Point of Sale Archives - Page 5 of 8 - Payment Processing News

Category: Point of Sale

Sep
23
2014
September 23rd, 2014 by Elma Jane

Home Depot, US retail chain says that 56 million payment cards are at risk following a malware-laden cyber-attack on eftpos tills across its stores in the US and Canada.

The investigation into a possible breach began on September 2nd,Tuesday morning, immediately after Home Depot received reports from its banking partners and law enforcement that criminals may have breached its systems.

According to Home Depot’s security partners, the malware had not been seen previously in other attacks.
Criminals used unique, custom-built malware to evade detection. The cyber-attack is estimated to have put payment card information at risk for approximately 56 million unique payment cards, after lurking in the company’s eftpos tills for four months between April and September.

While the breach has been seen as a further proof-point in the US push to adopt Chip and PIN at the point-of-sale, the fact that the outbreak also hit the home improvement chain’s Canadian stores, where the EMV standard has been implemented, leaves pause for thought. Nonetheless, the retailer has committed to installing 85,000 PIN pads at its US outlets, well ahead of the national 2015 deadline.

Home Depot has set aside $65 million to cover the cost to investigate the data breach, provide credit monitoring services to its customers, increase call center staffing, and pay legal and professional services. Approximately $27 million of the projected outlay will be covered by the company’s insurance.

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , ,

Sep
10
2014
September 10th, 2014 by Elma Jane

Merchant go into business to make a sale. They go to great length to advertise their business and then they make a sale and don’t track it… They don’t track the very customer they went into business to attract…That seems crazy…But now more companies are embracing the practice of collecting email addresses at the point of sale (POS) and they’re doing so with increasing regularity. An example, when customers are at the cash register, many brick-and-mortar stores now offer to email them receipts 

Confidently collect email addresses at POS:
Your email service provider should be able to implement a text-to-join acquisition program for you that executes quickly and can be built specifically to mitigate the risks around POS data collection.

Instead of relying on sales associates to accurately input email addresses, your customers can use SMS to text their email addresses to your short code.

Customers receive an immediate SMS reply message letting them know to check their email for their receipt.

A mobile-optimized receipt is immediately emailed to the address.

This can be followed by an email inviting customers to join your company’s email program. Offering a purchase discount can increase opt-ins. New joiners can be sent an age verification email, if relevant.

Your welcome email, including discount coupon, is sent and the relationship starts off on the right foot.

Increasing your confidence about POS email address collection, a text-to-join program can increase your acquisition rates. It can engage those customers who prefer to provide their information privately via their mobile devices. It can help protect companies against potential blacklisting because of typos and confirmed opt-ins. It can even reduce overhead costs by saving sales associates valuable time. Understanding these important email address collection issues and adopting the prescribed best practices are critical to ensuring customers have a safe, positive and valuable experience with your company at the point of sale and beyond. 

Virtual Merchant can collect data too, and as a provider we can help merchant use that data. We are committed to providing appropriate protection for the information that is collected from customers who visit the website and use the Virtual Merchant payment system. Policy Privacy is updated from time to time.The website is provided to our customers as a business service and use of the site is limited to customers only.

If the merchant never makes a sale before 10 why do they open at 9 ?? This is only one small example on how collecting data first and then analyzing that data can shape businesses and find money you may be throwing away ….

 

 

 

 

Posted in Best Practices for Merchants, Mobile Point of Sale, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
10
2014
September 10th, 2014 by Elma Jane

If your businesses considering an iPad point-of-sale (POS) system, you may be up for a challenge. Not only can the plethora of providers be overwhelming, but you must also remember that not all iPad POS systems are created equal. iPad POS systems do more than process payments and complete transactions. They also offer advanced capabilities that streamline operations. For instance, they can eliminate manual data entry by integrating accounting software, customer databases and inventory counts in real time, as each transaction occurs. With these systems, you get 24/7 access to sales data without having to be in the store. The challenge, however, is knowing which provider and set of features offer the best iPad POS solution for your business. iPad POS systems vary in functionality far more than the traditional POS solutions and are often targeted at specific verticals rather than the entire market. For that reason, it’s especially important to compare features between systems to ultimately select the right system for your business.

To help you choose a provider, here are things to look for in an iPad POS system.

Backend capabilities

One of the biggest benefits of an iPad POS system is that it offers advanced features that can streamline your entire operations. These include backend processes, such as inventory tracking, data analysis and reporting, and social media integration. As a small business, two of the most important time saving and productivity-boosting features to look for are customer relationship management (CRM) capabilities and connectivity to other sales channels. You’ll want an iPad POS that has robust CRM and a customizable customer loyalty program. It should tell you which products are most and least frequently purchased by specific customers at various store locations. It should also be able to identify the frequent VIP shoppers from the less frequent ones at any one of your store locations, creating the ultimate customer loyalty program for the small business owner. If you own an online store or use a mobile app to sell your products and services, your iPad POS software should also be able to integrate those online platforms with in-store sales. Not only will this provide an automated, centralized sales database, but it can also help increase total sales. You should be able to sell effortlessly through online, mobile and in-store channels. Why should your customers be limited to the people who walk by your store? Your iPad POS should be able to help you sell your products through more channels, online and on mobile. E-commerce and mobile commerce (mCommerce) aren’t just for big box retailers.

Cloud-based

The functions of an iPad POS solution don’t necessarily have to stop in-store. If you want to have anytime, anywhere access to your POS system, you can use one of the many providers with advanced features that give business owners visibility over their stores, its records and backend processes using the cloud. The best tablet-based POS systems operate on a cloud and allow you to operate it from any location you want. An iPad POS provider, with a cloud-based iPad POS system, businesses can keep tabs on stores in real time using any device, as well as automatically back up data. This gives business owners access to the system on their desktops, tablets or smartphones, even when not inside their stores. Using a cloud-based system also protects all the data that’s stored in your point of sale so you don’t have to worry about losing your data or, even worse, getting it stolen. Because the cloud plays such a significant role, businesses should also look into the kind of cloud service an iPad POS provider uses. In other words, is the system a cloud solution capable of expanding, or is it an app on the iPad that is not dependent on the Internet? Who is the cloud vendor? Is it a premium vendor? The type of cloud a provider uses can give you an idea about its reliability and the functions the provider will offer.

Downtime and technical support

As a small business, you need an iPad POS provider that has your back when something goes wrong. There are two types of customer support to look for: Downtime support and technical support.

iPad POS systems are often cheaper and simpler than traditional systems, but that doesn’t mean you can ignore the product support needs. The POS is a key element of your business and any downtime will likely result in significant revenue loss. You could, for instance, experience costly downtime when you lose Internet connectivity. iPad POS systems primarily rely on the Web to perform their core functions, but this doesn’t mean that when the Internet goes down, your business has to go down, too. Many providers offer offline support to keep your business going, such as Always on Mode. The Always on Mode setting enables your business to continue running even in the event of an Internet outage. Otherwise, your business will lose money during a loss of connectivity. Downtime can also happen due to technical problems within the hardware or software. Most iPad POS providers boast of providing excellent tech support, but you never really know what type of customer service you’ll actually receive until a problem occurs.

Test the friendliness of customer service reps by calling or emailing the provider with questions and concerns before signing any contracts. This way, you can see how helpful their responses are before you purchase their solution. Your POS is the most important device in your store. It’s essentially the gateway to all your transactions, customer data and inventory. If anything happens to it, you’ll need to be comfortable knowing that someone is there to answer your questions and guide you through everything.

Grows with your business

All growing businesses need tech solutions that can grow right along with them. Not all iPad POS systems are scalable, so look for a provider that makes it easy to add on more terminals and employees as your business expands. Pay attention to how the software handles growth in sales and in personnel. As a business grows, so does it sales volume and the required software capabilities. Some iPad POS solutions are designed for very small businesses, offering very limited features and transactions. If you have plans for growth, look for a provider that can handle the changes in transactions your business will be going through. Find out about features and customization. Does the system do what you want it to do? Can it handle large volume? How much volume? What modules can you add, and how do you interface to third parties? You should also consider the impacts of physical expansion and adding on new equipment and employees. If there are plans in the future for you to open another store location, you’ll need to make sure that your point of sale has the capabilities of actually handling another store location without adding more work for you. If you plan on hiring more employees for your store, you’ll also want to know that the solution you choose can easily be learned, so onboarding new staff won’t take up too much of your time.

Security

POS cyber attacks have risen dramatically over the past couple of years, making it more critical than ever to protect your business. Otherwise, it’s not just your business information at risk, but also your reputation and entire operations. iPad POS system security is a bit tricky, however. Unlike credit card swipers and mobile credit card readers that have long-established security standards namely, Payment Card Industry (PCI) compliance — the criteria for the iPad hardware itself as a POS terminal aren’t quite so clear-cut. Since iPads cannot be certified as PCI compliant, merchants must utilize a point-to-point encryption system that leaves the iPad out of scope. This means treating the iPad as its own system, which includes making sure it doesn’t save credit-card information or sensitive data on the iPad itself. To stay protected, look for PCI-certified, encrypted card swipers.

 

 

Posted in Best Practices for Merchants, Mobile Point of Sale, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
04
2014
September 4th, 2014 by Elma Jane

The move to mobile point of sale (mobile POS) is radically changing the face of customer interactions and payments, as both customers and merchants grow increasingly comfortable with the concept of mobile payments. In the current, crowded marketplace most mobile payment solutions are not compatible with each other. Instead of unifying the payment experience they create islands separated by technology or usage that are tailored to individual providers in the market. Multiple devices are currently needed in-store to process different payment types and the challenge is how they can make payments unified in such a way that only one device is needed in store.

The use of cash by customers also adds a level of complication to the mobile POS story. The removal of IDM terminals, removal of customer queues and ability for customers to simply walk up and pay an assistant or to leave a store and have their bank card automatically debited certainly suits the expectations of customers today, however a large number of customers still use traditional cash methods to pay for goods and services. A number of stores that have gone down the route of implementing mobile POS now have a problem dealing with cash because the wandering shop assistants and personal shoppers can only accept card or web-based payment options. The future for mobile POS has potential to be bright, a dominant player will have to emerge in the market. This will break down the technology barriers and usage barriers between different players. The success to mobile POS lies in the payment process being truly unified with one device in one place and very seamless workflow. This will be very complicated thing to achieve, there have been a lot of attempts and a lot of false starts in the history of mobile POS. MPOS will be the future. Five years from now people will be amazed that they did transactions with landlines. NO child will ever see a telephone with a cord attached. Never a popcorn on top of the stove since we developed microwave ovens. Technology changes, and we are slow to adopt new stuff. Once we change we don’t know how we did without it.

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , ,

Aug
28
2014
August 28th, 2014 by Elma Jane

Merchants are still using pedestrian passwords that crooks can easily break, security company Trustwave has found. Of the nearly 630,000 stored passwords that Trustwave obtained during penetration tests in the past two years, its technicians were able to crack more than half in just a few minutes and 92% within 31 days. Even though adding new information about weak passwords or ongoing malware investigations gets frustrating because the same problems facing the financial and payments industries persist, it does not surprise Trustwave researchers. For a lot of software or hardware developers, their main concern is availability of the service. They want to make sure their POS is available and running to accept credit cards, often at the cost of a lot of security controls. It is difficult to implement security and to do it correctly.

Trustwave recommends longer passwords with more characters, rather than shorter ones with letters and numbers. A longer password that is a phrase not easily figured out is better than a shorter, complex password. These findings have been added to an online version of the 2014 Trustwave Global Security Report. To accommodate the fast changing nature of security threats, Trustwave is regularly updating its research and making the information available to consumers and payments industry stakeholders on the company’s site. The criminals stealing data are a constantly moving target. It no longer made sense for those interested in our research to have to wait a year to see new statistics. Having access to updated security reporting should be helpful to merchants. They can see how trends are tracking over time, instead of constantly having to go online to see what is relevant to them or rely on the trade groups to keep them informed. This provides one switch to keep them in the know, so there is some value there and it’s a smart move on Trustwave’s part. Since the new Payment Card Industry security requirements call for security measures to be embedded in software development lifecycles, there is some utility in Trustwave’s new approach to sharing research information.

Trustwave said the trend of businesses detecting breaches continues to rise, with 29% of businesses doing so in 2013 compared to only 9% in 2009. Trustwave compiled that data from 691 post-breach forensics investigations conducted in 2013. The report also indicated e-commerce breaches are increasing, with 54% of all breaches targeting e-commerce sites in 2013, compared to only 9% in 2010. More regions, including the U.S., being in various stages of converting to EMV chip-based cards for card-present transactions fuels the criminals’ shift to e-commerce fraud. Additionally, the company is working with law enforcement officials after discovering a control center of eight servers behind what is being called Magnitude, an exploit kit of Russian origin that has led to thousands of attacks and millions of attempted malware attacks globally.

Posted in Best Practices for Merchants, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
27
2014
August 27th, 2014 by Elma Jane

Backoff malware that has attacked point of sale systems at hundreds of businesses may accelerate adoption of EMV chip and PIN cards and two-factor authentication as merchants look for ways to soften the next attack. Chip and PIN are a big thing, because it greatly diminishes the value of the information that can be trapped by this malware, said Trustwave, a security company that estimates about 600 businesses have been victims of the new malware. The malware uses infected websites to infiltrate the computing devices that host point of sale systems or are used to make payments, such as PCs, tablets and smartphones. Merchants can install software that monitors their payments systems for intrusions, but the thing is you can’t just have anti-virus programs and think you are safe. Credit card data is particularly vulnerable because the malware can steal data directly from the magnetic stripe or keystrokes used to make card payments.

The point of sale system is low-hanging fruit because a lot of businesses don’t own their own POS system. They rent them, or a small business may hire a third party to implement their own point of sale system. The Payment Card Industry Security Standards Council issued new guidance this month to address security for outsourced digital payments. EMV-chip cards, which are designed to deter counterfeiting, would gut the value of any stolen data. With this magnetic stripe data, the crooks can clone the card and sell it on the black market. With chip and PIN, the data changes for each transaction, so each transaction is unique. Even if the malware grabs the data, there not a lot the crooks can do with it. The EMV transition in the U.S. has recently accelerated, driven in part by recent highprofile data breaches. Even with that momentum, the U.S. may still take longer than the card networks’ October 2015 deadline to fully shift to chip-card acceptance.

EMV does not by itself mitigate the threat of breaches. Two-factor authentication, or the use of a second channel or computing device to authorize a transaction, will likely share in the boost in investment stemming from data security concerns. The continued compromise of point of sale merchants through a variety of vectors, including malware such as Backoff, will motivate the implementation among merchants of stronger authentication to prevent unauthorized access to card data.

Backoff has garnered a lot of attention, including a warning from the U.S. government, but it’s not the only malware targeting payment card data. It is not the types of threats which are new, but rather the frequency with which they are occurring which has put merchants on their heels. There is also an acute need to educate small merchants on both the threats and respective mitigation techniques.. The heightened alert over data vulnerability should boost the card networks’ plans to replace account numbers with substitute tokens to protect digital payments. Tokens would not necessarily stop crooks from infiltrating point of sale systems, but like EMV technology, they would limit the value of the stolen data. There are two sides to the equation, the issuers and the merchants. To the extent we see both sides adopt tokenization, you will see fewer breaches and they will be less severe because the crooks will be getting a token instead of card data.

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
07
2014
August 7th, 2014 by Elma Jane

8706521946_cfbc9e0e6f_o

Recent high-profile cyberattacks at retail giants like Target and Neiman Marcus have highlighted the importance of protecting your business against point-of-sale (POS) security breaches. Often, the smallest merchants are the most vulnerable to these types of cyberthreats. The latest of these POS attacks is known as Backoff, a malware with such brute force that the U.S. Department of Homeland Security (DHS) has gotten involved. The DHS recently released a 10-page advisory that warns retailers about the dangers of Backoff and tells them how they can protect their systems. Backoff and its variants are virtually undetectable low to zero percent by most antivirus software, thus making it more critical for retailers to make sure their networks and POS systems are secure.

How Backoff works

Backoff infiltrates merchant computer systems by exploiting remote desktop applications, such as Microsoft’s Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2 and LogMeIn, among others. Attackers then use these vulnerabilities to gain administrator and privileged access to retailer networks. Using these compromised accounts, attackers are able to launch and execute the Backoff malware on POS systems. The malware then makes its way into computer and network systems, gathers information and then sends the stolen data to cybercriminals. The advisory warns that Backoff has four capabilities that enable it to steal consumer credit card information and other sensitive data: scraping POS and computer memory, logging keystrokes, Command & Control (C2) communication, and injecting the malware into explorer.exe. Although Backoff is a newly detected malware, forensic investigations show that Backoff and its variants have already struck retailers three times since 2013, the advisory revealed. Its known variants include goo, MAY, net  and LAST.

Prevent a Backoff attack

To mitigate and prevent Backoff malware attacks, the DHS’ recommendations include the following:

Configure network security. Reevaluate IP restrictions and allowances, isolate payment networks from other networks, use data leakage and compromised account detection tools, and review unauthorized traffic rules.

Control remote desktop access. Limit the number of users and administrative privileges, require complex passwords and two-factor authentication, and automatically lock out users after inactivity and failed login attempts.

Implement an incident response system. Use a Security Information and Event Management (SIEM) system to aggregate and analyze events and have an established incident response team. All logged events should also be stored in a secure, dedicated server that cannot be accessed or altered by unauthorized users.

Manage cash register and POS security. Use hardware-based point-to-point encryption, use only compliant applications and systems, stay up-to-date with the latest security patches, log all events and require two-factor authentication.

 

Posted in Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Jun
05
2014
June 5th, 2014 by Elma Jane

The days of salespeople peddling point of sale terminals by simply pulling hardware out of a box are numbered. That model is being replaced by integrated payments from software developers who add payment capabilities to applications that run at the point of sale, in the back office or on mobile devices.

Integrated payments are becoming common in the restaurant industry, where systems are developed to combine payment acceptance with the ability to manage orders, tables and food delivery. As integrated payments become more common, companies working in the payments industry will seek ways to offer marketing analytics. You tie that type of data to the payment mechanism and you can learn more about your business and your customers.

There is a place in the ecosystem for traditional payment acceptance, but today, when a retailer shops for a point of sale terminal or other business solutions, they expect payments to be part of the integrated bundle. Many of these systems are now delivered in a software-as-a-service model or through tablets, making them cost-effective for businesses of any size.

Integrated commerce includes mobile acceptance, offers, coupons and loyalty. It enables a merchant to buy a point of sale system for the physical store, website and mobile environment at the same time. Then the merchant can send out offers and begin running a loyalty program, while accepting NFC transactions all at once. Merchants can also review transactions from all channels directly from their offices to monitor against data breaches. With those integrated services becoming more readily available for merchants, it is not surprising that the topic comes up when executives discuss their company’s goals.

Relationships with merchants through integrated payments tend to be sticky because it is an embedded solution. You tend to get better pricing because it’s not necessarily an acquiring decision but a POS software/hardware decision and acquiring is part of that package. Payments as a service will be an important global product, selling a terminal now means selling data security, warranty and service, and numerous merchant tools.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
29
2014
May 29th, 2014 by Elma Jane

A point-of-sale facial recognition system that uses NFC to help combat card fraud has been created during a recent company hack-a-thon, together with a group of engineers and designers from Logic PD. Hackathon was an opportunity for experts to explore the possibilities of useful solutions to today’s challenges, with the recent significant breaches in security at leading retailers, the need for this type of solution is particularly meaningful.

The solution, is a multi-modal security platform for card purchases, uses NFC authentication combined with camera imaging to protect users. When users make a mobile payment at the point of sale, the kiosk snaps a picture of the purchaser. This image can be incorporated via the cloud into the user’s digital transactional record, which was stored and distributed via SeeControl in this example, allowing users to identify who made each purchase, and easily identify those that are fraudulent even before banks and financial institutions.

Posted in Credit Card Security, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , ,

May
12
2014
May 12th, 2014 by Elma Jane

New iPhone and VeriFone-made shell combination that can accept chip and PIN card payments. Apple’s revamp in its in-store mPOS system

In 2009, Apple introduced its EasyPay mPOS technology. It consists of an iPod Touch and a shell made by Infinite Peripherals that includes a card swiper and a barcode scanner.

As first reported by 9to5mac,the iPod is now being replaced by an iPhone while VeriFone is being brought in to provide a new shell which will cater for chip and PIN payments as the US finally gets ready for the switch to EMV. The shell also has a spot above the PIN pad that opens the way for NFC contactless payments, according to Forbes. Apple has long been expected to equip the iPhone with NFC but has so far ignored the technology.

Separately, mPOS giant Square has ditched its Wallet app, pulling it from the Google and Apple stores. The app has failed to take off since its launch in 2011, despite the support of Starbucks. It has been replaced by Square Orders, which lets users order and pay ahead at participating merchants and then pick up their goods when they are ready.

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

← Previous Article
Next Articles »