PCI: Small Businesses Need Stronger Payment Passwords

Password123, Admin, Computer1: While these passwords may be easy for staffers to remember, they also make easy targets for hackers.

And yet all too many small businesses use passwords like these, says Bob Russo, the general manager for the PCI Security Standards Council. As a result, PCI launched a new initiative Thursday called Passwords 4 Payments, designed to educate small-business owners on the importance of strong passwords – especially those used for point-of-sale devices.

Fifty percent of businesses still use easily guessed passwords, according to the Trustwave 2013 Global Security Report. And PCI points to a 2013 report by Verizon which found that guessing, cracking or reusing valid credentials like passwords led to 80% of the data breaches that involved hacking.

“At a restaurant, the touch-screen [point-of-sale device] sends out orders, keeps track of inventory and processes credit-card information,” says Russo. If the passwords for these devices and the related applications aren’t strong, Russo says hackers can easily gain access to thousands of customers’ data.

“These breaches are the merchant’s responsibility,” says Russo.

The first and most important step, says Russo, is to make sure your business is not using the “default” password that was created when the point-of-sale system was installed.

Next, Russo suggests businesses use “pass-phrases” – a string of nouns or an actual phrase – rather than a simple password, which is easier to crack. He also advises business owners to include capitalization and numbers, to make the password even more hacker-proof.

More information on the Passwords 4 Payments initiative can be found online at PCI’s website.