Here is the last in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Make Your Data Useless to Criminals

According to the Council:  

"The best way to keep it (your data) safe is to make it useless even if it’s stolen by hiding it, and removing it altogether when it’s not needed. While this can be more complex to put in place, in the long run, it can make security much easier to manage.  While protecting your customer's data can seem overwhelming, below are some basic recommendations that every business should follow."

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Protect Your Business from the Internet

Oh yes, the Internet - for business owners, it is often a double-edged sword.

According to the Council:

"The Internet is the main highway used by data thieves to attack and steal your
customers’ card data. For this reason, if your business is on the Internet, anything you use for card payments needs extra protection."

While protecting your customer's data can seem overwhelming, below are some basic recommendations that every business should follow.

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Use Secure Payment Terminals and Solutions

According to the Council:

"A sure way to better protect your business is to use secure payment solutions and trained professionals to help you."

"Your customers enter their personal identification numbers (PINs) for their payment cards into your payment terminal or PIN entry device. It is important to use secure devices to protect your customers’ PIN data."

We frequently get asked about the future of Pay at the Table - and why it hasn't been widely adopted in Alaska (and the rest of the U.S.).  Here is an article from Hospitality Technology from June 2016:

"In an EMV world, it’s best practice for cards to never leave the customer’s possession during a transaction. In the U.S., an additional driver for bringing payment to the table is mobile payment solutions such as Apple Pay, which require either a fingerprint ID or PIN. The payment method can’t come to the POS – customers aren’t going to turn over their PIN or smartphone – so the POS has to come to the customer.
 
There are multiple benefits for implementing tableside payment at restaurants. Not only does bringing the point of sale to the customer help to boost table turns and revenue, it also helps to protect customer cardholder data, which is a major concern for merchants. Here, Greg Burch, vice president of strategic initiatives U.S. for Ingenico Group, highlights some of the perks and breaks down a few best practices.
 
Paybacks from tableside payment
Higher table turns. Consider a typical payment transaction with a magnetic stripe card: a server drops a check at the table in a billfold, and leaves. The customer retrieves their card and leaves it in the billfold, then waits for the server to return. Sometimes that happens a minute later, and sometimes it’s 10 or more minutes later.  Then the customer waits again for their receipt. Most restaurants measure table turns closely, and even small increases can contribute to profitability. Moving from three to four table turns per shift can increase revenue by 20-25 percent.
 
Less waiting for customers, higher tips for servers. Cutting down that wait time by bringing the payment device to the table not only leads to more table turns and increased face-time, but also higher customer satisfaction. The result is better tips for servers. We witnessed this firsthand in Canada, where Pay-at-the-Table became the standard shortly after that country’s EMV migration in 2010.
 
Reduced chargebacks. Businesses that do not upgrade their payment technology to accept EMV chip cards are putting themselves at risk of chargebacks due to credit card fraud. Major acquirers have reported that chargebacks have been on the rise since the October 2015 liability shift, with restaurants being one of the major areas affected. This is essentially a trickle-down effect: as more merchants move to EMV, fraud moves to areas that have been slower adopters. Even a small increase in chargebacks and card fraud can be potentially devastating to a small business.
 
Reductions in identity theft. Card skimming by servers has been known to occur in the hospitality industry, where cards typically leave consumers’ sight for several minutes. Servers who are part of fraud rings can wear discreet card skimmers on their belt loops and collect card data from hundreds of customers in a week. Five hundred skimmed cards can be sold on the black market for $1500 or more – significantly boosting a server’s annual income. Pay-at-the-table eliminates that possibility by keeping cards out of servers’ possession.
 
8 Best practices for rolling out pay-at-the-table  
There is no question that pay-at-the-table is becoming a major factor in the market, with some – ipredicting it to be the predominant payment method throughout the hospitality industry by the end of 2016. For those thinking of rolling out pay-at-the-table, here are a few tips for a smooth and successful implementation.
 

With all the talk about EMV, PCI  and Security requirements have taken a back seat when talking about accepting credit cards at a business.

Did you know that any merchant installing a PA-DSS (payment application should be using a company that is a PCI-certified QIR professional?   The Payment Application Data Security Standard (PA-DSS) is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC). 

 An acquirer will not be allowed to board a merchant as of March 31^st 2016 if they are not installed by a QIR.  (An acquiring bank, or acquirer, is a bank or financial institution that processes credit or debit card payments on behalf of a merchant.)

We are pleased to announce that Oracle has opened up MICROS 3700 for EMV integration for third parties.  We have vetted and recommend the current solution provided by Elavon Payment Systems, Simplify, that offers an EMV solution for your MICROS System.

Elavon’s Simplify solution isa gateway processor very similar to the predominate Merchantlink solution most MICROS customers currently use.  Its secure gateway allows the use of EMV transactions as well as providing robust credit card security. 

An update from NCR Counterpoint on EMV:

 Over the last year, we have seen many in the credit card industry try to create a sense of panic and/or urgency over the October 2015 EMV deadline.

We work with numerous independent software vendors and many payment partners.  I can tell you this - the majority were not ready by the deadline.  Why? Because there were no set standards defined by the industry.  Those that wanted to be ready had long waits to get certified.

I have been asking restaurant and retail owners these questions:

1. How many chargebacks to you have every year due to lost or counterfeit credit card?  (The answer 100% of the time has been none or very little - i.e. maybe one over the course of the year?)

According to the information on the VISA website: Starting October 1, 2015, businesses that don't accept Visa chip card transactions may be responsible for any resulting counterfeit fraud

2. How many credit cards do you personally own that has the EMV chip?  Most have told me that they don't have one yet.  Well, they shouldn't feel alone.  The card brands have not been able to get them all out in time.
3. I ask them if they know the difference between Chip and PIN and Chip and Signature - most are only vaguely aware of the differences. (Click on this link for some valuable EMV definitions - https://pointofsalesolutions.wordpress.com/2014/10/22/emv-part-ii/). And when they find out that the industry has decided to adopt Chip and Signature for now, it doesn’t take them long to realize that Chip and Signature does nothing to prevent against lost or stolen cards being used in their establishment. 
4. So many of our customers have received calls from random credit card companies – telling them YOU are at RISK! And you are out of compliance!

            Please do not confuse EMV with PCI Compliance – these are two separate issues. And as a business owner, you should be much more concerned about PCI Security and Compliancy.

Will EMV make you PCI Compliant? NO! See this article for a quick overview. https://www.pcicomplianceguide.org/will-emv-make-you-pci-compliant/

Or visit the PCI Security Council’s website to learn more about PCI Compliancy and EMV:

https://www.pcisecuritystandards.org/news_events/quick_resources/increasing_security_with_emv_chip_and_pci.php

 So what does this mean for your business?