Tips for Preventing a Data Breach

Tips for Preventing a Data Breach

 

Tips for Preventing a Data Breach

 

When you think about data breaches, your mind probably jumps to the highly publicized incidents of companies like Target and Home Depot. Small business might think they don’t need to take security measures–but that’s not the case. Small business are as susceptible to data breaches as large corporations, and may actually be at greater risk.

Stephen Cobb, a senior security researcher at ESET, says that hackers like to target small businesses because they have more digital assets than a single customer, and not as many security measures put into place as a large enterprise. According to QSR magazine, small businesses like restaurants, are data-thief magnets because they process an abundance of credit cards and often use POS equipment.

Protect your small business with these data breach prevention tips from Chip and Terminal:

 

1. Be Proactive

  • Routinely check your POS systems to make sure they haven’t been tampered with.
  • Don’t wait for a problem to arise. Perform regular vulnerability assessments- once a week is advisable. These tests should be conducted on all systems associated with your network.

 

2. Make sure your credit card processing network is secure

  • Be sure adequate firewall and virus protection measures are put into place.
  • Avoid combining your network with your in-store free Wi-Fi. Make sure any open Wi- Fi networks your customers may use is on a separate network from the one where you process your credit cards.
    • If your devices are not properly installed, configured, and managed, you are taking on a large risk.

 

3. Hold your employees accountable

  • Train your employees on proper security measures. Creating a culture in your business that is more security-minded can help eliminate mistakes that may lead to a data breach. If your employees are knowledgeable and diligent in regards to your network’s security, they will be better able to notice atypical behavior.
  • Discuss with your employees the best way to optimize credit card security. Remind them that handling credit cards and physical cash is similar. There is a lot of responsibility that comes with handling money and information. Limiting how much employees handle credit cards out-of-sight can help prevent dishonest employees from stealing customer information.

 

4. Switch to EMV acceptance

  • EMV technology in the U.S. is catching up to the rest of the world after the 2015 EMV mandate. The chip that is embedded in EMV cards is encrypted and creates a new code every time the card is used to make a purchase, making the card unable to be replicated and more secure than a simple magnetic stripe card.
  • If a fraudulent charge has been made with an EMV enabled card, but a merchant doesn’t have the technology to process an EMV card, the merchant must accept the charge as a loss. Because of the liability shift it is critical that merchants invest in a processing system that accommodates EMV chips, whether they choose an EMV- enabled terminal or Point- of- Sale system.
  • The prevalence of EMV cards makes a data breach less likely because it is a lot harder for hackers to target individual cardholders as well as the businesses that accept them

 

If you would like more information on how to update your POS system and how to be more secure, including switching to EMV compliant technology, contact us at 800-317-1819!

Read MoreRead More
Small REVONU cartoon

Pssst! Did You Know That COCARD Has a Live Chat?

REVONU cartoon character right

 

Do you have any burning questions? Not feeling like picking up the phone? Would you like some more information about credit card processing, POS systems or have a question about your merchant account with COCARD? Then chat away!

I’m REVONU your POS system pal, and I’m here to tell you about our brand new live chat feature. It’s conveniently located on the bottom right corner of the screen on our website, www.cocard.info.

Look in the right hand corner of your screen right now, click on the blue box and one of our fanatical support members will answer any questions you may have, so don’t hesitate to chat us! Hope to talk to you soon!

Read MoreRead More
Mr. Pin, the EMV card reader.

What You Need to Know About Mobile Payments

Cartoon anthropomorphic EMV enabled terminal smiling

Terminal talks about mobile payments!

Like any new technology, mobile payments might seem a bit complicated. Don’t worry, we’re covering what you need to know about the latest mobile payment technologies— without all the technical jargon.

 How do mobile payments work?

Apple Pay and Android Pay

 Apple and Android Pay rely on NFC technology. NFC stands for “Near Field Communication,” as in the phone and terminal must be near each other to work. Both the phone and the terminal must have NFC chips.

Samsung Pay

Samsung Pay is different than Apple and Android pay because it involves MST technology. MST stands for “Magnetic Secure Transmission” and interacts with a terminal just like the magnetic strip on your card.

Both of these technologies allow your phone to internally store your payment info and to communicate with a terminal in order to authorize the transaction.

Are mobile payment technologies safe?

Yes. In general, today’s mobile payments are secure. Your card information is encrypted in your phone to combat fraudsters. Essentially, your phone holds a virtual card—a decoy that you use to make payments. Unlike a physical card, your financial information (i.e. your name and card number) is not directly used.

Here’s a few tips to make your mobile wallet even more secure:

  1. Make sure you have a passcode on your phone. If your phone gets lost or stolen, it will be more difficult for someone to use your phone to make payments with your card.
  2. Set your phone up to be able to be turned off from anywhere in the event your phone has been lost or stolen.
  3. Monitor your card statements for any fraudulent charges. If you see anything suspicious, call your bank.

Apple and Samsung Pay also utilize fingerprint verification (biometrics) in order to access your chosen payment.

Comparing Mobile Payment Apps

  • Apple Pay
  • Introduced 2014
  • One of the first mobile payment options to utilize NFC technology in phones
  • Works with iPhone models 6 and newer
  • Works with wearables (Apple Watch)
  • Accepts most Visa, MasterCard and most large organizations
  • Larger banks (like Bank of America) support Apple Pay, but support varies across smaller regional banks
  • Android Pay
    • Phone must be supported by NFC, which is available in newer Android models
    • Utilizes a downloadable app
    • Works on any compatible smartphone
    • Currently supported by fewer banks than Apple Pay

Apple and Android Pay are not yet widely accepted in stores due to the fact that this technology is relatively unknown to consumers.

  • Samsung Pay:
  • Works with newest Samsung phones like the Galaxy S7
  • Uses MST technology to mimic the magnetic strip on a card
  • Works by hovering your phone over any terminal
  • Use is not restricted to NFC enabled terminals
  • Does not work (due to weak signal strength) if your card has to be inserted into the terminal, like at a gas station

 

Have more questions about mobile payments, or wireless terminals, our customer services representatives will be happy to help- just call us at 1(800)317- 1819!

 

Read MoreRead More
EMV-compliant card reader.

EMV Pocket Glossary

silver American express chip card shown dipped, or being processed, in an emv terminalWith the liability shift here, we know that you’ve already got a lot on your plate. So we’re going to just take it easy and go over a few terms you may have already seen or will see as you continue to learn about EMV. This list can serve as a simple pocket reference during the transition. Print it out even, and refer to it as needed when reading your next article or blog post about EMV. We want the transition to be worry-free.

EMV: Short for Europay, Mastercard, and Visa, the developers of the card

Chip-enabled card: A credit card enabled with a microchip; also referred to as “chip and pin” or “chip and signature”, depending on the cardholder verification method

Fraud: the criminal use of a person’s credit card information to make unauthorized transactions

With the transition to EMV terminals, the US aims to decrease fraud. The US currently accounts for nearly half of all worldwide fraud. On a positive note, the EU has decreased card fraud by 80% since completing its transition to EMV cards, which means the US transition should be successful.

Liability shift: Starting October 1st the responsibility for fraudulent transactions switched to the party with the least EMV-capable technology

If fraud occurs with a non-EMV bank card, the bank is responsible. If fraud occurs as a result of a merchant’s POS system that can’t accept EMV-cards, the merchant is responsible. Only 20-30% of merchants are expected to use EMV-capable terminals by October 1st, with the remainder throughout the three to five-year transition period. So if you’re not there yet, don’t freak out. COCARD can work with you to determine a POS system that is right for your company’s needs.

Transaction authorization: When a chip card goes through rules set by the card-issuer to determine whether the transaction can be authorized; transactions can be authorized either online or offline

Card authentication: the process of making the card authentic or unique by providing a one-time code for the transaction

If someone does manage to actually steal this code and use it, the transaction would be declined since the code was already used.

Cardholder verification (CVM): how the issuer and merchant verify that the cardholder and the person with the card are one and the same. An EMV-terminal might require a pin, signature, or for low risk transactions, no verification method.

Mag-stripe card: Cards with a magnetic stripe on the back. Much of the world has already switched completely to EMV-cards, and the full-scale transition in the US is currently underway. Cardholder data on mag stripe cards is easy to steal using a simple card reading machine.

Cryptogram: A one-time code created during online authorization; a cryptogram validates that the chip and issuer are not counterfeit

That’s it. We hope that this glossary of terms is short and sweet, and that it provides simple definitions for terms that are often times used when discussing EMV.

And now that October 1st has come and gone we’re sure that your still standing strong. So don’t worry. Instead, continue to read up on EMV and take the information that is most valuable to you as a business owner. If you’ve got any questions, we at COCARD will be happy to assist. Feel free to give us a call at 800-317-1819.

Read MoreRead More
Cartoon illustrations of an EMV Chip Card reader and EMV Credit Card

The EMV Files: A Conversation with Chip and Terminal

Cartoon illustrations of an EMV Chip Card reader and EMV Credit Card

Last week we introduced Chip and Terminal, who have a lot to say about EMV, mainly because they are the main components in EMV technology. So we were lucky enough to be able to book a slot on their busy schedule this fall season to interview them and ask them a few questions. Personally, we think they’d be great on Bravo, but they might have competition with a real housewife or two.

COCARD: Hi Chip. Hi Terminal. We’re so glad that we could ask you two a few questions about EMV. Really, we’re honored. Could you just start by telling us a little bit about yourselves?

Chip: Sure, well I’m Chip, and I’m the small chip that’s embedded in credit cards with EMV technology. Banks have already started transitioning to cards including yours truly, and plan on having all cards in the US utilizing EMV technology within five years.

Terminal: I’m Terminal, and all cards containing chips, will be dipped into terminals to be read. I like to say that I give new meaning to dipping the chip. I provide a one-time code to authenticate the card. Because of this, your data is protected, preventing a person from stealing a code that is only good for one transaction.

COCARD: So when did you first realize that you worked so well together, that you were a great team?

Terminal: I’ll take this one Chip. We’ve had a couple of countries really benefit from EMV technology. There’s the UK, which reduced fraud by more than half between 2004 and 2013 upon implementing EMV cards. Then there’s Canada, eh, that started the EMV roll-out in 2003 and reported fraud of $29.5 million (CAD), down 79% from 2009, which was $142 million (CAD). So I would say that it’s taken some time to see the effects, but in the past few years, we’ve really seen the impact that EMV cards have had in reducing fraud for many countries around the world.

COCARD: EMV is new for many business owners. So I’m sure you understand how such a change might make people anxious. What would you say to assuage the fears of business owners everywhere?

Chip: Well, first the sky is not falling. It might seem like it, but it’s not. The proof is that it’s already been successful in other places, and the US is simply one of the few developed nations that has not adopted this technology. EMV, through its authentication process, is really what makes these cards, our cards, more secure. So they are a safe and secure way to pay for things. We think that any business owner can appreciate the feeling of comfort that security brings.  The big thing for business owners to remember is that banks have a five year plan and that only 21% of US cards will have the embedded chip by the October 1st liability shift..

COCARD: Anything else you’d like business owners out there to know?

Terminal: We just want you all to stay informed. Keep learning. The more you know, we think the less you’ll feel out of your element with something that can benefit your business.

COCARD: Thanks Chip. Thanks Terminal. You were both great. We appreciate that you were able to take time out of your busy schedules—you two are in high demand—to spend a few minutes with us at COCARD. Have a great day.

Chip: You too.

Terminal: Yeah, thanks COCARD.

Read MoreRead More