27
Oct 2016
0

Five Ways to Prevent Data Hacks at the Point-of-Sale

Developers , , I. Romero

The chip card (EMV) era has arrived with the promise that data in retail environments will be better protected. Cardholders will have much greater security at the point of sale with their own card data. But, while it will be much more difficult for thieves to steal card data at the point of swipe, the hackers are still hacking and data is still being lost – almost daily.

Fast-food chain Wendy’s is facing a class-action lawsuit over a recent breach of its existing point-of-sale (POS) system. The Wendy’s breach comes on the heels of numerous other POS attacks at major retailers in recent years, including breaches at Michaels, eBay, Neiman Marcus, Target, and the largest of them all, Home Depot (56 million cards). Retailers have been shaken by these events; a recent study found that 100% of retailers cite cybersecurity as one of their top business concerns, up from only 55% in 2011, according to BDO, a business advisor to consumer business companies for over 100 years.

Retail customer data breaches can result in a company losing millions of dollars to class action lawsuits, possibly facing penalties for Payment Card Industry Data Security Standard (PCI DSS) violations, and irreparably harming its reputation. However, PCI compliance is not a guarantee that a retailer’s infrastructure is immune to breaches. It merely means minimum standards have been achieved.

Following are five steps merchants in any industry can take to prevent their POS systems from being compromised:

1. Have Store Personnel Monitor Self-Checkout Terminals/Kiosks

There are two methods by which POS data is stolen: by compromising the POS system itself using stolen credentials or by physically installing “card skimmers,” usually on self-checkout terminals that are not monitored. These devices, which take only seconds to install, steal payment card data and PIN information directly off the card’s magnetic stripe.

While the introduction of new chip cards will eliminate the threat of card skimmers, 42% of retailers are yet to update their payment terminals to accept chip cards – and even some retailers who have EMV-enabled terminals cannot accept chip cards because the POS software cannot yet handle them. It is imperative that such terminals not be left completely unattended. Every store should have on-site personnel who are trained to spot card skimmers and assigned to monitor self-checkout terminals for their presence.

2. Ensure that Both POS and OS Software Is Up-to-Date
Because cybersecurity is a constant “Spy vs. Spy” battle where experts find ways to patch vulnerabilities while hackers find new ways to access systems, POS software systems release frequent updates to address the most recent security threats. For maximum protection, these updates must be downloaded and installed as soon as they are released, not on a monthly or quarterly schedule. The same concept applies to operating system software; retailers and restaurants that are running Microsoft Windows should ensure that patches are installed as soon as they are available.

3. Always Change Default Manufacturers’ Passwords
Retailers and restaurants should always change the default password provided by the manufacturer as soon as a new piece of hardware is hooked up to their POS system. Default passwords are publicly available, and thus widely known to hackers; in fact, the first thing an attacker will attempt to do is access the device using the default password.

Changing default passwords is required as part of an organization’s compliance with PCI DSS standards. Likewise, software system passwords should also be changed upon installation, and then on a regular basis afterwards.

4. Isolate the POS System from Other Networks

Many retailers, restaurants, and hotels offer free Wi-Fi to their customers. The POS system should never be hooked up to this network, as a hacker can use it to access the system. Likewise, if an organization’s POS system is not separated from its corporate network, a hacker who compromises the organization’s main network will be able to access its POS system. There are two ways to achieve this: by actually segmenting the two networks or by using multifactor authentication for communication between the organization’s main network and its POS system.

The correct solution for a particular organization depends on its size and resources, so it’s best for organizations to consult a managed security services provider (MSSP) to determine which solution would best fit their needs.

5. Always Purchase POS Systems from Reputable Dealers

Retailers and restaurants have extremely thin profit margins, and the individually franchised restaurants that are popular in the fast-food industry tend to operate on particularly tight budgets. As the industry automates for the first time, it may be tempting for these small operators to seek out the best “deal” on self-checkout systems – but a POS system purchased from a manufacturer who turns out to be fraudulent is no “deal” at all, and it could result in financial ruin for that location. POS systems should be purchased only from known, reputable dealers, and if a “deal” on a system seems too good to be true, it probably is.

POS system security requires expertise in both information security and PCI DSS compliance, the latter of which is mandatory for any organization that processes, stores, or transmits cardholder data. Retailers and restaurants that do not have sufficient in-house IT staff to handle data security and PCI DSS compliance should partner with an MSSP to ensure that their POS systems are both safe and compliant. MSSPs are flexible and can tailor their solutions to fit each company’s needs, from remote monitoring to on-site security staff, either in conjunction with existing staff or on their own.

Automation has lowered labor costs and improved efficiency and the customer experience in the retail industry – and will do so in the restaurant industry – but the security of POS technology should not be disregarded. As POS data breaches continue to multiply, and especially as large fast-food chains plan to install brand-new ordering kiosks at a rapid pace, retailers and restaurants need to take proactive steps to protect their customers’ card data – and themselves from lawsuits, government penalties, and reputation damage.

Source: http://www.chainstoreage.com/article/five-ways-prevent-data-hacks-point-sale

25
Oct 2016
0

Smartphonista: A new generation of digital buyers

Developers , , , , I. Romero

Fashionistas are known to always be ahead of the curve, rocking New York Fashion Week styles before they even get off the runway. And now, these buyers are starting new trends in online and digital shopping as well, positioning mobile to become the next must-have accessory.

New data shows that more United States fashion shoppers are now buying on mobile devices (52 percent) versus desktops.

In the high-fashion world, shoppers have adopted a see-now, buy-now mentality to stay on top of the hottest trends from top designers, wanting to instantly buy no matter where they are.

Instant gratification and on-demand fashion are clearly high priorities, so much in fact that 30 percent of mobile shoppers are more likely than desktop buyers to consider swift delivery as very important.

As New York Fashion Week introduced the newest trends of the season, luxury brands should also brace for the introduction of the newest generation of digital buyers.

New generation
A new generation of fashionistas is emerging: Smartphonistas. These shoppers who make purchases on smartphones account for 63 percent of fashion shoppers under 35, and will only continue to grow to represent the bulk of all fashion shoppers in the near future.

Smartphonistas are true high-fashion advocates, vying for the best of the best and are dedicated to their mobile phones to guide them through the entire shopping process.

Marketing to this growing group of prime purchasers is key to any brand’s success, but first we must understand the key traits and behavior of the generation.

Live for fashion: Smartphonistas do not just buy clothes, they are truly invested in high fashion, with 59 percent saying they love buying clothes, compared to only 46 percent of desktop buyers.

Additionally, dollar signs do not seem to faze these mobile users, as 42 percent claim they are not cost-conscious.

Use smartphones for smart buys: Smartphonistas approach online shopping in a strategic fashion, never taking risks on size or style.

Thirty-two percent of mobile shoppers are more likely than desktop buyers to order several sizes for a single piece and then return those that do not fit.

Mobile the whole way: Smartphonistas use their phones throughout the entire customer journey, from search to purchase: 68 percent use their smartphones to research new clothes before buying, more than half (51 percent) prefer buying on their phones versus other devices, and Smartphonistas are almost twice as likely to share images of their buys on social networks.

Courting Smartphonistas
With Smartphonistas making up a large and growing market of the fashion landscape, they are a critical audience for any successful luxury brand to attract.

When marketing to this generation, it is critical for high fashion retailers to develop campaigns specifically for mobile, allowing them to instantly buy no matter where they are – even if it is alongside the runway. Retailers should:

Offer quick delivery: Staying up to speed with the latest fashion trends is no easy feat.

Smartphonistas will appreciate any offering that will make their mobile order faster. Deliver fast, and they will return for more. Plus, slick packaging does not hurt either.

Help them find the right size: We know these buyers will do whatever it takes to get the perfect fit, so make their experience as easy as possible.

Make sizing straightforward, and offer free returns as a backup to keep them satisfied and styling.

Simplify social sharing: Smartphonistas are tied to their phones for more than just finding fashion.

Like the majority of their generation-peers, they spend their down time on social applications such as Facebook, Instagram and Twitter.

Use these trends to your advantage and make it easy for Smartphonistas to show off their purchases and share with their network.

IN THE FAST-PACED fashion industry, it is crucial for luxury brands to stay on top of the trends, and that means staying in style with Smartphonistas.

This new generation of digital buyers is setting the stage for a mobile-first world of high-fashion, quickly dominating over desktop purchases and other devices.

Marketers must market to mobile to meet the needs of this growing market, or risk going out of style.

Source: http://www.mobilecommercedaily.com/marketing-to-the-smartphonista-a-new-generation-of-digital-buyers

17
Oct 2016
0

How small businesses can improve their cybersecurity

Developers , , , I. Romero

It’s not only large companies that face cyberattacks – there are affordable steps small companies can take to protect their business data and IT systems.

You can’t assume that your small business is not a target for hackers. As many as three-quarters of smaller businesses are at risk, according to the latest Government Security Breaches Survey, with the worst breaches costing up to £300,000.

Small companies face attack from multiple angles. “Like [larger] enterprises, they face targeted attackers who are interested in intellectual property and other confidential data, as well as using smaller organisations as a way into larger ones,” says David Emm, principal security researcher at Kaspersky Lab. “And like consumers, they face random, speculative attacks that make up the bulk of the threat landscape and are distributed indiscriminately by cybercriminals.”

That’s problematic for SMEs, which are less likely to have a dedicated IT department staffed with security professionals. “SMEs typically don’t allocate resources to cyber security, and they allocate very few resources to IT,” says Andy Patel, senior manager for technology outreach at F-Secure. “This leaves them open to attack in a variety of ways. A cyber security incident is likely to cost an SME proportionally more to recover from than a well-prepared company.”

Improving the security situation at your small business doesn’t need to be expensive, and it could well save you money in the long run. We asked experts across the security industry for their tips on how small businesses can stay secure without breaking the bank.

Adopt two-factor authentication

Take security into your own hands and enable two-factor authentication on any service or device used by the company for email accounts, social media feeds or more sensitive systems. Anyone using these accounts will need an extra credential to gain access from a new device, or to change profile settings, which stops hackers from breaking in even if passwords are leaked.

“Multi-factor authentication reduces the risk of a compromise, since a password alone is not enough to gain access to an online account,” says Mr Emm. “At the very least, multi-factor authentication should be mandatory for changes to account settings.” He adds that it’s essential for companies to shut down accounts, or change login credentials, when someone leaves employment.

Two-factor authentication does add steps to employees’ login procedures, so avoid frustrating them by taking it one step at a time. “Start with the critical accounts and scale up from there as it becomes a habit,” advises F-Secure security advisor Sean Sullivan.

Get smart with email

Email is a weak point for smaller enterprises, with criminals targeting companies with malware via phishing attacks. This is where an email is crafted to look like it’s coming from a trusted source, such as a supplier or bank, but is loaded with dodgy attachments or links to malicious pages, says Trustwave’s threat intelligence manager, Karl Sigler. “Our research has found that the vast majority of companies have been targeted with a phishing attack at least once over the past year, and the number is set to increase over the next 18 to 24 months.”

Phishing messages can be sent to any email address at random, but clever hackers can also use information gleaned online – from social networks, data breaches, or even your company website – to make attacks more effective (a trick called spear phishing).

To avoid becoming a victim, Mr Patel says staff should be trained to pay attention when reading an unexpected email. “Check the sender address carefully. Don’t open attachments you weren’t expecting. If you’re unsure, ask the sender. Be suspicious of certain file types – most people don’t use zip files nowadays. If you are asked to ‘enable content’ on an office document, don’t.”

Mr Sullivan takes a different approach. “Almost everybody can spot phishing during training,” he says. “Phishing works when people are distracted – and people are distracted by tools they don’t use well. Pay for productivity training and you will end up with better email hygiene.”

Avoid ransomware threats – and don’t pay up

Ransomware is where hackers gain control of your data, encrypt it and demand a payment to hand over the key. Research by Kaspersky Lab found that 49pc of SMEs believed such “crypto-malware” was one of the most serious threats they faced , with two-thirds of SMEs reporting complete or partial data loss from such attacks.

To mitigate the threat, follow the the email security tips above, as malicious messages are a common delivery method for crypto-malware, says Mr Emm. And, ensure your company has up-to-date, secure backups, so you aren’t forced to pay criminals to get your data back.

Beyond these steps, control access to files to those who need them, to help limit the spread of malware, and ensure staff don’t have administrator rights, as that makes it easier for malware to spread more widely across your network.

If you don’t have a backup, should you pay the demand? Mr Sigler says: “We would advise against paying the ransom as there’s no reason for the attacker to keep their promise and restore the system. Communicating with cyber criminals also provides them with more information, such as IP or email addresses, which can be used in future attacks – very likely if a company is willing to pay up.”

Undertake regular assessments

It’s an industry cliché, but the weakest link in any network is the people – and this applies to company leaders, as well as the IT department. “Security assessments should not be treated as a one-time event. It’s vital to perform regular testing to keep track of the fast-moving security landscape, especially if the business expands or implements new technology,” notes Mr Sigler, adding that Trustwave research revealed that one in five companies hadn’t done any testing in the past six months, “leaving them blind to new vulnerabilities and threats”.

So, what new threats are looming on the horizon? Kaspersky’s Mr Emm warns SMEs to keep an eye on the Internet of Things (IoT), which includes everything from smart CCTV cameras to connected children’s toys. “The IoT is bringing not only risks to privacy, but also the danger that connected devices will be used as a weak link to gain access to other systems,” he warns. Perhaps think twice before buying that web-connected coffee machine for the office kitchen.

Source: http://www.telegraph.co.uk/connect/small-business/business-solutions/how-to-improve-your-cybersecurity/

13
Oct 2016
0

The Advantages of Mobile Payment Systems

Developers , , , I. Romero

Mobile Payment Systems are systems that benefit both consumers and businesses by letting consumers pay by mobile devices.

Mobile Payment Systems’ Advantages For Consumers:

  • Convenience: It makes the payment process easier and less complicated. Now customers can make payment anywhere at anytime with their mobile devices connected with InternetThey allow customers to seamlessly purchase products or services with having to physically hand over cash or swipe a card. Consumers are eager for quick, in-and-out shopping experiences.
  • Security: By using mobile payments, consumers no longer have to assume the security risks associated with cash or worry whether they have enough cash in their bulky physical wallets so that mobile payments reduce theft risks of having cash on hand. Moreover, mobile payment is a secure way to pay. Credit card information are not stored on smartphones directly but in the cloud. So no thief could extract your credit card details just by stealing your phone.

Mobile Payment Systems’ Advantages for retailers:

  • Cost: One valid advantage are the lower costs of using a mobile card reader or barcode scanner than having a credit card terminal from a bank, which charges merchants with a monthly fee plus transaction fees. Mobile app owners need to pay setup costs for a terminal.
  • Engagement: Offering mobile payment options to customers, both online and offline simply makes the purchase process easier for them. This can increase conversion rates and the number of returning customers. Moreover, businesses are able to speed up the checkout process and capture the business of impulse buyers who may have been less able to buy something if a traditional transaction were required.

Nowadays, more and more online shops are offering their customers to pay their order online with their mobile device using Google Wallet. It’s a win-win situation: customers can easily skip filling out annoying forms and purchase an item with only one click.

This will most likely increase conversion rates and revenue. Catching this trend of mobile era is nothing but one of the most ideal and potential choice for retailers.

Source: https://www.simicart.com/mobile-commerce/mobile-payment-systems.html/

03
Oct 2016
1

Study: Major rise in card payments by 2021

Developers , I. Romero

Last year, the number of card transactions grew nearly twice as fast as the number of new cards, at 15 and 9 percent, respectively, according to the new study, “Global Payment Cards Data and Forecasts to 2021,” by RBR.

The numbers — which include a total of 270 card transactions during 2015 —indicate that consumers are increasingly turning to cards to make purchases.

For example, a central bank drive to reduce cash use in Thailand was supported by marketing by banks promoting debit cards — rather than cash withdrawn from ATMs. Merchants also received incentives to increase card acceptance.

In the Czech Republic and Poland, the rapid spread of contactless cards and acceptance infrastructure has brought about a surge in card payments, the RBR study found. Contactless has stimulated additional card payments in more developed markets, such as the U.K. and France, the company said.

According to the RBR study, the number of card payments worldwide will rise by a projected 55 percent between 2015 and 2021, to 417 billion. This compares to growth of 28 percent in card numbers over the same period.

Growth in card payment volume will be strongest in the Middle East and Africa, central and eastern Europe and Asia-Pacific, RBR said.

“We are seeing strong growth in card usage in all regions,” said Chris Herbert of RBR. “Cardholders in developing markets are gradually becoming more accustomed to using cards rather than cash for payment, and this — combined with a rapidly expanding acceptance network — is creating the perfect environment for a card payments boom. In more mature markets, technology developments such as contactless, and a willingness to use cards for ever smaller payment amounts are boosting the cards sector.”

Source: http://www.mobilepaymentstoday.com/news/study-major-rise-in-card-payments-by-2021/