PCI Related News – Card Skimming

Something that is not mentioned as much these days is the fact that some of the earliest credit card number thefts involved different methods of modifying the credit card pin pad units. With changes to the pinpad units, the number of incidents of this type of card number theft has dramatically declined. There are several things that you should do to prevent credit card skimming from occurring at your location.

The most likely targets of this type of attack are self-service, unmanned, unused and exterior payment terminals. Criminals will attempt to steal, modify and replace the terminals during less busy periods then return to swap the terminals to harvest the recorded credit card information. Newer methods have been to swap the terminals once with a modified unit that can send or even wirelessly transmit the card data to locations outside of the store. This all makes knowing what units you have in use, including serial numbers of those units, important so that you will be able to spot any changes. The newer pin pad devices are designed to alert you of any tampering as well.

Other methods of attack are to place readers or cameras at the point of pin number entry; a low tech method has even been to shoulder surf as the customer enters their pin number.

Recommended methods to prevent these types of fraud include using physical security, bolt the units to the counter for example, make sure you have current equipment designed to prevent or alert of tampering and train your staff to monitor and notice suspicious activity or pin pad devices that have been removed or replaced.

Here is a link with pictures and more information regarding this topic: https://www.pcisecuritystandards.org/pdfs/skimming_prevention_form.pdf

LogMeIN Remote Connection

In today’s world protecting and securing company’s data is considered to be of the highest importance. Most businesses rely heavily on their point-of-sale systems, requiring them to run at peak performance in order to optimize business productivity. IT professionals use strategies for accessing company systems to address issues, provide maintenance and keep equipment performing and operating efficiently. If a remote access solution, several questions arise. How secure is secure is your connection? Who has access to your machine? Are you aware of the security encryption level of you current product? Is your data at risk?

There are many remote connection options available. LogMeIn Pro is an excellent choice, with its security level, system monitoring abilities and notification responses. As with many remote solutions, security is the main focus for users of these products. It was the focus for the design of LogMeIn, which is why it utilizes an AES 256-bit encryption; the same security trusted by online banks. This will ensure that the data transfer from one machine to the next is as secure as online banking transactions.

LogMeIn is always searching for new and inventive ways to create a secure environment. Updates to the program to keep it a secure and compliant with PCI guidelines, users are sent notifications of these updates. LogMeIn provides monitoring and notification on systems which it is running. Logging of events and systems changes aide in supporting and improving system performance. LogMeIn can also send notifications of access, noteworthy events on any machine, as well as send alerts directly through e-mail for proper attention and prevention.

Choosing the right solution for your business is critical for its continued success. The ability for your support team to monitor and access your point-of-sale systems at those business critical times is a value that cannot be matched. LogMeIn offers these solutions and peace-of-mind with remote access solutions. For more detailed information on how this solution will work with current business practices, please contact STCR at (607) 757-0181 and experience the benefits first hand.

New Small Business Loans

The Small Business Administration (SBA) has announced two new lending initiatives aimed at getting modest loans under $250,000 to small businesses quickly and efficiently: Applications are now only two pages long and can be approved in anywhere from “minutes” to ten days. Greater access to credit should help spur small businesses to grow and hire, giving the economy a boost.

Although credit availability has eased since the global financial crisis, banks have been slow to lend to small businesses. According to a New York Federal Reserve report released in October, more than three-quarters of small businesses that applied for a loan during the first half of 2010 received “some” or “none” of the credit they desired.

Unlike big corporations, which can issue stock, sell bonds or take other measures to raise cash, small businesses are largely at the mercy of banks for financing. Big banks complain that it often doesn't pay for them to spend time and resources administering a small loan. With the SBA's new Small Loan Advantage incentive the paperwork burden is alleviated. Loans submitted electronically will be approved in minutes, according to the SBA. Other applications will be approved within one business day.

A second initiative, called Community Advantage, aims to get SBA-backed loans to underserved communities, such as minority and veteran owned businesses, as well as firms in lower-income or rural areas. The program encourages borrowers to develop a business plan and work with advisors. Applications should be approved within five to ten days. Both programs are expected to be up and running by March 15, 2011.

IBM Retail Hardening

From Black Friday door busters to moonlight madness sales, your business moves at the speed of your retail systems. Customer satisfaction is tied directly to time spent waiting in line, and when downtime is not an option, the best retail solutions must reliably endure the worst punishment. That’s why IBM subjects their point-of-sale systems to some of the most extreme conditions imaginable.

It’s called “retail-hardening” and IBM sacrifices their systems in the lab to make sure yours can survive the real world. Before they call a product retail-hardened it must endure and pass a series of grueling tests, including:

Electrostatic discharge testing is to demonstrate the ability to withstand static shock, no matter how dry the air or shaggy the carpeting. Tolerance up to 15,000 volts, nearly double the standard for the PC industry.

Thermal dynamics testing, which verifies reliable operation in different climates and temperatures ranging from -40°C (-40°F) to 60°C (140°F).

Spills and drips testing is to verify the ability of seals, gutters and containment systems to protect sensitive electronics from high volume liquid spills such as water and carbonated beverages.

Magnetic susceptibility testing is to ensure that operation will not be disrupted by proximity to the powerful magnetic fields used to activate and deactivate inventory control tags.

Operational vibration testing is to ensure that the components are robust enough to survive near-constant physical interaction for extended periods.

Drop fragility testing in which components must power on after being dropped repeatedly on all six sides from common carry heights ranging from 30 to 36 inches.

Chemical resistance testing is to insure that cleaners, solvents and other harsh substances often found in retail settings cannot penetrate the specially designed seals on IBM touch screen displays.

Lightning strike simulations in which systems must withstand power surges of up to 2,000 volts—the equivalent of a lightning strike just outside the store.

Radio frequency interference testing to ensure that systems can operate reliably near product taggers, scanners, pagers, cell phones and other devices that saturate the retail environment with radio waves.

Can your retail systems meet these standards? Are they retail-hardened to deliver reliability from day one? Request a quote today to see how IBM retail solutions can deliver stronger performance and greater value for your business. To learn how an IBM POS can transform your front end operations, please contact STCR Business Systems, Inc at (607) 757-0181. STCR has been selling, installing and supporting IBM Cash Register Systems for more than 30 years and we have been in business for 43 years. We are an IBM Premier Business Partner with the in-house expertise to install and support IBM Products and train your personnel in the most professional manner.