Home » Merchant Services

Category: Merchant Services

ASP Survey

Claim Your Wind River Shirt and a Chance to Win a $100 Amazon Gift Card!

What better way to enjoy Friday the 13th than getting a shirt and a chance at a $100 Amazon gift card?

That’s right, Steve Staden here. I’m one of the newest members of the Wind River team and heading up the Product Management team. You will be hearing a lot more from me as I am very excited to get your feedback.

Right now, I would greatly appreciate your thoughts and comments on the new Advanced Security Package (ASP). ASP is the enhanced PCI program that includes unlimited installation on security tools (Endpoint), pre-filled SAQ answers and a streamlined experience to achieve PCI compliance faster.

I’ve created a short, five-minute survey to get your feedback. Please include your contact information and you’ll be entered into a drawing for a $100 Amazon Gift Card -OR- a $100 contribution to the charity of your choice! Two winners will be randomly selected from the completed surveys. All respondents are eligible to receive a FREE Wind River Financial shirt! 

Please complete your survey entry by July 17, 2018. Winning entries will be selected when the survey closes.

Thanks again for your time and feedback. We really appreciate it as we continue to improve our products at Wind River Financial!

Visa Mastercard Swipe-Fee Lawsuit

Visa, Mastercard Ready a New Settlement in Card Swipe-Fee Lawsuit

Some of you may be curious to hear about the latest update in the ongoing swipe-fee lawsuit against Visa and Mastercard. As a refresher, back in 2005, merchants banded together to file a class-action lawsuit against the two card companies as well as banks such as JPMorgan Chase, Citigroup and Bank of America. The rationale stemmed from what merchants felt were unfair business practices, including working with banks and other financial institutions to stomp out competition as well as raising the fees merchants are required to pay in order to accept their credit cards.

The road to a resolution has been long and storied, but the chances of a settlement appear to be one step closer.

On June 28, 2018, multiple sources and news outlets reported that Visa and Mastercard were preparing to offer a settlement to the merchants. If accepted, the settlement would pay out roughly $6.5 billion to those affected by the class action suit.

This isn’t the first time that a settlement has been offered though. Back in 2012, Visa and Mastercard proposed an original settlement of $7.25 billion, but many merchants were not happy with the strict stipulations of accepting the deal. According to details at the time, any merchant who accepted the offer would forever be barred from bringing a lawsuit against Visa and Mastercard for raising the same fees in the future.

Many of the merchants refused the offer, but in the end, it didn’t matter. A federal appeals court threw out the original settlement due to the merchants not having sufficient representation in the matter.

Now, once again Visa and Mastercard are bringing a new offer to the courts. Although this time, merchants would only be held from bringing further lawsuits involving card swipe-fees against the big two for a number of years instead of in perpetuity.

According to news outlets, the details of the new settlement should be finalized in a few weeks and submitted to the courts by the middle of August.

With that said, history has shown that an offered settlement is a long way away from an agreed upon settlement by the courts. We anticipate further litigation for months if not years. Wind River continues to monitor these court rulings and will provide actionable information for our clients if and when they have an opportunity to be part of this or any other settlement.

5 Reasons to Love the Advanced Security Package

If you’ve been following this blog over the last several months, you may have noticed Wind River has had an increased focus on security lately. In fact, in early 2018 we rolled out a significant update to our security program and introduced the Advanced Security Package. You might even have found yourself asking the question, “Why all the hype?”.

Well, we know internally just how much of a gamechanger ASP can be for our customers, but sometimes it helps to hear it straight from the people who have actually been using it. We recently spoke with one of our clients who’s been using ASP for a little bit now. We wanted to get their opinion on how it’s been working and what they like best.
According to them, here are they five things they think YOU should know about ASP.

  1. The ASP toolkit is easy to install.
  2. ASP saved us hundreds of dollars since there are no additional licensing fees or charges related to how many computers it can be downloaded on.
  3. The dashboard reporting is laid out in a way that makes sense and the results are easy to understand.
  4. The amount of time completing the PCI SAQ was shortened significantly for our processing environment.
  5. There is a lack of security toolkits available for businesses. Purchasing each tool individually is expensive! ASP has saved us over $500.00 a year!

It’s feedback like this that really helps us to make sure we’re offering the best services we can. In the near future, we’ll be surveying more of our customers for additional feedback about the Advanced Security package. We’ll even be giving those that participate a chance to win a $100.00 gift card or an equivalent donation to the charity of their choice.

In the meantime, for those of you interested in learning more about ASP and how it could make your life a little easier, feel free to read how mobile security has become vital to small businesses or how remote access detection can keep criminals out of your network.

Advanced Security Package Webinar Trustwave

Advanced Security Package Webinar: Get the Most of ASP

Recently, Wind River Financial and Trustwave held an educational webinar that provided a detailed look at the security tools included in Wind River Financial’s new Advanced Security Package (ASP).

ASP, powered by Trustwave and using the TrustKeeper dashboard, includes a suite of integrated security tools for you to use, including such things as remote access detection and file integrity monitoring. All of these tools are designed specifically to strengthen the data security of your business.

The Advanced Security Package webinar was put together to allow our clients a chance to have a guided walkthrough to better understand how to take advantage of these tools. Hosted by Trustwave, the webinar showcases the security tool dashboard (TrustKeeper dashboard) and was meant to familiarize users with the benefits of each tool and how they should respond to any alerts that are received.

If you have any questions after watching the Advanced Security Package webinar, please contact us or call your relationship manager. We’d be happy to help you.

No Signature Required

UPDATE – No Signature Required! What?

UPDATE – As promised, we wanted to come back and update you on more of the details that have come to light since No Signature Required has gone into effect.

A number of our customers have been seeing an increase in the number of questions regarding the No Signature Required rules recently announced by all the card brands. As usual, each brand has a slightly different nuance to their position and unfortunately, they can also be as clear as mud with their ambiguous verbiage.

The bottom line is that No Signature Required is optional, and if a merchant is uncomfortable without a signature, it is their right to request one. Here are the main talking points summarized as best as possible.

  • As of 4/14/2018, obtaining a signature from a customer on chip/EMV transactions will be optional and at the discretion of the merchant. Chargebacks for signature related issues (signature not obtained, not matching the back of the card, etc.) will no longer be available.
  • If your business requires customers to sign for additional Terms & Conditions, it is suggested that you may want to continue requiring a signature. For example, merchants with limited refund policies, those in the travel industry or those who accept tips may want to continue accepting signatures as per usual.
  • If a merchant chooses not to require a signature, it is recommended that the merchant modify existing text to clearly state the merchant’s refund policy on the customer’s receipt, either by paper or email, and offered to the customer in a face-to-face transaction. This will govern your procedure in the event of a dispute.
  • There are some nuances distinct to each card brand and related to whether signature is required on chip or no chip transactions. The safest approach is to continue to obtain a signature if the transaction is not chip based.

As usual, we will see point-of-sale software for terminals and other POS systems catch up to this change over time and automate the No Signature Required process if a merchant so chooses. If you have further questions, please don’t hesitate to contact us.

Original post below.

ORIGINAL POST – Late last year, MasterCard, American Express and Discover Card announced that starting April 2018, they would eliminate the requirement for merchants to collect signatures for all purchases at the point-of-sale. They pointed out that the combination of secure networks and new digital payment methods (including chip, tokenization, biometrics and other fraud capabilities) have advanced to the point where signatures are no longer necessary to fight fraud.

Visa followed suit early this year but specified that signatures will no longer be required when a Visa EMV card was being used at the point-of-sale.

What does that mean for you? MasterCard has pointed out that it expects this will speed up the checkout process and enhance the customer experience. However, it will take some time for the various point-of-sale systems and software to eliminate the signature line on the receipt. In the meantime, MasterCard has suggested that if a merchant is more comfortable obtaining a signature, they still can. A signature will be optional but as of April 2018, it will no longer be a requirement.

File Integrity Monitoring Could Save Your Company

File Integrity Monitoring and How It Could Save Your Company

With the increase in data breaches, the data security world is a much scarier place today. According to the most recent stats from ITRC (Identity Theft Resource Center), 2017 was a record breaking year for data breaches, and 2018 is already on pace to be more of the same. So with threats coming left and right, what steps can you take to better protect your assets? Enter File Integrity Monitoring.

Seconds of Damage, Months of Recovery

In many cases, you may not know for a long time you have been compromised. According to CNBC, most companies aren’t aware of a breach until weeks after it has happened. This is likely due to the speed in which the incident occurs. The attacker is there and gone in seconds. Verizon’s 2016 Data Breach Investigations states that 93 percent of cases where data was stolen, systems were compromised in minutes or less, but in over 80 percent of cases, victims didn’t find the breach for weeks or more. This kind of damage to your business and reputation can take months, if not years, to repair.

Hackers Often Leave a Trail

So back to File Integrity Monitoring and why it is so critically important. File Integrity Monitoring (FIM) is the first line of defense of any organization wishing to protect its assets and data. To explain further, once a breach is under way in your network, the attacker will often do one or more of the following.

  • Modify critical systems, application binaries and configuration files
  • Access or modify data files
  • Modify or delete any log data to hide their tracks

The research done by Verizon analyzed more than 100,000 incidents and 2,260 breaches. They found that more than 90 percent of the breaches will fall into this same pattern. By having a FIM system in place, you’ll be able to monitor for these subtle changes and be instantly alerted if any of the above events have been detected.

File Integrity Monitoring Sniffs Out the Breadcrumbs

File Integrity Monitoring is such a valuable tool that we consider it a vital part of the Advanced Security Package. FIM will run every day at an inspection time determined by you and will watch for any changes within your network. A digest of the inspection report can then be emailed to you on a daily or weekly basis. Additionally, another helpful feature is a heatmap data visualization, which helps you quickly assess the state of your network. Events on this heatmap can be filtered by severity in order to help you focus on the most important events in your environment.

You Don’t Need a Fortress

A further quote from the Verizon study really drives this home. “There’s no such thing as an impenetrable system, but often even a half-decent defense will deter many cybercriminals — they’ll move on and look for an easier target. Sadly, many organizations fail to achieve even that modest ambition.”

Sometimes, it’s not about the size of your castle. It’s more about the size of your moat.

Put FIM in Place Today

File Integrity Monitoring is something that is available to all Wind River customers as part of the Advanced Security Package. If you’re interested in learning more or you’re an existing customer looking to get these tools in place, feel free to contact us today. We believe in creating Security First environments and delivering these capabilities in a way that saves you money.

data security configuration

How Misconfiguration Can Lead to Data Compromise

configuration: the way a computer or computer system is put together; a specific set and arrangement of internal and external components, including hardware, software and devices.

Source: Dictionary.com

Configuration is Key to Data Security

Did you know that just about every data security related compliance framework contains extensive requirements around configuration of hardware and software controls? Why? Because the way in which hardware or software is configured is about as important as having the device or software itself. For instance, having a firewall is a good thing, but it won’t do any good unless it’s configured to filter traffic between the internet and your computer network in a manner consistent with your security goals.

Some examples of the importance of secure configuration come from Trustwave’s 2018 Global Security Report where testing of thousands of web applications found that 100% were found to have at least one vulnerability. In addition, OWASP (Open Web Application Security Project) has security misconfiguration on their top 10 list of the most critical web application security risks for 2017. Lastly, the Verizon 2018 Data Breach Investigations Report (DBIR) recommends routine scans to identify misconfigurations before hackers do. Misconfigured databases, such as those directly connected to the internet and searchable by anyone on the internet, were a notable finding in the report.

Even on brand new computers, the default configuration for the onboard operating system is often not very secure. This is because computer manufacturers often have goals of ease of use, easy setup, or ease of establishing internet-based communications rather than security. As an example of this, I was recently setting up a new computer for my parents. As I was leafing through all configuration settings, I was surprised when I found that one of the default security settings was for the firewall to be turned off. Needless to say, I quickly turned it on.

How to Monitor Your Security Configuration

If you are a business owner or manager busy with running a business, you may not understand or have time to review your computer security configuration settings on a regular basis. For this reason, one of the security services that is included with Wind River Financial’s new Advanced Security Package (ASP) is Security Configuration Monitoring.

This is a service that monitors computer configuration against the relevant PCI Data Security Standard controls. It’s an automated service that detects configuration settings that are non-compliant and may weaken your business’s security posture. It does so on an ongoing basis which is important because sometimes employees intentionally, or unintentionally, change settings on computers on which they are working. It’s important that those responsible for a business become aware when settings are changed that may introduce a risk to the business which is exactly the purpose of this service.

Security Configuration Monitoring is but one of many data security related services that are available as a software agent download as part of Wind River Financial’s ASP. If we have not contacted you about enrolling in this program, you may be hearing from us shortly as it’s being rolled out in phases. If you have not been contacted but would like to get a jump start on it, give us a call or send us an email and we can get you started.

WRF Blog Update

New Dispute Process for Visa Merchants – April 2018

Back in March, we mentioned that a change to the Visa dispute process was on the horizon. That change has finally taken effect. As of April 13, 2018, Visa moved to a new dispute process called Visa Claims Resolution (VCR). This change was designed to simplify the dispute process and deviates from the existing process in some key areas.

There are five key changes.

  1. The time frame for merchants to respond is shortened from 45 days to 30 days.
  2. Certain invalid chargebacks will be automatically rejected before processing.
  3. All cases will be routed through one of two workflows, Allocations or Collaborations.
  4. The previous 22 reason codes are consolidated into four basic dispute categories.
  5. Merchants will only be allowed to challenge fraud and authorization disputes if they have clear and definitive evidence or “compelling evidence.”

You can read more in-depth about these changes by reviewing Visa’s publication, Dispute Management Guidelines for Visa Merchants.

If you have any questions on how to process your disputes, please contact us.


Detection and Prevention – Two Pillars of Data Security

When it comes to data security, one thing is for sure. There is no magic bullet. Although it would definitely make life easier, it’s just not that easy. So, despite its inherent challenges, where should you begin? What is your first priority when it comes to data security? Here is what over 1,600 full-time IT professionals believe should be your number one responsibility according to Trustwave’s 2017 Security Pressures Report .

Top 5 Data Security Responsibilities

1. Identifying vulnerabilities (22%)
2. Preventing Malware (20%)
3. Strengthening Remote Access and passwords (13%)
4. Detecting malicious activity and compromises (12%)
5. Patching Vulnerabilities (12%)

Previously, we mentioned that only 7% of IT professionals believe they will not be the victim of a data breach. The is a sobering statistic. It should then come as no surprise that the two most popular survey answers highlight very specific responsibilities: detection and prevention.

Keeping Up with Detection and Prevention

With the number of breaches increasing and almost 80% of the respondents stressing the importance of detection and prevention, it would seem logical that the need for resources would be a source of discussion.

In the Security Pressures Report, 51 percent of the operational pressures come down to a lack of resources:

  • lack of security skills and expertise (15%)
  • lack of budget (14%)
  • lack of staff members (13%)
  • lack of time (9%)

For many businesses, they are finding it difficult to find resources and cost-effective ways to arm themselves for the challenge.

Security Tools and Managed Services

As businesses look to be more proactive, they are looking more and more at how they can bring together the tools they need and automate parts of the detection and prevention cycle. It is a theme that we at Wind River are hearing from of our customers and prospects. We believe that in order to stay ahead of the hackers, it is important to adopt a new mindset. Instead of each company trying to “staff up” and needing the same skilled resources, it makes more sense to look to companies that focus on data security, monitoring, and prevention.

Partnering to Win the Battle

As we look to help our customers in the detection and prevention battle, we looked to find a partner that has the focus and marks of being a leader in their industry. Trustwave was recognized by Gartner by being placed in the “Leader” quadrant of their Magic Quadrant evaluation.

In partnership with Trustwave, Wind River has now launched the Advanced Security Package. It contains key tools in each of the areas of identifying vulnerabilities, preventing malware, strengthening remote access control, and detecting malicious activity.
We invite you to learn more by going to our web site. For our customers, it is easy to get started, simply click here and check out the video and 3 steps to get started or contact your relationship manager.


Does Data Security Keep You up at Night?

Data security has caused its fair share of sleepless nights for IT departments. A recent survey of 1,600 full-time IT professionals compiled by Trustwave in their 2017 Security Pressures Report shows us exactly what’s got them tossing and turning.

6 Biggest Worries About Data Security

  1. Theft or Loss of Customer Data (30%)
  2. Data or Systems Access Restricted by Ransomware (18%)
  3. Loss of Intellectual Property (16%)
  4. DDoS Attacks/Website Offline (14%)
  5. Reputation Damage or Loss (12%)
  6. Fines or Legal Action (3%)

There are a number of interesting perspectives to be drawn from this information. First, almost half of the data security worries are focused on two key areas: data loss or theft and in-system access issues. Both these worries tend to have a common root source – being attacked. Typically those attacks come via either hacking or someone planting or accessing malware, and as we mentioned before, data breaches were up 44.7% last year.

Are you a 7%-er?

At this point, an astute reader may have noticed the above percentages only add up to 93 percent. So what about the other seven percent, you ask? Interestingly enough, the Security Pressure Report indicates that seven percent of IT professionals do not think they would be the victim of a breach.

When you realize that only seven percent of the 1,600 IT professionals surveyed believe their data security makes them “safe” from a data breach, it begins to hit home just how high the risk has become. The goal can no longer be just compliance; it is has to be about being Security First.

What’s the Impact to My Organization?

In another section of the Security Pressures Report, the survey group was asked what repercussions they fear the most if their organization was breached. Two answers dominated their answers and accounted for 80 percent of the total responses. Coming in first with 42 percent was reputation damage to the IT professional and their company, followed closely by financial damage to the company with 38 percent.

In both cases, the impact can be attributed to another core concern – customers. When a breach happens, customers lose confidence. They may also be personally impacted, resulting in the loss of their business. Perhaps not surprisingly, the ability to weather the storm created by a breach seems to be inversely related to the size of the company. The smaller the company, the less likely they are to survive.

Why Security First?

In order to combat these issues, organizations need to take a proactive posture. Part of the answer is to always be reviewing your readiness. Another is to leverage key tools and expertise to help minimize exposure. Security First means thinking about data security and its implications as a business priority.

At Wind River, we aim to arm all of our customers with additional ways to keep both themselves and their customer or patient data secure. A key first step to maintaining this Security First mindset is by leveraging the capabilities of our Advanced Security Package (ASP).

If you are interested in learning more about what ASP has to offer, contact us or check out the package’s 13 tools to help make you more secure.