What's new
By:
Car Wash Forum

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

PCI Compliance

C

CarBuff's

New member
Hello Fellow Carwasher's

Been lurking on this site for quite some time and thank you for the solid business insight many of you have shared.

I wanted to reach out and ask what steps you are taking to maintain PCI Compliance and secure your customers credit card information. In 2014 we did experience a data breach and I have to say... it ranked right up there with one of the worst business experiences I have endured.

Are any of you utilizing a third party computer security company to provide quarterly scans and assist in the PCI Compliance process? Have you taken out insurance policies to cover any data breaches?

Any input is much appreciated!
 
What was taken in the data breach? Full credit card numbers? How did they get the data?

My payment processor had some sort of noncompliance insurance for like $8.00 a month but I'd maybe change the way you handle credit cards so you don't need to store those credit card numbers at all or store them on a computer not accessible to the internet.
 
Last edited:
Overachiever said:
What was taken in the data breach? Full credit card numbers? How did they get the data?

My payment processor had some sort of noncompliance insurance for like $8.00 a month but I'd maybe change the way you handle credit cards so you don't need to store those credit card numbers at all or store them on a computer not accessible to the internet.
Click to expand...

Unfortunately, the full card numbers were taken and fraud was committed outside the U.S. Access was gained through an authorized third party support company.

We were not storing credit card information on sight and the card numbers were tokenized but, the malware was able to grab the card information the second the card was swiped. Our processor offers 100k of insurance for about $100 per year, the best $100 I ever spent. Unfortunately, at today's breach costs of $180 per exposure $100,000 is a drop in the bucket.
 
I’d be concerned with whose equipment I’m using. Whose equipment are you using? Who is the authorized third party support company?
 
CarBuff are you using the credit cards for monthly unlimited washes at a tunnel that get billed monthly? I know of another car wash company that recently was hacked that does this. The system was hacked a couple of processors above it so they ended up without having to pay penalties but I am sure the damage to the business still exists in the minds of its customers.
 
soapy said:
CarBuff are you using the credit cards for monthly unlimited washes at a tunnel that get billed monthly? I know of another car wash company that recently was hacked that does this. The system was hacked a couple of processors above it so they ended up without having to pay penalties but I am sure the damage to the business still exists in the minds of its customers.
Click to expand...

We are not using any unlimited plans with automatic recharges, just a typical full service wash, lube and detail shop. We were very lucky that we had no penalties, and did not take any hit on sales but... I am very concerned that this never happens again.
 
Although my business is different than carwash, I learned quite a lot on how to protect my business by visiting the PCI Security Standards Council's website.
 
*Update*
I took a few weeks, but my wash is now 100% PCI compliant. Working with Trustwave I found that I needed to buy a new router and readjust my firewall settings. I also had to flash a newer version of software onto my wireless access points. They now scan my system every month and I get a status report. I still don't have any readers that read the new embedded chips in cards but neither do about 80% off all retailers.
 
You must log in or register to reply here.
Back
Top