65% Of Retailers Lack The Tools To Handle Fraud

Up to 65% of retailers say they lack adequate fraud management tools to support effective anti-fraud strategies, according to a report from ACI Worldwide. More than half (54%) of retailers in the U.S. and Europe still need to consolidate their fraud management solutions across all channels.

For the report, titled: Managing Fraud In An Omni-Channel World, ACI Worldwide commissioned Forrester Consulting to conduct a research study that outlined current omnichannel fraud management capabilities. The study was designed to identify and evaluate current pain points for omnichannel fraud management in the retail industry, and highlight the tools and strategies required to retail fraud effectively.

The top three challenges retailers face as they implement fraud management include:

• Omnichannel data aggregation (76%);
• Customer demand for faster fulfillment (73%); and
• An increasing number of payment options (71%).

With consumers continuing to shop and spend through an expanding number of channels and touch points, businesses need to make firm plans to protect payment and customer data. As retailers plan to beef up payment security, 35% of respondents identify point-to-point encryption (P2PE) as critically important, while 31% believe EMV/chip and PIN acceptance at the point of sale is critical. Retailers also pointed to network segmentation, key exchange/management, estate management and tokenization, as critical.
At the conclusion of the report, Forrester Consulting offered the following recommendations:

• Eliminate line-of-business silos and establish a lead fraud management individual or department to ensure that data can be shared, and fraud can be tracked and prevented across all sales channels;
• Articulate the value of effective fraud prevention across the business to secure necessary funding and maintain effective protection as the business grows;
• Ensure tokenization and P2P encryption technologies are adopted to increase payment security and simplify compliance; and
• Leverage tools and services that enable data integration and real-time fraud screening.

To View Original Article: http://www.retailtouchpoints.com/features/trend-watch/65-of-retailers-lack-the-tools-to-handle-fraud

10 Keys to Safely Accepting Checks from your Customers

By Nicole Reyhle

With the rise of debit cards, ACH, e-payment systems and other new payment technologies, some would tend to believe that the paper check is becoming extinct.
To the contrary, paper checks still account for about 20% or more of the total payments made annually to merchants for goods and services.

"According to the 2013 Federal Reserve Payments Study, the percentage of payments made by check was still “21% of all payments made”. This amounted to 18.3 billion in checks being paid, with a value of $26 trillion dollars. Based on these numbers, it is clear that checks still play a major role in our payment system."

One challenge that business owners accepting checks face is that there will always be some percentage of checks that are returned for a variety of different reasons. According to the study, 3 out of every 1,000 checks was returned unpaid in 2012.

This amounts to nearly 66.4 million checks with a value of $83.1 billion that were returned unpaid. Checks are returned unpaid by the payer bank for a host of reasons, but most likely because the payers did not have sufficient funds in their accounts (that is, non-sufficient funds, or NSF).
Although it is the case that check usage is slowly declining, the study concluded that “checks’ diminishing share of the payments pie shouldn’t mask their overall significance in the payments system. The value and volume of checks will likely stabilize, with billions of checks being written well into the future” the study concluded.

As a business owner, the goal is usually to make it as easy on the customer to buy as much of your goods and services as possible. One effective way of accomplishing this is to accept all forms of payment, including checks and allow the customer to choose the payment method that he or she prefers.

There are a number of precautionary measures that business owners can take when accepting checks. Among them, here are our top 10 for you below: 

1. Establish a check acceptance policy with clearly acceptable forms of ID, and dollar limits. Allow no exceptions to these policies.
2. Verify the check information. The check writer’s name, address and phone number should be pre-printed on the check.
3. Watch the check writer sign the check. If the name is not readable, have the customer print the name below.
4. Compare the signatures, photo and physical description from the ID with that of the check writer. Always get a photo ID with every check written!
5. Most returned checks have low check numbers (100 to 500), which indicates a new account and therefore a more likely risk. Accept starter checks only from known customers. Any number under 300 should be a “red flag”.
6. Other useful information on the check is the accounts opening date (month and year) usually indicated by four numbers to the side of the account holders name and address.
7. Do not accept checks with PO Boxes. Always get a street address for the check writer.
8. Do not accept altered checks. The check writer’s name, address and phone number should be imprinted on the checks.
9. Do not accept third party checks. The check holder may not have permission from the account holder to have the check (it may be stolen)
10. Have a camera at the point of sale. Individuals committing forgery, fraud and writing bad checks do not want their photo taken. A video camera conspicuously placed will deter most dishonest people.

In the end, it is a balance between allowing your customers to use their preferred payment method of choice while also taking the prudent and necessary precautions in order to effectively protect your businesses financial interests.

To View Original Article: https://retailminded.com/10-keys-to-safely-accepting-checks-from-your-customers/

Retail Security Made Exciting with an Infographic

[Click graphic to enlarge]
For more information on our retail security suite

PCI Compliance for Mobile Point of Sale

PCI Council Releases “Accepting Mobile Payments with a Smartphone or Tablet”

By Amy Hanson, One Step Retail Solutions

“We know merchants are eager to take advantage of their existing smartphones or tablets to accept payment cards,” said Bob Russo, general manager, PCI Security Standards Council. “And the Council and its stakeholders, want to help the market to do this in a secure way. We're excited about this easy-to-use reference that will help merchants understand how to use the suite of PCI Standards to enable their businesses while still keeping data security top of mind.”

80% of identity theft can be traced back to small business breaches in security
With the “mobile revolution” comes a shift in retail security practices by independent retailers looking for cost effective retail technology solutions. Taunted by the allure of a “full mobile POS system” for dirt cheap, it can seem too good to be true when it comes to PCI Compliance. The PCI Security Standards Council state what many have been wondering for some time, “Mobile devices are not necessarily designed to be secure input or storage devices for cardholder data. Your mobile payment solutions thus requires additional technology, including encryption to secure cardholder data acceptance.”

At this point, the exact regulations and guidelines have yet to been fully defined by the PCI Council regarding mobile point of sale systems. So, when a prospective mobile POS provider has stated that they are PCI compliant, this does not necessarily mean that any specific actions have been taken to ensure that the specific system is secure. Factually, PCI compliance is not limited to your software capabilities and while you may be attempting to form up a small business on a dime with an iPad and a $15 a month system, you are in the hot seat if you are not only PCI compliant but truly secure.

How “hot” is the hot seat?

The reason this is of absolute importance to you as a retailer, is you could personally be held accountable for everything from full reimbursement for monies stolen, to a possible $500,000 fine for negligence should there be a data breach which traces back to one of your devices. As you can see, this is very serious business that a fly-by-night POS system should not be trusted with. In this matter, the cheapest option is not necessarily the better option and could effectively close your business.

How to protect yourself and your livelihood
Several heavily marketed and relatively new mobile POS systems are under scrutiny for PCI compliance failure (lack of data encryption is a common oversight). A  long term service provider of point of sale solutions, hardware and supporting systems (security, etc.) will know the ins and outs of how to create a safe point of sale for your retail store.  We recommend a layered approach to security. Our definition of “layered security” would include: Firewall for all internet connections, system back-ups, run regularly and security cameras installed in high theft locations in the store.  In addition to having a security suite, ensuring the mobile POS device you use has data encryption, goes a long, long way to complying with  PCI Compliant regulations.

Summary
A thorough list of best practices is expected before year end. In the mean time, a straightforward paper (link below) gives some hands on advice for merchants including:

• Leveraging the benefits of the Council's recently published Point-to-Point Encryption (P2PE) standard and program
• Responsibilities under PCI DSS, and how to translate to mobile payments

Be sure to choose a mobile payment acceptance solution that complements the merchant's PCI DSS responsibilities.

PCI Security Standards Council - Accepting Mobile Payments with a Smartphone or Tablet

If the above link doesn't work, copy and paste this into your browers: https://www.pcisecuritystandards.org/documents/accepting_mobile_payments_with_a_smartphone_or_tablet.pdf

Shift4 Was Not Impacted by Global Payment Breach

Shift4 reports that they have not been affected by the
Global Payment breach.

A Shift4 representative notes that they surmise an
organization had access to some form of reporting
portal provided by Global Payments – perhaps one of
their ISO’s specializing in the car parking space
provided a path into a limited area of Globals
infrastructure.

It is also noted that unfortunately it takes some time for a
comprehensive report to hit the media leaving retailers to
speculate and at times causing undue alarm.

One Step Retail Solutions message to retailers is to:
a) Get educated and
b) Ensure that a layered approach is taken and that you
have all PCI compliancy points not only put into place but
updated and reviewed regularly.

http://onestepretail.com/Products/SecuritySuite/

"Massive" CC breach and How They Hack You

You may start getting questions about a very recent
"massive" CC security breach. Unfortunately, there are
currently little specifics as to who all will or has been
affected by this situation. We are and have been keeping
our finger on the pulse as the information comes in.

We have put together a short gathering of information
related to this that should shed some light on what
happened, what is being done about it and who has mostly
been affected.

Stay tuned for upcoming specifics and hopefully a list of
which processors have been affected. Please feel free to
reach out to your own processor as you see fit.

We will be sure to back any statement with factual data

and sources to avoid any continued or unncessary worry

or fear.
-

-

How to Tell if You Have Been Caught in the Fraud:

http://bit.ly/howtotellifyouarecaughtinthefraud

The part of the process that was breached was the step

between the merchant and the processor; the former

being a New York City taxi and parking garage company,

according to Gartner analyst Avivah Litan. Global

Payments apparently first identified the potential breach in

early March, and the problem had been undetected for

several months before that.
Therefore, the pool of victims is likely to be those who

used their debit or credit cards for transportation in the

New York metropolitan area earlier this year.
-

"Massive" credit card card breach:
http://cnnmon.ie/massivebreach

-

How Big is the Theft?

http://bit.ly/howbigisthetheft

"Most payment-card thefts, the Verizon study found, are

from small businesses, with only about 5 percent last year

from large organizations. More than three-quarters of the

breaches involved losses of fewer than 10,000 records. Just

seven breaches involved more than 1 million records each.”
-

Related article on "How They Hack You":

http://cnnmon.ie/howtheyhackyou

--

As retailers you should absolutely ensure your own end

is fully covered and secure.

In addition, stay in the know regarding imminent dangers

to yourselves and your clients.

http://onestepretail.com/Products/SecuritySuite/

What is Your Loss Prevention Strategy?

By Scott Kreisberg, CEO One Step Retail Solutions

When it comes to security and protecting your assets, you need a good strategy. You will know how good that strategy is when you try to balance the cash register at the end of the day; when you do your physical count; when you are faced with a computer crash; or when too many of your customers start having identity theft on their cards. Do you want to wait until then to find out that your protection was inadequate?

The most effective method to achieve security has always been a layered approach. In other words, instead of just relying on a single solution, you set up a number of protective layers and thus greatly reduce the chances of being a victim.
Airports are an example of a layered approach: there are visual inspection of ID's and tickets before you are allowed beyond a certain point, there are TSA agents observing via cameras, there are metal detection imaging devices that you must go through, and there are personnel at the ramp to the plane who check tickets and ID's again.

We at One Step Retail take a similar approach to protecting you and your business from both external and internal threats. After all, we have been around helping retailers for 25 years and we hear about disasters from unprotected retailers. Consequently, we want to ensure you do not experience the same thing.
What would happen if all the information stored in your computer were suddenly lost? Or you had a hacker or virus or Trojan attack? Could you recreate this information? If so, how much time would it take? How much would it cost? What about dishonest employees? Most importantly, would your business survive?

In today's economic climate, it is vital to protect your assets and one of the most important assets you have is your data. If you lost it, it could possibly close your store. That may be hard to believe, but look at these statistics from Comdisco Vulnerability Index Research Report:

• 82% of companies are not prepared to handle a computer system disaster
• 83% of corporate data recoveries from tape backup FAIL
• Only 6% of companies that suffer from a catastrophic data loss survive

In our own backyard, we've seen it happen. Two different clients thought they were backing up and protected, but then their computers crashed and they discovered otherwise. After a year of manually inputting all the missing data, one retailer still occasionally scans an item that should be in the system but isn't. Another client lost years of data and had to pay for expensive data recovery but not all of it was recoverable.

In the category of dishonest employees, one client after six months of periodic cycle counts being off, finally traced down the problem to an employee taking fictitious “returns” and giving refunds-to herself. Another client had an employee who, as their Systems Administrator, embezzled money from them for five years. Months of sales information in their computer records was missing and she said they had been lost. Where was the backup? This company went out of business two years later.

One Step has researched resources and partnered with experienced, honest vendors to bring you layers of security specific to your needs as a retailer.
With RetailSafe, you have a professional backup service that knows retail and their data backup needs, plus you as our client get a discount for their services.
With sonicWall you get not only an intelligent state-of-the art firewall protecting you from malware, you get PCI compliance integrated into the system protecting your business from another type of disaster. You can buy firewalls including sonicWall at Amazon but none of them will be PCI Compliant out of the box. You must be trained on how to properly configure the firewall in order to meet PCI compliancy. So, buying them from anywhere else would be an utter waste of money.

With Quadrox you have a Network Video Recording system that can, among other things, integrate with your POS. The POS is a primary location for employee theft or mistakes. For example, you could quickly access the time when an employee issued a return and refund (as noted on the POS) and see actually what happened on the video—no cycle counts for six months to discover the dishonest employee.
So, start getting these layers firmly in place. If you have some or all of them already, make sure:

• they are working,
• you are verifying on a regular basis that they are working
• they are adequate for your specific needs as a retailer
• you understand them and can use all of their features
• you not only can use their features, you are using them

Retail Crime of the Future - Served with a Drink and Chips

By Amy Hanson, One Step Retail Solutions

News broke late last year about a “retail crime of the future”. Dating back to at least 2008, a small group of Romanian hackers have allegedly stolen credit card information through the POS systems of hundreds of small American businesses, adding up to more than 3 million dollars in fraudulent charges. The investigation is still pending, but the most serious attack was targeted at Subway franchises with at least 150 of their locations reportedly compromised. The 4 suspects are in custody, per the most recent reports.

The method of attack appears to be targeting certain POS “holes” through an essentially wide-open back door; a Trojan virus was then installed to give them ongoing easy access. As per the PCI Security Standards Council, those who process credit and debt payments must have a two-factor authentication for remote access to a POS system. Not having this security measure in place is where these particular businesses and franchises appear to have gone wrong.

In this digital age it is vital that retailers protect their customers by being fully PCI compliant and establishing layered security measures. PCI goals include “Build and Maintain a Secure Network” and “Implement Strong Access Control Measures” with some of the exact PCI requirements reading as follows:

“1. Install and maintain a firewall configuration to protect cardholder data…'
“10. Track and monitor all access to network resources and cardholder data.”

Did you know that reports show 56% of U.S. small businesses have experienced data breaches and 33% of all data breaches were directed at businesses with 100 employees or fewer? “The Subway credit card hack is unfortunately news that may happen with greater frequency.” says a FindLaw article about the recent 2008 to May 2011 hacks.

We highly recommend a layered approach, including installing a Sonic Wall Firewall, which offers a powerful security platform. SonicWall provides integrated anti-virus and anti-spyware, which is being updated every 5 minutes, thus providing real-time protection against a wide array of threats.

When you buy a SonicWall from One Step Retail, we configure it to be fully PCI Compliant. You also get:
• A business class device
• 3G failover, so if your Internet ever goes down and you have a 3G wireless adapter attached to the firewall then your internet will stay up.
• Content control to prevent employees from wasting time on sites like, You Tube and Facebook, etc.
• You would also be able to provide free Wi-Fi to your shoppers and secure wireless zone for mobile applications and devices.
Deep packet inspection of the entire content of information coming into the business via the Internet instead of just header or title.

"I don't know if Subway had unpatched vulnerabilities on its POS systems or what. But whatever merchants have to do, yikes, please do it." - Lisa Vaas of Sophos, antivirus software developer.

There is more to know about Firewalls than you think: Get a free Security Consult:
http://onestepretail.com/Products/SecuritySuite/

Sources:
www.pcisecuritystandards.org
http://arstechnica.com/business/news/2011/12/how-hackers-gave-subway-a-30-million-lesson-in-point-of-sale-security.ars
http://www.tgdaily.com/security-features/60147-arrests-made-over-subway-hack