A strong password can make all the difference when it comes to security. Learn how to generate a secure password in this 2 minute quick tips video.
Well… the unfortunate has happened. Your business has experienced a data breach. Now what?
OMEGA Processing Solutions have peace of mind should a data breach occur. Our data protection program provides a comprehensive suite of services with expert assistance to merchants in the event of a data incident. Here is a look at what is included in our Data Incident Management Program.
Data Incident Forensic Services: A full forensic investigation, review and incident report will be conducted by a nationally recognized investigative firm if required by ANY regulatory agency. Includes the standard forensic incident assessment typically mandated by the card brands, comprising investigation, report generation and client review. Rectification services are not included ($12,000 value).
EMV POS Equipment Replacement: Up to $1,500 of EMV-compatible POS equipment or software will be provided to each merchant (MID) in the event they are formally advised or required by a regulator agency, card brand or forensic investigation to replace the equipment or software. New equipment or software is delivered directly to the merchant. ($1,500 value).
Legal Services: Affected merchants will be provided up to $10,000 in legal services from a nationally recognized law firm specializing in data loss and compromise situations. A 20 percent discount from standard firm fees is available for incidents requiring greater than $10,000 in legal services ($10,000 value).
Data Incident Notification Services: Currently 47 states and the District of Columbia have data breach notification laws in place. In the event of a potential data compromise incident, a legal team specializing in privacy matters analyzes the situation and initiates the notification process if necessary. With OMEGA Processing’s Data Incident Notification Services, the proper information is delivered to all necessary federal, state and local authorities in the correct formats and within the specified timeframes. Merchants may review and approve the notification messages before they are submitted to regulatory agencies. In addition, notification messages are reviewed by an attorney before they are submitted ($12,000 value).
Consumer Notification Services: If necessary, OMEGA Processing’s Data Incident Management Program will develop and coordinate the distribution of a notification message for your customers or donors using your mailing list. Any printing, mailing, postage costs, email electronic delivery costs, etc. are additional. ($12,000 value).
Data Incident Public Relations (PR) Management: A national-caliber PR firm will create internal messaging and communications that inform company management and staff about a data incident, as well as external messaging designed for end-users, such as consumers and customers. Additionally, if required, the PR firm will create and distribute an incident press release. Services include interviews, copywriting and design of communications and provision in appropriate format(s) for end-user distribution. Any printing or press release distribution services are additional. ($12,000 value).
The recently released Trustwave Global Security report investigated data compromises across 17 counties. Here are some of the highlighted findings:
- 35% of all incidents were in North America
- 23% of the investigations were in the retail industry, 14% in hospital and 10% were in the food and beverage sector
- 60% of breaches targeted payment card data
- 41% of breaches were detected by victims themselves (up from 19% in the previous year)
- 5% of email spam included a malicious attachment or link
To access the entire report, click the link below.
Security camera video footage of scammers installing a credit card skimming device on a terminal in just three seconds has been circulating the airwaves in recent days. Once the skimming device, which closely resembles the actual terminal, is put into place, criminals may be able to capture card and cardholder data at the same time it is received by the terminal.
While these attacks are relatively infrequent, terminal manufacturer, Verifone, used this as an opportunity to remind the public to follow these security best practices.
- Perform daily visual inspections of devices to look for evidence of tampering, and educate/encourage store employees to do the same.
- Require all visiting repair technicians to sign in with their name and company information.
- Utilize locking stands that prevent placement of overlay shells and make it impossible to attach recording or transmitting devices to legitimate devices.
- Place tamper-evident stickers on terminal casings; removal of such decals are indicative of potential fraudulent activity.
More information can be found in Verifone’s Payment Security Best Practices guide, which is available here.
Internet robots, or bots, are self-propagating malicious programs that spread to form a network of bots—a botnet. Computers become compromised by online criminals, usually without the knowledge of the real owner, and can silently engage in all manner of cybercriminal activity at the remote command of a hacker overlord (known as a “botmaster”).
Bot infection methods can include: downloading a virus-infected program, infection via a worm, or more sophisticated methods such as a “drive-by” infection in which users infect their systems by simply visiting a website. The botnet controller can either operate the botnet for malicious purposes or sell this control to others who wish to attack specific targets. Examples of malicious actions from botnets include distributed denial of service (DDoS) attacks, malware, spyware, spam, and data theft.
How Should You Protect Your Computer?
Here’s what you can do to reduce the chances of being compromised:
- Run anti-virus software, and make sure that you keep it updated. Run other security software, including a firewall, to make your computers less vulnerable to attack. Keep your other software — apps and operating system — updated too. New vulnerabilities are found all the time, some of which are exploited by malware authors in their attempts to grow the size of their botnet.
- Consider enabling automatic updates if you find updating your software a tiresome nuisance.
- Be wary of clicking on links or opening attachments in unsolicited emails — there could be malware lying in wait.
- Don’t forget your smartphones. Although most botnets are comprised of Windows and Mac computers, there have also been notorious incidents of botnets powered by other devices running other operating systems.
The recently released Trustwave 2015 Global Security Report studied 574 data compromises across 15 countries. The comprehensive report outlines the most prevalent vulnerabilities and exploits used in attacks, common password vulnerabilities, and the return on investment that can be gained from a proactive cybercrime readiness and prevention campaign. Consider these stats:
- 42% of compromises studied were e-commerce, while 40% were at the point-of-sale
- Weak passwords or weak remote access security contributed to 90% of point-of-sale breaches
- 86 days is the median length it took to detect a data breach
- 111 days is the median length of a breach from intrusion to containment
- Estimated time it takes to crack an 8-character password — one day
- Estimated time it takes to crack a 10-character password — 591days
- 39% of passwords have 8 characters
The less you know about your enemies, the slower you can respond to them, and the more effective they will be against you. Use this report to help you battle today’s data security enemies.
Read the entire report here.
EMV- payments are coming, and they’re coming soon! The EMV liability deadline hits October 2015.
EMV is a joint, international effort between the card brands to increase card and cardholder security. Rather than relying on card magnetic-stripe technology (which is the same technology used in cassette tapes), EMV payments use “smart” or “chip” cards. The new cards encode a user’s account information in the embedded chip, which generates a unique, one-time code for each sale. This prevents the data from being stolen and used to create counterfeit cards.
Rather than swiped, smart cards will be entered into the terminal during a transaction. Consumers will also have to either a sign a pin pad or enter a PIN to complete a transaction. This all means that existing swipe terminals must be upgraded to EMV-compliant equipment in order to take advantage of the new security measures.
EMV Deadline — October 2015
The October 2015 Fraud Liability Deadline means that there will be a change in financial responsibility if a fraudulent transaction takes place. Merchants who experience fraud or chargebacks while using a non-EMV processing equipment will assume the liability for those transactions.
EMV Readiness Resources
As the deadline approaches, EMV education efforts are ramping up. Here’s a look at the ones we think are most helpful.
GoChipCard.com addresses the basics of how to identify and use a chip-enabled terminal, how to slide EMV cards into the readers and, most importantly, not to remove the card until prompted to do so.
SellSafeInfo.org was recently launched by the Electronic Transactions Association to help protect both merchants and consumers. The site is a one-stop information resource for merchants about today’s payments landscape.
emv-connection.com provides up-to-date information for all industry stakeholders on the status of EMV migration, along with tutorials and educational resources that will assist with migration.
Visa online EMV toolkit includes a step-by-step guide to adopting chip as well as videos, infographics, and other resources to help merchants make the seamless transition to chip-activated terminals.
Chip 360 from MasterCard is a campaign that aims to communicate actionable information, educate on steps to take and advocate why the change is needed to protect cardholders
Don’t Wait Until It’s Too Late
OMEGA Processing Solutions can upgrade your processing equipment to EMV-compatible terminals today at little or no cost. Contact your Account Executive or our Customer Service Center at 866.888.9724 Ext. 7 for more details.