No Need to Sign on the Dotted Line?

December 12, 2017

American Express, Discover and MasterCard, have all recently announced that they will no longer require signatures for in-store purchases beginning in April 2018.  Discover will remove the  signature requirement for in-person transactions in the United States, Canada and Mexico, while MasterCard will no longer require signatures on U.S. and Canadian card-present transactions. American Express’s move affects in-person transactions worldwide.

All three card brands cite consumers’ desire for a more consistent and speedier in-store checkout experience among their reasons for making this move. In their press release MasterCard stated, “Our consumer research found that a majority of people believe it would be easier to pay, and that checkout lines would move faster, if they didn’t need to sign when making a purchase.”

According to the card brands, the need for signatures has been declining thanks to payments advancements such as contactless offerings, the global adoption of EMV chip card technology and the continued expansion of e-Commerce.

AmEx Executive Vice President of Global Network Business, Jaromir Divilek, stated “Our fraud capabilities have advanced so that signatures are no longer necessary to fight fraud.”

Additionally, Discover has commented that by embracing several other digital authentication technologies, such as tokenization, multi-factor authentication and biometrics, they are able to provide a more secure and seamless payment transaction without requiring a signature.

With these recent announcements, Visa remains the only major card-brand that has not revealed plans to remove the signature requirement on U.S.-based, in-person transactions.

emv card


Have You Heard How OMEGA’s Data Security Solutions Can Protect Your Business?

September 22, 2017

Ensuring your business has the best compliance, security, reporting, and protection solutions is a top priority at OMEGA Processing. Our Data Security Solution both protects against data breaches and assists with the services in the event one does happen.

PCI ToolKit—Tailored to your business needs, the PCI ToolKit provides specific security and compliance solutions, allowing you to reduce risk and focus on your customers.

Data Incident Management Program—A comprehensive suite of services that provide expert assistance if a breach should occur. The Data Incident Management Program will reduce exposure and risk, increase your compliance levels and save you time and money.

Vulnerability Scanning—An automatic quarterly scan of your systems can pinpoint potential vulnerable points of entry and detect cardholder data theft before the breach occurs.

Breach Insurance—Up to $100,000 in insurance protection should your business experience a breach of card/cardholder data.

Our program benefits include:

  • Easier and faster compliance
  • Reduced exposure and risk
  • Increased consumer confidence in your business
  • Competitively priced solutions
  • Award-winning solution provider

PCI compliance is essential to the wellbeing of your business—let OMEGA help keep you protected. Contact OMEGA’s Customer Service department at 866.888.9724 Ext. 7 for more information.

pci


Password Security in 2 Minutes

July 8, 2016

A strong password can make all the difference when it comes to security. Learn how to generate a secure password in this 2 minute quick tips video.

https://www.youtube.com/watch?v=FsrOXgZKa7Upassword security


Does Your Data Protection Program Provide All This?

June 9, 2016

Well… the unfortunate has happened. Your business has experienced a data breach. Now what?

OMEGA Processing Solutions have peace of mind should a data breach occur. Our data protection program provides a comprehensive suite of services with expert assistance to merchants in the event of a data incident. Here is a look at what is included in our Data Incident Management Program.

Data Incident Forensic Services: A full forensic investigation, review and incident report will be conducted by a nationally recognized investigative firm if required by ANY regulatory agency. Includes the standard forensic incident assessment typically mandated by the card brands, comprising investigation, report generation and client review. Rectification services are not included ($12,000 value).

EMV POS Equipment Replacement: Up to $1,500 of EMV-compatible POS equipment or software will be provided to each merchant (MID) in the event they are formally advised or required by a regulator agency, card brand or forensic investigation to replace the equipment or software. New equipment or software is delivered directly to the merchant. ($1,500 value).

Legal Services: Affected merchants will be provided up to $10,000 in legal services from a nationally recognized law firm specializing in data loss and compromise situations. A 20 percent discount from standard firm fees is available for incidents requiring greater than $10,000 in legal services ($10,000 value).

Data Incident Notification Services: Currently 47 states and the District of Columbia have data breach notification laws in place. In the event of a potential data compromise incident, a legal team specializing in privacy matters analyzes the situation and initiates the notification process if necessary. With OMEGA Processing’s Data Incident Notification Services, the proper information is delivered to all necessary federal, state and local authorities in the correct formats and within the specified timeframes. Merchants may review and approve the notification messages before they are submitted to regulatory agencies. In addition, notification messages are reviewed by an attorney before they are submitted ($12,000 value).

Consumer Notification Services: If necessary, OMEGA Processing’s Data Incident Management Program will develop and coordinate the distribution of a notification message for your customers or donors using your mailing list. Any printing, mailing, postage costs, email electronic delivery costs, etc. are additional. ($12,000 value).

Data Incident Public Relations (PR) Management: A national-caliber PR firm will create internal messaging and communications that inform company management and staff about a data incident, as well as external messaging designed for end-users, such as consumers and customers. Additionally, if required, the PR firm will create and distribute an incident press release. Services include interviews, copywriting and design of communications and provision in appropriate format(s) for end-user distribution. Any printing or press release distribution services are additional. ($12,000 value).

DIMP


2016 Global Security Report Details Last Year’s Data Security Incidents

April 21, 2016

trustwave screen shot

The recently released Trustwave Global Security report investigated data compromises across 17 counties. Here are some of the highlighted findings:

  • 35% of all incidents were in North America
  • 23% of the investigations were in the retail industry, 14% in hospital and 10% were in the food and beverage sector
  • 60% of breaches targeted payment card data
  • 41% of breaches were detected by victims themselves (up from 19% in the previous year)
  • 5% of email spam included a malicious attachment or link

To access the entire report, click the link below.

2016 Trustwave Global Security Report


Follow Best Practices to Prevent Card Skimming Attacks

March 18, 2016

Security camera video footage of scammers installing a credit card skimming device on a terminal in just three seconds has been circulating the airwaves in recent days. Once the skimming device, which closely resembles the actual terminal, is put into place, criminals may be able to capture card and cardholder data at the same time it is received by the terminal.

While these attacks are relatively infrequent, terminal manufacturer, Verifone, used this as an opportunity to remind the public to follow these security best practices.

  • Perform daily visual inspections of devices to look for evidence of tampering, and educate/encourage store employees to do the same.
  • Require all visiting repair technicians to sign in with their name and company information.
  • Utilize locking stands that prevent placement of overlay shells and make it impossible to attach recording or transmitting devices to legitimate devices.
  • Place tamper-evident stickers on terminal casings; removal of such decals are indicative of potential fraudulent activity.

More information can be found in Verifone’s Payment Security Best Practices guide, which is available here.

hacker


What’s in a Bot?

July 1, 2015

Internet robots, or bots, are self-propagating malicious programs that spread to form a network of bots—a botnet. Computers become compromised by online criminals, usually without the knowledge of the real owner, and can silently engage in all manner of cybercriminal activity at the remote command of a hacker overlord (known as a “botmaster”).

Bots and bot nets

Bot infection methods can include: downloading a virus-infected program, infection via a worm, or more sophisticated methods such as a “drive-by” infection in which users infect their systems by simply visiting a website. The botnet controller can either operate the botnet for malicious purposes or sell this control to others who wish to attack specific targets. Examples of malicious actions from botnets include distributed denial of service (DDoS) attacks, malware, spyware, spam, and data theft.

How Should You Protect Your Computer?

Here’s what you can do to reduce the chances of being compromised:

  • Run anti-virus software, and make sure that you keep it updated. Run other security software, including a firewall, to make your computers less vulnerable to attack. Keep your other software — apps and operating system — updated too. New vulnerabilities are found all the time, some of which are exploited by malware authors in their attempts to grow the size of their botnet.
  • Consider enabling automatic updates if you find updating your software a tiresome nuisance.
  • Be wary of clicking on links or opening attachments in unsolicited emails — there could be malware lying in wait.
  • Don’t forget your smartphones. Although most botnets are comprised of Windows and Mac computers, there have also been notorious incidents of botnets powered by other devices running other operating systems.