ABTK-SM-Blog-DataBreach-hero

6 Things You Should Do To Protect Yourself In Case of a Data Breach

Nobody’s immune to credit card breaches. Not major retailers–not even technology like CurrentC which positions itself as the perfect foil to Apple Pay and yet, days after being announced as such, finds itself at the center of a possible data breach.

We’ve learned this year through the very-public stumbles of marquee brands like Home Depot, Target, and Jimmy John’s that nobody is safe from a data breach. We’ve also learned that the consequences of data breaches are long-lasting: Home Depot now faces at least 20 class-action lawsuits, while it’s come to light that customer credit card data poached from a Target data breach has surfaced on a Russian website.

No company is immune to the possibility of a data breach. No matter how well your organization prepares for this kind of attack, a data breach will quickly uncover the weaknesses in your security defense plan. It’s crucial that any company experiencing an attack uses it as an opportunity to correct these vulnerabilities before the next one happens. As cybersecurity expert Joe Adams says, “It’s not a question of if you will be hacked, but when.”

After a data breach, your company needs to take the following 6 steps:

1. Gather Internal Response Team

The internal response team is your company’s first responders who are trained and prepared to take action when this kind of security breach takes place.

ABTK-small-blog-image-DataBreach01

Members of the response team should include:

    • Senior Managers
    • IT Security Force
    • Key Operations Staff
    • Legal Counsel
    • Human Resources Officer
    • PR Communicator
    • Risk Officer

Department heads need to be a part of the team because a security breach affects the entire organization.

2. Keep Network Running

After a breach, don’t automatically assume you should shut down the network before the response team has a chance to investigate. Doing so could cause you to lose valuable data and stall your investigation.

3. Determine the Extent of the Breach

Investigating a breach doesn’t happen overnight. It takes time to collect large volumes of data and discuss the attack with IT andnetwork security personnel. It could take several days to determine the full extent of the data breach.

4. Make a Public Statement

ABTK-small-blog-image-DataBreach02You may have to publicly announce the breach before you have all the facts. Although some people understand that there’s a period of discovery before an announcement can be made, they’re still anxious to learn the facts.

5. Strengthen Security Plan

Don’t just draft a rapid response plan, practice it. Look at how well you responded to this breach and execute “fire drills” for the next one.

6. Upgrade Your Technology

Many data breaches can be traced back to companies that are running insecure or outdated POS systems–make sure your system is up-to-date.

ABTK-small-blog-image-DataBreach03When your customers’ personal information is breached, so is their trust. However, your rapid response and transparent communication can help control the damage.

 


Want to keep the conversation going? Find us on Twitter and Facebook

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABTEK-BreakingNewsGraphic02

10 Things You Need to Know About CurrentC–Major Retailers’ Apple Pay Alternative

The internet is currently abuzz about CurrentC. So what do you need to know about it, besides the fact that it’s clearly a play on words (“currency”)? Here are simply 10 facts.

• CurrentC is a proprietary QR code-based system developed by the Merchant Customer Exchange consortium–which includes these retailers

• Some retailers include Dunkin’ Donuts, Wal-Mart, Best Buy, CVS, and 7-11.

• In this system, the QR code is referred to as a Paycode and it plays a pivotal role in how payments are scanned and processed.

• As a result, CurrentC does not feature NFC technolgy.

• Actually, not having NFC technology–in addition to requiring information such as a user’s social security number and driver’s license number–does not bode well for the payments system.

• From Business Insider also comes a description of how CurrentC. vs. Apple Pay vs. a traditional swipe:

Here’s how it works: When it’s time to pay for something, you get a QR code served to you on a payment terminal. You then open your phone, open the CurrentC app, then scan the QR code to pay. It can also work in reverse, where you open your phone, and you have a QR code, and the retailer scans the code.

Compare that with Apple Pay, which works like this: When it’s time to pay, take out your phone, hold it to the payment terminal, then use the phone’s fingerprint scanner to pay, and you’re done.

Or, compare both with credit cards: When it’s time to pay, take out your credit card, swipe it, sign, and be on your way.

• Even though Apple Pay can seem a little convoluted when it comes to user experience–it is integrated into an existing customer payment flow–whereas CurrentC complicates it.

• Many iPhone and Android fans from Reddit have converged on Twitter under the #PayItSafe hashtag to spread awareness about the dangers of mobile payments technology that lacks NFC.

• Which is all to say that if you’re a business that wants to minimize the hassles and headaches of being an early adopter with payments processing technology that you may not have the resources to develop and scale throughout your business, go with someone like Abtek.

• Meanwhile, the Electronic Transactions Association, has blasted the CurrentC technology as being anti-consumer and anti-competitive.

Want to learn more? Stay up-to-date with breaking news by following us on Facebook and Twitter

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABTEK-BreakingNewsGraphic01

Apple Pay Lands on Monday and Here’s What You Need to Know

Natalie Gagliordi reports for ZDNet a few of the details made public about Apple Pay–the tech company’s foray into payment processing. What you need to know:

– Apple Pay will roll out Monday, October 20

 Apple has signed 500 banks to support the platform

– Banks have not been named yet

– Apple Pay utilizes NFC for contactless payments.

– Apple Pay also features a dedicated chip called the Secure Element

– This allows it to integrate with Apple’s Passbook app, which launched with iOS7

– Users will be able to set up and control their wallets via their iTunes accounts

So how will it work? Last month for CNet, Sharon Profis summarized that Apple Pay would be contactless and featured a degree of tokenization:

At the register, you’ll tap the top edge of your phone to the credit card terminal, which is where the NFC chip is located. Your iPhone will then prompt you to scan your finger on the Touch ID button. The phone will then access the secure element to generate a random, 16-digit number that mimics your “real” card number. That information gets sent back to the NFC chip, which sends it to the POS. From there, the payment finishes processing as usual.

When it launches Monday, Apple Pay will accepted everywhere from Panera Bread to Foot Locker.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABTK-SM-Blog-EvaluateMercant-hero

Aggregators vs. Merchant Banks, Part 3: Control Over Funds

We’ve been exploring what makes merchant banks a better solution for merchants than aggregators.
Previously: Part 1 – PCI Compliance | Part 2 – The Costs of Payment Aggregators Adds Up

AggregatorPart03-02One of the greatest risks to your business when using a payment aggregator such as PayPal or Stripe may be the structure of the payment system itself. Unlike traditional banks and credit card processing systems, these merchant services providers are not deemed to be banks, are not required to follow banking regulations or be PCI compliant. The last issue may create liability and risk for the merchant because aggregators are not legally mandated to follow strict fraud prevention regulations.  These issues can all affect how much control over your funds.

The Aggregator Controls the Money

In practice, a merchant services provider for online payments through handy POS systems is not required to disburse funds until they determine whether the transaction meets the terms of service and is not a fraud risk. Without PCI compliant procedures, this process can take days. Thus, the aggregator continues to control the money.

Moreover, you may have very little recourse other than to take the aggregator to court, and that takes time and money. Some of the aggregators will enforce their terms of service strictly, which adds more risk of the funds being held back. Any slight violation can result in funds being frozen indefinitely with no recourse. With a traditional merchant bank account, the customer’s payment goes directly into your business account, and you keep control.

AggregatorPart03-01

Using the Processor’s Merchant Account

To gain an understanding of how this method works, your business uses the aggregator’s merchant account through the POS systems rather than opening and using your own with a bank. You deposit funds into the service provider’s bank account, and then you may transfer funds to pay for goods or into your own bank account. Moreover, some providers, PayPal in particular, offer debit cards to spend the money online with other businesses that accept those payments. This offers a relatively safe way to make payments online with most ecommerce sites, and most aggregators offer protections for both the customer and the business in credit card processing.

Thus, as a third party payment solution, the merchant services provider receives the money for the goods and services you provide. The money does not come directly from the customer. Until they disburse the funds, the money is the property of the aggregator. While these facts may be embedded in the terms of service agreements, many business owners fail to fully grasp the meaning and potential detriment to their cash flow, accounting and profitability. The credit card processing goes through an intermediary who controls the outcome.

Additional Risks

According to an FDIC advisory, accounts with payment aggregators require “careful due diligence, close monitoring and prudent underwriting.” In addition, there may be a greater risk of “potentially unfair or deceptive acts or practices under Section 5 of the Federal Trade Commission Act. This greater risk adds to the potential that your funds could be frozen as the payment processor makes its determination about possible fraud. Moreover, statistics such as higher than average chargebacks may be considered evidence of fraud, adding other reasons that the aggregator may freeze your money.

The POS systems of aggregators offer simple, easy set up and access to the online ecommerce world. However, considering that nearly all of these transactions happen automatically without review or recourse, the risk to your business of a disruption in cash flow or the loss of a payment may be too great. While traditional merchant bank accounts require extra time, paperwork and verification, having complete control of the money once deposited into your account may be well worth the effort.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABTK-SM-Blog-16digits-hero

Decoding Credit Card Numbers: What Do Those 16 Digits Mean?

16digits-01If you’ve ever had to manually key a credit card number into an automated phone system, you’ve probably wondered why the number is so long. Actually, each digit in a credit card number is important for validation, security and identification during credit card processing. Take a moment to learn what each of these digits means.

The Origin of the 16 Digits on Credit Card Numbers

Card numbers have been standardized according to ISO/IEC 7812-1:2006 since 1989. This document is from the International Organization for Standardization, and it is this standardization that allows consumers to use some credit cards anywhere on the planet.


16digits-02Digits 1 – 6: Issue Identifier Number

  • First digit: This identifies the major industry that produced the credit card. For example, a 4, 5, or 6 in the first digit identifies banks and financial institutions
  • Digits 2 – 6: Along with the first digit that identifies the industry, the first six digits provide a unique identifier for a particular institution. Some institutions may have more than one unique identifier for different lines of business. For example, you might notice that your debit card begins with a different digit than your credit card from the same bank.

Taken together, the first six digits are called the issue identifier number, or IIN. In the past, these numbers were called the bank identification number, or BIN. Since not all issuers are banks, this name changed, but you might still see references to a BIN or bank identification number in some references. In any case, credit card issues register their unique IIN numbers with the American National Standards Institute.


16digits-03Digits 7 – 15: Unique Personal Identifier

These numbers uniquely identify the person holding the account. The card issuer allocates them, and they are unique for the issuer that generates them. You could have a different identifier for different cards from the same issuer.


Digit 16: Check Digit

The last digit is called a check digit, and it is used to verify card 16digits-04numbers for accuracy. Because it is calculated according to a public domain formula called the Luhn algorithm, it is not intended to protect against malicious attacks against merchant services of POS systems. In fact, the patent for the Luhn algorithm dates back to 1960, and examples of computer code to calculate the final digit are freely available online.

Rather, this last digit is only intended to verify that a credit card number was not accidentally typed in wrong when making phone or online payments, and that is how it is used in credit card processing today.

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS