Equinox Optimum L4250 screen blank, dead terminal

Optimum L4250 hypercomIf you’re reading this, chances are your credit card terminals beeped and then suddenly stopped working. If your L4250 hasn’t yet, it will the next time you reboot it. The cause is a manufacturer expired security certificate. It doesn’t matter when you bought the unit because the 10 year certificate was issued in 2004 and expired in 2014.  The sudden mass extinction of thousands of terminals has left merchants scrambling for credit card terminals.

The only instant solution is to replace your terminal. In most cases, a super quick fix is to add a USB swiper. This will get you operational until you can obtain another solution. Units are available at most office supply stores. Because those retail store units do not have P2P encryption, it’s just a quick fix. (Merchants can only buy P2P encrypted units from authorized distributors that can inject the P2P key.)magtek credit card swiperEquinox has a Certificate Expiry help web page where you can request help. Those who have tried the support have reported varied help. On Krebs security, a commenter said 0 of 400 units were able to be updated remotely, but they were given option to mail in at their expense and Equinox would send out a new unit.  Since most merchants will want pin debit encryption, it’s not a simple matter of them dropping a new one into a box. You’ll have some down time waiting, especially with the high demand. Be sure to remove all cables and pen before shipping any unit you return.

The L4250 end of life was announced some time ago. Now is the time to Invest in new EMV terminals. If you’re able to resurrect the L4250’s in the coming weeks, keep them as back ups as long as they’re still PCI Compliant.

The comparable replacement signature capture terminal is the new Equinox L5200, which supports EMV and NFC. CenPOS merchants contact your relationship manager for pricing with overnight replacement and P2PE encryption.equinox signature capture device l5200If your terminal is permanently dead, consider recycling. It’s good for the environment and secure.

 

3D Merchant Services Powered by CenPOS
2633 NE 26th Ave Metro South FloridaFL33064 USA 
 • 954-942-0483

CenPOS Certifies Verified by Visa and MasterCard Secure Code

CenPOS logoCenPOS announces enhanced security with Verified By Visa and MasterCard Secure Code, helping e-commerce merchants mitigate fraud.

Miami, FL (PRWEB) December 15, 2014

CenPOS announced today that it has certified its payment-processing platform with Verified by Visa and MasterCard SecureCode on TSYS and EPX. This new feature enables e-commerce merchants utilizing the CenPOS platform to mitigate fraudulent chargebacks while providing their end customers with a secure e-commerce payment mechanism. Online shoppers will have the opportunity to authenticate themselves with their issuing banks at the time of purchase; thus, making the payment process experience more secure for all parties. Verified by Visa and MasterCard SecureCode significantly reduce the chargeback risk for merchants while reducing their interchange expense. The authentication data, together with an authorization approval, gives merchants a transaction that is guaranteed against the most common types of chargebacks-“cardholder not authorized” and “cardholder not recognized” chargebacks. Merchants can focus on the business of fulfilling orders rather than authorization concerns.

“We are expecting an increase in fraudulent purchases in the e-commerce space in the coming years in the United States as a result of the EMV migration and adoption. We have seen the re-manifestation fraud trends in other countries in card not present transactions with the global adoption of EMV; therefore, these certifications are a must for CenPOS,” commented Jorge Fernandez Co-Founder and Chairman of CenPOS. “We are always looking for new ways to differentiate ourselves while delivering differentiated value to our clients. Today, security and protection is a top priority of every business executive across the globe. At CenPOS, these priorities are at the forefront of all our business initiatives,” added Fernandez.

About CenPOS

CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. For additional information please call 877.630.7960.

###

Contact Christine Speedy, CenPOS reseller at 954-942-0483 for additional information.

You completed PCI Rapid Comply, what’s next?

irst Data pci rapid comply

Screenshot of PCI Rapid Comply by First Data home page

You’ve completed the online forms at PCI Rapid comply, what’s next? By now you already know that PCI is not a quarterly or annual event.

First, If you received notice of noncompliance, print the web page shown above and send to your merchant processor relationship manager to stop recurring non-compliance fees, if applicable.

Next, go to MY DOCUMENTS and download everything. These are starter documents to help you with compliance, but you’ll need to modify and add some information.

pci-rapidcomply-docsFor example, on the incident response form, you’ll need to add the responsible names and contact information.

The security policy should be reviewed and disseminated to all employees that touch payments, and are involved in network security. I recommend HR manage the confirmed receipt as part of employee performance reviews. You may want to create a test to validate employee understanding, and record the date and time of completion to prove compliance.

  • The Risk Management Guide has a number of blanks to fill in. If you have retail transactions, you’ll need to create a monitoring and inspection program, which includes serial numbers and locations of all equipment.
  • Enter network administrator and payment administration on the access control guide. If you’re a CenPOS user, most of this requirement is managed with CenPOS Roles & user management.
  • Maintaining and monitoring your program is a critical component of PCI 3.0. If you don’t currently have a compliance officer, create accountability by assigning someone to ensure monitoring is completed on schedule.

About PCI Rapid Comply: PCI Rapid Comply is a First Data service available to all their merchants. First Data merchants can use this or a third party service of their choice.

About 3D Merchant Services author Christine Speedy: Offers payment gateway and cloud solutions to reduce scope and PCI Compliance burden. No new merchant account is required, however merchant services are available upon request. PCI Rapid Comply is available to merchant clients on select processor platforms, at no additional fee.

 

PCI SECURITY STANDARDS COUNCIL PUBLISHES SECURITY AWARENESS GUIDANCE

pci security awareness guideOctober 30, 2014. In order for an organization to comply with PCI DSS Requirement 12.6, a formal security awareness program must be in place. There are many aspects to consider when meeting this requirement to develop or revitalize such a program. The best practices included in this information supplement are intended to be a starting point for organizations without a program in place,or as a minimum benchmark for those with existing programs that require revisions. Best Practices for Implementing Security Awareness Program v1.0, 25 pg PDF recommended for IT and PCI compliance leaders.

One of the biggest risks to an organization’s information security is often not a weakness in the technology control environment. Rather it is the action or inaction by employees and other personnel that can lead to security incidents.

The free guidance will help merchants establish security standards in their business.

 

PCI DSS version 3.0 : January 2015 Deadline Looms

PCI DSS 3.0 deadline

Merchants who submit annual SAQ’s can continue to validate compliance with 2.0 SAQs until January 1, 2015. If merchants annual validation occurs in December,they’re not mandated to validate with version 3.0 until December 2015.

Are you ready?  Every merchant is impacted by the update, which are considerable. The PCI DSS Quick Reference Guide is 40 pages so there will be no attempt to duplicate it here. Here’s some issues merchants mostly likely need to address:

  1. Maintain an inventory of system components that are in scope for PCI DSS and also further, protect devices from tampering. Merchants have to identify all software, hardware, networks, what it’s used for, why it’s needed. This is a difficult task for larger retail operations where equipment is regularly moved and replaced. To comply, there must be a plan to regularly inspect equipment with serial number verification.
  2. Ensure that related security policies and operational procedures are documented, in use, and known to all affected parties. Even if in place, rarely is the case where every employee is fully informed. Adding a component to HR employee reviews is the simplest way to initiate a system.
  3. Render PAN unreadable anywhere it is stored- the card number must be unreadable per 3.4.
  4. The CAV2/CVC2/CVV2/CID can never ever be stored. OK, this one is old, but it’s still abused so it’s being repeated again. It’s NOT OK to store if ‘for a while’.
  5. Control physical access for on-site personnel; access authorized and based on individual job function and revoked immediately upon termination.The vast majority of companies have little control over employee access by job function. Their equipment or software simply has too many limitations. Merchants need to micro manage what employees can do, and document each employees interaction ( who processed what transaction etc.)
Goals of the PCI Data Security Standard
  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy
PCI: IS AN ongoing 3-step process
  • Assess – identifying cardholder data, taking an inventory of your IT assets and business processes for payment card processing, and analyzing them for vulnerabilities.
  • Remediate – fixing vulnerabilities and not storing cardholder data unless you need it.
  • Report – compiling and submitting required reports to the acquiring bank and card brands you do business with.

CenPOS Certifies to Caribbean Credit Card Corporation

logo cenpos Miami, FL (PRWEB) October 27, 2014

Today, CenPOS proudly announces a new certification to Caribbean Credit Card Corporation. The certification includes card present, card not present, e-commerce, and mobile processing. Merchants residing in countries where Caribbean Credit Card Corporation has a processing relationship with local banks are now able to take advantage of the CenPOS suite of products and services, including but not limited to: Mobile processing, Electronic Bill Presentment and Payment, integrated shopping carts, Point-to-Point encryption and tokenization. Cross border merchants are now able to easily manage their business payment needs through one single payment platform. CenPOS provides businesses across the globe with an omni-channel payment platform allowing the business communities to better engage their clients and allowing them to pay from anywhere, anytime and however they want to pay.

“We are very excited with this new certification as it bring us closer to our quest to provide our clients with global processing solutions with a world class platform,” said German Gonzalez, Chief Technology Officer and Co-Founder of CenPOS. “CenPOS will continue to add new certifications that are strategic and complimentary to our current product offering, but more importantly, certifications that are required by our valued clients,” added Gonzalez.

CenPOS is now able to provide core payment processing services in the following Caribbean countries:

Anguilla, Saint Kitts and Nevis, Antigua and Barbuda, Saint Lucia, Saint Vincent , Guyana, Barbados, Dominica, Grenada, Suriname, and Montserrat

About CenPOS

CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. For additional information please call 877.630.7960.

###

3D Merchant Services is an authorized CenPOS Reseller, Global Sales (954) 942-0483.