What's new

PCI Compliance

CarBuff's

New member
Joined
Oct 6, 2008
Messages
16
Reaction score
0
Points
1
Location
Central Wisconsin
Hello Fellow Carwasher's

Been lurking on this site for quite some time and thank you for the solid business insight many of you have shared.

I wanted to reach out and ask what steps you are taking to maintain PCI Compliance and secure your customers credit card information. In 2014 we did experience a data breach and I have to say... it ranked right up there with one of the worst business experiences I have endured.

Are any of you utilizing a third party computer security company to provide quarterly scans and assist in the PCI Compliance process? Have you taken out insurance policies to cover any data breaches?

Any input is much appreciated!
 

Overachiever

Active member
Joined
Feb 26, 2014
Messages
343
Reaction score
92
Points
28
Location
IL
What was taken in the data breach? Full credit card numbers? How did they get the data?

My payment processor had some sort of noncompliance insurance for like $8.00 a month but I'd maybe change the way you handle credit cards so you don't need to store those credit card numbers at all or store them on a computer not accessible to the internet.
 
Last edited:

CarBuff's

New member
Joined
Oct 6, 2008
Messages
16
Reaction score
0
Points
1
Location
Central Wisconsin
What was taken in the data breach? Full credit card numbers? How did they get the data?

My payment processor had some sort of noncompliance insurance for like $8.00 a month but I'd maybe change the way you handle credit cards so you don't need to store those credit card numbers at all or store them on a computer not accessible to the internet.
Unfortunately, the full card numbers were taken and fraud was committed outside the U.S. Access was gained through an authorized third party support company.

We were not storing credit card information on sight and the card numbers were tokenized but, the malware was able to grab the card information the second the card was swiped. Our processor offers 100k of insurance for about $100 per year, the best $100 I ever spent. Unfortunately, at today's breach costs of $180 per exposure $100,000 is a drop in the bucket.
 

Randy

Well-known member
Joined
Sep 5, 2007
Messages
5,858
Reaction score
2,208
Points
113
I’d be concerned with whose equipment I’m using. Whose equipment are you using? Who is the authorized third party support company?
 

soapy

Senior Member
Joined
Sep 1, 2007
Messages
2,894
Reaction score
855
Points
113
Location
Rocky Mountains
CarBuff are you using the credit cards for monthly unlimited washes at a tunnel that get billed monthly? I know of another car wash company that recently was hacked that does this. The system was hacked a couple of processors above it so they ended up without having to pay penalties but I am sure the damage to the business still exists in the minds of its customers.
 

CarBuff's

New member
Joined
Oct 6, 2008
Messages
16
Reaction score
0
Points
1
Location
Central Wisconsin
CarBuff are you using the credit cards for monthly unlimited washes at a tunnel that get billed monthly? I know of another car wash company that recently was hacked that does this. The system was hacked a couple of processors above it so they ended up without having to pay penalties but I am sure the damage to the business still exists in the minds of its customers.
We are not using any unlimited plans with automatic recharges, just a typical full service wash, lube and detail shop. We were very lucky that we had no penalties, and did not take any hit on sales but... I am very concerned that this never happens again.
 

robert roman

Bob Roman
Joined
Sep 11, 2007
Messages
2,200
Reaction score
3
Points
36
Location
Clearwater, Florida
Although my business is different than carwash, I learned quite a lot on how to protect my business by visiting the PCI Security Standards Council's website.
 

soapy

Senior Member
Joined
Sep 1, 2007
Messages
2,894
Reaction score
855
Points
113
Location
Rocky Mountains
Tsys uses trustwave for Pci compliance and have been very easy to work with.
 

Washmee

Fullservice Tunnel
Joined
Sep 3, 2007
Messages
973
Reaction score
2
Points
18
Location
Canton, Ohio
*Update*
I took a few weeks, but my wash is now 100% PCI compliant. Working with Trustwave I found that I needed to buy a new router and readjust my firewall settings. I also had to flash a newer version of software onto my wireless access points. They now scan my system every month and I get a status report. I still don't have any readers that read the new embedded chips in cards but neither do about 80% off all retailers.
 
Etowah
Top