Emerald Business Systems Blog


PCI compliance is essential and why you have to comply

Posted in PCI by ebs4pos on November 30, 2009

During this down turn economy organized cyber crime is a booming underground business these days. Most of the security expert and FBI agree that cybercrimes are on the rise and pose a biggest threat to US vital infrastructure. Cybercriminals are thieves in cyberspace who will swipe the sensitive data and sell to other criminals in their community, who might turn around and ask for ransom to keep the data private or perhaps resell to the highest bidder again in the black market. The risk of getting caught is minimized by legal jurisdiction and neglected by huge monetary gains. Motivated by potential gains, cybercriminals are determined to exploit the vulnerabilities of the target rich environment. Another issue to this problem is that our personal and private information has potential to be exploited at various locations such as banks, credit card companies, credit debit card processor, credit report companies and merchants etc…

Level 1, 2 and 3 merchants usually follow security best practice, allocate enough resources and try to maintain PCI compliance. On the other hand level 4 merchant are usually not compliant and have security vulnerabilities which are easy picking for cybercriminals, which is a primary reason why more security breaches happens to level 4 merchants. PCI was apparently created to safeguard the credit card and debit card data. PCI DSS standard are managed by PCI Security Standard Council.

via PCI compliance is essential and why you have to | DISC InfoSec blog.

Advertisements

“Best Damn Web Marketing Checklist, Period!” – Holy Kaw!

Posted in Online Business,Social Media Marketing by ebs4pos on November 30, 2009

Stoney deGeyter compiled the “Best Damn Web Marketing Checklist, Period!” It contains 400 items in over twenty-three topics including domain names, site design, navigation, links, and buttons. The posting is from 2008, so it doesn’t include anything on Twitter, but it’s great nonetheless.

via “Best Damn Web Marketing Checklist, Period!” – Holy Kaw!.

Restaurants file lawsuit against payment terminal vendor after identity theft

Posted in PCI,Restaurant by ebs4pos on November 30, 2009

Lack of PCI DSS compliance proves troublesome.

A group of US restaurants have filed a class action lawsuit against a point of sale vendor after customers had their identities stolen by using uncompliant terminals.

According to a report on Finextra, seven restaurants in Louisiana and Mississippi are seeking millions of dollars in damages from vendor Radiant and its distributor Computer World after hundreds of their customers had their identities stolen as a result of payments terminals that were not PCI DSS compliant.

One of the attorneys acting as a legal advisor to the restaurants in the lawsuit, Charles Hoff, said in a statement that a special investigation by the United States Secret Service found that Computer World, the exclusive area distributor of Radiant Systems' ‘Aloha' POS software, violated PCI DSS provisions.

Hoff said: “When major players in the hospitality industry such as Radiant Systems and its distributors say their software and business practices are PCI-DSS compliant, our clients trust them.

“When those claims of compliance and proper security practices turn out to be false, the restaurants are left to suffer huge financial losses due to financial penalties imposed by the credit card companies. Their reputations are tarnished. We're determined not to let Radiant and Computer World simply walk away from their responsibilities.”

The plaintiffs said that they were sold earlier model POS systems despite being told they were new. In addition, Computer World is accused of violating PCI standards by using a remote access system that did not have adequate security patches, using the same password for at least 200 operators, and failing to remove prior sensitive customer credit data upon installation of Radiant POS systems.

As a result, the lawsuit's plaintiffs are alleging that Radiant Systems' negligence and failure to either instruct or monitor Computer World's actions led to systems being compromised, leaving customers vulnerable to identity theft and fraud.

The suit also claimed that and Computer World were warned by Visa in 2007 that their programs were non-compliant, although the restaurants were not aware of this when they signed for the Aloha system.

It is seeking compensation to repay the penalties levied by the credit card companies and costs to track down and repair the POS system problems.

via Restaurants file lawsuit against payment terminal vendor after identity theft > Identity > Breaches & Exposures > News > SC Magazine Australia/NZ.

XBRL: Accounting Geeks Get Radical

Posted in General Business by ebs4pos on November 29, 2009

It is not often that something as deeply geeky as XBRL gets onto the front page of Wired magazine. Daniel Roth's superb article about radical transparency raised the profile of those four letters. What could be more boring than an XML standard for accountants that has been around for a decade? On the other hand, what could be more exciting than something that might disrupt and recreate the deeply broken global financial system? I spent two days at the XBRL US National Conference in New York to find out the reality, which is somewhere in between.

The Ultra-Fast XBRL 101

For XBRL newbies, here are a few key facts and some links for further research:

* XBRL stands for eXtensible Business Reporting Language.

* It is an open standard based on XML, created by an accountant named Charlie Hoffman. Read some quick facts here.

* If you tag something consistently, software applications can more easily analyze the data and present more useful information. Yes, that sounds like the semantic Web, and we all know that has faced the chicken-and-egg problem (i.e. not enough content is semantically tagged yet). But imagine a semantic Web standard for which governments around the world tell companies that they have to tag data that way.

* XBRL gained attention in the US when the SEC mandated that public companies report their financial results in XBRL (starting with companies that have a market cap over $5 billion). That has been going on for two quarters now, so all parties are getting real-world experience with XBRL.

* But XBRL traction is greater in other countries, especially Japan, Australia and Holland, where it is being used to standardize and simplify reporting to government regulators. In the UK, companies report to the taxman using XBRL.

The Twitter hash tag is – you guessed it – #xbrl.

via XBRL: Accounting Geeks Get Radical – ReadWriteEnterprise.

Busting 20 Customer Service Myths: Review of BAM | Small Business Trends

Posted in General Business by ebs4pos on November 28, 2009

“BAM: Delivering Customer Service in a Self-Service World” is the new book by Barry Moltz and Mary Jane Grinstead.

“BAM” stands for “bust a myth.” The book debunks 20 myths about customer service:

BAM! debunks the twenty common myths of of customer service — from “The customer is always right” to “Customer service means the same thing to everyone” to “Companies achieve customer service by under-promising and over-delivering.” Customer service myths run the customer policies of many companies without anyone even questioning them. Unfortunately, this ensures that customer service will only be a “bolt-on” and not a part of the DNA of that company. Inside the DNA of most companies is where customer service needs to be in order to retain profitability.

This introduction grabbed me instantly! If you’re like me, you’ve heard those customer service truisms… forever. Few of us bother to question them anymore.

But this book does question them.

via Busting 20 Customer Service Myths: Review of BAM | Small Business Trends.

Pub fined $13k for Wi-Fi copyright infringement | Security – CNET News

Posted in Bars and Taverns,General Business,Security by ebs4pos on November 28, 2009

A pub owner in the U.K. has been fined £8,000 (about $13,183) because someone unlawfully downloaded copyrighted material over its open Wi-Fi hotspot, according to the managing director of hotspot provider The Cloud.

Graham Cove told CNET sister site ZDNet UK on Friday he believes the case to be the first of its kind in the U.K. However, he would not identify the pub concerned, because its owner–a pub that is a client of The Cloud's–had not yet given their permission for the case to be publicized.

Cove would say only that the fine had been levied in a civil case, brought about by a rights holder, “sometime this summer.” The Cloud's pubco clients include Fullers, Greene King, Marsdens, Scottish & Newcastle, Mitchell & Butlers, and Punch Taverns.

The law surrounding open Wi-Fi networks and the liability of those running them is a grey area…

via Pub fined $13k for Wi-Fi copyright infringement | Security – CNET News.

Recession could cause employees to steal data to help themselves or others

Posted in General Business,PCI,Security by ebs4pos on November 28, 2009

A third of workers would steal data to help a friend get a job while 13 per cent would take access and password codes if they were fired.

According to the ‘the global recession and its effect on work ethics' survey by Cyber-Ark, 48 per cent of respondents admitted that they would take company information with them if they were fired tomorrow.

Of the respondents, 39 per cent would download company/competitive information if they found that their job was at risk and a quarter said that the recession has meant that they feel less loyal towards their employer. Also, 13 per cent would take access and password codes to allow access to the network once they've left the company and continue downloading information and accessing whatever they want or need.

Cyber-Ark claimed that the recession is creating camaraderie amongst workforces, at the expense of their employers as 41 per cent confessed to have already taken sensitive data with them to their new position, whilst a third would pass on company information if it proved useful in getting friends or family a job.

The most desired information was customer and contact details for 29 per cent of respondents, then 18 per cent said that they would steal plans and proposals. Eleven per cent would take product information.

Mark Fullbrook, UK director of Cyber-Ark, said: “While we are seeing glimmers of hope in the UK and US economy, clearly employee confidence has been rocked. While there is no excuse for employees who are willing to compromise their ethics to save their job, much of the responsibility for protecting sensitive proprietary data is the responsibility of the employer.

“Organisations must be willing to make improvements to how they monitor and control access to databases, networks and systems, even by those privileged users who have legitimate rights.”

via Recession could cause employees to steal data to help themselves or others – SC Magazine UK.

Restaurants file lawsuit against payment terminal vendor after customers have identities stolen

Posted in PCI,POS,Restaurant by ebs4pos on November 28, 2009

A group of US restaurants have filed a class action lawsuit against a point of sale vendor after customers had their identities stolen after using uncompliant terminals.According to a report on Finextra, seven restaurants in Louisiana and Mississippi are seeking millions of dollars in damages from vendor Radiant and its distributor Computer World after hundreds of their customers had their identities stolen as a result of payments terminals that were not PCI DSS compliant.One of the attorneys acting as a legal advisor to the restaurants in the lawsuit, Charles Hoff, said in a statement that a special investigation by the United States Secret Service found that Computer World, the exclusive area distributor of Radiant Systems' ‘Aloha' POS software violated PCI DSS provisions.Hoff said: “When major players in the hospitality industry such as Radiant Systems and its distributors say their software and business practices are PCI-DSS compliant, our clients trust them.“When those claims of compliance and proper security practices turn out to be false, the restaurants are left to suffer huge financial losses due to financial penalties imposed by the credit card companies. Their reputations are tarnished. We're determined not to let Radiant and Computer World simply walk away from their responsibilities.”

via Restaurants file lawsuit against payment terminal vendor after customers have identities stolen – SC Magazine UK.

The CEO with the public cellphone number

Posted in General Business,POS by ebs4pos on November 18, 2009

A.L. “Tom” Giannopoulos is the CEO of MICROS Systems Inc., based in Columbia. The company has worldwide operations, with 4,700+ employees, and is a leader in the point-of-sale terminal hardware and software business.There’s a good chance that if you’ve stayed in a hotel or eaten at a restaurant, your reservation or food order was completed with the help of a MICROS system working in the background.It’s a company that’s had steady growth in revenues and profits since the early 1990s, and now sits on $525 million in cash reserves.So, in short: Giannopoulos and his people are working hard. Which is why I was recently surprised to see Giannopoulos’s work phone number, cell phone number and email address at the bottom of the homepage of MICROS’s Website.

via BaltTech: The CEO with the public cellphone number – Gus Sentementes covers digital tech and innovation in Baltimore and beyond – baltimoresun.com.

Small Business Trends

Posted in General Business by ebs4pos on November 17, 2009

The National Federation of Independent Business (NFIB) has released its November Small Business Economic Trends report. When polled, small businesses believe conditions are getting a little better — but just a little.

The problem, the report suggests, is that small businesses need customers and sales more than anything. When they get more customers and/or those customers buy more, small businesses in turn will be able to make capital purchases and do more hiring. But until customers loosen the purse strings, conditions for small businesses will remain challenging.

via Small Business Economic Trends Report | Small Business Trends.

Next Page »