What is an EMV Card?

Visa does a great job of explaining to the masses what an EMV card is, what it isn’t and what it means to consumers and merchants alike.   Click below and use the arrows on the left and right of your screen to see what this means to merchants and consumers when the EMV Liability Shift goes live October 1, 2015.

Have a look at the Visa Chip Business Toolkit

http://usa.visa.com/merchants/grow-your-business/payment-technologies/credit-card-chip/resources/merchant-toolkit/index.jsp?page=toc

Also be sure to read our post by our own Janice Mackler, “What is EMV and what does it mean to you as the Merchant?”

What is EMV and what does it mean to you as the Merchant?

By Janice Mackler

View the PDF

EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions. The EMV standard is moving the consumers to chip card technology. These new cards contain an integrated circuit containing payment related information protected by layers of security. The EMV standard allows for cardholder verification methods other than a PIN.

As a merchant there are three core areas of concern:

  1. Expand TIP – TIP will end the mandate for merchants to validate their compliance with the PCI Data Security Standard for any year where 75% of the merchant’s VIS transactions stem from chip-based terminals.
  2. Build Infrastructure – Chip acceptance will require service providers to be able to carry and process additional data that is included in chip transactions, including cryptographic messages that make each transaction unique.
  3. Shift Liability – Effective October 2015 the party, either the issuer or merchant, who does not support EMV, assumes liability for counterfeit card transactions.

EMV is not the silver bullet that can wholly insulate a merchant from the credit breaches common in the news today.  Credit card theft will continue, and merchants will still need to protect themselves. EMV transactions still send credit card data in clear text that hackers can use for credit card fraud.   Since creating fake cards is more difficult in the EMV environment, hackers will be more apt to perpetrate fraud in an on-line environment rather than in person. Therefore, your firewall is still extremely important for protecting your business.

Questions you need to be asking your POS provider?  Is your POS Hardware ready for EMV? Is your software version able to accept EMV transactions? Does your POS have enough memory to support the EMV peripheral devices for both contact and contactless acceptance?  Has your credit processor defined what is required of the POS system to communicate in the EMV standard?  Most POS providers will not have the code completed until 2016, as these requirements are still being defined.

What does this liability shift mean to you as a merchant? How many transactions are flagged as fraud in a given year?  What is the cost to the merchant for those transactions? We’ve heard many merchants say the liability shift is far less than the cost of immediately transitioning to EMV.

As your trusted POS advisor we want to ensure you are ready to successfully meet these new requirements.  Please call us to discuss your needs.

1.855.737.1500 | rdspos.com

 

April 8th XP End of Life – Don’t be an Ostrich

Windows XP was laid to rest on April 8, 2014.  It is survived by its siblings Windows Vista (stop laughing), Windows 7 and Windows 8.

Before you read further, this does not pertain to XP embedded.  You still have time left on that; end of life for XP embedded is January of 2016.  Not sure if you are on XP embedded?  Keep reading and contact us. We can help.

The passing of Windows XP marks a major milestone in the progression of desktop technology.  Many times Microsoft extended the life of the platform because of the success it had in the marketplace and the outcry of the impact ending support would have on the PC community.  Finally, just a few short weeks ago, Microsoft pulled the plug; this time for good.

A few months back we posted an article about the “tsunami of viruses” that were likely to hit at end of life.  Thus far, those fears have not come to reality; at least not anything that has created any public outcry.  Why is this?  It could be the end of life was much ado about nothing.  It also could be as many reports suggest; thieves are targeting smaller firms.  The attacks are likely happening, but not getting the headlines.  Additionally, recent reports show the market share for XP has only dipped by about 1.5% since end of life.  Larger firms, especially since the Target breach, have shored up their networks.  Smaller firms often the laggards, not so much.  Small business is vulnerable and the crooks know it.

One other major concern if you are still running XP on your front or back of house systems, XP is no longer PCI compliant.  Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release. (Source: www.pcisecuritystandards.org) 

If and when your business is breached and you are running Windows XP, you will likely not garner much sympathy from the PCI Security Council as they determine origin of fault and levy fines.

Many store owners we talk to are not even sure if they have XP.   There is a lot of misinformation out there.   If you are not sure if you are vulnerable, let us know.  This is not the time to stick your head in the sand and not take action.  We are happy to provide an assessment.    Whether or not you use RDS to help with the upgrade or change, protect yourself.  Upgrade your system and remove this liability from your business.

Growing Concerns as XP End of Life is Approaching

Experts predicting a “tsunami of viruses” as operating system support ends.

Let’s face it, the media loves a technical disaster story. In 2000 we had Y2K, and a plethora of security breaches and viruses and worms (Remember Nimda?) that seem to never be as big as what we are told they will be. These items caused lot of inconvenience and in some cases some serious damage but nothing that wasn’t patched, and repaired. We adapted, learned and moved on. So why should we get concerned about XP end of life when other technical “disasters” that either happened or were looming turned out to be much ado about nothing? It’s simple really. The people in charge of updating, patching and preventing are not going to be doing it anymore as of April 8, 2014.

So what?

XP is still being updated and security holes are still being patched. Between January 1 and March 30 of 2013 Microsoft released patches for 34 security vulnerabilities 28 of these were network related. So without these patches there were 28 ways a hacker could have created something to harm systems running on the XP Operating system. The Windows XP operating system in April is going to be “as is” there will be no more patching, no more updates. This will make the machines that are currently operating on Windows XP vulnerable and a soft and relatively easy to exploit target. Even currently with patches, the malware infection rate for a Windows XP machine is over 2 times greater than that of Windows 7 machine and it will get worse. Additionally with the install base for Windows XP being as high as 43% from some reports, XP will be a major target of those looking to exploit systems for financial gain. Additional reports even speculate that more sophisticated groups are withholding code in hopes that the vulnerabilities they have discovered remain unpatched after end of life in April. For more information read Microsoft’s own Security Intelligence Report

For most Point of Sale customers on a modern touch screen point of sale system the problem is not the front of house POS system. Many but not all run XP embedded which has another couple of years of life with end of life set for that on December 31, 2016. The issue is in the back office computers. Many back office systems even those deployed in the last few years run XP Pro and most are exposed to the internet. Firewalls, PCI compliance and other solutions can only protect so far and an outdated system like this is likely to cause you to fall out of PCI compliance no matter what other safeguards are in place.

There are other reasons that an update should be in the works for any machine you have still on XP. Technology changed. Windows XP just doesn’t work with many newer and peripherals like printers, scanners, scales, and other devices. Why? It’s more than a decade old and the machine it was designed to be installed on just doesn’t have the horse power to drive these new devices. Not to mention the leaps and bounds software has taken. Newer programs just don’t work on a machine that was designed to surf the web, check email and run a few programs. To put it in perspective… 12 years ago when it was released the PC it was designed for had less power than an iPhone does now.

If you have questions or concerns about the risk your business may be taking with your current operating environment please visit our windows XP end of life page at www.rdspos.com/xp or call your local office.

Article by:

Patrick Solum
Marketing Director
Retail Data Systems
psolum@rdspos.com

@sodakforce

 

Can You Afford to Not Have Integrated Video Surveillance?

Studies show that 75% to 90% of employees will steal from their employer.   Theft can take many forms, from the coffee that the cashier “forgot” to ring up, the produce that the cashier let lean on the side of the scale to give a friend a lower price on those steaks, theft of product from the stock room or just out-and-out skimming from the register.   So as a store owner how do you deter theft in a way that will allow you to run your business without turning into a full-time store police officer? 

One way that is rapidly gaining popularity due to its ease of use, time savings and rapid return on investment is an integrated store surveillance system.  Although more expensive than the off the shelf products that sell for a few hundred dollars, these products allow the t-log information from the POS to be burned into the video image allowing the transaction log and the video to always be in sync.  Integrated systems also allow for intelligent monitoring where only transactions where a void or over ring can be quickly viewed.  They also can be set up in high theft areas to monitor when someone moves into the video frame.  Additionally these products can be monitored remotely and securely so an owner does not have to be in the store at all times.

Studies are showing that integrated video surveillance systems are one of the top technology purchases for 2013 due to their proven effectiveness.

Are integrated video surveillance solutions right for you?  Possibly not.   Your local RDS representative can help you evaluate your potential ROI to determine if one of these systems is right for your business.

Join the conversation…. 

Some examples of their value some of our many customers with these systems have shared with use are:

  • A fraudulent slip and fall lawsuit that was avoided after video was reviewed.
  • A thief stealing from the office safe that was caught.
  • A cashier that was not ringing up items for friends and family.
  • A stock boy who was stealing merchandise from the storage room during his night shift.
  • The unprofessional behavior of a bartender towards customers.
  • A cashier that was giving free drinks and food items to her friends.
  • The shoplifter that was caught stealing baby formula.
  • A C-store cashier giving away beer.
  • Many, many more

If you have a something to share about how video surveillance has helped your business please post in the comments below. 

Windows XP Not PCI Compliant in April, 2014

Microsoft Ending life of Operating SystemXP RIP

Microsoft has had April 14, 2014 publicized for some time now as being the end of life for its most successful and widely adopted Operating system, Windows XP.  This is creating a serious PCI risk in that many retailers have not paid attention as they are stuck with machines that will no longer be PCI compliant due to this issue.  It is critical that if your company is running a point of sale system with Windows XP that you put in process a plan to move to a platform that is PCI compliant and will be for the foreseeable future.  Not doing so will put your company outside of PCI compliance and opens up your company to all kinds of risks from hackers, spam, viruses and spyware as the operating system will not be receiving any patches after that date.   In addition most manufacturers and developers have stopped developing software and peripherals for the platform leaving retailers finding it difficult to work with newer technologies such as updated scanners, cell phone coupons, loyalty programs, and others.   For more information on if your store might be at risk please contact your local RDS representative for a FREE POS Analysis.

Burger King Twitter Account Breeched

Take a lesson from Burger King. Make sure your sociial media account is secure with a strong password that is changed often. Although the actual cause has of the breech hasn’t been determined or released, many times these thing end up being traced to poor password / account managment.

http://www.foxnews.com/tech/2013/02/18/burger-king-twitter-account-hacked-posts-obscenities/

RDS Southeast Showcasing at the 2013 Hospitality Career Expo

Retail Data Systems SE showcasing the Aloha Point of Sale System at the 2013 Hospitality Career Expo Friday February 1st at the Georgia International Convention Center.  RDS staff met with and networked with over 2,500 future employees, customers, hospitality students, teachers and mentors.  Showcasing OUR BRAND and making a lasting first impression on the industries future buyers.  Educating the future of the hospitality industry and training the educators who influence our industry is another way we take pride in the industries we serve.

Image

Infographic: Fair Trade Volume Grows

Retailers have seen double-digit gains in the sales of Fair Trade products in recent years…

Supermarketnews.com - The Industry's Weekly NewspaperInfographic: Fair Trade Volume Grows - Share This!

 

Read More: http://supermarketnews.com/rankings-amp-research/infographic-fair-trade-volume-grows#ixzz2BO3SVVpx

Barnes & Noble Latest Victim of PIN Pad Tampering

Another victim has emerged with hacked pin pads.  This time it is Barnes and Noble that has had 63 stores with compromised devices.  Stories like this outline the need for strong adherence to PCI guidelines around securing your credit info.  PCI Security Council Requirements Section 9.2 – 9.4 dictates rules  for anyone that enters the store that could potentially come in contact with areas or equipment where credit card information is accessible. Also of great concern are reports that the shift in attacks are shifting to smaller firms where standards, security and procedures may not be as strong.   If you have concerns with your stores security or have questions regarding PCI please contact your local RDS Office.

Read more on the Barne’s and Noble breech at: http://www.foxnews.com/us/2012/10/24/credit-card-pin-pads-hacked-in-63-barnes-noble-stores/?test=latestnews#ixzz2AFGXHFLr