 7,000 hotels and timeshares under various

names including Super 8, Ramada, Howard

Johnson’s, Knights Inn and Choice Hotels.

In addition, they operate several elite 5-Star

hotels such as Hilton Worldwide, Hyatt, Omni

Hotels & Resorts, Carlson Rezidor, and Marriot Vacations Worldwide Corp.The case is

currently still in litigation.

In August, Homeland Security issued a warning that more than 1,000 commercial entities have

been infected with malware coding that can gather payment authorization information while in

transit.

In addition to breaches at Target and Home Depot, Jimmy John’s payment structure has also

been compromised this past week. As with Target and Home Depot the breach was not detected

by their theft protection program and they did not use an offsite payment processing software

system that has already passed the PCI Compliance testing.

When Wesley Yuhn of Tampa, a top-rated specialist in secure payment software programs, was

asked if most programs are PCI Compliant, he responded, “I can’t answer for other companies

at this point. ACHDP LLC is compliant and continuously tests the compliant software and back

check those sites that use our program.”

According to Consumer Reports, identity theft prevention services are not adequate to prevent

fraudulent credit and/or debit card transactions from clearing a bank’s system if the passwords

are discovered by sniffer programs used by hackers.

Consumer Reports also suggests that every consumer ask the PCI DSS Compliant status of every

company that processes payments or requires credit, debit or check payment information even if

they do not use it immediately. Every business of every size is required to be PCI Compliant

ready by 2015.

For those who are not, the penalties are stiff---especially if the firm is a small business. Credit

card organizations may immediately issue fines starting at $10,000 for the first three-month

period of non-compliance, plus suspension of card acceptance by the business at fault. Accounts

suspended are placed on a Terminated Merchant File list – a blacklist – and will not be eligible to

obtain another account accepting virtual payments. In addition, such businesses are open to civil

suits by customers while the credit card company remains protected.

Accounting firms and specialists with an accounting degree are open to personal liability for any

breach of payment information occurring by any employee of the non-compliant company that

the professional works for.

Enterprises currently non-compliant have until 2015 to meet the PCI DSS 3.0 testing.