Understanding Your Risk - Make Your Data Useless to Criminals

By Lynn Skurla Perkins | Sep 30, 2019 3:58:35 PM

Here is the last in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Make Your Data Useless to Criminals

According to the Council:  

"The best way to keep it (your data) safe is to make it useless even if it’s stolen by hiding it, and removing it altogether when it’s not needed. While this can be more complex to put in place, in the long run, it can make security much easier to manage.  While protecting your customer's data can seem overwhelming, below are some basic recommendations that every business should follow."

Read More >

Understanding Your Risk - Protect Your Business From the Internet - Please Read!

By Lynn Skurla Perkins | Aug 26, 2019 12:36:27 PM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Protect Your Business from the Internet

Oh yes, the Internet - for business owners, it is often a double-edged sword.

According to the Council:

"The Internet is the main highway used by data thieves to attack and steal your
customers’ card data. For this reason, if your business is on the Internet, anything you use for card payments needs extra protection."

While protecting your customer's data can seem overwhelming, below are some basic recommendations that every business should follow.

Read More >

Understanding Your Risk - Use Secure Payment Terminals and Solutions

By Lynn Skurla Perkins | Jul 23, 2019 11:28:25 AM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Use Secure Payment Terminals and Solutions

According to the Council:

"A sure way to better protect your business is to use secure payment solutions and trained professionals to help you."

"Your customers enter their personal identification numbers (PINs) for their payment cards into your payment terminal or PIN entry device. It is important to use secure devices to protect your customers’ PIN data."

Read More >

Understanding Your Risk - Scan for Vulnerabilities and Fix Issues

By Lynn Skurla Perkins | Jun 19, 2019 10:48:22 AM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Scan for Vulnerabilities and Fix Issues

According to the Council:

"New vulnerabilities, security holes, and bugs are being discovered daily. It’s vital to have your Internet-facing systems tested regularly to identify these new risks and address them as soon
as possible. Your Internet facing systems (like many payment systems) are the most
vulnerable because they can be easily exploited by criminals, allowing them to sneak into
your systems."

And, if you are processing through one of our preferred processors, Skurla's will assist you with your scan.  It's easy and saves you money - because if you don't complete your scans, your Merchant Service Provider may start charging you non-compliance fees.

Read More >

Understanding Your Risk - Use Anti-Virus Software

By Lynn Skurla Perkins | May 17, 2019 12:39:02 PM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Use Anti-Virus Software (also referred to as anti-malware)

Remember the quote from the PCI Council:  Hackers = Criminals

And to add on to this: 

Hackers write viruses and other malicious code to exploit software features and coding mistakes, so they can break into your systems and steal card data.

 

Read More >

Understanding Your Risk - Don’t Give Hackers Easy Access to Your Systems

By Lynn Skurla Perkins | May 3, 2019 1:21:05 PM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Don’t Give Hackers Easy Access to Your Systems.

To quote the PCI Council:  Hackers = Criminals

(Click here to read about our Data Security Breach Action Plan)

"One of the easiest ways for hackers to get into your system is through people you trust. You need to know how your vendors are accessing your system to make sure it’s not opening up any holes for hackers. "

Read More >

Understanding Your Risk - Protect In-House Access to Your Card Data

By Lynn Skurla Perkins | Mar 13, 2019 1:16:10 PM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Protect In-House Access to Your Card Data.

PRIVILEGE ABUSE IS THE TOP ACTION LEADING TO BREACHES – ABOUT 55% OF ALL INCIDENTS REPORTED.

Here is a list of recommendations from the Council:

ACCESS CONTROL IS ALL IMPORTANT. Set up your system to grant access only based on a “business need-to-know.” As the owner, you have access to everything. But most employees can do their job with access only to a subset of data, applications, and functions.

LIMIT ACCESS to payment systems and unencrypted card data to only those employees that need access, and only to the data, applications and functions they need to do their jobs.

KEEP A LOG. Track all “behind the counter” visitors in your establishment. Include name, reason for visit, and name of employee that authorized visitor’s access. Keep the log for at least a year.

SECURELY DISPOSE OF DEVICES. Ask your payment system vendor or service provider how to securely remove card data before selling or disposing of payment devices (so data cannot be recovered).

SHARE THIS INFORMATION. Give this guide to your employees and business partners so they know what is expected.

Read More >

Understanding Your Risk - Use Trusted Business Partners

By Lynn Skurla Perkins | Feb 26, 2019 11:52:28 AM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:   Use trusted business partners and know how to contact them.

It’s critical you know who your service providers are and what security questions to ask them.

Here is a list of recommendations from the Council:

Read More >

Understanding Your Risk - Install Patches

By Lynn Skurla Perkins | Jan 29, 2019 10:28:50 AM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Install Patches From Your Vendors

Read More >

Understanding Your Risk - Use Strong Passwords and Change Default Ones

By Lynn Skurla Perkins | Sep 12, 2018 1:11:32 PM

Over the next several months, we will be sharing the PCI Council's advice on How to Protect Your Business With These Security Basics.

This month's topic:  Use Strong Passwords and Change Default Ones

According to  the Council's Guide - About 80% of breaches involved guessed or stolen passwords!

Here is what they recommend:

CHANGE YOUR PASSWORDS REGULARLY. Treat your passwords like a toothbrush. Don’t let anyone else use them and get new ones every three months.

SEEK HELP. Ask your vendors or service providers about default passwords and how to change them. Then do it!

For more information on managing passwords, click here.

MAKE THEM HARD TO GUESS. The most common passwords are “password” and “123456.” Hackers try easily-guessed passwords because they’re used by half of all people. A strong password has seven or more characters and a combination of upper and lower case letters, numbers, and symbols (like !@#$&*). A phrase can also be a strong password (and may be easier to remember), like “B1gMac&frieS.”

To see how fast it takes to crack a password, click here.

DON’T SHARE. Insist on each employee having their own login IDs and passwords – never share!

Read More >

Understanding Your Risk - Exploring the PCI Council's Small Merchant Guide

By Lynn Skurla Perkins | Aug 20, 2018 11:52:06 AM

“Small businesses are particularly at risk from the costs and opportunity loss associated with a data breach. Implementing the guidance published by the PCI SSC Small Merchant Taskforce will help a small business improve its data security practices and reduce the risk of data theft.“ - Michael Christodoulides, Barclaycard, PCI Small Merchant Taskforce Co-Chair

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

But first, here are some frightening data points shared by the PCI Security Council:   

  • 71% of hackers attack businesses with under 100 employees (Verizon 2012)
  • 60% of small businesses experienced a cyber breach (HM Government)
  • $20,752 is the average cost to small businesses due to hacking (NSBA)

If this scares you too, keep reading below to learn more about how to protect your business - 

Read More >

Why You Need A Password Manager

By Thomas Greenman | Jul 19, 2018 7:41:22 AM

If you are like most folks, you have a handful of passwords that you reuse for all your online accounts. You may change a number or two when it’s expired, for example: Password1 gets changed to Password2, and so on. It’s very likely that some family and friends know some of your passwords too, like your WIFI and Netflix password. In a world full of hackers and breaches, you really are making their job all too easy.

Read More >

Understanding the TLS Issue & Why Your Credit Cards May Stop Working!

By Lynn Skurla Perkins | Apr 30, 2018 12:00:00 AM

Yes, credit cards may stop working on your point of sale system this summer!  We are providing you with more information on this important issue - please take a moment to read.

First some definitions and background on this topic:

TLS: Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems.

SSL: Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private.

On Feb. 13, 2015, the PCI Security Standards Council announced that SSL, a protocol designed to ensure that data provided between a web server and a web browser, such as credit card information, remains secure - is no longer an acceptable way to provide strong cryptography, due to a number of known fundamental vulnerabilities. The deadline is June 30, 2018. 

Read More >

PCI Council Announces Changes to Qualified Integrators & Resellers Program

By Lynn Skurla Perkins | Mar 25, 2018 7:18:11 PM

In March, the PCI Security Standards Council (PCI SSC) announced new changes to the PCI Qualified Integrators and Resellers (QIR) Program in response to industry feedback and data breach report findings. The program changes are designed to increase the number of QIRs and equip them to help merchants reduce risk by mitigating the leading causes of payment data breaches. 

The PCI SSC QIR program offers specialized data security training and certification to individuals that install, configure and/or support payment systems. PCI SSC maintains a listing of PCI QIRs on its website for merchants to use in identifying and selecting trusted partners. Since the program was established in 2012, breach reports highlight that smaller merchants are increasingly under attack, and that the majority of merchant payment data breaches could be prevented by addressing three critical issues: insecure remote access, weak password practices and outdated and unpatched software.

Read More >

Take 5 Minutes to Read About PCI & Security - It Could Save Your Business

By Lynn Skurla Perkins | Feb 20, 2018 7:16:00 AM

Data Breaches, ID Theft, Credit Card Breaches - we hear this all the time in the news.  And this is the last thing you as an owner or manager want to experience for your business!

Please take time to read this!  It could save your business!

Read More >

Card Industry Delays Continue to Slow EMV Chip Card Transition

By Lynn Skurla Perkins | Jan 6, 2017 11:54:58 AM

 I thought we would share the press release from the National Retail Federation (see link below).

They are spot on when they talk about the importance of tokenization and encryption - which is completely different than the EMV issue - tokenization and encryption help prevent card data theft - very serious credit card security issues that should concern every retail store owner.

"While chips make it more difficult to create counterfeit cards from stolen card data, retailers surveyed said they are also working on technologies like tokenization and encryption that make it difficult to steal card data in the first place."

Here at Skurla's POS Solutions,  we are seeing all levels of EMV solution readiness - we work with dozens of vendors - and there is still A LOT of confusion in the marketplace.  Several solutions that claim to be ready, may in fact be only partially ready.  It depends on who you process with, what payment methods you take (for example, many many processors and EMV solutions still don't have debit and EBT certified on an EMV solution yet), what software you use, what hardware you have, etc.

Read More >
COMMENTS
Download our free Purchasing Point of Sale Checklist!
Free Purchasing POS Checklist