January 17, 2018
The Better Business Bureau (BBB) is advising businesses and organizations to be aware of Business Email Compromise (BEC) scams that have stolen sensitive employee and resulted in losses of millions of dollars. BEC scams typically involve phony of “spoofed” emails that appear to be from high-ranking company officials that instruct employees to wire large amounts or cash or provide sensitive information such as W-2 wage and tax statements. Thieves use publicly available information to research the targeted organization, tailoring the spoofed or faked email to make it appear that it came from a company executive.
Here are some tips that can help companies and organizations protect themselves from BEC scams:
- Institute employee fraud-awareness training, including instructions on how to carefully scrutinize email requests and email logs.
- Implement a policy to require confirmations for all fund transfer requests.
- Create a solid business continuity plan in the event of a BEC scam.
If you fall victim to such a scam, contact your local FBI office as soon as possible. In addition, contact your financial institution if there has been a wire transfer scheme and the IRS if the event tax information has been compromised.
January 17, 2018
How does a Penetration test Differ from a Vulnerability Scan? The difference between penetration testing and vulnerability scanning, as required by PCI DSS security standards, still causes confusion within the payments industry. Here’s a look at the differences.
Vulnerability Scanning: Fully automated process that identifies potential security gaps used by hackers to attack systems.
Penetration Testing (Pen-Testing): In-depth, manual tests performed by IT security professionals using the same techniques that hackers use. Pen-Testing mimics real-world system attacks and is an advanced security testing technique that must be conducted annually and after any major changes to the computing environment.
January 10, 2018
One in five small businesses falls victim to cybercrime every year, and approximately 60 percent of those go out business within six months after an attack. In an effort to curb cyber attacks, stringent scanning and testing requirements have been mandated for merchants who use the internet when processing credit cards. OMEGA’s Cyber-Attack Readiness Program identifies vulnerabilities in your business’s systems, fulfills security requirements and reduces data breach risk.
- Vulnerability Scanning: Fully automated process that identifies potential security gaps used by hackers to attack systems.
- Penetration Testing (Pen-Testing): In-depth, manual tests performed by IT security professionals using the same techniques that hackers use.
- PAN Scanning: Scanning for Primary Account Numbers (PAN or credit card numbers) that helps ensure sensitive data is not inadvertently stored within a merchant’s systems.
OMEGA’s vulnerability scanning, Pen-Testing and PAN scanning identify system vulnerabilities nearly 100 percent of the time. It’s simple to start the process with our automated Cyber-Attack Readiness Tool, which is backed by the strength of our testing engine and security engineers.
Interested in learning more about how our Cyber-Attack Readiness Program can help protect your business from the growing wave of cyber-crime? Contact OMEGA Processing Solutions at 866.888.9724 Ext. 7 for a consultation.
January 3, 2018
OMEGA Processing’s Data Incident Management Program is a comprehensive suite of services that provides expert assistance to merchants in the event of a data loss incident. This program is included in OMEGA’s PCI compliance program for our merchants.
Here’s an overview of each of the program’s components.
DATA INCIDENT FORENSIC SERVICES: A full forensic investigation, review and incident report will be conducted by a nationally recognized investigative firm if required by any regulatory agency. ($12,000 value)
DATA INCIDENT NOTIFICATION SERVICES: A legal team specializing in privacy matters will analyze the situation and initiate any necessary federal, state and local authority notification process. ($12,000 value)
LEGAL SERVICES: Affected merchants will be provided up to $10,000 in legal services from a nationally recognized law firm specializing in data loss and compromise situations. ($10,000 value)
DATA INCIDENT PUBLIC RELATIONS MANAGEMENT: A national-caliber PR firm will create internal and external messaging and communications regarding the data incident. ($12,000 value)
EQUIPMENT REPLACEMENT: If advised or required, new processing equipment or software will be delivered directly to the merchant. ($1,500 value)
CONSUMER NOTIFICATION SERVICES: If necessary, a notification message will be developed and distributed to your customers or donors, using your mailing list. ($12,000 value)
December 28, 2017
Looking back on some of our favorite social media posts of 2017. Next year marks our 15th year of assisting merchants with their payments processing products and services. Looking forward to a fabulous 2018.
December 27, 2017
Businesses can lose up to 40 percent of their customers following a data breach. Do you know how OMEGA’s Data Security Solutions are protecting your business?
Ensuring your business has the best compliance, security, reporting, and protection solutions is a top priority at OMEGA Processing. We protect our merchants and their customers with a comprehensive data protection program containing compliance, security, reporting and protection solutions.
PCI ToolKit—This interactive security questionnaire system guides merchants in completing their Self-Assessment Questionnaire (SAQ) and achieving PCI Compliance.
Data Incident Management Program—A comprehensive suite of services that provide expert assistance if a breach should occur. Program components include:
- Data Incident Forensic Services
- Legal Services
- Data Incident Public Relations Management
- Equipment Replacement
- Data Incident Notification Services
- Consumer Notification Services
Vulnerability Scanning—An automatic quarterly scan of your systems can pinpoint potential vulnerable points of entry and detect cardholder data theft before the breach occurs.
Breach Insurance—Up to $100,000 in insurance protection should your business experience a breach of card/cardholder data.
In an effort to curb cyber attacks, OMEGA also provides Penetration Testing and PAN scanning services when required.
PCI compliance is essential to the well being of your business—let OMEGA help keep you protected.
December 21, 2017
No business owner likes to talk about them, but they happen to everyone — chargebacks. Simply put, a “chargeback” provides an issuer with a way to return a disputed transaction.
Copy requests and chargebacks
When a cardholder disputes a transaction, the issuer may request the cardholder to provide a written explanation of the problem and the acquirer (merchant bank) to provide a copy of the related sales transaction receipt. This is called a copy request (or retrieval request), and if you receive one, it’s very important to provide the information being requested.
After receiving this documentation, the next step is to determine whether a chargeback situation exists. In the case of chargeback the dollar value (financial liability) of a transaction is reversed. For merchants, this can be particularly costly, as you may lose both the dollar amount of the transaction and the related merchandise.
What triggers a chargeback?
Chargebacks arise for many reasons, including customer disputes, authorization issues and unfulfilled copy requests. Many chargebacks arise from easily avoidable mistakes and omissions — so the more you know about proper procedures, the better. Of course, chargebacks are not always the result of something merchants did or did not do; sometimes errors are made by acquirers, card issuers and cardholders.
Most chargebacks begin when a cardholder reports a problem to their card issuer. Here’s a quick look of the lifecycle of a chargeback in a customer-initiated dispute situation.
OMEGA Processing’s customer service will reach out to our merchants when we receive notice of a pending chargeback to help resolve the issue.