Have You Heard How OMEGA’s Data Security Solutions Can Protect Your Business?

September 22, 2017

Ensuring your business has the best compliance, security, reporting, and protection solutions is a top priority at OMEGA Processing. Our Data Security Solution both protects against data breaches and assists with the services in the event one does happen.

PCI ToolKit—Tailored to your business needs, the PCI ToolKit provides specific security and compliance solutions, allowing you to reduce risk and focus on your customers.

Data Incident Management Program—A comprehensive suite of services that provide expert assistance if a breach should occur. The Data Incident Management Program will reduce exposure and risk, increase your compliance levels and save you time and money.

Vulnerability Scanning—An automatic quarterly scan of your systems can pinpoint potential vulnerable points of entry and detect cardholder data theft before the breach occurs.

Breach Insurance—Up to $100,000 in insurance protection should your business experience a breach of card/cardholder data.

Our program benefits include:

  • Easier and faster compliance
  • Reduced exposure and risk
  • Increased consumer confidence in your business
  • Competitively priced solutions
  • Award-winning solution provider

PCI compliance is essential to the wellbeing of your business—let OMEGA help keep you protected. Contact OMEGA’s Customer Service department at 866.888.9724 Ext. 7 for more information.

pci


Password Security in 2 Minutes

July 8, 2016

A strong password can make all the difference when it comes to security. Learn how to generate a secure password in this 2 minute quick tips video.

https://www.youtube.com/watch?v=FsrOXgZKa7Upassword security


Does Your Data Protection Program Provide All This?

June 9, 2016

Well… the unfortunate has happened. Your business has experienced a data breach. Now what?

OMEGA Processing Solutions have peace of mind should a data breach occur. Our data protection program provides a comprehensive suite of services with expert assistance to merchants in the event of a data incident. Here is a look at what is included in our Data Incident Management Program.

Data Incident Forensic Services: A full forensic investigation, review and incident report will be conducted by a nationally recognized investigative firm if required by ANY regulatory agency. Includes the standard forensic incident assessment typically mandated by the card brands, comprising investigation, report generation and client review. Rectification services are not included ($12,000 value).

EMV POS Equipment Replacement: Up to $1,500 of EMV-compatible POS equipment or software will be provided to each merchant (MID) in the event they are formally advised or required by a regulator agency, card brand or forensic investigation to replace the equipment or software. New equipment or software is delivered directly to the merchant. ($1,500 value).

Legal Services: Affected merchants will be provided up to $10,000 in legal services from a nationally recognized law firm specializing in data loss and compromise situations. A 20 percent discount from standard firm fees is available for incidents requiring greater than $10,000 in legal services ($10,000 value).

Data Incident Notification Services: Currently 47 states and the District of Columbia have data breach notification laws in place. In the event of a potential data compromise incident, a legal team specializing in privacy matters analyzes the situation and initiates the notification process if necessary. With OMEGA Processing’s Data Incident Notification Services, the proper information is delivered to all necessary federal, state and local authorities in the correct formats and within the specified timeframes. Merchants may review and approve the notification messages before they are submitted to regulatory agencies. In addition, notification messages are reviewed by an attorney before they are submitted ($12,000 value).

Consumer Notification Services: If necessary, OMEGA Processing’s Data Incident Management Program will develop and coordinate the distribution of a notification message for your customers or donors using your mailing list. Any printing, mailing, postage costs, email electronic delivery costs, etc. are additional. ($12,000 value).

Data Incident Public Relations (PR) Management: A national-caliber PR firm will create internal messaging and communications that inform company management and staff about a data incident, as well as external messaging designed for end-users, such as consumers and customers. Additionally, if required, the PR firm will create and distribute an incident press release. Services include interviews, copywriting and design of communications and provision in appropriate format(s) for end-user distribution. Any printing or press release distribution services are additional. ($12,000 value).

DIMP


2016 Global Security Report Details Last Year’s Data Security Incidents

April 21, 2016

trustwave screen shot

The recently released Trustwave Global Security report investigated data compromises across 17 counties. Here are some of the highlighted findings:

  • 35% of all incidents were in North America
  • 23% of the investigations were in the retail industry, 14% in hospital and 10% were in the food and beverage sector
  • 60% of breaches targeted payment card data
  • 41% of breaches were detected by victims themselves (up from 19% in the previous year)
  • 5% of email spam included a malicious attachment or link

To access the entire report, click the link below.

2016 Trustwave Global Security Report


Follow Best Practices to Prevent Card Skimming Attacks

March 18, 2016

Security camera video footage of scammers installing a credit card skimming device on a terminal in just three seconds has been circulating the airwaves in recent days. Once the skimming device, which closely resembles the actual terminal, is put into place, criminals may be able to capture card and cardholder data at the same time it is received by the terminal.

While these attacks are relatively infrequent, terminal manufacturer, Verifone, used this as an opportunity to remind the public to follow these security best practices.

  • Perform daily visual inspections of devices to look for evidence of tampering, and educate/encourage store employees to do the same.
  • Require all visiting repair technicians to sign in with their name and company information.
  • Utilize locking stands that prevent placement of overlay shells and make it impossible to attach recording or transmitting devices to legitimate devices.
  • Place tamper-evident stickers on terminal casings; removal of such decals are indicative of potential fraudulent activity.

More information can be found in Verifone’s Payment Security Best Practices guide, which is available here.

hacker


What’s in a Bot?

July 1, 2015

Internet robots, or bots, are self-propagating malicious programs that spread to form a network of bots—a botnet. Computers become compromised by online criminals, usually without the knowledge of the real owner, and can silently engage in all manner of cybercriminal activity at the remote command of a hacker overlord (known as a “botmaster”).

Bots and bot nets

Bot infection methods can include: downloading a virus-infected program, infection via a worm, or more sophisticated methods such as a “drive-by” infection in which users infect their systems by simply visiting a website. The botnet controller can either operate the botnet for malicious purposes or sell this control to others who wish to attack specific targets. Examples of malicious actions from botnets include distributed denial of service (DDoS) attacks, malware, spyware, spam, and data theft.

How Should You Protect Your Computer?

Here’s what you can do to reduce the chances of being compromised:

  • Run anti-virus software, and make sure that you keep it updated. Run other security software, including a firewall, to make your computers less vulnerable to attack. Keep your other software — apps and operating system — updated too. New vulnerabilities are found all the time, some of which are exploited by malware authors in their attempts to grow the size of their botnet.
  • Consider enabling automatic updates if you find updating your software a tiresome nuisance.
  • Be wary of clicking on links or opening attachments in unsolicited emails — there could be malware lying in wait.
  • Don’t forget your smartphones. Although most botnets are comprised of Windows and Mac computers, there have also been notorious incidents of botnets powered by other devices running other operating systems.

2015 Global Security Report Released

June 10, 2015

The recently released Trustwave 2015 Global Security Report studied 574 data compromises across 15 countries. The comprehensive report outlines the most prevalent vulnerabilities and exploits used in attacks, common password vulnerabilities, and the return on investment that can be gained from a proactive cybercrime readiness and prevention campaign. Consider these stats:

  • 42% of compromises studied were e-commerce, while 40% were at the point-of-sale
  • Weak passwords or weak remote access security contributed to 90% of point-of-sale breaches
  • 86 days is the median length it took to detect a data breach
  • 111 days is the median length of a breach from intrusion to containment
  • Estimated time it takes to crack an 8-character password — one day
  • Estimated time it takes to crack a 10-character password — 591days
  • 39% of passwords have 8 characters

The less you know about your enemies, the slower you can respond to them, and the more effective they will be against you. Use this report to help you battle today’s data security enemies.

Read the entire report here.

Data security lock 2