Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

Posts Tagged ‘ Data Security ’


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Most Small Merchants Store Unencrypted Card Data <Tweet this article>
by Ed McKinley
The vast majority of small merchants are still storing unencrypted card data and most don’t even know it, according to statistics compiled by a security vendor.
To make matters worse, the stats improved only minutely over last year, according to SecurityMetrics Inc., the Orem, Utah-based security company………
Click here to read more

Organizations Fail to Realize the Implications of a Data Breach <Tweet this article>
by Help Net Security
New research by the Ponemon Institute revealed that 54 percent of respondents have experienced at least one data breach in the last year, with nearly a fifth (19 percent) experiencing more than four.
Perhaps more worryingly, those that have so far avoided a data breach demonstrated a real lack of awareness of the financial and long-term damage that a breach can have on a company…………….
Click here to read more

MasterCard Launches Credit Card With Built-in LCD, Keyboard  <Tweet this article>
by Adario Strange
Facing ever-mounting pressure from the likes of Square, ProcessUSA, Paypal, Google Wallet, and others, traditional credit card companies like Visa and MasterCard are facing technology-driven challenges unlike any they’ve seen before. And while the Internet appears to be the primary disruptive element powering those new challenges, MasterCard has decided that its strategy for competing with payment service upstarts lies in creating an innovative new card that is fully interactive…….……. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

Merchant Link is proud to announce the signing of a multi-year contract with Phoenix Managed Networks.

The deal will see Merchant Link offer its customers Phoenix’s award-winning Payment Card Industry Data Security Standard (PCI DSS) firewall service coupled with breach insurance. This latest product addition complements Merchant Link’s current portfolio and is designed to secure a merchant’s IT network and customer cardholder data while protecting businesses from the high costs of an attack.

The new firewall service is a cloud-based management service with an on-site security appliance that locks down the point-of-sale (POS) system and segregates payment traffic from all other corporate IT data.

Trevor Fall, Executive Vice President for North American Sales for Phoenix Managed Networks, commented “We are delighted to have signed with Merchant Link. They have an excellent market standing and a client base of tens of thousands of retail, hotel and restaurant businesses across the USA that will benefit from the added layers of security at the point-of-sale.”

The solution requires no technical expertise on behalf of the user to install or manage, making it an ideal service for small-to-medium sized businesses or franchisees. The router further simplifies compliance with PCI standards. Key benefits include:

  • Addresses the PCI DSS requirement to install and maintain a firewall configuration.
  • Simplifies the process by pre–populating the PCI DSS Self Assessment Questionnaire (SAQ) document.
  • Includes $100,000 of breach insurance in the event of a security breach.
  • Detects and blocks network intrusions or rogue devices being plugged into the network.
  • Guards the POS network from internal and external threats 24x7x365.
  • Assists network administrators by issuing real-time status alerts for potential network or security issues and monitoring staff productivity with available reports on Internet usage.
  • Ensures minimum business interruption with the option to connect to a 3G network in the event the existing wire connection fails.
  • Supported by a fully managed, PCI compliant, cloud-based system that configures and monitors each connection.

Fall added: “The Ponemon Institute recently reported that cyber-attacks have more than doubled over the past three years, while the financial impact increased by nearly 40 percent. It’s now essential businesses deploy the right mix of security solutions to detect and protect against evolving threats.”

Geoff Krieg, Vice President of Product Management for Merchant Link, said “We see this offering as particularly attractive for businesses that want an easy-to-implement firewall solution that meets PCI requirements and allows merchants to segment their network so that POS terminals are isolated from other PCs. We continually look to partner with innovative companies such as Phoenix Managed Networks to help us expand the breadth and depth of our services to merchants and look forward to embarking on a successful relationship.”


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

The Cost of Cyber Crimes Gets More Expensive <Tweet this article>
by Sue Marquette Poremba
If you need a reason to throw more of an effort into cybersecurity, here it is: The cost of cyber crime has gotten more expensive.
According to a new study sponsored by HP and conducted by the Ponemon Institute, the occurrence of cyber attacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent…….
Click here to read more

Facebook Want Button: Collecting massive amounts of data about you has never been easier <Tweet this article>
by Network World
Have you ever commented “Want!” anywhere on the web? Perhaps because “liking” is not enough for Facebook, and shares in its stock are still down, the company is pushing ahead with a ‘Collections’ feature. Collecting massive amounts of desired-based data about users would be like hitting the mother lode for advertisers…..……. Click here to read more

My Walletless Month: Happier, Healthier and Ready to Ditch Cash Forever <Tweet this article>
by Christina Bonnington
The e-wallet space is blowing up. Isis — an NFC-based mobile-payment platform backed by Verizon, AT&T, and T-Mobile — is set to launch on Monday. Google Wallet, now almost two years old, is nicely maturing with partnerships with an ever-expanding list of big-name retailers…..……. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web.  Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Hotel Leaders Discuss Key Issues – and beyond
 <Tweet this article>
by Jeff Higley
Using a rapid-fire approach, moderator Don Landry covered plenty of ground during Wednesday’s opening general session at the 18th annual Lodging Conference.
Along the way, Landry, owner Top Ten Hospitality Advisors, poked and prodded panelists into addressing key issues ranging from the future of full-service, suburban hotels to merger-and-acquisition activity in the industry to the so-called “electile dysfunction” buzzword that’s sweeping the country……Click here to read more

What Security Benefits Does Contactless Technology Offer? <Tweet this article>
by Blogger News
Contactless technology offers many benefits, including faster and easier transactions, versatility to be incorporated into various personal devices including mobile phones, and improved data security over the magnetic stripe technology.
According to the Smart Card Alliance, “Contactless smart card technology includes strong security features optimized for applications involving payment and identities…..…….
 Click here to read more

Restaurant VARs: 3 Ways To Inject New Life Into Your Business <Tweet this article>         
by Mike Monocello
I’m going to give you a sneak preview of a feature article in next month’s issue of Business Solutions because the VAR we highlight is doing some great stuff that’s really impacting his business. The VAR is Andrew Strickler and his company is Tampa Bay POS. We featured Andrew in our magazine back in 2007. At the time, his company was four years old and business in the hospitality space was absolutely booming….…….  Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….


…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web.  Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….
Brain Hacking: Scientists Extract Personal Secrets With Commercial Hardware <Tweet this article>
by Gregory Ferenstein
Chalk this up to super-creepy: scientists have discovered a way to mind-read personal secrets, such as bank PIN numbers and personal associations, using a cheap headset. Utilizing commercial brain-wave reading devices, often used for hands-free gaming, the researchers discovered that they could identify when subjects recognized familiar objects, faces, or locations, which helped them better guess sensitive information..…….Click here to read more

PCI SSC’s Bob Russo on point-to-point encryption, PCI compliance <Tweet this video>
by SeachSecurity
In this video interview, Bob Russo, general manager of the Payment Card Industry Security Standards Council (PCI SSC), discusses tokenization, point-to-point encryption, PCI compliance issues, and the state of guidance documentation for emerging technologies. According to Russo, the PCI SSC is currently assessing hardware-based point-to-point encryption products and plans to produce a list of approved PIN transaction security (PTS) devices by the end of 2012..……. Click here to watch video

Mind the Gap: PIN versus Signature Authentication <Tweet this article>         
by Douglas A. King
The just-released PULSE Debit Issuer Study reveals that in 2011 the gap in loss rates between signature and PIN debit transactions has widened further. Issuers lost an average of three cents per signature debit transaction compared to less than one-half of one cent on PIN transactions..……. 
Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web.  Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….
CISOs Need To CYA – ‘Comprehend Your Assets’ <Tweet this article>
by Andrew Rose
I recently went for coffee with a very interesting gentleman who had previously been responsible for threat and vulnerability management in a global bank – our conversation roamed far and wide but kept on circling back to one or two core messages – the real fundamental principles of information security. One of these principles was “know your assets.”
Asset management is something that many CISO tend to skip over, often in the belief that information assets are managed by the business owners and hardware assets are closely managed by IT. Unfortunately, I’m not convinced that either of these beliefs is true to any great extent.…….
Click here to read more

PayPal/Discover’s Retailer Problem:Too Much Data? <Tweet this article>
by Evan Schuman
When PayPal on Wednesday (Aug. 22) announced a deal with Discover for it to deliver far more in-store payments—something that PayPal said could eventually place it into millions of stores and requires no POS hardware or software changes—it did something beyond fulfilling the industry’s RDA for caveats.……. Click here to read more

Zone Alarm Infographic: Top 20 Passwords Of All Time <Tweet this article>         
by Column Five
In a recent survey conducted by ZoneAlarm, 79% of consumers were found to use risky password construction practices, such as using personal information and common words. In this infographic for ZoneAlarm, we uncover the 20 most popular passwords of all time.……. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

Watching the Olympics, it’s always fascinating (and heartbreaking) to see how split seconds and minor missteps are what ultimately separate the winners from the losers. In fact, that’s why the technology that’s used at the games is incredibly important…with high-speed cameras, lasers and sensors that measure in the hundredths to thousandths of seconds.

Yesterday in the 200 men’s butterfly, Michael Phelps led almost the entire race and was on his way to winning his 18th medal when in the very last stretch South Africa’s Chad le Clos reached farther and touched the wall just .05 of a second before Phelps. It was so close that Michael’s mother and even his coach thought he’d won. (Check out the video here.)

The Olympics aren’t the only place where the smallest mistake or split-second lull in your resolve can bring heavy consequences. Protecting your customers’ payment data requires the same level of precision and persistence.

Examine how payment data is flowing through your network. When a credit card is swiped or entered into the system, how and when is that data being secured? Encryption should occur at, or as close as possible to, the point of interaction (POI). If it’s left “in the clear” even for a millisecond, that provides a window of opportunity for a hacker to place a piece of malware there and steal the data. Point-to-point encryption (P2PE) is one way merchants are preventing theft of data in-transit. To protect stored data, tokenization is an effective method. Both technologies can be employed in tandem to protect payment data end to end.

And don’t discount the human, or psychological factor. By the time athletes arrive at the Olympics, they’ve put in countless hours of training and are ready physically but if they’re off mentally at the moment it counts it can hurt their performance. Similarly, merchants can implement the most advanced security technology available but if they don’t prepare their staff to guard against threats such as social engineering, their own people could be manipulated into divulging confidential information. Security is like a chain: It’s only as strong as its weakest link.

This week as part of our Security Awareness blog series, we have focused on common sense security measures and evolving attitudes towards PCI compliance within the small to midsize merchant community.  For the last post of this series we move beyond the brick and mortar environment and examine the wider world of data security. In this age of data breaches and “hacktivism,” wise business owners are implementing company-wide security plans to protect critical business and employee data. Depending on company size these plans may include employee training, outsourcing certain business applications to third party vendors or maintaining a full time security department. However, with the explosion of smartphones and mobile technology, the line between work and home is blurring. Employees telecommute, business travelers need access to corporate networks and anyone with a smartphone can connect to multiple social networks, email accounts and websites from the palm of their hand. All this mobility is great for productivity but it does create a security challenge. How do you promote security awareness outside the walls of your business?

For employees that work from home or other remote locations here are some tips for securing a PC or laptop (these are actually a good idea for anyone who has a home computer):

  • Change default passwords
  • Use a cable lock
  • Know what is connecting to your network
  • Use any and all security settings available
  • Cover webcam if not in use
  • Shut down unused devices

 In addition to securing physical equipment, security awareness must extend to communications such as phone, email and chatting. “Phishing” is one of the primary methods cyber criminals use to gain network access and steal personal information. Phishing is a form of social engineering that attempts to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity. Phishing techniques can be used in email, over the telephone or with direct contact. Some good rules to follow to avoid phishing scams:

  • Do not open emails or click on links from unknown sources.
  • If a link is looking for user input it is better to open a browser window and type in the BASE web address to get to a page rather than click on a link.
  • Do not accept “friend” requests or introductions except from people you know personally.
  • Never provide personal account information over the phone (this includes your credit card number, bank account number or social security number).

 Public conversations are another area that seems benign to most people but can provide valuable information to data thieves. Perhaps a group of co-workers are discussing a security project over lunch or you hold a business call at a Starbucks. It is very possible to inadvertently disclose information that could be exploited by a clever criminal. If you use chat boxes, you should never expose any personal credentials while “virtually” conversing. Review and use the privacy settings in all of your social networks and restrict delivery of information to your circle of friends only. 

Unfortunately, in today’s world of mobility and constant contact, everyone must become more security-aware, whether in the office, on the road or at home. Following basic security measures is important no matter the time or place. 

We invite you to share your experiences, questions and comments below.

CIO’s and IT staff have continually full plates these days.  They are required to juggle complex and often competing projects just to “keep the lights on” and at the same time work toward the overall vision their CEO lays out for the business.  Operating during a down economy the past few years has caused businesses to look for efficiencies and many reduced staff.  At the same time there has been an explosion of user-generated project requests for new applications, web functionality and mobile technology.  It can be a tall order to implement new or strategic projects such as company-wide security plans and PCI compliance when you are fighting everyday just to do the basics.

For hospitality IT departments, putting off security projects can be very risky.  As Merchant Link reported in March of this year, according to the Verizon 2012 Data Breach Investigation Report, Restaurants/Accommodations continues to be the most targeted industry for data breach attacks.  So how can you, the CIO or IT Director, ensure that data security doesn’t fall to the bottom of your “to-do” list?  By partnering with a payment security expert, you can benefit from the collective experience and support garnered by assisting numerous customers in implementing a secure and comprehensive solution.

Look for a flexible payment data security solution that takes a layered approach to implementation so you can plan each stage.  This eases constraints on resources while still allowing you to gain benefits as you implement each layer.  For example, by implementing a cloud-based payment gateway, merchants can take advantage of a hosted architecture while removing the credit card interface system from PCI scope.  Additional scope reductions can be achieved by removing stored PAN data using a tokenization solution.  To protect card data from initial point of interaction and as it travels through the network, point-to-point encryption can also be added.  A key benefit of a layered solution is the ability to implement in stages while receiving cost savings and scope reduction at each stage.

It’s true an IT department has to juggle many priorities and projects but data security is just too important to let fall off your plate.  An experienced partner, a comprehensive solution and flexible implementation options will allow you to achieve your data security goals and ensure the day to day operations keep running without busting your budget or your team.  We invite you to share your experiences, questions and comments below.

SILVER SPRING, MD (April 23, 2012) – Merchant Link, a leading provider of payment gateway and data security solutions, today announced it has been designated by AmericInn International, LLC as the preferred provider of payment and data security services for its franchisees. AmericInn® is one of the fastest growing limited service lodging chains with over 260 locations in 27 states. Locations utilizing an integrated property management system for payments are now required to install the Merchant Link solution.

“As credit card data breaches continue to make headlines, and as we continue to grow our business, we knew we had to do everything possible to secure the personal data of our guests,” shared Mark Nicpon, CIO, of AmericInn International, LLC. “Merchant Link’s hosted solution secures cardholder data from the moment of capture and ensures data is not stored anywhere on premise. The solution also helps ease PCI compliance effort and cost for our franchisees.”

The comprehensive solution incorporates the Merchant Link Payment Gateway, TransactionVault tokenization and TransactionShield point-to-point encryption technology. The Merchant Link Payment Gateway provides connectivity to all major processors and sends payments quickly, while detecting and correcting errors along the way. TransactionVault removes guest credit card data from hoteliers’ systems and stores it in a secure, hosted “vault” – away from the business and safe from hackers. TransactionShield encrypts data at the point of interaction and protects it as it travels through the hotel’s IT environment. Decryption occurs within Merchant Link’s cloud-based payment gateway, reducing the risk of comprise.

“AmericInn understands the importance of processing payment transactions securely as well as the value of the support services we provide their franchisees to access information and immediately remediate problems,” said Dan Lane, Merchant Link’s President and CEO. “We are proud that AmericInn has selected Merchant Link as the brand standard for its franchisees and we look forward to working with them.”

Installations are already underway and adoption across the entire chain is expected to be complete over the next 12 months.

About AmericInn
AmericInn® is a leading mid-scale lodging chain with over 260 locations currently open or under development in 27 states. The brand is dedicated to providing an exceptional lodging value for its guests by offering great rates and amenities such as free, hot, home-style AmericInn Perk breakfast, free hotel-wide wireless high-speed Internet, inviting swimming pools and Easy Rewards. AmericInn is part of Northcott Hospitality, owner and developer of successful franchised hospitality brands for more than 50 years. For more information on AmericInn development opportunities visit www.AmericInnDREAM.com or call 1-866-220-7140. For AmericInn reservations visit www.AmericInn.com or call 1-800-634-3444.