Social Engineering – What Is It?

You receive an email reminding you that an invoice is overdue from somebody you don’t know, or an email address you don’t recognize. “Just click on this link to see the invoice and easily make a payment…..”

You get a phone call from a vendor requesting your address, password and/or other noteworthy credentials to clear up an issue with the service they have been providing for you….

These are the hallmarks of a Social Engineering attack.

Social engineering is a broad term, but can be simply defined as:   the practice of obtaining confidential or sensitive information by manipulation of legitimate users. Also termed “Human Hacking.”

In his whitepaper, Social Engineering: A Means to Violate a Computer System, Malcolm Allen writes, “’Social Engineering’ is a threat, often overlooked but regularly exploited; to take advantage of what has long been considered the ‘weakest link’ in the security change of an organization –the ‘human factor.’” It is important to understand that, in addition to the technological aspects of influencing a person, social engineering attacks are, in essence, a psychological trick.

All social engineering attacks are unique and range from telephone scams to phishing emails. The goals of a malicious social engineer can be compared to those of any criminal activity: money, knowledge, power, control, etc. In order for organizations to protect against social engineering scams, they must be introspective and brainstorm reasons someone might want to target them. Based on their research, they should then take preventative measures, such as implementing mandatory security awareness training for employees. The first line of defense against these attacks are user awareness and education surrounding information security.

We will be talking about Social Engineering in our next few blogs as the number of incidences are currently on the rise.

NCR OPTIC Completes First Outdoor EMV Transaction

NCR enables New York-based convenience store chain to introduce secure payments at the pump and create a consistent shopping experience across all fueling platforms.

DULUTH, Ga.–(BUSINESS WIRE)–NCR Corporation (NYSE: NCR), a global leader in omni-channel solutions, announced that it has conducted its first EMV payment transaction on the NCR OPTIC Outdoor Payment Solution at a Mirabito convenience store in Norwich, New York. Working with NCR’s channel partner Retail Data Systems, Mirabito is among the first convenience store retailers to embrace the secure payment scheme through the First Data network ahead of the 2020 liability shift deadline.

An important criterion for selecting the EMV-ready NCR OPTIC solution was its ability to digitally transform the forecourt to create a consistent customer experience across all fueling platforms. With NCR OPTIC, the customer experience will be very consistent at each Mirabito store, regardless of pump manufacturer or model. The prompting and customer touch points will be universal. Currently, Mirabito has implemented NCR OPTIC in three test stores and will be expanding the adaptation in new markets soon.

“We are very excited to be implementing this cutting edge at the pump technology at our stores,” said Eric Bunts, Chief Information Officer at Mirabito Holdings, Inc. “Upholding our customer’s credit card security is a primary objective of Mirabito and the NCR OPTIC solution allows us to increase our security positioning by accepting EMV chip cards at our fuel pumps. Additionally, the enhanced capabilities of NCR OPTIC fulfill a diverse range of customer experience objectives that are important to us as an organization.”

With the help of the NCR technology, Mirabito now can offer mobile payment through contactless integration and enhanced loyalty interactions with the integrated barcode scanner. Furthermore, the high definition video displays can be used for in-depth marketing promotions.

“The introduction of EMV payments provides convenience retailers with the unique opportunity to introduce new services and create a compelling customer experience, as well as convert consumers at the pump to in-store shoppers,” said Tom Chittenden, vice president and general manager of retail solutions at NCR Corporation. “Our goal is to help retailers drive more offers at the pump that today’s consumers demand, while remaining flexible for future deployments and technology developments. NCR OPTIC provides both and more.”

NCR OPTIC has been thoughtfully engineered to provide retrofit options for most brands of fuel dispensers. With an unprecedented open software platform, NCR OPTIC enables retailers to gain flexibility in developing their own unique applications to engage with their consumers like never before.

About Mirabito

Since 1927, Mirabito has been family owned and operated. Mirabito provides energy products and services for families and businesses throughout upstate New York, western Massachusetts, and Connecticut, with corporate offices located in Binghamton, NY. In addition to being an energy provider, Mirabito owns and operates more than 100 convenience stores throughout Central New York and Northeastern Pennsylvania, making Mirabito a convenient stop for customers and one of the largest convenience store chains in Central New York. The Mirabito Family of Companies includes Mirabito Energy Products, Mirabito Convenience Stores, Mirabito Truck Repair and the Rewards Plus customer loyalty program. For more information, visit

About NCR Corporation

NCR Corporation (NYSE: NCR) is a leader in omni-channel solutions, turning everyday interactions with businesses into exceptional experiences. With its software, hardware, and portfolio of services, NCR enables nearly 700 million transactions daily across financial, retail, hospitality, travel, telecom and technology industries. NCR solutions run the everyday transactions that make your life easier. NCR is headquartered in Duluth, Ga., with about 30,000 employees and does business in 180 countries. NCR is a trademark of NCR Corporation in the United States and other countries. NCR encourages investors to visit its website which is updated regularly with financial and other important information about NCR.

Am I required to be PCI Compliant? Part 2

By law? No. By your credit card processor? Yes.

In a nutshell, PCI DSS is a baseline information security program. The PCI DSS outlines security best practices like utilizing a security firewall and using password best practices. Merchants are required by their credit card processors to adhere to PCI requirements and are asked to attest their compliant status annually. The merchant’s processor may ask them to fill out an SAQ (self assessment questionnaire) or conduct a QSA-led (qualified security assessment) PCI assessment as part of the client’s annual compliance validation process.

Are There Penalties?

Yes. The penalty for refusal to adhere to the PCI DSS and the processor’s compliance validation requirements could result in significant potential suspension from credit processing networks and significant fines. These fines include chargebacks to the merchant, and potentially additional third party auditing costs.

It is more important now than ever to make PCI DSS a constant priority in all business considerations. The continuity the program provides will help ensure protection of cardholder data from malicious individuals. Because the world of digital transactions is ever-evolving, continuing to stay current with PCI practices is the best way to stay informed of the latest security practices.

Retail Data Systems Payment Services Receives Highest Honor from WorldPay

Alpharetta, GA:  Retail Data Systems Payment Services Division was awarded the highest honor at WorldPay’s Annual Awards Dinner last month in Alpharetta, GA. RDS General Manager Tom Wilyard accepted the honor for 1st Place MSP Volume, awarded to the #1 Independent Sales Organization (ISO) with the largest volume of card processing transactions in the U.S. with WorldPay. This collaboration spans the restaurants, grocery, retail and convenience store industries.

Tom Wilyard

Pleased with the recognition, Wilyard had this to say, “This year’s success is due to our RDS branch partners and staff who have continuously strived for excellence with deployments, training and support for encrypted POS transactions. Worldpay continues to share our commitment to our clients by providing excellent communication, support and feature rich products to RDS and our clients.

Retail Data Systems is the largest provider of Point Of Sale Hardware and Software, in North America. Founded in 1950, RDS now operates over 25 offices serving customers across the nation providing complete Point Of Sale technology. Our team of over 400 professionals assure our customers of the best 24/7/365 service available. Our list of industry leading POS hardware and software products provide a variety of solutions for companies large and small. For more information, please visit

Worldpay is a global leader in payments processing technology and solutions for our merchant customers. We operate reliable and secure proprietary technology platforms that enable merchants to accept a vast array of payment types, across multiple channels, anywhere in the world. For more information, please visit

Am I required to be PCI Compliant?

Think of the Payment Card Industry Data Security Standards (PCI DSS) as an umbrella that covers any entity that stores, processes, or transmits cardholder data; and even extends to service providers with the ability to affect the security of the cardholder data environment.

PCI Compliance is a requirement for any entity that meets the description above, because it works for business continuity. On your journey toward compliance, it is important to remember that there is a difference between the PCI DSS Compliance and PCI DSS Compliance Validation. Complying with the PCI DSS is not a feat that can be conquered overnight; it is an IT project.

PCI Compliant graphic borrowed from Nettitude (credit

THE VIEW FROM ABOVE: QIR Customer Experience Highlights

To maintain their certification, QIR companies are held accountable for the impact they have on the security of the cardholder data environment as they work to uphold the Payment Card Industry Security Standards Council (“PCI SSC”) Code of Professional Responsibility. Over the course of the last year, RDS has made major investments related to meeting the new QIR qualification and implementation requirements. Trained by the PCI SSC, RDS employees perform Qualified Installations every day in accordance with the QIR Program.

The diagram above shows the Qualified Installation process and parties involved. (diagram credit PCI-SSC)

The PA-DSS Implementation Guide is prepared by the software application vendor, such as NCR, and passed to the QIR Company (RDS). The QIR qualified employee uses this vendor-provided PA-DSS Implementation Guide, QIR Implementation Statement Instructions, and their knowledge of the PCI DSS, when implementing the payment application software into the merchant’s environment.

Throughout each stage of the implementation, the QIR employee documents details related to the install and PCI DSS on an Implementation Statement. This document provides a record of their work with a checklist of implementation/functionality items for the QIR employee to test and sign off. Within 10 business days of the installation, the QIR installer reviews the completed Implementation Statement for Quality Assurance. Once the document is signed off, the customer receives a copy for their records. To ensure continuing process improvements, the customer is invited to share their experience through a survey located on the PCI SSC website. The QIR Feedback Form serves as a tool for the PCI SSC to validate the performance of the QIR Company, in accordance with the QIR Program Requirements, through the customer’s experience.

RDS appreciates our customers’ feedback and can help guide and assist you as needed on your PCI Compliance journey. If you have any questions about our QIR Program, please email:

QIR and The Small Merchant

Did you know that 60% of small businesses go under within 6 months of a cyber attack*? According to industry research**, restaurants and retail small business merchants make up the biggest portion of total known breaches, and only about 20% are compliant with the Payment Card Industry Data Security Standards (PCI DSS).

In credit card processor speak, small business merchants fall into the Level 4 merchant category. As such, they are required to adhere to the PCI DSS and to demonstrate Payment Card Brand specific compliance annually. Failure to do so results in penalties by the processor. Merchants have seen many changes to their credit processor validation requirements over the last several years between updates to the PCI DSS, hardware, and the recent VISA Qualified Integrator and Reseller (QIR) mandate.

Last year VISA issued a QIR mandate to Level 4 merchants and were given a deadline of February 2017 to begin utilizing only PCI Security Standards Council (PCI SSC) qualified QIR Companies for Point of Sale activities, or pay a fine. This is the first mandate of it’s kind, and other payment card brands are anticipated to follow suit in the near future. The mandate is meant to alleviate compliance risk during implementation and ongoing maintenance support of point of sale systems. By using organizations that have completed the PCI SSC QIR qualification, merchants improve security by ensuring that point of sale systems are installed and integrated in a manner that facilitates the merchant’s PCI DSS compliance and ultimately reduces risk.

RDS has over 130 QIR qualified technicians and is dedicated to cultivating internal PCI DSS awareness and serving as a resource to guide our customers throughout their PCI Compliance journey. As a QIR Company, RDS only installs and maintains PA-DSS validated payment applications and implements data security into every facet of business operations, from the implementation of point-of-sale systems, to keeping our employees trained and up-to-date with the latest security standards.

In the POS industry since 1950, RDS has continuously adapted and grown through many changes providing smarter products and support to our clients year after year. This includes cultivating PCI DSS compliant processes and environments to serve as an advisor to our clients. RDS is proud to have over 130 employees QIR qualified to conduct Qualified Installations and assure compliance with the PCI DSS.

*Cyber Security Statistics – Numbers Small Businesses Need to Know, Jan 3, 2017, Small Business Trends (

**Verizon 2015 PCI Compliance Report
Visa graphic borrowed from PCI SSC (credit

Crazy Bowls & Wraps Selects PAR’s Cloud-Based Brink POS® Software

Solution also includes Brink Online/Mobile Ordering and PAR EverServ® Terminals

New Hartford, NY- July 27, 2017 – ParTech, Inc. (PAR), a leading global provider of point of sale (POS) and workforce efficiency solutions to the restaurant and retail industries, announced Crazy Bowls & Wraps has selected PAR’s Cloud-Based Brink POS® Software and EverServ® 500 and 550 terminals for all 16 locations, with plans to expand with additional new store openings this year. Crazy Bowls & Wraps serves fresh, real food that is made from scratch daily.

ParTech, Inc. is a wholly owned subsidiary of PAR Technology Corporation (NYSE: PAR).

Crazy Bowls & Wraps was using a legacy point of sale solution, which made it difficult to implement back of house applications that integrated with above-store accounting, operational, and human capital systems. It was also extremely labor intensive to perform menu and price changes, as each location required individual updates performed by management. Efficiently analyzing customer and transactional information was a challenge, as well.

“With the capability of cloud technology today, we started searching for a solution that gave us remote management from anywhere, with a partner that could be there for us locally as we continue to expand our brand,” said Keith Kitsis, Founder, Crazy Bowls & Wraps.

RDS St. Louis, a value-added reseller, facilitated the process to identify the best solution for their needs.

The Brink solution, a cloud-based enterprise management system, will enable Crazy Bowls & Wraps to centrally control and deploy updates to all 16 locations, integrate with the current and future above-store systems, and position Crazy Bowls & Wraps for growth.

RDS and PAR have provided great insights and support in the seamless transition of the new system and the growth of our omni-channel presence, providing our customers more ways to “go for the good.” From the store to the office, we have been pleased in the ease of use and expandability the product offers,” added Kitsis.

Crazy Bowls & Wraps is seeing improved customer engagement by offering them a best in class omni-channel experience from Brink’s online and mobile ordering platforms, and investigating the comprehensive loyalty solution. Although they are early in the process of implementing this, they are seeing great potential in both incremental revenue and speed of service improvements.

“We are excited to have Crazy Bowls & Wraps select Brink for all locations. Brink was designed to be  forward thinking and with the end user in mind, resulting in an easy to use and quickly adoptable solution,” said Paul Rubin, Chief Strategy Officer, ParTech, Inc. “With Brink online ordering and loyalty in place, guests will have a more engaging experience, and a more convenient and accessible way to order their favorite CBW dishes.”

“RDS is proud to have the opportunity to partner with Crazy Bowls & Wraps in providing PAR’s cloud-based Brink POS Software,” said Chris Cutting, General Manager, Retail Data Systems of St. Louis (RDS). “With the solution’s robust reporting and remote management capabilities, it addressed the issues that were once faced with their traditional, legacy systems. It is exciting to see CBW grow and offer the best possible experience for customers with online ordering and loyalty options. “


Crazy Bowls & Wraps opened its first store in St. Louis, MO in 1994. While CBW has continually evolved and expanded over the years, they continue to serve fresh, real food that is made from scratch daily. By making it easier to enjoy delicious, fresh ingredients, CBW helps people feel good about themselves and the world we share. For more information and a list of locations, visit


Retail Data Systems is the largest provider of Point of Sale Hardware and Software in North America. Founded in 1950, RDS now operates over 25 offices serving customers across the nation providing complete Point of Sale technology. Their team of over 400 professionals assure customers of the best 24/7/365 service available. Their list of industry leading POS hardware and software products provide a variety of solutions for companies large and small. For more information, visit


PAR Technology Corporation’s stock is traded on the New York Stock Exchange under the symbol PAR. PAR’s Restaurant/Retail segment has been a leading provider of restaurant and retail technology for more than 30 years. PAR offers technology solutions for the full spectrum of restaurant operations, from large chain and independent table service restaurants to international quick service chains. Products from PAR also can be found in retailers, cinemas, cruise lines, stadiums and food service companies. PAR’s Government segment is a leader in providing computer-based system design, engineering and technical services to the Department of Defense and various federal agencies. For more information, visit or connect with PAR on Facebook and Twitter.

Software 4 Retail Solutions Releases S4Vision For Unified Customers

Software 4 Retail Solutions has released S4Vision for Unified Grocers customers participating in Unified’s “Scan Advantage” store data and analytics program. S4Vision is a self-service business intelligence platform that accumulates and analyzes real-time point-of-sale (POS) transaction data, giving store owners and managers actionable reporting and analytics on their desktop, tablet or smartphone.

S4Vision connects store managers directly to high-level summaries of trends and performance, with detailed drill-down whenever and wherever they need it, Software 4 Retail says. Managers can see chain and store real-time sales, with period-over-period trends including metrics such as customer count, basket size, average retail and items per basket. They also can dive deeper into department sales and metrics to examine strong or under-performing areas of the business. The platform provides daily projections to help managers anticipate product demand and customer visits.

S4Vision’s capabilities include measuring key performance indicators such as open department sales, no sales, refunds and voids so managers can track store labor and prevent loss. Real-time alerts are issued for abnormal activity and performance. Additionally, customer traffic can be measured against cashier labor to validate labor schedules.

“We are very pleased to be a preferred technology partner with Unified Grocers,” said Rick Goertzen, GM of Software 4 Retail Solutions. We’re confident that Unified’s retailers will enjoy the convenience and control of having S4Vision’s real-time data and analytics in the palm of their hands, and quickly see increased performance and sales growth storewide.”

Brian Legate, manager of retail analytics at Unified Grocers, said, “We’re delighted to add S4Vision to our suite of mobile offerings to help our independent retailer customers better compete and grow in their marketplaces. S4Vision is well-suited for helping our retailers take full advantage of Unified’s Scan Advantage program and all that it offers.”

PAR Technology and RDS Press Release

PAR Technology Corporation (NYSE:PAR)

FOR RELEASE:  March 9, 2016

Giardino Gourmet Salads Selects Cloud-Based PAR Brink POS® Software to Help Maximize Profits, Loyalty and Operational Efficiency

New Hartford, NY – March 9, 2016 — ParTech Inc. (PAR), a leading global provider of point-of-sale (POS) and food safety solutions to the restaurant industry and subsidiary of PAR Technology Corporation (NYSE: PAR), announced today that Giardino Gourmet Salads, has selected PAR Brink POS software for its corporate and franchised stores. Giardino’s is a premier fast casual salad chain with 12 locations, based in southern Florida. Retail Data Systems (RDS), a reseller of PAR hardware and software and a long-time partner of Giardino’s facilitated the process to find a POS solution that would best serve the needs of their growing brand. The goal was to implement a technology solution that would enable loyalty and online ordering while providing enterprise level management to efficiently and proactively support their franchisees.

The cloud-based architecture of PAR Brink POS optimizes enterprise operation management across the brand, without the need for a back office computer. The implementation of Brink POS has eliminated the need to manage menu changes from each store location, saving valuable time and resources. As a franchisor, Giardino Gourmet Salads will have access to reports and real-time data including labor and sales on individual locations chain-wide to help franchisees make informed, proactive decisions to drive revenue.

Giardino Gourmet Salads is one of the first restaurants to deploy the Punchh mobile loyalty platform that was recently integrated into Brink with the latest software release. The Punchh-powered apps will help the brand drive loyalty and guest engagement and provide powerful analytical tools to grow the business and better understand the full network of its customers.

“We were planning to franchise from the start and never wanted Giardino Gourmet Salads to be a mom-and-pop restaurant, so implementing a scalable technology platform was a priority,” said Kenny Lugo, founder of Giardino Gourmet Salads. “At an industry event, we spoke with loyalty and mobile ordering providers who both highly recommended Brink for our business model. From these interactions and our relationship with RDS, we knew PAR was the right partner for us and that using Brink POS to its fullest potential would give us a pulse on our business from anywhere, supporting our aggressive growth plans.”

“Cutting-edge, cloud-based technology, like Brink POS, offers optimal scalability through its simple deployment and enterprise management capabilities, making it an ideal solution for growing fast casual and quick service chains like Giardino Gourmet Salads,” said Matt Sutton, general manager at RDS Miami. “We believe a partnership, like the one we have with PAR, allows us to provide not only the best solutions, but also smoother installation, more in-depth training and more efficient help desk services for our customers.”

“It is a true example of partnership between PAR, RDS, and our integration partners to provide Giardino Gourmet Salads with a POS solution that will support their business and drive their brand growth,” said Karen Sammon, President and CEO of PAR Technology Corporation. “The selection of PAR Brink POS by Giardino Gourmet Salads, a company that has been included on’s Top 100 Movers and Shakers list for the past three years, further strengthens our position in the market as the POS solution for the growing fast casual operator. We are honored to add them to the PAR family and grateful to RDS for the continued support and expertise they provide to our collective customers.”

Giardino Gourmet Salads expects to have 14 stores open by the spring of 2016 and franchise commitments to open an additional seven additional locations in South Florida, Nashville, TN and Raleigh, NC.

About Giardino Gourmet Salads

Giardino Gourmet Salads is the premier fast casual salad concept in South Florida. Founded in 2004, the gardener chefs at Giardino serve the widest variety of individually hand-crafted, great-tasting salads and menu offerings using premium ingredients like freshly baked croutons and homemade deli salads. Currently with 11 South Florida locations and one in Nashville, TN, please visit for more information.

About PAR Technology Corporation

PAR Technology Corporation’s stock is traded on the New York Stock Exchange under the symbol PAR.  PAR’s Hospitality segment has been a leading provider of restaurant and retail technology for more than 30 years.  PAR offers technology solutions for the full spectrum of restaurant operations, from large chain and independent table service restaurants to international quick service chains. Products from PAR also can be found in retailers, cinemas, cruise lines, stadiums and food service companies. PAR’s Government Business is a leader in providing computer-based system design, engineering and technical services to the Department of Defense and various federal agencies.  Visit for more information.

About Retail Data Systems

Retail Data Systems is the largest provider of point-of-sale hardware and software in North America. Founded in 1950, RDS now operates over 25 offices serving customers across the nation providing complete point of sale technology.

Our list of industry leading POS hardware and software products provide a variety of solutions for companies large and small. For more information, visit