Oracle Micros Data Breach

Posted on by
Reply

Micros, a hugely popular restaurant and hospitality is the subject of a major data breach investigation. On Monday, 8 August 2016, Oracle Security informed Oracle MICROS customers that it had detected malicious code in certain legacy MICROS systems. Oracle is currently investigating the compromise.

Micros is used by many of the large hotel brands as well as restaurants. Over the last year, many in the hospitality industry have announced data breaches, though a link between the two has not been announced.

RESOURCES

Visa Compromise Notification (Micros)

Data Breach At Oracle’s MICROS Point-of-Sale Division (krebsonsecurity.com)

Increasing B2B Loyalty With Improved Customer Experience

Posted on by
Reply

b2b einvoiceThe last mile in any business to business transaction, collecting payment, can be a point of friction or a seamless part of a great buying experience. Too often, its the former due to a multiple roadblocks including paper invoicing, and accounts receivable staff availability for time zone differences.

Established family businesses often have the same customers for generations and they’re fiercely loyal. Or are they? In a Bain & Company survey of 290 executives in B2B industries throughout 11 countries, 68% of respondents said customers are less loyal than they used to be. Technology can be a game changer for increasing loyalty.

Common business to business billing scenarios for distributors without ecommerce capabilities:

  • Distributor A sends invoices via text or email and lets their customer choose their experience and how they want to pay. Pay from the email/text or login to a portal? Store and tokenize ACH or credit card or manually enter each time? Send check in the mail?
  • Distributor B sends invoices via email and requires customer to login to a portal to make payments.
  • Distributor C has an online pay page customers can use to pay any amount.
  • Distributor D send invoices via email, and customers send checks in the mail.
  • Distributor E sends invoice and credit card authorization form via email, then gets a fax back, key enters into a virtual terminal.

Which billing strategy delivers the optimal customer experience? Customers want to interact with you in multiple ways, so if you’re still doing business the same way you have for decades, customers have likely shifted some of their business, or maybe all of it, to another vendor. Price is not the likely culprit. In a retail study about millennials, just 15% always purchase from the lowest price retailer, while 38% cited convenience as a reason to not purchase. 58% said they’d take advantage of self-checkout on their own mobile device.

What does this mean for B2B distribution companies? Think like your customers. Are you making it easy to do business? Are you increasing their efficiency? What’s the opportunity cost of not updating? I once sought a new distributor for a product an existing supplier discontinued. I found one, but didn’t place the first order. Why not? They required calling in with my credit card information citing it would be more secure. We were in different time zones and the phone was busy, or the person at lunch, and it was just plain inconvenient to keep trying.

A distributor recently advised me they don’t store anything – they require a credit card authorization form for every single purchase. Talk about driving customers away! Even a simple hosted pay page can alleviate the need for paper forms, immensely increase customer convenience, and increase cash flow to boot. While increasing a credit line is a possibility, some customers use them as a tool to self-manage credit, increasing purchasing without having to interact with anyone.

Invoicing and payment technology updates are critical to garnering customer loyalty, regardless of the payment type. The more flexible the solution, the more likely each customer can interact with your business via their preferred method. Today’s technology supports a myriad of payment types, including ACH, credit card, wire and others, and multiple ways to interact for making payments from email to text and beyond. Delighted customers are more loyal and more likely to refer new business.

Christine Speedy is an authorized reseller for CenPOS, a cloud-based, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. The secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. 954-942-0483

MAGENTO VULNERABILITIES IMPACT PCI COMPLIANCE

Posted on by
Reply

Magento, a popular e-commerce platform, released multiple security patches this year, several addressing critical and high credit card data breach vulnerabilities. Merchants that haven’t deployed security patches, as required by PCI standards, are vulnerable to remote exploits that can compromise customer account and credit card data.

One cross-site scripting (XSS) flaw potentially allows an attacker to add malicious JavaScript code to a comment via the PayFlow Pro payment module. The JavaScript code is executed server-side when the targeted site’s administrator views the attacker’s order.

PCI Compliance Requirement 6: Develop and maintain secure systems and applications. All critical systems must have the most recently released software patches to prevent exploitation. The average merchant relies upon third party developers for web site maintenance, but unless specifically contracted to update the e-commerce software and add-on modules, don’t count on it.

Only 16.4% of organizations that had suffered a data breach were compliant with Requirement 6, compared to an average of 64% of organizations assessed by our QSAs in 2014- Verizon 2015 PCI Compliance Report.

Payment gateway implementation requirements have changed over time as a result of cross-site scripting and cross-site request forgery (CSRF) to meet current PCI Compliance standards. Merchants should verify all components of their ecommerce ecosystem are current, and have a system for ongoing monitoring and updating.

RESOURCES

  • Magento Security Center
  • VISA MAGENTO SECURITY ALERT, July 2016
  • Christine Speedy, 3D Merchant Services, offers Magento payment gateway module for merchants to improve their omnichannel customer experience and mitigate risk. B2B customer benefits include friction-less payments across all sales channels; text and email Express Checkout, customer invoice portal for 24/7 ACH, credit card, wire and more payment types, and US EMV with level 3 processing. Magento and ERP modules combine to provide a powerful array of solutions to improve cash flow and profits while maximizing security. 954-942-0483.

 

 

Visa revises Merchant Location rules effective October 15, 2016

Posted on by
Reply

Visa rules for how merchants must identify their name, type of business, and location are changing to keep up with the growing number of ways merchants interact and conduct transactions with their customers. Visa cites these rules are necessary to help prevent unnecessary cardholder disputes and reduce additional risk to the Visa system. Conversely, failure to comply with the rules could increase merchant risk to lose customer disputes.

“If you are an eCommerce merchant, your website must contain the merchant location on either the checkout screen used to present the final transaction amount or within the sequence of web pages that the cardholder accesses during the checkout process. It must not be a link to a separate page.” Visa Bulletin VBS 02.AUG.16

What is the proper location? It must be the country of your principal place of
business, where your executive officers direct, control, and coordinate your activities — generally, your company’s headquarters. I’d venture that 99% of ecommerce site are not compliant with this rule today, including Amazon.

For complete details, download PDF Official Bulletin by Visa Providing the Proper Location
of Your Merchant Business

Faster Processing and Settlement of ACH Credit Transactions begins Today, Reaching all U.S. Bank Accounts

Posted on by
Reply

NACHA Announces Implementation of New Rule for Phase 1 of Same Day ACH

HERNDON, Va.–(BUSINESS WIRE)–Today, NACHA —The Electronic Payments Association®, the trustee and rule maker of the ACH Network, announced the launch of Phase 1 of Same Day ACH. Same Day ACH is a new faster payments option that reaches all bank accounts and will enable businesses and consumers to send and receive payments and payment-related information on the same day through the ACH Network.

The launch of Same Day ACH marks a significant milestone in the journey towards faster payments in the U.S.

Phase 1 of Same Day ACH allows for the sending and receiving of virtually any ACH credit transaction, enabling a variety of transactions such as urgent claim payments from an insurance company to a consumer or same-day payroll payments from an employer to an hourly or contract employee.

“The launch of Same Day ACH marks a significant milestone in the journey towards faster payments in the U.S.,” said Janet O. Estep, president and CEO of NACHA. “While other payments initiatives have been developed to support the demand for faster payments in the U.S., Same Day ACH provides absolute certainty that your payment can get to absolutely anyone else with a bank account on the same day, regardless of which bank or credit union they use, bringing value to all users of the ACH Network.”

Beginning today, all financial institutions will be able to receive same-day transactions. Although sending same-day transactions by financial institutions and their customers is optional, it is expected that many will begin enabling the origination of same-day payments today. According to research conducted by NACHA, 95 percent of the nation’s top financial institutions intend to originate Same Day ACH in 2016. The top reasons cited for how Same Day ACH will be used by financial institutions beginning today include payroll and business-to-business payments.

“Same Day ACH is an innovative and immediate solution to support the demands of those consumers and businesses that want to move their money faster,” said Estep. “Not only does it support the industry’s near-term needs, but it also serves as a building block for the future of faster payments. Upon the Same Day ACH foundation, other products and services can be built to continue to meet the evolving needs of consumers and businesses into the future.”

Phase 2 of Same Day ACH will launch on Sept. 15, 2017. Phase 2 will introduce the faster processing and settlement of debit transactions, in addition to credit transactions. This Phase will support additional use cases such as consumer bill payment for utility, insurance, telecom, mortgage, loan and credit card payments.

For more information about Same Day ACH and how to implement and leverage this opportunity, visit NACHA’s Same Day ACH Resource Center at https://resourcecenter.nacha.org/.

About NACHA—The Electronic Payments Association

Since 1974, NACHA – The Electronic Payments Association has served as trustee of the ACH Network, managing the development, administration and rules for the payment network that universally connects all 12,000 financial institutions in the U.S. by moving money and information directly from one bank account to another. Financial institutions exchange 24 billion ACH payments valued at $41 trillion annually. Through its collaborative, self-governing model, education, and inclusive engagement of ACH Network participants, NACHA facilitates the expansion and diversification of electronic payments, supporting Direct Deposit and Direct Payment via ACH transactions, including ACH credit and debit payments, recurring and one-time payments; government, consumer and business transactions; international payments, and payments plus payment-related information. Through NACHA’s expertise and leadership, the ACH Network is now one of the largest, safest, and most reliable systems in the world, creating value and enabling innovation for all participants. Visit nacha.org for more information.