Monthly Archives January 2019

Ensuring Point of Sale Security (Both Online and Off)

When you’re operating a business, customer trust is paramount. Your shoppers trust you to be able to provide what they need, when they need it. They trust you to treat them fairly. Perhaps most importantly, they trust that conducting a transaction with you isn’t going to come back to bite them. If your customers’ credit card information is stolen because your payment solution wasn’t properly secured, their trust, and subsequently their business with you, will go right out the window.

Enter Point of Sale (POS) security. The prevention of unauthorized access by hackers looking for ways to steal customer information. By providing data protection and blocking up any security gaps, you can secure your customer transactions and ensure you’re never on the chopping block for leaking sensitive information – not to mention avoid potential massive fines from the card brands.

Consider the following points when addressing the security of your POS systems, both online and on-location.

1: Point-To-Point Encryption

Ensure that you have software in place to protect your customers’ data from exposure. Point-to-point encryption tools encrypt your customers’ data as soon as it’s received, and encrypt it again when it’s sent to the POS server. In other words, whether an attacker is trying to steal the data from the terminal or intercept it on the way to the server, you’re covered.

 2: Physical Location

You’ve probably heard the term “skimmer” before in reference to hijacking data from a customer’s card. Whether you still swipe cards or use a newer chip machine, a common tactic used by fraudsters is using physical equipment to tap into the POS terminal and intercept the information. Key loggers can record your PIN, and most of the time these devices are hidden within the terminal itself.

It’s much easier for a hacker to install a skimmer on a device that is simply sitting at a front desk or bar then it is to install one locked in a security case. If your terminal is sitting in view of the entrance to your location, consider keeping it under lock and key and under the supervision of a security camera. Hackers search for low risk, high reward terminals and a simple security case and camera are often more than enough to make your terminal an unattractive option.

If your terminals have a wireless connection, such as those used by servers at a restaurant, ensure you have a system in place to keep track of the physical terminals, and make sure you write down their individual serial numbers. Any terminal that goes missing for any length of time should be immediately suspect. In fact, merchants dealing with significant sales through their POS terminals should make checking for tampering part of their daily routine.

3: PCI Compliance

One of the most common issues we see with new merchant services clients here at Schooley Mitchell is with PCI compliance. The Payment Card Industry Data Security Standard (PCI DSS) is a set of procedures maintained by the PCI Security Standards Council. It has tons of guidelines revolving around authentication, encryption, vulnerability testing, antivirus, and more. These standards are designed to protect credit card information by ensuring that the systems used to transmit the data are sufficiently secure. Failure to adhere to these standards drastically increases your risk of data theft.

Validating your PCI compliance involves filling out an annual questionnaire and, depending on the scope of your own POS terminals, completing quarterly scans to check for vulnerabilities. In addition to keeping data secure, maintaining PCI compliance can also reduce the fees you are charged by your merchant services provider on every transaction. The safer your data, the smaller the risk you represent to the credit card companies.

4: Address Verification

You should always use an address verification system (AVS) if you accept online sales. Address verification is done by comparing the billing address from the purchase “request” with the address data on file at the issuing bank. This is an important step in preventing fraud, because a criminal stealing a card number often has no access to the billing address associated with the card itself. If they attempt to use the card for a purchase and the address doesn’t match, your AVS system will alert you to the discrepancy. Between your AVS and proper requirement of the CVV number on the back of your card, a fraudulent charge can be avoided even if the entire credit card number is stolen.

5: Suspicious Purchasing Patterns

If you accept payments online, you need to be aware of the warning signs and red flags that go hand-in-hand with online fraud. Signs include exceptionally large orders paired with one-day shipping, emails comprised of long strings of numbers and letters instead of real words or names, and several orders from a single IP address using multiple different credit cards. While none of these things are definitive proof of a fraudulent transaction, they can represent early warning signs, especially when used in tandem.

By monitoring for these red flags, along with utilizing your other fraud detection tools, you can help even the playing field and catch fraudulent transactions before they cause significant damage to you, your processor, and your customers.

By paying special attention to the points listed above and consulting with your merchant services provider directly or through a merchant services expert, you can maintain your reputation as a safe and reputable merchant, avoid the fees that go hand-in-hand with a data breach, and protect both yourself and your customers.

The Battle Between Amazon and Google Continues at CES 2019

UPS versus FedEx. MasterCard versus Visa. AT&T versus Verizon. All these famous rivalries pale in comparison to the biggest of the modern day – Amazon versus Google.

“The Battle for Second Place,” as it were, the two internet giants have been duking it out for years. According to Statista, Amazon and Alphabet (Google’s parent company) were the number two and three largest companies in the world by market value in 2018 respectively. By mid-year, Amazon was worth $777.8 billion U.S. dollars, with Alphabet trailing closely behind with a market value of 766.4 billion. Both are still a ways off from Apple’s gold medal showing of $926.9 billion, but the battle is fierce nonetheless.

Recently, the rivalry has been focused on smart home supremacy. Amazon Alexa and Google Assistant are the market leaders in the smart-speaker environment, and they were both front and center at CES 2019, the world’s largest consumer tech show, which took place from January 8-11 in Las Vegas.

There were over 30 brand-new products compatible with voice assistants announced at CES this year, from ceiling fans and tech-driven crock pots to futuristic smart glasses and even Kohler’s smart toilet. While many of these products play nice with both Alexa and Assistant, some of the exclusives include a new front-door camera from the people at Amazon’s Ring and Google Assistant’s new “interpreter” mode that translates conversations in real time.

If we’re handing out awards for ostentation, Google took the crown this year with its massive booth outside the Las Vegas Convention Center – the centrepiece of which was the “It’s a Small World” promo that Google itself called “part ride, part marketing stunt.” Complete with singing animatronics, riders were carted through various scenes that showed off some of Google Assistant’s features, such as GPS navigation and the new interpreter mode.

Whether you’re a fan of Amazon, Google, or neither, it’s clear from the showing at CES that 2019 is going to be another big year for the smart-gear market.