Tips for Preventing a Data Breach

Tips for Preventing a Data Breach

 

Tips for Preventing a Data Breach

 

When you think about data breaches, your mind probably jumps to the highly publicized incidents of companies like Target and Home Depot. Small business might think they don’t need to take security measures–but that’s not the case. Small business are as susceptible to data breaches as large corporations, and may actually be at greater risk.

Stephen Cobb, a senior security researcher at ESET, says that hackers like to target small businesses because they have more digital assets than a single customer, and not as many security measures put into place as a large enterprise. According to QSR magazine, small businesses like restaurants, are data-thief magnets because they process an abundance of credit cards and often use POS equipment.

Protect your small business with these data breach prevention tips from Chip and Terminal:

 

1. Be Proactive

  • Routinely check your POS systems to make sure they haven’t been tampered with.
  • Don’t wait for a problem to arise. Perform regular vulnerability assessments- once a week is advisable. These tests should be conducted on all systems associated with your network.

 

2. Make sure your credit card processing network is secure

  • Be sure adequate firewall and virus protection measures are put into place.
  • Avoid combining your network with your in-store free Wi-Fi. Make sure any open Wi- Fi networks your customers may use is on a separate network from the one where you process your credit cards.
    • If your devices are not properly installed, configured, and managed, you are taking on a large risk.

 

3. Hold your employees accountable

  • Train your employees on proper security measures. Creating a culture in your business that is more security-minded can help eliminate mistakes that may lead to a data breach. If your employees are knowledgeable and diligent in regards to your network’s security, they will be better able to notice atypical behavior.
  • Discuss with your employees the best way to optimize credit card security. Remind them that handling credit cards and physical cash is similar. There is a lot of responsibility that comes with handling money and information. Limiting how much employees handle credit cards out-of-sight can help prevent dishonest employees from stealing customer information.

 

4. Switch to EMV acceptance

  • EMV technology in the U.S. is catching up to the rest of the world after the 2015 EMV mandate. The chip that is embedded in EMV cards is encrypted and creates a new code every time the card is used to make a purchase, making the card unable to be replicated and more secure than a simple magnetic stripe card.
  • If a fraudulent charge has been made with an EMV enabled card, but a merchant doesn’t have the technology to process an EMV card, the merchant must accept the charge as a loss. Because of the liability shift it is critical that merchants invest in a processing system that accommodates EMV chips, whether they choose an EMV- enabled terminal or Point- of- Sale system.
  • The prevalence of EMV cards makes a data breach less likely because it is a lot harder for hackers to target individual cardholders as well as the businesses that accept them

 

If you would like more information on how to update your POS system and how to be more secure, including switching to EMV compliant technology, contact us at 800-317-1819!

Read MoreRead More

Julie’s Treasures and REVONU POS: Aye, the Perfect Match!

?

REVONU POS is making a huge impact on the POS community, and to talk about why, we asked Julie Nelson, owner of Julie’s Treasures in Minnesota, a retail consignment store,  what she thinks about her new REVONU POS system and COCARD.

COCARD: What made you choose COCARD for your payment processing?

Julie: COCARD was recommended to me by the previous owner.

COCARD: Was the previous owner already using REVONU?

Julie: No, he didn’t have a POS system to run the business. But I definitely wanted to utilize one. The previous owner mentioned that COCARD had POS systems available and I really liked REVONU.

COCARD: So it seems like REVONU has made your business easier to manage! Could you give me some examples as to how REVONU has improved the operation of your business?

Julie: REVONU has made a positive difference! After getting REVONU, it has been easier to keep track of sales as it can sometimes be difficult to keep track of consignors. We also have two different shipping services that are out of the office, so we rely on REVONU to keep those organized. It is very important that we keep track of who we are selling to and who to pay!

COCARD: Would you say REVONU does a good job at catering to a retail business, such as Julie’s Treasures?

Julie: Yes

COCARD: Is it relatively easy for you to keep your inventory organized using REVONU?

Julie: Yes

COCARD: If you could see one feature be added/changed to REVONU what would that be?

Julie: Honestly, I haven’t encountered any issues!

COCARD: What is your favorite aspect of REVONU?

Julie: My favorite aspects are the sales tracking and the back office management options as well has being able to get support for REVONU and my merchant services account in one place with one call!

COCARD:  Thank you Julie for taking the time to speak with us today!  

Is REVONU POS right for your business?  Give us a call to set up a demo, we love to show it off!  800-318-1819

 

 

 

Read MoreRead More
QR Code for COCARD merchant services education center

4 Unexpected Uses for QR Codes

QR Code for COCARD merchant services education center

A few short years ago, QR (Quick Response) codes seemed poised to reach smartphone levels of popularity. Advertisers, merchants and consumers had various reasons to be excited about this technology’s potential. In perfect application, QR drives traffic to websites, collects or processes simple, quick in-store or online payments or provides product info in a flash.

Despite its potential, QR has mostly faded from commercial limelight—codes are often present, but not visible.

Issues with QR codes as a tool for commerce are obvious. It’s clunky; users must download an app to scan the code, manually scan the code and then wait for whatever is linked to the code to display. Considering the information a QR code will provide is not always—or even often—given, it makes sense that consumers would skip scanning altogether.

QR shouldn’t be written off just yet, but repurposed.  Here’s a look at some recent QR projects breathing new life into this tech:

Virtual Reality.

Google Cardboard, aka the working-man’s Oculus Rift, doesn’t just save babies’ lives (seriously!) Once you scan the QR code on the side of the viewer, insert your phone for an immersive, HD experience of locations from Stonehenge and the Palace of Versailles, to the Moon! Developers and virtual reality enthusiasts are constantly updating the app with new locations and experiences.

In this application, the QR code allows you to quickly sync the phone and the app.

In Memoriam

QR is reaching wider audiences as an educational tool. Graveyards, historical sites and museums are just some examples of organizations using QR code technology. Integrating QR codes with headstones provides a unique way to preserve biographical information for future generations. QR codes have been added to some museums, giving patrons more background on an exhibit. Other uses include providing audio tours and translation options.

 Lost Pets

Losing a pet can be devastating and phone pole photos only reach a limited radius. QR codes are being used to simplify finding a lost pet. Q-Tag is a GPS-based QR code system where each pet has a customized profile. If they’re lost, a person who finds them can scan their code with their phone to pull up the owner’s contact details.

Saving Lives

In the medical field, every second matters. QR is being used to convey a patient’s important medical history to paramedics, even if they are unconscious. My QR Life Codes creates a personalized QR code applied bracelets or cards.

Up Next: In our ever-evolving technology landscape new ways to interact with our world are constantly emerging. QR codes are being applied in novel ways and NFC  (Near Field Communication), aka Apple Pay, Google Wallet, Samsung Pay and Android Pay, is the latest development in payment processing. NFC excels where QR failed: it is truly instant and convenient. Widespread consumer adoption is making slow—but steady!—progress. Most new phones come pre-installed with NFC capabilities and the EMV Compliance Mandate means an increase in EMV cards, likely encouraging the upward trend.

Visit our education center to learn more about EMV and the future of payment processing

Read MoreRead More
EMV-compliant card reader.

EMV Pocket Glossary

silver American express chip card shown dipped, or being processed, in an emv terminalWith the liability shift here, we know that you’ve already got a lot on your plate. So we’re going to just take it easy and go over a few terms you may have already seen or will see as you continue to learn about EMV. This list can serve as a simple pocket reference during the transition. Print it out even, and refer to it as needed when reading your next article or blog post about EMV. We want the transition to be worry-free.

EMV: Short for Europay, Mastercard, and Visa, the developers of the card

Chip-enabled card: A credit card enabled with a microchip; also referred to as “chip and pin” or “chip and signature”, depending on the cardholder verification method

Fraud: the criminal use of a person’s credit card information to make unauthorized transactions

With the transition to EMV terminals, the US aims to decrease fraud. The US currently accounts for nearly half of all worldwide fraud. On a positive note, the EU has decreased card fraud by 80% since completing its transition to EMV cards, which means the US transition should be successful.

Liability shift: Starting October 1st the responsibility for fraudulent transactions switched to the party with the least EMV-capable technology

If fraud occurs with a non-EMV bank card, the bank is responsible. If fraud occurs as a result of a merchant’s POS system that can’t accept EMV-cards, the merchant is responsible. Only 20-30% of merchants are expected to use EMV-capable terminals by October 1st, with the remainder throughout the three to five-year transition period. So if you’re not there yet, don’t freak out. COCARD can work with you to determine a POS system that is right for your company’s needs.

Transaction authorization: When a chip card goes through rules set by the card-issuer to determine whether the transaction can be authorized; transactions can be authorized either online or offline

Card authentication: the process of making the card authentic or unique by providing a one-time code for the transaction

If someone does manage to actually steal this code and use it, the transaction would be declined since the code was already used.

Cardholder verification (CVM): how the issuer and merchant verify that the cardholder and the person with the card are one and the same. An EMV-terminal might require a pin, signature, or for low risk transactions, no verification method.

Mag-stripe card: Cards with a magnetic stripe on the back. Much of the world has already switched completely to EMV-cards, and the full-scale transition in the US is currently underway. Cardholder data on mag stripe cards is easy to steal using a simple card reading machine.

Cryptogram: A one-time code created during online authorization; a cryptogram validates that the chip and issuer are not counterfeit

That’s it. We hope that this glossary of terms is short and sweet, and that it provides simple definitions for terms that are often times used when discussing EMV.

And now that October 1st has come and gone we’re sure that your still standing strong. So don’t worry. Instead, continue to read up on EMV and take the information that is most valuable to you as a business owner. If you’ve got any questions, we at COCARD will be happy to assist. Feel free to give us a call at 800-317-1819.

Read MoreRead More
Cartoon illustrations of an EMV Chip Card reader and EMV Credit Card

The EMV Files: A Conversation with Chip and Terminal

Cartoon illustrations of an EMV Chip Card reader and EMV Credit Card

Last week we introduced Chip and Terminal, who have a lot to say about EMV, mainly because they are the main components in EMV technology. So we were lucky enough to be able to book a slot on their busy schedule this fall season to interview them and ask them a few questions. Personally, we think they’d be great on Bravo, but they might have competition with a real housewife or two.

COCARD: Hi Chip. Hi Terminal. We’re so glad that we could ask you two a few questions about EMV. Really, we’re honored. Could you just start by telling us a little bit about yourselves?

Chip: Sure, well I’m Chip, and I’m the small chip that’s embedded in credit cards with EMV technology. Banks have already started transitioning to cards including yours truly, and plan on having all cards in the US utilizing EMV technology within five years.

Terminal: I’m Terminal, and all cards containing chips, will be dipped into terminals to be read. I like to say that I give new meaning to dipping the chip. I provide a one-time code to authenticate the card. Because of this, your data is protected, preventing a person from stealing a code that is only good for one transaction.

COCARD: So when did you first realize that you worked so well together, that you were a great team?

Terminal: I’ll take this one Chip. We’ve had a couple of countries really benefit from EMV technology. There’s the UK, which reduced fraud by more than half between 2004 and 2013 upon implementing EMV cards. Then there’s Canada, eh, that started the EMV roll-out in 2003 and reported fraud of $29.5 million (CAD), down 79% from 2009, which was $142 million (CAD). So I would say that it’s taken some time to see the effects, but in the past few years, we’ve really seen the impact that EMV cards have had in reducing fraud for many countries around the world.

COCARD: EMV is new for many business owners. So I’m sure you understand how such a change might make people anxious. What would you say to assuage the fears of business owners everywhere?

Chip: Well, first the sky is not falling. It might seem like it, but it’s not. The proof is that it’s already been successful in other places, and the US is simply one of the few developed nations that has not adopted this technology. EMV, through its authentication process, is really what makes these cards, our cards, more secure. So they are a safe and secure way to pay for things. We think that any business owner can appreciate the feeling of comfort that security brings.  The big thing for business owners to remember is that banks have a five year plan and that only 21% of US cards will have the embedded chip by the October 1st liability shift..

COCARD: Anything else you’d like business owners out there to know?

Terminal: We just want you all to stay informed. Keep learning. The more you know, we think the less you’ll feel out of your element with something that can benefit your business.

COCARD: Thanks Chip. Thanks Terminal. You were both great. We appreciate that you were able to take time out of your busy schedules—you two are in high demand—to spend a few minutes with us at COCARD. Have a great day.

Chip: You too.

Terminal: Yeah, thanks COCARD.

Read MoreRead More

A Sky Without Limits, or Infinity and EMV

CHip-B-W-968x1024Chicken Little once said that the sky is falling.  Yet it still remains intact above us.  So while the transition from magnetic stripe to EMV might seem like a shift of cataclysmic proportions, the sky is not falling.  Your company will successfully transition from magnetic stripe to EMV (many already have), and next time you look outside your window, you’ll see the billowy clouds resting above, and not on the ground.

Yet we also understand that with anything new comes fear.  It’s normal.  So we’ve put together a few facts to calm your nerves.  We want you—the sagacious business owner that you are—to continue to make calm, smart decisions over the course of the transition.

Are you with us?  Well, here goes:

  • A transaction using EMV technology will take around 60 seconds compared to under 2 seconds with a magnetic stripe card. Magstripe cards are swiped and provide the terminal with the credit card number and expiration date, which can be easily copied by a card reader.  EMV terminals, on the other hand, require customers to “dip” the chip and verify customer data, which takes just a short while longer.  During this time, the Chip and Terminal begin a conversation.  Chip says, “Please authorize this transaction.”   Terminal replies, “I’ll need to make sure you’re valid.  I’ll also need to provide your card with a special code unique to this transaction because we can’t have any fraudsters trying to take your info.”  Chip responds, “Sounds great.”  Terminal says, “Now please sign, or enter your pin number.”  EMV takes a few more seconds than a magstripe transaction, but your data is more secure. 

 

  • Don’t panic. Although EMV has been adopted in Europe for over a decade, cards in the US still have a magnetic stripe.  Card companies have accounted for the ongoing transition by allowing terminals to still accept magnetic stripe cards. Card issuers expect the full transition to take anywhere from three to five years.

 

  • The term “liability shift” sounds pretty intense, like if you’re not prepared, the earth will shift, and you’ll fall off the edge of it. Oh, Copernicus.  Well, flat-earth jokes aside, the liability shift is not that cruel.  It is simply a method to eliminate fraud.  Starting October 2015, the party—either the business or banking institution—with the lesser technology will be responsible for the cost of fraud.  Instead of thinking of the liability shift as a way for others to make money off of your hard work, think of it instead as a way to ensure all parties are working together to eliminate fraud, which cost US consumers $16 billion last year alone.

 

In short, the sky is not falling, and EMV is not the end of the world.  Instead, it seems to be the beginning to new possibilities for business owners.  It might be an uncharted territory, but EMV will provide companies with the tools to chart their own course by allowing them to directly address fraud, a concern that leaves many involved feeling powerless.  So next time you look at the sky, we at COCARD hope that you view it with possibility, and nothing less than that.

Read MoreRead More