Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

Merchant Link Staff's Post Archive Page

BIO: Merchant Link's SecurityCents blog is essential reading for merchants in the retail, lodging, and restaurant industries looking to secure their customers' credit card data. Check the blog regularly to read what our industry experts have to say about the latest developments in the world of payments, payment data security and technology, PCI compliance, and more. We invite you to leave comments and share your insights and opinions.

 
With the year drawing to a close, we asked some of our key technology partners about the trends, tactics, challenges and opportunities that lie ahead. How will the retail payments landscape evolve and what are some of things retailers should be thinking about?
 

 
Lisa Anderson
Director, Product Management
Voltage Security

 


Here’s a prediction: enforcement of EMV
standards will shift even more fraudulent transactions and security breaches to e-commerce. EMV is designed to add an additional layer of security to prevent fraudulent card-present transactions by embedding a chip in the card and requiring a PIN to authorize transaction. With these new security measures, it’s hard to use stolen credit cards on POS terminals – you’d need to either know the PIN or hack the terminal at time of swipe.  As of today, e-commerce doesn’t support EMV and it doesn’t seem like it’s happening any time soon. Existing security vulnerabilities that haven’t been resolved mean that breaches will continue to happen, making e-commerce the easier target for siphoning credit card numbers as well as using them to make fraudulent transactions and for card testing.

 

 
Gregory Burch
VP of Mobile and Business Development

Ingenico

 


We see three major points of focus across the retail payments landscape in the U.S.:

1. Security and evolving payment methods – ensuring  a  payment solution conforms to the latest Payment Card Industry (PCI) standards and includes a plan to support the upcoming EMV requirements for Chip and PIN or Chip and Signature acceptance.

2. A single solution across multiple form factors – the next generation payment solution will operate  on various cross-channel platforms,  including traditional stationary in-lane, portable throughout store, consumer phone, out of store both e-commerce and m-commerce.

3. Integration of the point of sale with the point of service – across the multiple form factors, payment solutions will continue to integrate across point of service and marketing systems, including:

  • Advertising
  • Loyalty
  • Couponing
  • CRM
  • Surveys

Forward-looking retailers are interconnecting data across consumer touch points, which will lead to more efficient, targeted marketing and a more pleasant shopping experience for consumers.

  

 
Nick Wislocki
VP of R&D

MICROS-Retail

 


Mobile is continuing to be a major focus in the retail space, including the emergence of  more mobile payment options. Consumers are seeking the convenience of simply carrying their phone for all their needs, including commerce. Consumers are driving the market in this space and retailers are seeking innovative ways to keep up with demand. Additionally, there is a continued shift toward global commerce, offering options to all corners of the world in the applicable currencies. These tendencies will continue throughout 2013 and the foreseeable future.

 


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Top 5 Cloud Predictions For 2013 <Tweet this article>
by Jen Cohen Crompton
As 2013 approaches, businesses are preparing for the new year by allocating budgets, reorganizing resources, and launching new (or optimizing existing) strategies.
During this process, a consideration for many CTOs, IT Departments, and those working to create and manage an efficient [and for most, cost-effective] virtualization infrastructure, is how to integrate and/or best use cloud technology options………
Click here to read more

How Restaurants Are Using Technology to Deliver Better Customer Service <Tweet this article>
by Carol Trice
The next frontier for social media and smartphones may well be the restaurant table.
Consumers want to see the new technology they use integrated into their dining experience, a new study from Technomic on consumer-facing technology shows, especially if it will speed up the process of getting their meal or paying their bill..…….
Click here to read more

Cybercrime 2012: Malware Attacks Prominent in Retail, Financial Industries <Tweet this article>
by Moriah Sargent
Nearly half of companies in the retail and financial services industries experienced a cyberattack in 2012, primarily driven by financially motivated cybercriminals using automated attack tools, according to a new cybercrime 2012 threat report, issued today.
The ThreatMetrix Inc. 2012 State of Cybercrime study surveyed 200 U.S. business managers and IT executives within retail and financial services organizations. It found that 45% of these organizations experienced a cybersecurity attack in 2012…..…….
Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

Partnership adds more devices to Merchant Link’s growing portfolio of P2PE integrations

Merchant Link is proud to announce that it has completed integration with ID TECH’s encrypting point-of-interaction (POI) devices, to increase P2PE hardware options for its customers. 

“By combining ID TECH’s secure encrypting payment devices with Merchant Link’s layered solutions, our customers can obtain the highest level of security and support for their payments,” said George Jiang, Vice President of Engineering for ID TECH.

The integration adds support for ID TECH’s innovative encrypting card readers to Merchant Link’s TransactionShield® point-to-point encryption solution. Data is encrypted the moment a credit card is swiped or entered on a keypad. The data is then passed through the merchant environment and sent to Merchant Link’s cloud-based gateway for decryption and authorization. Cardholder data is replaced with tokens that are sent back to the POS to reference the transaction. The entire process removes all unencrypted data from the merchant environment.

Properly deployed, implementation of these solutions can remove merchant POS systems from the scope of PCI DSS, easing compliance efforts and cost. The use of industry-standard encryption and key management practices saves on the cost of proprietary encryption licensing fees. In addition, Merchant Link’s processor-neutral gateway offers the flexibility to switch amongst processors quickly and efficiently, keeping merchants in control of their payment partners and rates.

“The addition of ID TECH to Merchant Link’s portfolio was a strategic business decision based on customer demand,” said Geoff Krieg, Vice President of Product Management for Merchant Link. “We are pleased to support merchants using these products.”

Certification is complete and the first beta site is live. Integration is available for customers using ID TECH’s SecureMagTM, SecurePINTM 130 SL, SecureKeyTM, SecureKeyTM M100 and M130, Sign&PayTM, and Secure Line Mobile devices.


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Most Small Merchants Store Unencrypted Card Data <Tweet this article>
by Ed McKinley
The vast majority of small merchants are still storing unencrypted card data and most don’t even know it, according to statistics compiled by a security vendor.
To make matters worse, the stats improved only minutely over last year, according to SecurityMetrics Inc., the Orem, Utah-based security company………
Click here to read more

Organizations Fail to Realize the Implications of a Data Breach <Tweet this article>
by Help Net Security
New research by the Ponemon Institute revealed that 54 percent of respondents have experienced at least one data breach in the last year, with nearly a fifth (19 percent) experiencing more than four.
Perhaps more worryingly, those that have so far avoided a data breach demonstrated a real lack of awareness of the financial and long-term damage that a breach can have on a company…………….
Click here to read more

MasterCard Launches Credit Card With Built-in LCD, Keyboard  <Tweet this article>
by Adario Strange
Facing ever-mounting pressure from the likes of Square, Paypal, Google Wallet, and others, traditional credit card companies like Visa and MasterCard are facing technology-driven challenges unlike any they’ve seen before. And while the Internet appears to be the primary disruptive element powering those new challenges, MasterCard has decided that its strategy for competing with payment service upstarts lies in creating an innovative new card that is fully interactive…….……. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Planned Cyberattacks on US Banks on Hold <Tweet this article>
by Michael Mimoso
Upwards of 30 major U.S. banks and financial institutions have been given a reprieve. The hacker behind a coordinated attack against giants such as Bank of America, Chase, Citibank, PNC, Wells Fargo and nearly two dozen other banks has called off the operation after media reports surfaced a month ago exposing the planned attacks…….. Click here to read more

Discover outlines next steps for EMV <Tweet this article>
by ATM Marketplace
Discover has released a comprehensive EMV roadmap for Discover Network, Diners Club International, PULSE and Discover Card. As announced, the roadmap does not include EMV deadlines for ATMs. To date, MasterCard is the only card brand to have done so…….……. Click here to read more

Tis’ the Season: Businesses Seek Different Avenues for the Holidays <Tweet this article>
by Brandon Koch
It’s about that time of year when everyone bellows out the words: “Christmas music already?”
OK, maybe not. Nevertheless, it’s still annoying (both Christmas music and the sheer fact that it starts playing at the same time every year). But the holiday season is well underway, with Thanksgiving a mere week away—meaning retailers both large and small have put the finishing touches on their preparations for Black Friday (the unofficial start of the frenzied shopping season, although some retailers will open doors on Thanksgiving)…….…….
Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

Merchant Link is proud to announce the signing of a multi-year contract with Phoenix Managed Networks.

The deal will see Merchant Link offer its customers Phoenix’s award-winning Payment Card Industry Data Security Standard (PCI DSS) firewall service coupled with breach insurance. This latest product addition complements Merchant Link’s current portfolio and is designed to secure a merchant’s IT network and customer cardholder data while protecting businesses from the high costs of an attack.

The new firewall service is a cloud-based management service with an on-site security appliance that locks down the point-of-sale (POS) system and segregates payment traffic from all other corporate IT data.

Trevor Fall, Executive Vice President for North American Sales for Phoenix Managed Networks, commented “We are delighted to have signed with Merchant Link. They have an excellent market standing and a client base of tens of thousands of retail, hotel and restaurant businesses across the USA that will benefit from the added layers of security at the point-of-sale.”

The solution requires no technical expertise on behalf of the user to install or manage, making it an ideal service for small-to-medium sized businesses or franchisees. The router further simplifies compliance with PCI standards. Key benefits include:

  • Addresses the PCI DSS requirement to install and maintain a firewall configuration.
  • Simplifies the process by pre–populating the PCI DSS Self Assessment Questionnaire (SAQ) document.
  • Includes $100,000 of breach insurance in the event of a security breach.
  • Detects and blocks network intrusions or rogue devices being plugged into the network.
  • Guards the POS network from internal and external threats 24x7x365.
  • Assists network administrators by issuing real-time status alerts for potential network or security issues and monitoring staff productivity with available reports on Internet usage.
  • Ensures minimum business interruption with the option to connect to a 3G network in the event the existing wire connection fails.
  • Supported by a fully managed, PCI compliant, cloud-based system that configures and monitors each connection.

Fall added: “The Ponemon Institute recently reported that cyber-attacks have more than doubled over the past three years, while the financial impact increased by nearly 40 percent. It’s now essential businesses deploy the right mix of security solutions to detect and protect against evolving threats.”

Geoff Krieg, Vice President of Product Management for Merchant Link, said “We see this offering as particularly attractive for businesses that want an easy-to-implement firewall solution that meets PCI requirements and allows merchants to segment their network so that POS terminals are isolated from other PCs. We continually look to partner with innovative companies such as Phoenix Managed Networks to help us expand the breadth and depth of our services to merchants and look forward to embarking on a successful relationship.”


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Ten Ways To Secure Web Data Under PCI <Tweet this article>
by Robert Lemos
Whether they’re brick-and-mortar or online, merchants find the Payment Card Industry’s requirements for protecting credit card data challenging and confusing.
But all retailers must understand how to protect the credit card and other customer data that comes from online transactions, because their businesses are in cybercriminals’ crosshairs…….
Click here to read more

Gartner VP interview: Mobile and social top challenges for CIOs <Tweet this article>
by Roberta Prescott
Mobile and social technologies represent a departure from the information technologies that CIOs are used to, such as ERP and CRM.  This change is one of the three fundamental questions IT leaders and CIOs are facing, according to Mark McDonald, Gartner group vice president and head of research in Gartner Executive Programs…………. Click here to read more

EMV Migration Gets Answer People <Tweet this article>
by John Adams
Other groups, such as the Smart Card Alliance, are also expanding EMV migration information sharing. The alliance, whose members include card manufacturers, payment processors and financial institutions, operates the EMV Migration Forum, an independent, cross-industry body to discuss issues that require cooperation and coordination across constituents in the payments space…………. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

The Cost of Cyber Crimes Gets More Expensive <Tweet this article>
by Sue Marquette Poremba
If you need a reason to throw more of an effort into cybersecurity, here it is: The cost of cyber crime has gotten more expensive.
According to a new study sponsored by HP and conducted by the Ponemon Institute, the occurrence of cyber attacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent…….
Click here to read more

Facebook Want Button: Collecting massive amounts of data about you has never been easier <Tweet this article>
by Network World
Have you ever commented “Want!” anywhere on the web? Perhaps because “liking” is not enough for Facebook, and shares in its stock are still down, the company is pushing ahead with a ‘Collections’ feature. Collecting massive amounts of desired-based data about users would be like hitting the mother lode for advertisers…..……. Click here to read more

My Walletless Month: Happier, Healthier and Ready to Ditch Cash Forever <Tweet this article>
by Christina Bonnington
The e-wallet space is blowing up. Isis — an NFC-based mobile-payment platform backed by Verizon, AT&T, and T-Mobile — is set to launch on Monday. Google Wallet, now almost two years old, is nicely maturing with partnerships with an ever-expanding list of big-name retailers…..……. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web.  Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Hotel Leaders Discuss Key Issues – and beyond
 <Tweet this article>
by Jeff Higley
Using a rapid-fire approach, moderator Don Landry covered plenty of ground during Wednesday’s opening general session at the 18th annual Lodging Conference.
Along the way, Landry, owner Top Ten Hospitality Advisors, poked and prodded panelists into addressing key issues ranging from the future of full-service, suburban hotels to merger-and-acquisition activity in the industry to the so-called “electile dysfunction” buzzword that’s sweeping the country……Click here to read more

What Security Benefits Does Contactless Technology Offer? <Tweet this article>
by Blogger News
Contactless technology offers many benefits, including faster and easier transactions, versatility to be incorporated into various personal devices including mobile phones, and improved data security over the magnetic stripe technology.
According to the Smart Card Alliance, “Contactless smart card technology includes strong security features optimized for applications involving payment and identities…..…….
 Click here to read more

Restaurant VARs: 3 Ways To Inject New Life Into Your Business <Tweet this article>         
by Mike Monocello
I’m going to give you a sneak preview of a feature article in next month’s issue of Business Solutions because the VAR we highlight is doing some great stuff that’s really impacting his business. The VAR is Andrew Strickler and his company is Tampa Bay POS. We featured Andrew in our magazine back in 2007. At the time, his company was four years old and business in the hospitality space was absolutely booming….…….  Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web.  Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Researchers: Chip and PIN Enables ‘Chip and Skim’
 <Tweet this article>
by KrebsonSecurity
Researchers in the United Kingdom say they’ve discovered mounting evidence that thieves have been quietly exploiting design flaws in a security system widely used in Europe to prevent credit and debit card fraud at cash machines and point-of-sale devices
At issue is an anti-fraud system called EMV (short for Europay, MasterCard and Visa), more commonly known as “chip-and-PIN.”……….
Click here to read more

Bricks to Benefit from Clicks as Multichannel Rises <Tweet this article>
by Campbell Phillips
Multichannel retailing is set to complement, rather than compete, with bricks-and-mortar over the next two years, according to a new study from CBRE.
Investing in new or currently existing stores is a major priority for international retailers, with many indicating a requirement for more physical outlets and increased shop space as a result of their multichannel strategies……….
 Click here to read more

61 percent of IT security professionals fear Anonymous, hacktivist attacks
 <Tweet this article>         
by Suzanne Choney
Nearly two-thirds of IT security professionals worldwide believe their companies will be the target of a cyber attack in the next six months, and 61 percent say that Anonymous and other hacktivist groups will be most likely the ones to target their organizations.
Cyber criminals, then “nation states,” including  China and Russia, are considered next on the list of likely attackers by 55 and 48 percent, respectively, according to the survey done by security firm Bit9……….
 Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….