Entries tagged with “Privacy”.


A major internet service organization recently found itself the victim of a cyber security breach regarding financial data.

The company fell prey to hackers by a spear-phishing attack. Spear phishing is the attempt to get corporate information by sending an e-mail message that appears legitimate. The fraudulent message sometimes asks the recipient to click on a link to verify information. Instead, that link can download spyware, Trojan horses, or malware. That’s what was believed to have happened in the breach; employees clicked on links in an e-mail that apparently led to the installation of malware.

Besides giving the hackers access to e-mail, the scam also compromised content management systems, internal communication systems, and the company’s data system for managing domains. Security enhancements implemented months ago, by the firm, likely limited the unauthorized access sought by the hackers.

While this company will no doubt be more vigilant guarding against future spear phishing scams, there’s a lesson here that businesses of any size and type can impart to their own employees: Don’t click on links in e-mails that looks suspicious, particularly if the message is asking for information.  To learn more, contact us here at ProPay.

Being a merchant nowadays is very challenging – not only do you have to worry about the rebound from our recent economic recession – you also have to now worry about cyber security. According to Tech Crunch, more and more retailers are succumbing to hackers.

Many retailers, including major clothing, home-improvement, grocery, and restaurant chains  have been attacked and successfully breached. “[one retailer] saw 56 million accounts compromised!” The article states that a major reason why most retailers are being breached is because they haven’t converted from mag stripe card readers to more up-to-date systems like chip and PIN. If there’s a takeaway to this: if you have a brick and mortar store – you should update your system to avoid any breaches. Keep in mind that whether it’s your payment processor or you that gets breached – you’ll experience a major dent to your reputation either way. Make sure to choose a cyber-secure payment processor – and update your hardware/software on your end as well.

ProPay has been providing thousands of merchants (with more joining each day) with excellent payment processor services since the 1990s. Contact us today to learn more about our state-of-the-art cyber security measures – and how we can help your business succeed further.

“The times are tough now, just getting tougher  - This old world is rough, it’s just getting rougher - Cover me, come on baby, cover me” – Bruce Springsteen 1984

Businesses work very hard to build their brand.   Small businesses are no different.  Establishing trust and loyalty among the customer base is essential to the longevity of any business.  Many companies focus on marketing and sales relationships to ensure that connection between customer and company continues to grow.  Social media, direct mailings, radio and tv advertising, print advertising, and data security and privacy policies all contribute to the growth of brand trust.  What a minute!  Did I say data security and privacy policies?  You betcha!  This is what I like to refer to as “brand security.”  Businesses spend an inordinate amount of time and money on establishing a brand that customers trust.  One of the fastest ways to lose that trust is to suffer a data security breach or to violate customer privacy.  For that reason, I often refer to data security and privacy programs as “brand cover.”

I’m going to borrow heavily, and probably poorly, from law enforcement and military actions here.  When you go into action, you generally have a forward team and then you have a team that provides “cover.”  This team keeps an eye out for threats that may not be visible or apparent to the forward team, but pose significant risk.  In the business world, one can think of your sales and marketing efforts as the forward team, while data security and privacy programs provide the cover.  You marketing and sales efforts move the company forward and increase awareness.  Your data security and privacy programs help to mitigate unseen, and sometimes unknown, risks to your brand’s integrity.  In fact, some larger organizations, particularly not-for-profits, are more concerned about brand damage in the event of a security or privacy compromise, than they are the fines that may be associated.

For small businesses, implementing and enforcing data security and privacy policies can seem daunting.  The Better Business Bureau, though, has put together a primer for businesses to help them develop these programs.  If you accept debit and credit card transactions, you can look for services to help minimize how much of that sensitive payment data your business stores.  You can also undertake an inventory to see just what data you are collecting and storing and how you are protecting it.  You can also evaluate the partners that you use and how you share data with them. Understanding your data can ultimately serve as a very effective means of protecting your company, your brand, and your customers.

It is questionable if all the mechanical inventions yet made have lightened the day’s toil of any human being.  - John Stuart Mill

Last year, California was in the news as a result of an interpretation of a long-standing law, written and passed before the advent of the internet or ecommerce, that limited the amount of data that could be collected by retailers in order to complete a purchase.  The law, Civil Code § 1747.08 (a), expressly forbids retailers from doing the following:

(1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
(2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.
(3) Utilize, in any credit card transaction, a credit card form which contains pre-printed spaces specifically designated for filling in any personal identification information of the cardholder.
Essentially, if the information isn’t required for the fulfillment of the order itself, the retailer is prohibited from collecting the data.  This came to the forefront last year when the California Supreme Court ruled that collecting zip codes for Address Verification Service (AVS) was a violation of the 1971 law.  This year, the California Supreme Court is tackling the law again, this time to determine if the law does, in fact, apply to online retailers.  Retailers are concerned, understandably, that limiting the amount of information that can be collected may increase their exposure to credit card fraud.  This sets up a battle between privacy advocates and retailers that will likely set the stage for many more challenges to come.  Stay tuned to the ProPay Blog for updates on the case…
Film Still

Ali Baba Bunny - Warner Brothers Cartoons (c) 1957

The topic of password security is not new.  It’s probably not that interesting to most people, but the fact remains that password security is important.  Think of all the websites that you use that require passwords – bank accounts, bill payments, mortgage, stocks and trading, health care, insurance.  And that doesn’t include the shopping sites.     And then of course you have your passwords for your computer, your smartphone and your tablet device.  Yet for many passwords are a drag. The list is long. People continue to use the same password for every site.   Or they make the passwords easy, so they can remember them without having to write them down.  The challenge is that many people still use very common, easily hacked passwords.

Splash Data just released their annual list of most commonly used passwords. Their list is compiled from of stolen passwords that hackers post online.  Not surprisingly, the top three passwords remain unchanged from last year.  They are “password,” “123456,” and “12345678.”   If any of these are your password, you may want to think about changing it up.  New entries this year include “ninja,” “mustang,” and “jesus.”  For those of you keeping track, the password “trustno1″ has dropped three spots this year, while “iloveyou” is up two.

The great dilemma with passwords is that, when you make them complex, you often forget them.  Make them too simple, though, and they are easily broken. Splash Data does offer some suggestions on how to strengthen your passwords.  “One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”” A password doesn’t have to be a word, it can be a phrase or a short sentence.  Sometimes it’s the simple things that keep the bad guys away from our valuable information.