August 28th, 2014 by Elma Jane
Merchants are still using pedestrian passwords that crooks can easily break, security company Trustwave has found. Of the nearly 630,000 stored passwords that Trustwave obtained during penetration tests in the past two years, its technicians were able to crack more than half in just a few minutes and 92% within 31 days. Even though adding new information about weak passwords or ongoing malware investigations gets frustrating because the same problems facing the financial and payments industries persist, it does not surprise Trustwave researchers. For a lot of software or hardware developers, their main concern is availability of the service. They want to make sure their POS is available and running to accept credit cards, often at the cost of a lot of security controls. It is difficult to implement security and to do it correctly.
Trustwave recommends longer passwords with more characters, rather than shorter ones with letters and numbers. A longer password that is a phrase not easily figured out is better than a shorter, complex password. These findings have been added to an online version of the 2014 Trustwave Global Security Report. To accommodate the fast changing nature of security threats, Trustwave is regularly updating its research and making the information available to consumers and payments industry stakeholders on the company’s site. The criminals stealing data are a constantly moving target. It no longer made sense for those interested in our research to have to wait a year to see new statistics. Having access to updated security reporting should be helpful to merchants. They can see how trends are tracking over time, instead of constantly having to go online to see what is relevant to them or rely on the trade groups to keep them informed. This provides one switch to keep them in the know, so there is some value there and it’s a smart move on Trustwave’s part. Since the new Payment Card Industry security requirements call for security measures to be embedded in software development lifecycles, there is some utility in Trustwave’s new approach to sharing research information.
Trustwave said the trend of businesses detecting breaches continues to rise, with 29% of businesses doing so in 2013 compared to only 9% in 2009. Trustwave compiled that data from 691 post-breach forensics investigations conducted in 2013. The report also indicated e-commerce breaches are increasing, with 54% of all breaches targeting e-commerce sites in 2013, compared to only 9% in 2010. More regions, including the U.S., being in various stages of converting to EMV chip-based cards for card-present transactions fuels the criminals’ shift to e-commerce fraud. Additionally, the company is working with law enforcement officials after discovering a control center of eight servers behind what is being called Magnitude, an exploit kit of Russian origin that has led to thousands of attacks and millions of attempted malware attacks globally.
Posted in Best Practices for Merchants, Payment Card Industry PCI Security, Point of Sale Tagged with: breaches, card, card-present transactions, company, credit cards, data, e-commerce, EMV chip-based cards, financial, fraud, Global Security, hardware, industry, Malware, Merchant's, online, passwords, payment, Payment Card Industry security, payments, payments industries, POS, Security, servers, software
December 20th, 2013 by Elma Jane
16 Free Online Tools for Small Businesses
Whether you’re starting a small business or you’re just thrifty, you can likely benefit from some free online productivity tools.
There are apps for accounting, collaboration, customer management, development, scheduling, general office tasks and more. All of these tools have free plans, and several are entirely free.
Appointlet
If you make appointments with customers, you may need Appointlet, an online appointment-scheduling app for Google Calendar. Add it to your website and let your clients do the booking. Confirm, decline, cancel, or reschedule any appointment right from the comfort of your Google Calendar. Easily gather all the information from your clients that you need to fulfill the appointment.
Boomerang for Gmail
Lets you write an email now and schedule it to be sent automatically at the perfect time. Write the message as you normally would, then click the Send Later button. Tell Boomerang when to send your message by using the calendar chooser or the text box that understands language like “next Monday.
Dropbox
Is a cloud-storage service that lets you access and sync files across all your devices. While Dropbox only offers 2 GB of initial free storage (Google Drive and SkyDrive offer more), it expands free storage up to 16 GB free for referrals. Dropbox offers native support for Linux and Blackberry, as well as Windows, Mac OS, iOS, and Android. To supercharge your Dropbox, utilize the many third-party apps, which offer enhanced file syncing with Dropbox’s new Datastore API.
Evernote
Is an app to remember everything, from lifelong memories and vital information to daily reminders and to-do lists. Everything you store in your Evernote account is automatically synced across all of your devices, making it easy to capture, browse, search, and edit your notes everywhere you have Evernote.
Gmail
Is a Google’s email application, which includes 15 GB of free storage (across Gmail, Google Drive, and Google+ photos). Gmail also lets you communicate via SMS, voice, or video chat. See who’s online and connect instantly. See your contacts’ profile photos, recent updates, and shared docs next to each email.
Google+ Hangouts
Turn any gathering into a live video call with up to ten friends or simply call a contact to start a voice call from your computer. Enhance your call with Cacoo for online drawing, SlideShare for sharing presentations, and Conceptboard for whiteboard collaboration.
HelloSign
Is an application for getting documents signed. It includes tools to facilitate document signing, tracking and management. Notifications keep you appraised of the signer’s activity. Signed documents are securely stored and always accessible. Sign an unlimited number of documents for free. HelloSign has mobile apps and a Gmail extension.
HootSuite
Is a social media dashboard to manage and measure you social networks. Manage your messages, get custom analytics on your social campaigns, and communicate internally without leaving the HootSuite dashboard. Access a single interface to monitor Twitter, Facebook, LinkedIn, Google+ Pages, WordPress and more. Or add more social networks with the HootSuite App Directory.
KeePass
Is a free password manager to help manage your passwords in a secure way. Put all your passwords in one database, which is locked with one master key or a key file. Remember one single master password or select the key file to unlock the whole database. The databases are encrypted using secure encryption algorithms (AES and Twofish).
Mural.ly
Is a visual-collaboration whiteboard app. Drag and drop images, links, and documents to organize your ideas. This simple visual tool can keep your team in sync through brainstorming, planning, or designing a project. Features include private murals, auto-save and backups, comments, activity feed, and chat.
NutshellMail
Takes copies of your latest updates in your social networking accounts and places them in a snapshot email. The NutshellMail update is then sent to your primary email address. NutshellMail supports Facebook, Twitter, LinkedIn, Yelp, MySpace, YouTube, Foursquare, and Citysearch. Receive updates as often as you wish.
Rapportive
Shows you everything about your contacts right inside your inbox. Immediately see what people look like, where they’re based, and what they do. Establish rapport by mentioning shared interests. Record thoughts and leave notes for later.
Streak
Is a customer relationship application for Gmail. Track your deals from your inbox. Group emails from the same customers together, utilizing spreadsheet view right inside Gmail. Use the mobile app to keep track of your customers, make calls, and send emails. Share selective parts of your inbox. Schedule emails to send later.
Trello
Is a collaboration tool that organizes your projects into boards. Trello tells you what’s being worked on, who’s working on what, and where something is in a process. Trello uses boards, lists, and cards to create projects and develop your workflow.
Wave
Offers online accounting and finance applications for small businesses. It includes invoicing, accounting, payroll, payments, receipts, and personal finance software. Accounting, invoicing, receipts, and personal finance applications are free.
Posted in Best Practices for Merchants, Merchant Account Services News Articles, nationaltransaction.com Tagged with: accounting, Android, appointlet, apps, automatically, boomerang, developer, dropbox, email, evernote, Facebook, free, gmail, google, hangouts, hellosign, hootsuite, iOS, keepass, linkedin, mac os, mural.ly, nutshellmail, online, passwords, scheduling, skydrive, small businesses, streak, sync, syncing, tools, trello, twitter, wave, windows, wordpress