Zebra Plastic Card Printers.
Zebra Plastic Card Printers come in a variety of styles and price ranges, including single-sided printers, dual sided printers, and security printers
Healthy Solutions for Healthcare.
The healthcare industry benefits from barcoding. Barcoding enhances patient safety and operational efficiency.
Seagull Scientific Products
Seagull Scientific BarTender is an industry-leading label design and barcode software. Seagull Scientific also develops true Windows printer drivers for bar code and thermal printers.
MC 9190G
The Ability To Satisfy Your Company Software Requirements.
Wireless Broadband
The unrivalled Motorola portfolio of Point-to-Point (PTP), Point-to-Multipoint (PMP), and Mesh Wide Area Network (MWAN), WLAN and VoWLAN solutions make governments, enterprises, and service providers more agile by helping them deploy voice, video, and data applications right where they need them.
Showing posts with label retail security. Show all posts
Showing posts with label retail security. Show all posts
Wednesday, 13 June 2012
Saturday, 9 June 2012
PCI Compliance for Mobile Point of Sale
By Amy Hanson, One Step Retail Solutions
“We know merchants are eager to take advantage of their existing smartphones or tablets to accept payment cards,” said Bob Russo, general manager, PCI Security Standards Council. “And the Council and its stakeholders, want to help the market to do this in a secure way. We're excited about this easy-to-use reference that will help merchants understand how to use the suite of PCI Standards to enable their businesses while still keeping data security top of mind.”
80% of identity theft can be traced back to small business breaches in security
With the “mobile revolution” comes a shift in retail security practices by independent retailers looking for cost effective retail technology solutions. Taunted by the allure of a “full mobile POS system” for dirt cheap, it can seem too good to be true when it comes to PCI Compliance. The PCI Security Standards Council state what many have been wondering for some time, “Mobile devices are not necessarily designed to be secure input or storage devices for cardholder data. Your mobile payment solutions thus requires additional technology, including encryption to secure cardholder data acceptance.”
At this point, the exact regulations and guidelines have yet to been fully defined by the PCI Council regarding mobile point of sale systems. So, when a prospective mobile POS provider has stated that they are PCI compliant, this does not necessarily mean that any specific actions have been taken to ensure that the specific system is secure. Factually, PCI compliance is not limited to your software capabilities and while you may be attempting to form up a small business on a dime with an iPad and a $15 a month system, you are in the hot seat if you are not only PCI compliant but truly secure.
How “hot” is the hot seat?
The reason this is of absolute importance to you as a retailer, is you could personally be held accountable for everything from full reimbursement for monies stolen, to a possible $500,000 fine for negligence should there be a data breach which traces back to one of your devices. As you can see, this is very serious business that a fly-by-night POS system should not be trusted with. In this matter, the cheapest option is not necessarily the better option and could effectively close your business.
How to protect yourself and your livelihood
Several heavily marketed and relatively new mobile POS systems are under scrutiny for PCI compliance failure (lack of data encryption is a common oversight). A long term service provider of point of sale solutions, hardware and supporting systems (security, etc.) will know the ins and outs of how to create a safe point of sale for your retail store. We recommend a layered approach to security. Our definition of “layered security” would include: Firewall for all internet connections, system back-ups, run regularly and security cameras installed in high theft locations in the store. In addition to having a security suite, ensuring the mobile POS device you use has data encryption, goes a long, long way to complying with PCI Compliant regulations.
Summary
A thorough list of best practices is expected before year end. In the mean time, a straightforward paper (link below) gives some hands on advice for merchants including:
- Leveraging the benefits of the Council's recently published Point-to-Point Encryption (P2PE) standard and program
- Responsibilities under PCI DSS, and how to translate to mobile payments
Be sure to choose a mobile payment acceptance solution that complements the merchant's PCI DSS responsibilities.
PCI Security Standards Council - Accepting Mobile Payments with a Smartphone or Tablet
If the above link doesn't work, copy and paste this into your browers: https://www.pcisecuritystandards.org/documents/accepting_mobile_payments_with_a_smartphone_or_tablet.pdf
Wednesday, 4 April 2012
Shift4 Was Not Impacted by Global Payment Breach
Shift4 reports that they have not been affected by the
Global Payment breach.
A Shift4 representative notes that they surmise an
organization had access to some form of reporting
portal provided by Global Payments – perhaps one of
their ISO’s specializing in the car parking space
provided a path into a limited area of Globals
infrastructure.
It is also noted that unfortunately it takes some time for a
comprehensive report to hit the media leaving retailers to
speculate and at times causing undue alarm.
One Step Retail Solutions message to retailers is to:
a) Get educated and
b) Ensure that a layered approach is taken and that you
have all PCI compliancy points not only put into place but
updated and reviewed regularly.
http://onestepretail.com/Products/SecuritySuite/
Global Payment breach.
A Shift4 representative notes that they surmise an
organization had access to some form of reporting
portal provided by Global Payments – perhaps one of
their ISO’s specializing in the car parking space
provided a path into a limited area of Globals
infrastructure.
It is also noted that unfortunately it takes some time for a
comprehensive report to hit the media leaving retailers to
speculate and at times causing undue alarm.
One Step Retail Solutions message to retailers is to:
a) Get educated and
b) Ensure that a layered approach is taken and that you
have all PCI compliancy points not only put into place but
updated and reviewed regularly.
http://onestepretail.com/Products/SecuritySuite/
Tuesday, 3 April 2012
"Massive" CC breach and How They Hack You
You may start getting questions about a very recent
"massive" CC security breach. Unfortunately, there are
currently little specifics as to who all will or has been
affected by this situation. We are and have been keeping
our finger on the pulse as the information comes in.
We have put together a short gathering of information
related to this that should shed some light on what
happened, what is being done about it and who has mostly
been affected.
Stay tuned for upcoming specifics and hopefully a list of
which processors have been affected. Please feel free to
reach out to your own processor as you see fit.
We will be sure to back any statement with factual data
and sources to avoid any continued or unncessary worry
or fear.
-
-
-
How to Tell if You Have Been Caught in the Fraud:
The part of the process that was breached was the step
between the merchant and the processor; the former
being a New York City taxi and parking garage company,
Payments apparently first identified the potential breach in
early March, and the problem had been undetected for
several months before that.
Therefore, the pool of victims is likely to be those who
Therefore, the pool of victims is likely to be those who
used their debit or credit cards for transportation in the
New York metropolitan area earlier this year.
-
-
"Massive" credit card card breach:
http://cnnmon.ie/massivebreach
http://cnnmon.ie/massivebreach
-
How Big is the Theft?
"Most payment-card thefts, the Verizon study found, are
from small businesses, with only about 5 percent last year
from large organizations. More than three-quarters of the
breaches involved losses of fewer than 10,000 records. Just
seven breaches involved more than 1 million records each.”
-
-
Related article on "How They Hack You":
--
As retailers you should absolutely ensure your own end
is fully covered and secure.
In addition, stay in the know regarding imminent dangers
to yourselves and your clients.
Thursday, 23 February 2012
What is Your Loss Prevention Strategy?
By Scott Kreisberg, CEO One Step Retail Solutions
When it comes to security and protecting your assets, you need a good strategy. You will know how good that strategy is when you try to balance the cash register at the end of the day; when you do your physical count; when you are faced with a computer crash; or when too many of your customers start having identity theft on their cards. Do you want to wait until then to find out that your protection was inadequate?
The most effective method to achieve security has always been a layered approach. In other words, instead of just relying on a single solution, you set up a number of protective layers and thus greatly reduce the chances of being a victim.
Airports are an example of a layered approach: there are visual inspection of ID's and tickets before you are allowed beyond a certain point, there are TSA agents observing via cameras, there are metal detection imaging devices that you must go through, and there are personnel at the ramp to the plane who check tickets and ID's again.
We at One Step Retail take a similar approach to protecting you and your business from both external and internal threats. After all, we have been around helping retailers for 25 years and we hear about disasters from unprotected retailers. Consequently, we want to ensure you do not experience the same thing.
What would happen if all the information stored in your computer were suddenly lost? Or you had a hacker or virus or Trojan attack? Could you recreate this information? If so, how much time would it take? How much would it cost? What about dishonest employees? Most importantly, would your business survive?
In today's economic climate, it is vital to protect your assets and one of the most important assets you have is your data. If you lost it, it could possibly close your store. That may be hard to believe, but look at these statistics from Comdisco Vulnerability Index Research Report:
• 82% of companies are not prepared to handle a computer system disaster
• 83% of corporate data recoveries from tape backup FAIL
• Only 6% of companies that suffer from a catastrophic data loss survive
In our own backyard, we've seen it happen. Two different clients thought they were backing up and protected, but then their computers crashed and they discovered otherwise. After a year of manually inputting all the missing data, one retailer still occasionally scans an item that should be in the system but isn't. Another client lost years of data and had to pay for expensive data recovery but not all of it was recoverable.
In the category of dishonest employees, one client after six months of periodic cycle counts being off, finally traced down the problem to an employee taking fictitious “returns” and giving refunds-to herself. Another client had an employee who, as their Systems Administrator, embezzled money from them for five years. Months of sales information in their computer records was missing and she said they had been lost. Where was the backup? This company went out of business two years later.
One Step has researched resources and partnered with experienced, honest vendors to bring you layers of security specific to your needs as a retailer.
With RetailSafe, you have a professional backup service that knows retail and their data backup needs, plus you as our client get a discount for their services.
With sonicWall you get not only an intelligent state-of-the art firewall protecting you from malware, you get PCI compliance integrated into the system protecting your business from another type of disaster. You can buy firewalls including sonicWall at Amazon but none of them will be PCI Compliant out of the box. You must be trained on how to properly configure the firewall in order to meet PCI compliancy. So, buying them from anywhere else would be an utter waste of money.
With Quadrox you have a Network Video Recording system that can, among other things, integrate with your POS. The POS is a primary location for employee theft or mistakes. For example, you could quickly access the time when an employee issued a return and refund (as noted on the POS) and see actually what happened on the video—no cycle counts for six months to discover the dishonest employee.
So, start getting these layers firmly in place. If you have some or all of them already, make sure:
• they are working,
• you are verifying on a regular basis that they are working
• they are adequate for your specific needs as a retailer
• you understand them and can use all of their features
• you not only can use their features, you are using them
When it comes to security and protecting your assets, you need a good strategy. You will know how good that strategy is when you try to balance the cash register at the end of the day; when you do your physical count; when you are faced with a computer crash; or when too many of your customers start having identity theft on their cards. Do you want to wait until then to find out that your protection was inadequate?
The most effective method to achieve security has always been a layered approach. In other words, instead of just relying on a single solution, you set up a number of protective layers and thus greatly reduce the chances of being a victim.
Airports are an example of a layered approach: there are visual inspection of ID's and tickets before you are allowed beyond a certain point, there are TSA agents observing via cameras, there are metal detection imaging devices that you must go through, and there are personnel at the ramp to the plane who check tickets and ID's again.
We at One Step Retail take a similar approach to protecting you and your business from both external and internal threats. After all, we have been around helping retailers for 25 years and we hear about disasters from unprotected retailers. Consequently, we want to ensure you do not experience the same thing.
What would happen if all the information stored in your computer were suddenly lost? Or you had a hacker or virus or Trojan attack? Could you recreate this information? If so, how much time would it take? How much would it cost? What about dishonest employees? Most importantly, would your business survive?
In today's economic climate, it is vital to protect your assets and one of the most important assets you have is your data. If you lost it, it could possibly close your store. That may be hard to believe, but look at these statistics from Comdisco Vulnerability Index Research Report:
• 82% of companies are not prepared to handle a computer system disaster
• 83% of corporate data recoveries from tape backup FAIL
• Only 6% of companies that suffer from a catastrophic data loss survive
In our own backyard, we've seen it happen. Two different clients thought they were backing up and protected, but then their computers crashed and they discovered otherwise. After a year of manually inputting all the missing data, one retailer still occasionally scans an item that should be in the system but isn't. Another client lost years of data and had to pay for expensive data recovery but not all of it was recoverable.
In the category of dishonest employees, one client after six months of periodic cycle counts being off, finally traced down the problem to an employee taking fictitious “returns” and giving refunds-to herself. Another client had an employee who, as their Systems Administrator, embezzled money from them for five years. Months of sales information in their computer records was missing and she said they had been lost. Where was the backup? This company went out of business two years later.
One Step has researched resources and partnered with experienced, honest vendors to bring you layers of security specific to your needs as a retailer.
With RetailSafe, you have a professional backup service that knows retail and their data backup needs, plus you as our client get a discount for their services.
With sonicWall you get not only an intelligent state-of-the art firewall protecting you from malware, you get PCI compliance integrated into the system protecting your business from another type of disaster. You can buy firewalls including sonicWall at Amazon but none of them will be PCI Compliant out of the box. You must be trained on how to properly configure the firewall in order to meet PCI compliancy. So, buying them from anywhere else would be an utter waste of money.
With Quadrox you have a Network Video Recording system that can, among other things, integrate with your POS. The POS is a primary location for employee theft or mistakes. For example, you could quickly access the time when an employee issued a return and refund (as noted on the POS) and see actually what happened on the video—no cycle counts for six months to discover the dishonest employee.
So, start getting these layers firmly in place. If you have some or all of them already, make sure:
• they are working,
• you are verifying on a regular basis that they are working
• they are adequate for your specific needs as a retailer
• you understand them and can use all of their features
• you not only can use their features, you are using them
Retail Crime of the Future - Served with a Drink and Chips
By Amy Hanson, One Step Retail Solutions
News broke late last year about a “retail crime of the future”. Dating back to at least 2008, a small group of Romanian hackers have allegedly stolen credit card information through the POS systems of hundreds of small American businesses, adding up to more than 3 million dollars in fraudulent charges. The investigation is still pending, but the most serious attack was targeted at Subway franchises with at least 150 of their locations reportedly compromised. The 4 suspects are in custody, per the most recent reports.
The method of attack appears to be targeting certain POS “holes” through an essentially wide-open back door; a Trojan virus was then installed to give them ongoing easy access. As per the PCI Security Standards Council, those who process credit and debt payments must have a two-factor authentication for remote access to a POS system. Not having this security measure in place is where these particular businesses and franchises appear to have gone wrong.
In this digital age it is vital that retailers protect their customers by being fully PCI compliant and establishing layered security measures. PCI goals include “Build and Maintain a Secure Network” and “Implement Strong Access Control Measures” with some of the exact PCI requirements reading as follows:
“1. Install and maintain a firewall configuration to protect cardholder data…'
“10. Track and monitor all access to network resources and cardholder data.”
Did you know that reports show 56% of U.S. small businesses have experienced data breaches and 33% of all data breaches were directed at businesses with 100 employees or fewer? “The Subway credit card hack is unfortunately news that may happen with greater frequency.” says a FindLaw article about the recent 2008 to May 2011 hacks.
We highly recommend a layered approach, including installing a Sonic Wall Firewall, which offers a powerful security platform. SonicWall provides integrated anti-virus and anti-spyware, which is being updated every 5 minutes, thus providing real-time protection against a wide array of threats.
When you buy a SonicWall from One Step Retail, we configure it to be fully PCI Compliant. You also get:
• A business class device
• 3G failover, so if your Internet ever goes down and you have a 3G wireless adapter attached to the firewall then your internet will stay up.
• Content control to prevent employees from wasting time on sites like, You Tube and Facebook, etc.
• You would also be able to provide free Wi-Fi to your shoppers and secure wireless zone for mobile applications and devices.
Deep packet inspection of the entire content of information coming into the business via the Internet instead of just header or title.
"I don't know if Subway had unpatched vulnerabilities on its POS systems or what. But whatever merchants have to do, yikes, please do it." - Lisa Vaas of Sophos, antivirus software developer.
There is more to know about Firewalls than you think: Get a free Security Consult:
http://onestepretail.com/Products/SecuritySuite/
Sources:
www.pcisecuritystandards.org
http://arstechnica.com/business/news/2011/12/how-hackers-gave-subway-a-30-million-lesson-in-point-of-sale-security.ars
http://www.tgdaily.com/security-features/60147-arrests-made-over-subway-hack
News broke late last year about a “retail crime of the future”. Dating back to at least 2008, a small group of Romanian hackers have allegedly stolen credit card information through the POS systems of hundreds of small American businesses, adding up to more than 3 million dollars in fraudulent charges. The investigation is still pending, but the most serious attack was targeted at Subway franchises with at least 150 of their locations reportedly compromised. The 4 suspects are in custody, per the most recent reports.
The method of attack appears to be targeting certain POS “holes” through an essentially wide-open back door; a Trojan virus was then installed to give them ongoing easy access. As per the PCI Security Standards Council, those who process credit and debt payments must have a two-factor authentication for remote access to a POS system. Not having this security measure in place is where these particular businesses and franchises appear to have gone wrong.
In this digital age it is vital that retailers protect their customers by being fully PCI compliant and establishing layered security measures. PCI goals include “Build and Maintain a Secure Network” and “Implement Strong Access Control Measures” with some of the exact PCI requirements reading as follows:
“1. Install and maintain a firewall configuration to protect cardholder data…'
“10. Track and monitor all access to network resources and cardholder data.”
Did you know that reports show 56% of U.S. small businesses have experienced data breaches and 33% of all data breaches were directed at businesses with 100 employees or fewer? “The Subway credit card hack is unfortunately news that may happen with greater frequency.” says a FindLaw article about the recent 2008 to May 2011 hacks.
We highly recommend a layered approach, including installing a Sonic Wall Firewall, which offers a powerful security platform. SonicWall provides integrated anti-virus and anti-spyware, which is being updated every 5 minutes, thus providing real-time protection against a wide array of threats.
When you buy a SonicWall from One Step Retail, we configure it to be fully PCI Compliant. You also get:
• A business class device
• 3G failover, so if your Internet ever goes down and you have a 3G wireless adapter attached to the firewall then your internet will stay up.
• Content control to prevent employees from wasting time on sites like, You Tube and Facebook, etc.
• You would also be able to provide free Wi-Fi to your shoppers and secure wireless zone for mobile applications and devices.
Deep packet inspection of the entire content of information coming into the business via the Internet instead of just header or title.
"I don't know if Subway had unpatched vulnerabilities on its POS systems or what. But whatever merchants have to do, yikes, please do it." - Lisa Vaas of Sophos, antivirus software developer.
There is more to know about Firewalls than you think: Get a free Security Consult:
http://onestepretail.com/Products/SecuritySuite/
Sources:
www.pcisecuritystandards.org
http://arstechnica.com/business/news/2011/12/how-hackers-gave-subway-a-30-million-lesson-in-point-of-sale-security.ars
http://www.tgdaily.com/security-features/60147-arrests-made-over-subway-hack
Subscribe to:
Posts (Atom)
