It seems that not a week goes by without a data breach being in the news. Breaches occur a lot more than we realize – even affecting small businesses such as medical offices and single location restaurants. However, only the big ones make headlines. Hackers today have found various ways to obtain private and sensitive consumer data – and merchants are not all to blame. Continue reading "Can You Protect Your Customers From Outside Data Threats?"
Of all the consumer protection laws coming into play, finally some legislation is being proposed for data security breaches. When a data breach occurs, you see it in the news is mostly for <positive> public relations reasons. Companies issue press releases about data breaches to protect themselves and to stay in the good graces of their present and future customers. If they didn’t reveal such information, it would eventually be discovered and the company would be faulted for not reporting it. There are consequences either way, but the Federal Trade Commission (FTC) sees legislation as a way to force companies to be more proactive. Continue reading "FTC Taking Action Against Data Breaches"
The EMV Standard
In the UK, the migration to EMV technology has reduced fraud in face-to-face transactions since EMV adoption in 2003. The EMV standard operates with EMV-compliant cards (which have embedded chips instead of magnetic stripes) and EMV-compliant POS terminals. The chips require a PIN entry for a secure EMV transaction. The acronym EMV is derived from the initial letters of Europay, MasterCard, and Visa, all of whom cooperated to create the technology standard. MasterCard merged with Europay in 2002. JCB and American Express have since joined the organization as well.
EMV is a perfect example of two-factor authentication, where two different factors are required to complete a transaction, and has been referenced as a key solution for secure, fraud-resistant transactions. Continue reading "Where Are We With Payment Security?"
Password security is important and knowing the different types of identity theft is great, but what are the best ways to prevent identity theft? Many believe that PCI compliance does not affect them because they are not a payment processor or don’t run a gateway. This is a common mistake and can cost online businesses a lot of money. This doesn’t mean you need to be paranoid about being a company that is going to be the victim of identity theft. Use common sense and ask yourself if strangers are able to access your personal information.
Here are some tips to help prevent identity theft:
Continue reading "Online Network Security Must Haves – Part 3"
Part one of this series talked about identity thieves wanting your password, and we discussed ways to protect against having your passwords compromised. Securing your password seems to be only 25 percent of the battle these days. Many network security breaches, like the Heartland Breach, occurred from within. So it is important to be PCI Compliant internally and know who is working for you.
I wish there were a specific set of characteristics I could post to detect an identity thief, but unfortunately they are as broad as the criminal population itself. I like to divide attacks by criminals into two categories: internal attacks and external attacks.
Internal attacks are usually traced back to disgruntled, dishonest, and/or careless employees. Some common characteristics of an internal attack are:
Continue reading "Online & Network Security Must Haves – Part 2"
The word “hacker” is often associated with the terms crime and fraud. However, hackers can be a good defense against online fraud, such as the “white hat” hackers that work to prevent fraud and fight identity theft. Unfortunately, white hat hackers aren’t as common as criminal hackers.
It is important to first understand what different types of identity theft occur, and then you can find out how to get protection.
The easiest item for a criminal or hacker to obtain is your password. Some common mistakes made when setting up passwords is using names of kids, birthdates, or hometowns. Spelling your child’s name backwards is another frequent mistake. I have even seen people write their passwords on a sticky note, in a notebook or in your PDA. Do not give office assistants your passwords. Remember passwords are used in more than 90 percent of all online network security practices. People use passwords for online banking, shopping, stock trading, and network logons. It is imperative to create a strong password.
Continue reading "Online & Network Security Must Haves – Part 1"
The Federal Trade Commission announced that “creditors” will not have to worry about fines associated with non compliance with Red Flag Rules until May 1st 2009. A creditor is defined as any entity that extends, renews, or continues credit and any entity that regularly arranges for the extension, renewal, or continuation of credit. For example, mortgage brokers, utility companies and automobile dealers are classified as creditors.
This decision to extend is said to be largely due to complaints from creditors that they were unaware of the existence of the new regulation and some say they only found out after the deadline had passed. This deadline according to the official press release only applies to organizations that are not under the jurisdiction of any of the other regulatory agencies other than the Federal Trade Commission. FACTA requires financial institutions and creditors to implement a written identity theft prevention program that should help detect identity theft, hopefully before any damage is done. If identity theft is not detected, the regulation calls for the financial institution or the creditor to reduce the risk to the consumer and the organization.
Continue reading "Red Flag Compliance Deadline Extended"
It used to be that if you got a faulty product, poor service or were simply double charged, you decided to chargeback the purchase. With today’s economy and fraud on the rise, chargebacks are becoming more main stream and more purchases are being made with stolen cards. Losses of jobs cause people to simply think twice about their purchases, or people simply keep the product and claim they never received it.
Illegitimate chargebacks are costing business owners, and it’s time to fight back against dishonest customers and fraud. I have surveyed 50 of my online merchants and found that most of their chargebacks come from people who order items online, and then in an attempt to keep the product without paying for it, dispute it. I consider this shoplifting.
Part of the problem seems to stem largely from regulations put in place stating anyone can dispute any charge for any reason. Naturally, crooks will use these regulations to their full advantage.
Many online merchants are losing the battle against chargebacks and feel there is nothing they can do. Online merchants should not give up; not all chargebacks are final. The best option is to respond to the chargeback letter immediately. Keep in mind that if your bank still honors the chargeback, you have the right to go after the consumer plus any costs you incur as a result.
Some key tips for combating against chargebacks are:
Continue reading "Can Chargebacks Set your Business Back?"
The sales associates at retail outlets following proper security guidelines is a good start to protecting against fraud this holiday season. But what if you are an online business, or the magnetic strip on a card does not work? In Part 1 of this topic, we talked about proper procedure for accepting cards in a card present environment. Transactions that don’t involve swiping a card are considered “hand-keyed” transactions.
With hand-keyed transactions you run a greater risk of fraud because the magnetic strip information is not available. If you are in a retail environment you can do the following:
Continue reading "Tis the Season for Fraud – How Is Your Business Helping? (Part 2)"
According to the Bureau of Labor and Statistics of the U.S Department of Labor, the unemployment rate is currently 6.7 percent. With these staggering unemployment numbers, fraud is even more prevalent than ever. It is now even more important for business owners to maintain strict guidelines for retail purchases made with credit cards. Retail business owners in a card-present environment have just as much at risk as online retailers.
Visa requires that every sales associate check card security features, request an authorization, and obtain a signature. Below are some steps to follow so you can minimize fraudulent purchases:
Continue reading "Tis the Season for Fraud – How is Your Business Helping? (Part 1)"
May 16, 2011 
Posted by 
Tags: 
Loading ...