data Archives - Page 8 of 12 - Payment Processing News
Sep
10
2014
September 10th, 2014 by Elma Jane

If your businesses considering an iPad point-of-sale (POS) system, you may be up for a challenge. Not only can the plethora of providers be overwhelming, but you must also remember that not all iPad POS systems are created equal. iPad POS systems do more than process payments and complete transactions. They also offer advanced capabilities that streamline operations. For instance, they can eliminate manual data entry by integrating accounting software, customer databases and inventory counts in real time, as each transaction occurs. With these systems, you get 24/7 access to sales data without having to be in the store. The challenge, however, is knowing which provider and set of features offer the best iPad POS solution for your business. iPad POS systems vary in functionality far more than the traditional POS solutions and are often targeted at specific verticals rather than the entire market. For that reason, it’s especially important to compare features between systems to ultimately select the right system for your business.

To help you choose a provider, here are things to look for in an iPad POS system.

Backend capabilities

One of the biggest benefits of an iPad POS system is that it offers advanced features that can streamline your entire operations. These include backend processes, such as inventory tracking, data analysis and reporting, and social media integration. As a small business, two of the most important time saving and productivity-boosting features to look for are customer relationship management (CRM) capabilities and connectivity to other sales channels. You’ll want an iPad POS that has robust CRM and a customizable customer loyalty program. It should tell you which products are most and least frequently purchased by specific customers at various store locations. It should also be able to identify the frequent VIP shoppers from the less frequent ones at any one of your store locations, creating the ultimate customer loyalty program for the small business owner. If you own an online store or use a mobile app to sell your products and services, your iPad POS software should also be able to integrate those online platforms with in-store sales. Not only will this provide an automated, centralized sales database, but it can also help increase total sales. You should be able to sell effortlessly through online, mobile and in-store channels. Why should your customers be limited to the people who walk by your store? Your iPad POS should be able to help you sell your products through more channels, online and on mobile. E-commerce and mobile commerce (mCommerce) aren’t just for big box retailers.

Cloud-based

The functions of an iPad POS solution don’t necessarily have to stop in-store. If you want to have anytime, anywhere access to your POS system, you can use one of the many providers with advanced features that give business owners visibility over their stores, its records and backend processes using the cloud. The best tablet-based POS systems operate on a cloud and allow you to operate it from any location you want. An iPad POS provider, with a cloud-based iPad POS system, businesses can keep tabs on stores in real time using any device, as well as automatically back up data. This gives business owners access to the system on their desktops, tablets or smartphones, even when not inside their stores. Using a cloud-based system also protects all the data that’s stored in your point of sale so you don’t have to worry about losing your data or, even worse, getting it stolen. Because the cloud plays such a significant role, businesses should also look into the kind of cloud service an iPad POS provider uses. In other words, is the system a cloud solution capable of expanding, or is it an app on the iPad that is not dependent on the Internet? Who is the cloud vendor? Is it a premium vendor? The type of cloud a provider uses can give you an idea about its reliability and the functions the provider will offer.

Downtime and technical support

As a small business, you need an iPad POS provider that has your back when something goes wrong. There are two types of customer support to look for: Downtime support and technical support.

iPad POS systems are often cheaper and simpler than traditional systems, but that doesn’t mean you can ignore the product support needs. The POS is a key element of your business and any downtime will likely result in significant revenue loss. You could, for instance, experience costly downtime when you lose Internet connectivity. iPad POS systems primarily rely on the Web to perform their core functions, but this doesn’t mean that when the Internet goes down, your business has to go down, too. Many providers offer offline support to keep your business going, such as Always on Mode. The Always on Mode setting enables your business to continue running even in the event of an Internet outage. Otherwise, your business will lose money during a loss of connectivity. Downtime can also happen due to technical problems within the hardware or software. Most iPad POS providers boast of providing excellent tech support, but you never really know what type of customer service you’ll actually receive until a problem occurs.

Test the friendliness of customer service reps by calling or emailing the provider with questions and concerns before signing any contracts. This way, you can see how helpful their responses are before you purchase their solution. Your POS is the most important device in your store. It’s essentially the gateway to all your transactions, customer data and inventory. If anything happens to it, you’ll need to be comfortable knowing that someone is there to answer your questions and guide you through everything.

Grows with your business

All growing businesses need tech solutions that can grow right along with them. Not all iPad POS systems are scalable, so look for a provider that makes it easy to add on more terminals and employees as your business expands. Pay attention to how the software handles growth in sales and in personnel. As a business grows, so does it sales volume and the required software capabilities. Some iPad POS solutions are designed for very small businesses, offering very limited features and transactions. If you have plans for growth, look for a provider that can handle the changes in transactions your business will be going through. Find out about features and customization. Does the system do what you want it to do? Can it handle large volume? How much volume? What modules can you add, and how do you interface to third parties? You should also consider the impacts of physical expansion and adding on new equipment and employees. If there are plans in the future for you to open another store location, you’ll need to make sure that your point of sale has the capabilities of actually handling another store location without adding more work for you. If you plan on hiring more employees for your store, you’ll also want to know that the solution you choose can easily be learned, so onboarding new staff won’t take up too much of your time.

Security

POS cyber attacks have risen dramatically over the past couple of years, making it more critical than ever to protect your business. Otherwise, it’s not just your business information at risk, but also your reputation and entire operations. iPad POS system security is a bit tricky, however. Unlike credit card swipers and mobile credit card readers that have long-established security standards namely, Payment Card Industry (PCI) compliance — the criteria for the iPad hardware itself as a POS terminal aren’t quite so clear-cut. Since iPads cannot be certified as PCI compliant, merchants must utilize a point-to-point encryption system that leaves the iPad out of scope. This means treating the iPad as its own system, which includes making sure it doesn’t save credit-card information or sensitive data on the iPad itself. To stay protected, look for PCI-certified, encrypted card swipers.

 

 

Posted in Best Practices for Merchants, Mobile Point of Sale, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
09
2014
September 9th, 2014 by Elma Jane

The use of customer data can help you make smarter decisions that can improve your store, enhance the shopper experience, and increase conversions. When used incorrectly, however, data can waste resources and alienate your visitors.

Ways that ecommerce merchants commonly misuse data.

Collecting Unnecessary Data

Big Data analytics and reporting tools can put a lot of information in your hands, but that doesn’t mean you should collect and track every single metric. Don’t waste space and bandwidth collecting information that is not essential in your business. Unnecessary data can create noise that slows down the analytics process. Gathering and analyzing information you don’t need can distract you from the metrics that matter. Collecting too much data can create security headaches. The best defense against breaches is to not have data to steal. If you don’t need it, don’t collect it.

Determine your store’s key performance indicators before collecting any information. A good way of doing this is to examine each metric and ask yourself whether it’s just  nice to know or is something that you can actually act on. While it may be nice to know that a particular customer has a high Klout Score, that metric probably won’t do anything for your bottom line. It’s better to not bother with it. Key metrics vary from one business to the next. For most ecommerce sites, the important metrics usually include conversion rate, traffic sources, and on-site browsing activities.

Creeping-out Shoppers

Most retailers do this inadvertently when they’re trying to customize the shopper experience. A certain amount of personalization can provide value and convenience to users, but you also have to draw the line between cool personalization and creepy. Sending emails with tailored product recommendations is a good way to increase conversions. But you have to be careful with how you execute it, so that you don’t appear too intrusive. The same goes for remarketing banner ads.

Ignoring Qualitative Information

Numbers can produce many insights, but focusing solely on that data can create an incomplete view of your company. Best data strategies make use of both quantitative and qualitative information. Go beyond the numbers to get the pulse of your customers by collecting feedback through social interactions, customer service logs, surveys with open-ended questions and more. Qualitative information can complement and validate the hard numbers.

Using Data to Justify a Decision or Hypothesis

When it comes to data collection, many merchants fall into the confirmation bias trap, wherein they interpret the information to confirm their existing beliefs or to justify their decisions. Using data this way causes you to ignore information or results that aren’t in line with your beliefs and could result in you missing opportunities. Say a company has so much faith in its new marketing strategy that when website traffic improves, the staff deems the campaign a success without looking at the conversion or retention rates. If the staff had ignored initial biases and looked at the big picture instead, they could have identified flaws and found ways to correct them. The key to addressing this is to have an open mind when interpreting information. This can be difficult, especially when you’re too close to your business. Consider a third-party specialist who can remain objective, to help make the right decisions.

 

Posted in Best Practices for Merchants, e-commerce & m-commerce Tagged with: , , , , , , , , , , , , , , ,

Sep
05
2014
September 5th, 2014 by Elma Jane

Businesses are rapidly adopting a third-party operations model that can put payment data at risk. Today, the PCI Security Standards Council, an open global forum for the development of payment card security standards, published guidance to help organizations and their business partners reduce this risk by better understanding their respective roles in securing card data. Developed by a PCI Special Interest Group (SIG) including merchants, banks and third-party service providers, the information supplement provides recommendations for meeting PCI Data Security Standard (PCI DSS) requirement 12.8 to ensure payment data and systems entrusted to third parties are maintained in a secure and compliant manner.

Breach reports continue to highlight security vulnerabilities introduced by third parties as a leading cause of data compromise. The leading mistake organizations make when entrusting sensitive and confidential consumer information to third-party vendors is not applying the same level of rigor to information security in vendor networks as they do in their own. Per PCI DSS Requirement 12.8, if a merchant or entity shares cardholder data with a third- party service provider, certain requirements apply to ensure continued protection of this data will be enforced by such providers. The Third-Party Security Assurance Information Supplement focuses on helping organizations and their business partners achieve this by implementing a robust third-party assurance program.

Produced with the expertise and real-world experience of more than 160 organizations involved in the Special Interest Group, the guidance includes practical recommendations on how to:

Conduct due diligence and risk assessment when engaging third party service providers to help organizations understand the services provided and how PCI DSS requirements will be met for those services.

Develop appropriate agreements, policies and procedures with third-party service providers that include considerations for the most common issues that arise in this type of relationship. 

Implement a consistent process for engaging third-parties that includes setting expectations, establishing a communication plan, and mapping third-party services and responsibilities to applicable PCI DSS requirements.

Implement an ongoing process for maintaining and managing third-party relationships throughout the lifetime of the engagement, including the development of a robust monitoring program. 

The guidance includes high-level suggestions and discussion points for clarifying how responsibilities for PCI DSS requirements may be shared between an entity and its third-party service provider, as well as a sample PCI DSS responsibility matrix that can assist in determining who will be responsible for each specific control area.

PCI Special Interest Groups are PCI community-selected and developed initiatives that provide additional guidance and clarifications or improvements to the PCI Standards and supporting programs. As part of its initial proposal, the group also made specific recommendations that were incorporated into PCI DSS requirements 12.8 and 12.9 in version 3.0 of the standard.One of the big focus areas in PCI DSS 3.0 is security as a shared responsibility. This guidance is an excellent companion document to the standard in helping merchants and their business partners work together to protect consumers’ valuable payment information.

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Sep
05
2014
September 5th, 2014 by Elma Jane

A cup of coffee, a  pack of chewing gum., a newspaper at the airport. For even the smallest, most casual purchase, credit cards and debit cards are replacing cash as the preferred form of payment. One in three usually uses a credit card or a debit card for in-person purchases of less than $5. Eleven percent prefer credit cards, 22% debit cards and 65% cash, but the generational divide is striking. A slight majority (51 percent) of consumers 18-29 prefer plastic to cash, the only age group to do so. A preference for cash becomes stronger in each advancing age bracket, until at age 65-plus, 82 percent prefer cash.

Survey conducted by landline and cellphone found that: Credit cards and debit cards are used more frequently for small purchases by those employed full time (42%) or part time (34%) than for the unemployed (23%). People with children are more likely to use the cards for small purchases (41%) than those without children (30%), perhaps because parents have less time to wait around for change. Income doesn’t seem to be much of a differentiator, except for those near the bottom of the scale. A combined 38% of those making $75,000 or more preferred plastic for small purchases, compared with 43 percent of those making $50,000 to $74,900, 32% of those earning $30,000 to $49,900 and only 23% percent of those making less than $30,000.

Politically, we’ve finally found something on which we all can agree. Thirty percent of Democrats and a nearly identical 28% of Republicans favor credit cards or debit cards rather than cash for small purchases. Interestingly, those describing themselves as politically independent also were more independent from cash, 40% of them prefer plastic for such transactions.

The casual use of plastic is moving steadily through age brackets and already has a firm grip not only on millennials, but also increasingly on Gen Xers. Crunched another way, the data show that if you’re 49 or younger, you’re almost as likely to pay for a $5 purchase with plastic as you are to pay with cash. Fifty two percent prefer cash, 46% prefer debit or credit cards. Now, if you’re 50 or older, you’re still somewhat unlikely to pay for a $5 purchase with plastic. Seventy seven percent still prefer cash, with 21% reaching for debit cards or credit cards. Those who graduated from or attended college are significantly more comfortable than others with using plastic for small purchases.

A combined 39% of those with college degrees prefer debit cards (21%) or credit cards (18%) over cash (59%). Only 16% of those who have not attended college usually use debit cards for purchases of less than $5, along with only 6 percent who prefer credit cards for that purpose.

The trend is clear. Regardless of some differences in magnitude based on demographic factors, plastic is replacing cash as the currency of choice even for small purchases. Plastic use will increase for small purchases, both for debit and credit cards.

Why the shift to cards There are many reasons:

Technological advancements at the point of sale have made it just as fast to pay by plastic as by cash. Rewards have become a common feature of credit cards, with two out of three credit cards offering rewards, encouraging rewards chasing. Debit cards, with their balances available instantly and online have largely replaced paper checks and tedious manual records.

Financial institutions have spent decades persuading consumers to use and merchants to accept cards universally. Small purchases represent particularly appropriate uses of a debit card, assuming you don’t get carried away and overdraw the card-linked bank account. Why keep going to the bank and then carry cash if you don’t have to? Moving away from cash and moving toward using cards for even small purchases is more convenient.

Debit cards are everywhere already, but because their use can’t be reported to the credit bureaus and thus, they don’t build credit, they should only be used as a matter of convenience. People who frequently use credit cards for small, casual purchases also could overdo it, but probably not to a great degree. It would take a lot of lattes to send someone into credit counseling or bankruptcy court. In truth, we like the idea of using credit cards frequently for small, manageable expenses. This gives users the benefit of an active credit history, but leaves them with monthly bills that are small enough to pay off in full, so they don’t have to pay any interest. It’s getting to the point where, if I’m out and about, I’m using plastic the whole time. It’s just so much easier.

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , ,

Sep
04
2014
September 4th, 2014 by Elma Jane

EMV, which stands for Europay, MasterCard and Visa, and is slated to be mandated across the United States starting in October 2015 and automated fuel dispensers have until October 2017 to comply. Unlike magnetic swipe cards, EMV chip cards encrypt data and authenticate communication between the card and card reader. Additionally, chip card user is prompted for a PIN for authentication.

Why are those dates important? Companies lose $5.33 billion to fraud today, with card issuers and merchants incurring 63 and 37 percent of these losses, respectively. Under the EMV mandate, merchants who do not process chip cards will bear the burden of the issuer loss. By accepting chip card transactions, merchants and issuers should see a reduction in fraud.

Overcoming Barriers to EMV Adoption

Given the significant barriers to EMV adoption, it may be tempting for merchants to meet minimum requirements for accepting EMV payments. However, medium to large retailers should also consider the bigger picture of customer security and peace of mind.

Some key critical success factors for a payment initiative of this size include:

Business Continuity Architecture: As with all payment systems, it is imperative to have the EMV system running at all times. The solution should preferably have Active-Active architecture across multiple data centers and have a low Recovery Point Objective (the point in time to which the systems and data must be recovered after an outage).

Cost Benefit Analysis: Take a top down approach and decide accordingly on the scope of the analysis. This will ensure that decisions on scope are made on basis of quantitative data and not just qualitative arguments.

Phased Approach: To overcome time or cost overage in a project of this scope and complexity, retailers should try using an iterative approach for development. The rollout can be divided into multiple releases of six to seven months, which will provide the opportunity to review, capture lessons learnt, and improve subsequent releases.

Proactive Monitoring Alerts: Considering the criticality of business function carried out by EMV, tokenization and payment gateway, a vigorous supervising environment must be defined to perform proactive and reactive monitoring. It should take into consideration the monitoring targets, tools, scope and methods. This will provide advance visibility to the failure points and better ensuring maximum system availability.

Resilience Testing: Typically in a software project, the testing is limited to the unit, integration, performance and user acceptance. However, due to the critical nature of the applications and systems involved, robust resiliency testing is vital. This will ensure that there are no single points of failure and the system remains available when running in error conditions.

Stakeholder Identification: This is a key step to ensure that you have varied perspectives from all departments and their support. It will keep your organization from being blindsided and reduce the risk of disagreements in later stages of the program. Key stakeholders should include Store Operations, Card Accounting, Loss Prevention, Contact Center and IT & Data Security.

Organizations should adopt a five step approach to implement a secure, robust and industry-leading payment solution:

Encryption – Point to point encryption will ensure card data is secure and encrypted from the point of capture to the processor. Usually, merchants use data encryption that is not point to point, rendering their organization vulnerable to data breaches. Software encryption is the most common form of encryption, as it is easily installed and quires little or no hardware upgrades; however, it is less secure, may expose encryption keys, and is prone to memory scanning attacks. Hardware encryption is considered more secure but requires more costly terminal upgrades. Hardware encryption is designed to self-destruct the keys if tampered, but is not well-defined as very limited headway has been made in this space. 

Tokenization – Build a Card Data Environment (CDE) that will host a centralized card data storage solution. Only limited applications with firewall access and capability to mutually authenticate via certificates can access CDE and receive card data. The rest of the applications will have tokens which are random numbers. This architecture will ease the merchant’s burden with existing and emerging PCI Data Security Standards.

Payment Gateway – Perform a risk assessment on the current payment gateway and identify gaps in functionality, manageability, compliance, scalability, speed to market and best practices. Determine the alternatives to mitigate the risks. Some of the important aspects of a leading payment gateway solution are support for all forms of credit, debit, gift cards and check transactions. Its ability to work with any acquirer, in-built encryption abilities, support for settlement and reconciliation must also be kept into consideration.

Settlement, Funding and Reconciliation – A workflow-based system to handle chargebacks and the automation of chargeback processing will greatly reduce labor-intensive work and enhance the quality of data used for settlement and reconciliation. Upgrades to the existing receipt retrieval system may be needed.

Card fraud is on the rise in the U.S., and merchants are the primary target for stealing information. With the EMV deadline just over a year away, the responsible retailer must take steps to prepare now. Although EMV implementation might seem overwhelming to merchants, they should start their journey to secure payments rather than wait for a looming deadline. Solutions such as data encryption and tokenization should be used in combination with EMV to implement a robust payment solution to better protect merchants against fraud. By proactively adopting EMV payment solutions, merchants can stay ahead of the regulatory curve and better protect their customers from fraud.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
28
2014
August 28th, 2014 by Elma Jane

The new ECB regulation, which came into force earlier this month, covers large-value and retail payment systems in the euro area operated by both central banks and private entities. The aim is to promote the smooth operation of safe and efficient payment systems through strong management of legal, credit, liquidity, operational, general business, custody, and investment risks.  In identifying systemically important payment systems, the ECB looked at the value of payments settled, market share, cross-border relevance and provision of services to other infrastructures.  If a system is deemed to meet at least two of these four criteria it makes the list.

Target2 operated by the Eurosystem.

Euro1 and Step2-T both run by EBA Clearing.

Core(Fr) – French bank joint initiative, have been identified.

The list will be reviewed annually based on updated data. With this regulation, Europe is consolidating international practice for the oversight of Sips into EU law, as with past efforts for other financial market infrastructures, such as the European Market Infrastructure Regulation for the supervision of central counter parties and trade repositories and the ongoing regulatory initiative for central securities depositories.

Posted in Financial Services Tagged with: , , , , , , , , ,

Aug
28
2014
August 28th, 2014 by Elma Jane

Merchants are still using pedestrian passwords that crooks can easily break, security company Trustwave has found. Of the nearly 630,000 stored passwords that Trustwave obtained during penetration tests in the past two years, its technicians were able to crack more than half in just a few minutes and 92% within 31 days. Even though adding new information about weak passwords or ongoing malware investigations gets frustrating because the same problems facing the financial and payments industries persist, it does not surprise Trustwave researchers. For a lot of software or hardware developers, their main concern is availability of the service. They want to make sure their POS is available and running to accept credit cards, often at the cost of a lot of security controls. It is difficult to implement security and to do it correctly.

Trustwave recommends longer passwords with more characters, rather than shorter ones with letters and numbers. A longer password that is a phrase not easily figured out is better than a shorter, complex password. These findings have been added to an online version of the 2014 Trustwave Global Security Report. To accommodate the fast changing nature of security threats, Trustwave is regularly updating its research and making the information available to consumers and payments industry stakeholders on the company’s site. The criminals stealing data are a constantly moving target. It no longer made sense for those interested in our research to have to wait a year to see new statistics. Having access to updated security reporting should be helpful to merchants. They can see how trends are tracking over time, instead of constantly having to go online to see what is relevant to them or rely on the trade groups to keep them informed. This provides one switch to keep them in the know, so there is some value there and it’s a smart move on Trustwave’s part. Since the new Payment Card Industry security requirements call for security measures to be embedded in software development lifecycles, there is some utility in Trustwave’s new approach to sharing research information.

Trustwave said the trend of businesses detecting breaches continues to rise, with 29% of businesses doing so in 2013 compared to only 9% in 2009. Trustwave compiled that data from 691 post-breach forensics investigations conducted in 2013. The report also indicated e-commerce breaches are increasing, with 54% of all breaches targeting e-commerce sites in 2013, compared to only 9% in 2010. More regions, including the U.S., being in various stages of converting to EMV chip-based cards for card-present transactions fuels the criminals’ shift to e-commerce fraud. Additionally, the company is working with law enforcement officials after discovering a control center of eight servers behind what is being called Magnitude, an exploit kit of Russian origin that has led to thousands of attacks and millions of attempted malware attacks globally.

Posted in Best Practices for Merchants, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
27
2014
August 27th, 2014 by Elma Jane

Backoff malware that has attacked point of sale systems at hundreds of businesses may accelerate adoption of EMV chip and PIN cards and two-factor authentication as merchants look for ways to soften the next attack. Chip and PIN are a big thing, because it greatly diminishes the value of the information that can be trapped by this malware, said Trustwave, a security company that estimates about 600 businesses have been victims of the new malware. The malware uses infected websites to infiltrate the computing devices that host point of sale systems or are used to make payments, such as PCs, tablets and smartphones. Merchants can install software that monitors their payments systems for intrusions, but the thing is you can’t just have anti-virus programs and think you are safe. Credit card data is particularly vulnerable because the malware can steal data directly from the magnetic stripe or keystrokes used to make card payments.

The point of sale system is low-hanging fruit because a lot of businesses don’t own their own POS system. They rent them, or a small business may hire a third party to implement their own point of sale system. The Payment Card Industry Security Standards Council issued new guidance this month to address security for outsourced digital payments. EMV-chip cards, which are designed to deter counterfeiting, would gut the value of any stolen data. With this magnetic stripe data, the crooks can clone the card and sell it on the black market. With chip and PIN, the data changes for each transaction, so each transaction is unique. Even if the malware grabs the data, there not a lot the crooks can do with it. The EMV transition in the U.S. has recently accelerated, driven in part by recent highprofile data breaches. Even with that momentum, the U.S. may still take longer than the card networks’ October 2015 deadline to fully shift to chip-card acceptance.

EMV does not by itself mitigate the threat of breaches. Two-factor authentication, or the use of a second channel or computing device to authorize a transaction, will likely share in the boost in investment stemming from data security concerns. The continued compromise of point of sale merchants through a variety of vectors, including malware such as Backoff, will motivate the implementation among merchants of stronger authentication to prevent unauthorized access to card data.

Backoff has garnered a lot of attention, including a warning from the U.S. government, but it’s not the only malware targeting payment card data. It is not the types of threats which are new, but rather the frequency with which they are occurring which has put merchants on their heels. There is also an acute need to educate small merchants on both the threats and respective mitigation techniques.. The heightened alert over data vulnerability should boost the card networks’ plans to replace account numbers with substitute tokens to protect digital payments. Tokens would not necessarily stop crooks from infiltrating point of sale systems, but like EMV technology, they would limit the value of the stolen data. There are two sides to the equation, the issuers and the merchants. To the extent we see both sides adopt tokenization, you will see fewer breaches and they will be less severe because the crooks will be getting a token instead of card data.

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
20
2014
August 20th, 2014 by Elma Jane

The latest version of Microsoft’s smartphone operating system, already packs tons of new productivity-boosting features. Now, the first update for Windows Phone 8.1  is nearly ready to launch, with extra functionality that makes it even better for work. Features come on top of additions that already arrived with the initial release of Windows Phone 8.1, such as Cortana, a voice-activated virtual assistant. Windows Phone8.1 Update 1 was released to developers this month, and will roll to consumers in the coming months.

App Corner – gives you better control over how employees use company-owned smartphone.  You can manage which apps are installed on a phone and even save and export your app settings to other devices to quickly configure company phones. That way, employees can’t accidentally install applications that could compromise company data.

Folders – Staying organized is one way to boost your productivity. Now, Windows Phone 8.1 gives you better control over your smartphone’s home screen with the addition of folders. Just drag one app over the top of another to group them into a folder, then tap a folder to see which apps it includes.

VPN support – is a secure, private network that lets employees wirelessly access company resources while on the go, including files, apps and printers. Windows Phone 8.1Update 1 adds VPN support to the mobile OS for the first time. Users will be able to toggle the VPN on or off easily, or set a device to automatically connect to a VPN when a particular Web domain is accessed. You can also turn on encryption to secure all traffic between your smartphone and the work network.

 

Posted in Smartphone Tagged with: , , , , , ,

Aug
19
2014
August 19th, 2014 by Elma Jane

In response to the third-party threat, the PCI Security Standards Council has published a guide to help organizations and their business partners reduce risk by better understanding their respective roles in securing card data.

The Third-Party Security Assurance Information Supplement provides guidance practical recommendations to help businesses and their partners protect data, including:

Conduct due diligence and risk assessment when engaging third party service providers to help organizations understand the services provided and how PCI DSS requirements will be met for those services.

Develop appropriate agreements, policies and procedures with third-party service providers that include considerations for the most common issues that arise in this type of relationship.

Implement an ongoing process for maintaining and managing third-party relationships throughout the lifetime of the engagement, including the development of a robust monitoring program.

Implement a consistent process for engaging third-parties that includes setting expectations, establishing a communication plan, and mapping third-party services and responsibilities to applicable PCI DSS requirements.

One of the big focus areas in PCI DSS 3.0 is security as a shared responsibility. This guidance is an excellent companion document to the standard in helping merchants and their business partners work together to protect consumers’ valuable payment information.

 

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , ,

← Previous Article
Next Articles »