Cyber Criminals Shifting to Smaller, More Opportunistic Attacks; External Attacks, Especially Hacking, on Rise

April 19, 2011

NEW YORK – Data loss through cyber attacks decreased sharply in 2010, but the total number of breaches was higher than ever, according to the “Verizon 2011 Data Breach Investigations Report.” These findings continue to demonstrate that businesses and consumers must remain vigilant in implementing and maintaining security practices.

The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report’s launch in 2008. Yet this year’s report covers approximately 760 data breaches, the largest caseload to date.

According to the report, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals. They are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organizations. For example, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action.

The report also found that outsiders are responsible for 92 percent of breaches, a significant increase from the 2010 findings. Although the percentage of insider attacks decreased significantly over the previous year (16 percent versus 49 percent), this is largely due to the huge increase in smaller external attacks. As a result, the total number of insider attacks actually remained relatively constant.

Hacking (50 percent) and malware (49 percent) were the most prominent types of attack, with many of those attacks involving weak or stolen credentials and passwords. For the first time, physical attacks — such as compromising ATMs –appeared as one of the three most common ways to steal information, and constituted 29 percent of all cases investigated.

For the second year in a row, the U.S. Secret Service collaborated with Verizon in preparing the report. In addition, the National High Tech Crime Unit of the Netherlands Policy Agency (KLPD) joined the team this year, allowing Verizon to provide more insight into cases originating in Europe. Approximately one-third of Verizon’s cases originated in either Europe or the Asia-Pacific region, reflecting the global nature of data breaches.

“Through our Data Breach Investigations Report series, Verizon continues to provide the industry with a first-hand look at cybercrime around the globe,” said Peter Tippett, Verizon’s vice president of security and industry solutions. “This year, we witnessed highly automated and prolific external attacks, low and slow attacks, intricate internal fraud rings, countrywide device-tampering schemes, cunning social engineering plots and more. And yet, at the end of day, we found once again that the vast majority of breaches can be avoided without extremely difficult, expensive security measures.”

Tippett added: “It is important to remember that data breaches can happen to any business — regardless of size or industry — or consumer, at any place in the world. A good offense remains the best defense. It is imperative to implement essential security measures broadly throughout your security infrastructure, whether that is a small home setup or an expansive enterprise infrastructure.”

U.S. Secret Service Assistant Director A.T. Smith said, “Americans over the past several years have seen the significant impacts data breaches are having on our nation’s financial infrastructure. Today cyber criminals are operating in nearly every civilized nation in the world, exposing Americans’ personal information, either stored or transmitted, to substantial risk.”

Smith added, “By participating in the Verizon 2011 Data Breach Investigations Report, the Secret Service is working closely with our private-sector partners to educate Americans about the threats of cyber criminals. With the help of our Electronic Crimes Task Force partners, such as Verizon, we are studying technologies and trends to prevent and mitigate attacks against critical financial infrastructure.”

The Data Breach Investigation Report (DBIR) series now spans seven years and more than 1,700 breaches involving more than 900 million compromised records, making it the most comprehensive study of its kind.

(NOTE: Additional resources supporting the 2011 Data Breach Investigations Report are available, including high-resolution charts and an audio podcast. B-roll available upon request.)

Key Findings of the 2011 Report

Data from the 2011 report shows that:

• Large-scale breaches dropped dramatically while small attacks increased. The report notes there are several possible reasons for this trend, including the fact that small to medium-sized businesses represent prime attack targets for many hackers, who favor highly automated, repeatable attacks against these more vulnerable targets, possibly because criminals are opting to play it safe in light of recent arrests and prosecutions of high-profile hackers.
• Outsiders are responsible for most data breaches. Ninety-two percent of data breaches were caused by external sources. Contrary to the malicious-employee stereotype, insiders were responsible for only 16 percent of attacks. Partner-related attacks continued to decline, and business partners accounted for less than 1 percent of breaches.
• Physical attacks are on the rise. After doubling as a percentage of all breaches in 2009, attacks involving physical actions doubled again in 2010, and included manipulating common credit-card devices such as ATMs, gas pumps and point-of-sale terminals. The data indicates that organized crime groups are responsible for most of these card-skimming schemes.
• Hacking and malware is the most popular attack method. Malware was a factor in about half of the 2010 caseload and was responsible for almost 80 percent of lost data. The most common kinds of malware found in the caseload were those involving sending data to an external entity, opening backdoors, and keylogger functionalities.
• Stolen passwords and credentials are out of control. Ineffective, weak or stolen credentials continue to wreak havoc on enterprise security. Failure to change default credentials remains an issue, particularly in the financial services, retail and hospitality industries.

Recommendations for Enterprises

The 2011 report found again that the prescription for data breaches is to use simple, essential security practices such as:

• Focus on essential controls. Many enterprises make the mistake of pursuing exceptionally high security in certain areas while almost completely neglecting others. Businesses are much better protected if they implement essential controls across the entire organization without exception.
• Eliminate unnecessary data. If you do not need it, do not keep it. For data that must be kept, identify, monitor and securely store it.
• Secure remote access services. Restrict these services to specific IP addresses and networks, minimizing public access to them. Also, ensure that your enterprise is limiting access to sensitive information within the network.
• Audit user accounts and monitor users with privileged identity. The best approach is to trust users but monitor them through pre-employment screening, limiting user privileges and using separation of duties. Managers should provide direction, as well as supervise employees to ensure they are following security policies and procedures.
• Monitor and mine event logs. Focus on the obvious issues that logs pick up, not the minutia. Reducing the compromise-to-discovery timeframe from weeks and months to days can pay huge dividends.
• Be aware of physical security assets. Pay close attention to payment card input devices, such as ATMs and gas pumps, for tampering and manipulation.

A complete copy of the “Data Breach Investigations Report” is available for download.

About Verizon
Verizon Communications Inc. (NYSE, NASDAQ:VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to mass market, business, government and wholesale customers. Verizon Wireless operates America’s most reliable wireless network, serving 94.1 million customers nationwide. Verizon also provides converged communications, information and entertainment services over America’s most advanced fiber-optic network, and delivers innovative, seamless business solutions to customers around the world. A Dow 30 company, Verizon employs a diverse workforce of more than 194,000 and last year generated consolidated revenues of $106.6 billion. For more information, visit www.verizon.com.

Can I store encrypted credit card data and bill different amounts to a customer?  Yes, and this video demo of our most advanced virtual terminal shows you exactly how. This is a universal PCI Compliant virtual terminal, meaning it’s compatible with all major credit card processors.

Almost any virtual terminal solution can securely store card data for recurring billing, where the card is charged the same amount each time, but none of the most popular virtual terminals offers a secure token solution to charge a variable amount.  Chase Paymentechs’ Orbital ®Gateway, Authorize.net ®, and PC Charge® all offer recurring billing, but do not offer variable amount billing for their standard gateway. If there is a custom option, I’m not aware of it.

Chase Paymentech Orbital, Authorize.net, PC Charge are all gateways. Our solution is a SWITCH, and also  a gateway. What’s the difference? A gateway passes data over the internet to facilitate an electronic transaction. A switch identifies the data,  makes logical decisions, and then routes the data based upon pre-defined parameters. For example, a gateway passes card data from the point of collection to the payment processor. Our switch can identify the card issuing bank, determine what’s needed to qualify the transaction for the lowest cost interchange, and then pass the data needed to meet that requirement. This is just one example of what switch technology can do.

This article on Virtual Terminal Solutions addresses credit card processing in a law firm or individual attorney practice. How can improve security, prevent fraud, improve PCI Compliance, and reduce time to collect payments from repeat clients?

Virtual terminals are accessed via a secure web page enabling merchants to key enter credit card or other payment information. I recently helped someone hire a specialized attorney. There was no need to meet the attorney in person, and as it turns out, the specialist wasn’t local anyway. Read this article and see if you find any similarities with your own legal practice.

SCENARIO:  Collecting payment with customer not present.
A prospective client contacts an attorney regarding a legal matter for a third party. The individual desires to pay the legal bills for the party needing the services. After a brief discussion, the attorney sends a questionnaire to be filled out. After reviewing the information, a conference call is to be scheduled. There is an initial consultation fee for research, review and conference call. If the client desires to move forward, additional payment(s) will apply.

The party paying the bill requested to supply credit card information immediately to avoid any future delays as the process moved forward.  The ‘regular staff’ wasn’t in due to the holidays and an assistant took the credit card information over the phone, including CVV security code, writing it down on paper.  The firm will charge the card on the conference call date. I know the assistant doesn’t normally handle this function, but how often does this scenario happen in your law firm?

AVOID HIGH RISK

Collecting and writing down CVV information is a risky practice, and is generally not acceptable for most PCI Compliance situations. Creating a policy for Storage of Credit Card Details both on and off your premises is an essential element of PCI Compliance. Your company should have a clear written policy and all employees with access to sensitive information should have at least an abbreviated version of the written policy and have had training.

See related article, “Should you require CVV or AVS for phone orders?”.

How can a virtual terminal improve data security?

The key to selecting the best virtual terminal for a law firm is understanding the entire process for how payments are made, knowing the differences in virtual terminals available, and understanding the steps to PCI Compliance.

CRITERIA FOR SELECTING CREDIT CARD PROCESSING VIRTUAL TERMINAL SOLUTION FOR A LAW FIRM

1. Must enable multiple users, each with their own login. This is so you can track who makes every transaction. (Risk Management)
2. Uniquely control user privileges- who can enter “sale”, “void”, “refund”. Each of these should be uniquely configurable. Most systems provide ALL privileges to all users, but to reduce risk, you shouldn’t provide refund capabilities to someone who is not normally involved in the billing process, as in the scenario above.
3. Token billing for variable amounts- if you want to re-bill a customer over and over again, require tokenization. There are two unique types of token billing. One is to charge a variable amount on demand; the other is to charge multiple payments of the same amount at specific intervals, also known as installment payments. The card data is key entered via a secure web page one time only. Most solutions have an installment option, but very few have a solution for variable amount, on-demand payments.

BONUS CRITERIA- these features are not required, but there are strong reasons to put them on your list.

1. Client/contract management. With this solution, the merchant can set up multiple contracts for the same client ID, and assign different billing periods, amounts etc.; enter the card data one time only. Each contract is given a unique token.
2. Least cost routing. This technology will automatically require AND pass all data elements needed to qualify for the lowest cost interchange for any given card type, on to your processor. Human error and specific technical knowledge are eliminated from the process. This feature can reduce costly downgrades; for example up to .70% extra on corporate credit cards. What’s unique about this?

• Not all virtual terminals collect the information needed.
• Not all virtual terminals REQUIRE the information needed so it’s easy to bypass.
• Not all virtual terminals pass on the data to the processor even if it’s collected; the merchant has no way of knowing what’s needed or what is passed on.
• Users are typically in control, rather than intelligent software.
• Most virtual terminals are simply gateways. There are input fields and data is passed forward. Our professional services virtual terminal solution is not just a gateway. It’s an intelligent switch that recognizes the card type and determines what is the least costly way to submit the transaction for processing. Then it collects and passes the necessary data.

3D MERCHANT SOLUTION- All of the above plus, these additional law firm friendly features:

Would you like data interaction between your credit card processing and your legal software? Via API or CSV Export, you can update your legal software application. You CANNOT export or see card data ever, but you can use last 4 digits, name, card type and other fields.

Executive Reporting: Who’s billing the most?  Eliminate wasted time creating reports and totaling data. Via the executive dashboard, you can see billing in real time, with up to 7 years data to pull from. Organize your reporting preferences by division, region, and or attorney.

See related article best virtual terminal for card not present for comparison.

FAQ for 3D Merchant recommended virtual terminal

How much does the virtual terminal cost?

The virtual terminal is very affordable. Pricing is based on volume, either dollars or transactions. Depending on your credit card processing fees now, it may even be net neutral. For a firm proposal, please submit at least 2 months merchant statements for review. (You can keep your processor or change, no difference in price.)

Are there computer requirements? High speed internet and updated browser with flash plugin. PC or MAC compatible.

How easy is it to use? After logging in and changing the temporary password, most users will figure out everything they need to know in about 5-10 minutes. There are dozens of short 15-30 second HELP video clips for instant answers.

What is the implementation time? Contract approval to account set up is usually 2-5 business days. If you’re switching processors, we’ll have everything ready for you to start accepting payments immediately. Just add users in a matter of minutes and you’re ready to go. You can even batch upload existing client data.

If you’re not switching processors, we’ll provide you with a form for your processor to complete so we can link to your existing merchant account.

Read the latest merchant news bulletin in 3D Merchant Services newsletter. Highlights include Red Flags Rule, American Express critical fee change, and Re-bill customers using tokens to prevent identity theft. Plus What’s your risk for a financil data breach?

3D Merchant Services newsletter (PDF download)

Token Billing enables a merchant to store encrypted card data and then charge the card again at a later date. Unlike recurring billing, merchants can charge a VARIABLE AMOUNT to the same credit card. Tokenization is the process of collecting, storing, and rebilling encrypted credit card data. Our PCI Compliant solution enables you to control spiraling credit card fees, reduce fraud risk, and see real time cash flow reports.

B2B companies often need this service. Their customers sign faxed forms authorizing the merchant to bill their card on an ongoing basis. Lawyers, accountants, staffing and service companies with auto fleets are all examples of companies who can benefit.

TOP REASONS TO USE OUR TOKEN BILLING SOLUTION

• Enter customer profile data one time only, then simply enter the token ID and amount to charge for subsequent transactions. Save TONS of billing time.
• Unlimited customers – pay only when you charge a customer, plus a minimum monthly fee.

• Host based solution. No software to download.
• Always up to date with the latest parameters for interchange qualification (the wholesale cost of credit card processing).
• Least cost routing will identify the lowest cost method to process a transaction and pass all data needed to qualify for it. This is NOT just providing the standard level II data that 99% of other service providers deliver.
• Compatible with all major payment processors.
• PCI Compliant. No credit data is ever stored at your facility.

Certain industries may also be eligible for pinless debit. This enables merchants to qualify for pin-debit interchange rates, even though the customer is not present to enter their pin number. Given the closing gap on the merchant value of pin debit vs signature debit, our solution will route your transaction based on cost and risk factors that you choose.

Read more about token billing.

Most medical billing solutions address HIPPA, but what about secure payments?  Our medical billing solution enables you to securely collect current payments and outstanding bills after insurance claims are completed. Additionally, there are many built in merchant controlled settings to help reduce and eliminate both internal and external fraud.

MEDICAL BILLING SOLUTIONS

Tired of getting paid weeks and months after services are rendered?

Do you have patients paying a co-pay on the visit, then after you’re paid by the insurance company, the patient ends up having a balance due?

How long on average does it take you to collect that balance? Are you paying a medical billing company to collect it for you?

Do you have patients that are billed the same amount every month?

Do you offer a payment plan in some situations?

SOLUTION: TOKEN ACCOUNTS.

1. Merchant accesses a secure payment processing platform and creates a TOKEN to enable rebilling the patient or to set up recurring billing. Card data is never stored at the merchant location and the token links only to remotely hosted encrypted data. To re-bill, the merchant enters the patient name, transaction amount, and the TOKEN ID.
2. Patients agree to have their card charged, usually up to a specified amount, at the time of the original transaction. Merchants can print a receipt, or have an email automatically sent with the receipt.

BENEFITS:

1. Improve cash flow.
2. Reduce or eliminate collections.
3. Simplify the billing process- reduce workload.
4. PCI Compliant- secure solution eliminates exposed card data.
5. Reduce opportunities for internal fraud by eliminating receiving card data within mailed billing responses.
6. Managed payment processing costs- eliminates costly human errors that result in interchange qualification downgrades.

FEATURES:

1. Optional Signature Capture stores patient opt-in agreement electronically indefinitely.
2. Access secure web page from any computer.
3. User control for all functions and reporting. You decide who can perform what type of transaction. Enable off site billing or accounting to access reporting.
4. Optional industry template to capture insurance policy number, account number etc. Export reports on demand.
5. Real- time cash flow. Enables management to see  multiple locations at a glance.
6. Multiple merchant accounts- Use the same system for multiple doctors within a location.
7. Minimal set- up. No major upfront investment.
8. Optional pay page- simple code you can add to your web site so patients can pay a bill.

SALES CONTACT: Christine Speedy 954-942-0483

SCREEN SHOTS

Figure 1. The customer is present and you swipe the card. The card number, expiration and name on card are automatically recognized, as with any swipe device. Confidential information will be x’d out and will not appear on the screen.  Enter the  sale amount, as usual.

Notes: Other required or optional fields are determined by the merchant prior at account set-up.  The merchant determines data capture preferences balancing speed at the cashier, information needs, and risk.  In all the figures shown, invoice is mandatory, but that is strictly a merchant decision.

FIGURE 2.  When the customer is not present, different data needs to be captured for risk and interchange qualification  ( how much a transaction costs the merchant) concerns. i

FIGURE 3. If the merchant wants to bill the same customer again, the repeat sale button is selected. Information is collected for both the initial sale and future sales. A token is automatically generated, or the merchant can specify one. We recommend you collect the email address so that you can send automatic receipts for future billing. (You can also ask the customer to opt-in or opt-out to marketing via email.)

FIGURE 4.  When you’re ready to go back and bill the patient, enter the TOKEN ID along with the amount to charge.

If you captured an email previously and set up automatic receipts, an email is automatically generated and sent. Email set up can be programmed with your own FROM and SUBJECT.

The benefits I’ve discussed are just the tip of the iceberg. This technology is leaps ahead of anything else on the market, including ease of use. Your staff can complete a repeat sale with less than 5 minutes of training. Setting up recurring billing, where the same amount is billed multiple times, is not shown here and is just as easy.

Protect your patient data. Protect your business from internal fraud. Improve your cash flow. Look at functional graphical reports that let you see and compare cash flow from multiple operations in minutes.

Questions? Need a demo? Call Christine at 954-942-0483.

Most medical and dental billing solutions address HIPPA, but what about secure payments?  Our dental billing solution enables you to securely collect current payments and outstanding bills after insurance claims are completed. Collecting payments in a secure manner is equally important to HIPPA. Most staff at medical practices don’t even know what PCI DSS is, even after having 6 years to comply.

DENTAL BILLING SOLUTIONS

Tired of getting paid weeks and months after services are rendered?

Do you have patients paying a co-pay on the visit, then after you’re paid by the insurance company, the patient ends up having a balance due?

How long on average does it take you to collect that balance? Are you paying a medical billing company to collect it for you?

Do you have orthodontia patients that are billed the same amount every month?

Do you offer a payment plan in some situations?

SOLUTION: TOKEN ACCOUNTS.

1. Merchant accesses a secure payment processing platform and creates a TOKEN to enable rebilling the patient or to set up recurring billing. Card data is never stored at the merchant location and the token links only to remotely hosted encrypted data. To re-bill, the merchant enters the patient name, transaction amount, and the TOKEN ID.
2. Patients agree to have their card charged, usually up to a specified amount, at the time of the original transaction. Merchants can print a receipt, or have an email automatically sent with the receipt.

BENEFITS:

1. Improve cash flow.
2. Reduce or eliminate collections.
3. Simplify the billing process- reduce workload.
4. PCI Compliant- secure solution eliminates exposed card data.
5. Reduce opportunities for internal fraud by eliminating receiving card data within mailed billing responses.
6. Managed payment processing costs- eliminates costly human errors that result in interchange qualification downgrades.

FEATURES:

1. Optional Signature Capture stores patient opt-in agreement electronically indefinitely.
2. Access secure web page from any computer.
3. User control for all functions and reporting. You decide who can perform what type of transaction. Enable off site billing or accounting to access reporting.
4. Optional industry template to capture insurance policy number, account number etc. Export reports on demand.
5. Real- time cash flow. Enables management to see  multiple locations at a glance.
6. Multiple merchant accounts- Use the same system for multiple doctors within a location.
7. Minimal set- up. No major upfront investment.
8. Optional pay page- simple code you can add to your web site so patients can pay a bill.

SALES CONTACT: Christine Speedy 954-942-0483

SCREEN SHOTS

Figure 1. The customer is present and you swipe the card. The card number, expiration and name on card are automatically recognized, as with any swipe device. Confidential information will be x’d out and will not appear on the screen.  Enter the  sale amount, as usual.

Notes: Other required or optional fields are determined by the merchant prior at account set-up.  The merchant determines data capture preferences balancing speed at the cashier, information needs, and risk.  In all the figures shown, invoice is mandatory, but that is strictly a merchant decision.

FIGURE 2.  When the customer is not present, different data needs to be captured for risk and interchange qualification  ( how much a transaction costs the merchant) concerns. i

FIGURE 3. If the merchant wants to bill the same customer again, the repeat sale button is selected. Information is collected for both the initial sale and future sales. A token is automatically generated, or the merchant can specify one. We recommend you collect the email address so that you can send automatic receipts for future billing. (You can also ask the customer to opt-in or opt-out to marketing via email.)

FIGURE 4.  When you’re ready to go back and bill the patient, enter the TOKEN ID along with the amount to charge.

If you captured an email previously and set up automatic receipts, an email is automatically generated and sent. Email set up can be programmed with your own FROM and SUBJECT.

The benefits I’ve discussed are just the tip of the iceberg. This technology is leaps ahead of anything else on the market, including ease of use. Your staff can complete a repeat sale with less than 5 minutes of training. Setting up recurring billing, where the same amount is billed multiple times, is not shown here and is just as easy.

Protect your patient data. Protect your business from internal fraud. Improve your cash flow. Look at functional graphical reports that let you see and compare cash flow from multiple operations in minutes.

Questions? Need a demo? Call Christine at 954-942-0483.

Reduce the risk of accepting credit cards with these tips for summer resident camps. How many people who handle credit card processing really understand PCI Compliance? Below I list some do’s, dont’s and solutions that really work.

Best practices for payment PROCESSING TIPS FOR CAMP ORGANIZATIONS:

DEPOSITS: To accept reservation deposits, the merchant must clearly state the rules for refunds whether online or via mail in form. Does your system allow refunds to occur without a corresponding sale? Ask me about solutions that block this type of transaction and also control who can perform refunds. Do not refund a credit card if the original transaction was a check.

MAIL IN FORMS:

1. Do not ask customers to put their security code on the mail order form. It’s just too high of a risk. Remember, the 3-4 digit security codes (CVV, CID) never affects your credit card processing costs.
2. Create a form that enables you to shred the card data, yet still maintain the rest of the information you need, including signature.
3. If applicable, ask the customer for permission to allow you to rebill their credit card with whatever terms you want to create. A simple check box works great. Instead of storing card data, use Tokenization for recurring billing or rebilling.

PHONE ORDERS AND COLLECTIONS

It happens all the time. The date when final funds needs to be received has arrived.  Who calls who is irrelevant. If the customer wants to give you the information over the phone, how are you obtaining it? In most cases, the phone order taker simply writes it down on a piece of paper. The information is then used to process the payment later, whether after hanging up or by someone else in the office. How often is that card data then immediately put into a cross cut shredder to destroy it?

RECOMMENDATION: Have the phone operator enter the card data into a virtual terminal (VT).  The VT is a secure web page in which you enter transaction information. If that person is not authorized to run transactions, we have a solution that enables the operator to enter the card data and get an immediate authorization, and the proper personnel can process the transaction later. The receipt can be automatically emailed to the customer, or you can print and put in the mail.

ECOMMERCE: Don’t choose a payment processor just because they have a solution for your ecommerce needs. There are several excellent gateways to choose from for online payments, so the processor and gateway need not be the same and in my experience they almost always have higher costs. Even though I could offer a single solution myself, I never tie the two together. Keeping them separate gives you the most flexibility over time. I liken it to getting free equipment. There’s a catch and it’s usually not to your benefit.

COSTS:  Is your account set up the best way to qualify for the lowest rates for your type of organization? How do you know? In most cases you need a MOTO account, which stands for mail order, telephone order. Did you know it’s a violation to accept payments on your web site with a MOTO account? Merchants are required to have an ECOMMERCE designated account to accept payments online.

Payment processing is very complex and the nature of a business that gets the bulk of its payments in a short window only makes it harder for personnel to keep up with all the latest information.

Our team can help you with data security, compliance, cost control, and any other issues you face regarding payment collection, especially with temporary summer personnel.

Related articles:

Should you require CVV or AVS for phone orders?

2009 story on credit card processing for summer camps.

Want a FREE Camper Reservation Order Form makeover? Fax your existing form with FREE MAKEOVER on the cover sheet  to 954-942-9804 and I’ll mark it up with recommended changes to improve your PCI DSS Compliance at no cost! Include your merchant statement(s) along with total annual volume and I’ll send you a video report you can view at your leisure that clearly identifies areas for improvement including cost savings.