Merchant Link SecurityCents

By Sue Zloth

The Merchant Link team is back in the office today after a great few days at the PCI Community Meeting in Orlando.  It was fantastic to catch-up with our customers, prospects, and partners on the show floor and my mind is busy mulling over what I learned in the sessions about the upcoming changes to the PCI standard.

What struck me most about this year’s show was how attendance has grown for the meeting; this year, there were more than 1000 participants.  From this level of participation it is clear that organizations are taking their PCI obligations very seriously.  The increased participation also changes the nature of the meeting from a niche event to one where there are a lot of networking opportunities and avenues for discussion.  I believe it demonstrates a maturity in the industry.

However, I also think the overwhelming attendance hints at how eager people are for clarification of the standard and for any additional information.  While there was still a lot of ‘wait and see’ at the meeting itself, the PCI  SSC has demonstrated a clear commitment to providing additional guidance with the announcement of guidance documents on End-to-End Encryption and Tokenization and a revamped, easier-to-use website.

The guidelines will be released on October 5^th and will provide clarification on how a properly implemented End-to-End (E2EE) solution will simplify the PCI compliance process by reducing scope.

But now that this meeting is over, the hard work of making sure that good security practices guides every decision continues.  For me, I’m looking forward to getting back into working with our customers as they implement Merchant Link’s TransactionVault^® and End-to-End Encryption solutions and continuing my work on the PCI Scoping SIG for Tokenization.

by Beth McGarrity

Last month Verizon Business released its latest Data Breach Investigation Report.  The industry with the largest number of breaches was the financial sector, followed closely by hospitality, and then retail also comfortably in the top 10.  The vulnerability of the retail and hospitality sectors should come as no surprise given the sheer number of transactions processed and the vast amount of data stored by these merchants.

Based on an analysis of 257 incidents, the Verizon team discovered that 48 percent of breaches were as a result of privilege misuse, 70 percent of breaches were initiated by external sources and insider attacks increased 26 percent.  What is surprising is that overall, 85 percent of attacks required relatively little sophistication and skill and could have been avoided without difficult or expensive controls.

So what can merchants do to protect their data?

• Become PCI Compliant – according to the report, 79 percent of companies were not PCI compliant in the period leading up to the data breach.  While the 12 requirements may not keep an attack from happening, they do provide a set of best practices which make it more difficult for an attacker to compromise records.

• Protect Your POS and Database Servers First – these two areas were noted as being some of the most vulnerable assets companies have.

• Don’t Retain Data on Your Systems – the researchers at Verizon have recommended for several years now that companies not store data on their own systems.  After all, if no records are kept, then cyber criminals will have nothing to steal. The PCI Council recommends tokenization and encryption as two ways of maintaining transaction integrity without violating the cardholder data storage and handling requirements.

What steps has your company taken to secure its data and infrastructure from attack?

While we hear a great deal about the threats to consumer credit card security, we don’t hear that much about the issues facing merchants, just criticism and finger pointing when they suffer a breach.

At Merchant Link we understand how complicated it is for merchants to navigate their way through the payment processing system to ensure the safety and security of their customers’ personal information.

Our CTO, Dan Lane, spends a lot of time thinking about these problems and devising solutions for merchants who are confronted with a lack of resources and too many vendors touting too many products.

In the video below Dan outlines his top tips and suggestions for merchants looking to protect their brand and their customers against ever-evolving threats.

By Don Bunt, President of Bunt Software

July 1st brought some significant changes impacting merchants using Panasonic SMP. New rules regarding card practices took effect and included PCI DSS changes as developed by the PCI Security Standards Council.

When Panasonic decided to concentrate on their workstation business last year, they discontinued support for their software products, including the System Manager Pro (SMP) point-of-sale software. That left nearly 3,500 merchants and quick service restaurants (QSR) at a loss. As the SMP software is no longer certified to the current PCI rules, merchants using SMP fell out of compliance with PCI.

Merchants failing to comply with the new standards can incur substantial fines, or worse, be prevented from accepting credit cards.

This is serious business. I am not trying to scare you. Yes, of course, I have something to sell, but the fact is that without utilizing PCI compliant POS software, merchants are facing exposure to a possible breach of cardholder data.

The good news is that Bunt Software and Merchant Link have partnered to create a PCI compliant solution for Panasonic SMP users. SMPLink™ is a payment interface that replaces the existing SMP credit interface. The software is immediately available for merchants and QSRs.

In addition, SMPLink has been PA-DSS validated. A key standard under PA-DSS is removing sensitive data after authorization. Using Merchant Link’s TransactionVault® technology, credit card data is tokenized and removed from the POS system, thus, lowering the risk of data breaches and dramatically reducing PCI compliance efforts for the merchant.

For users of Panasonic SMP that are looking to make the switch, this is an easy solution that will allow you to remain PCI compliant and will give you the peace of mind that sensitive data is secure.

P.S. I have also created a forum called Old Skool Pos Forum where owners and dealers of old school point-of-sales systems can chat and interact as well as ask for support.

By Troy Mechura

Panasonic recently decided to stop supporting the Panasonic System Manager Pro (SMP), leaving approximately 3,500 merchants and Quick Service Restaurants (QSRs) scrambling for an alternative point-of-sale (POS) credit interface. But you can relax SMP merchants and dealers! Merchant Link and Bunt Software have announced the development of a next generation point-of-sale payment interface called SMPLink.

Installation of the SMPLink interface means you can extend and breathe new life into your SMP System and avoid investing thousands of dollars in a new POS system. You will also get the added benefits of TransactionVault®, Merchant Link’s tokenization technology that removes credit card data from the POS system, lowering the risk of data breaches and dramatically reducing PCI compliance efforts.

For more information on SMPLink, please visit Bunt Software. In addition, you can read the full press release here.

Are you concerned about your Panasonic SMP system becoming obsolete soon? Join the discussion and post your comments below.