The Visa Credit Card Security Flaw That Has Everyone Worried

A new study has claimed that hackers can guess Visa card payment details in a matter of seconds. It is being reported that cyber criminals can utilise computers to make a number of attempts to obtain confidential payment data without the discovery of their illicit efforts. Of course, if you have a Visa credit card or debit card, as a huge number of people do, this is likely to cause huge concern. Below, we take a look at the recent study in further detail.

4286024173_87f8347016_b

If you have watched the news lately, you will, no doubt, be aware of the fact that the banking and financial services industry has come under a lot of scrutiny lately. The most recent company to come under fire was Tesco Bank after a hacking scam cost £2.5 million and impacted 9,000 customers. Experts believe that the method that was used in this recent hack is the same method that can be used to guess Visa payment details. Experts from Newcastle University have said that with just an Internet connection and a laptop it is ‘frighteningly easy’ to guess Visa card details.

The approach that is used by the hackers is known as a ‘Distributed Guessing Attack’. It bypasses Internet security features, which means that hackers can make a large number of unsuccessful attempts to get the data of a Visa credit card, and they would not be flagged up. So, how do they acquire the details of a card? Well, this flaw means that hackers can systematically fire up a number of variations of payment data at thousands of websites. They can do this simultaneously, which means that cyber criminals can have all of the information needed within a matter of seconds, and thus they simply need to use the process of elimination to verify the correct details of a card. Of course, this can easily be done via a computer.

Mohammed Ali, a PhD student at Newcastle University, said that it’s easy for hackers to piece together card information like a jigsaw. Not only because of the flow that allows cyber criminals unlimited guesses, but also because different websites ask for different variations of the data field on a card to validate a purchase made over the Internet.

Visa has responded to the research, stating that the multiple fraud prevention layers they have in place have not been taken into account. They state that to make a transaction possible in the real world, multiple fraud prevention requirements need to be met. They also state that the most important thing for consumers to remember is that you are protected from liability if your card number is used fraudulently.

New EU Legislation Means Astronomical Data Breach Fines For UK Firms

The Payment Card Industry Security Standards Council (PCI SSC) has warned that new EU legislation, which will come into effect in 2018, means that UK businesses could face a monumental £122 billion in data breach fines. Firms are being urged to act now to tighten up cyber security to avoid falling victim to the exponential fines.

So, what is this new regulation? Well, at present the maximum fine for a data breach is £500,000. However, under the European Union’s General Data Protection Regulation (GDPR), there will be the introduction of data breach fines for groups of companies equalling either four per cent of yearly worldwide turnover or 20 million euros, whichever is more. This means that firms could face 40 times the amount in fines compared to what they face at present, if not more.

This means that regulatory fines for small companies could multiply by 57, meaning the average cost to an SME would be £13,000. For large businesses, this rises to a monumental £11 million per organisation. And, remember; this is only a fraction of the expense that you will face. You then have the cost of identifying and rectifying the security vulnerability, setting up customer assistance, compensation costs, revenue loss, business disruption, and the expense of re-building your reputation, which is notoriously difficult after a security breach.

With that in mind, the PCI SSC is urging business and organisations to act now before it is too late. They are encouraging firms to develop and enhance their data security standards. The international director of PCI SSC, Jeremy King, has stated that the new legislation is a game changer for all companies, big and small.

You only need to look at the statistics to see that the vast majority of firms do not have adequate security measures in place, and, therefore, need to make urgent changes. In fact, the 2015 Information Security Breaches Survey, conducted by PWC for the government, revealed the 74 per cent of SMEs and 90 per cent of big corporations reported a data breach last year, which resulted in £1.4 billion in regulatory fines. Contrast this sum with the £122 billion anticipated for 2018, and it is not difficult to see how this could spell the end for any business that falls victim.

Recent data breaches have only highlighted this problem further. Take the TalkTalk breach as a prime example. The breach, which exposed the personal details of more than 150,000 customers, occurred because the telecoms provider had not applied even the most basic cyber security measures, according to Elizabeth Denham – the information commissioner at the ICO. They were hit with a record £400,000 fine from the Information Commissioner’s Office alone, and their profits are reported to have halved after the cyber attack, which cost the company £42 million in total.

To ensure your business has effective data protection measures in place, and is thus safeguarded from the new EU data breach fines, contact Retail Secure. Our solution dramatically minimises the chance of a data breach while helping firms to achieve PCI compliance, and it does this without costing you a fortune in the process. You can email us at enquiries@retailsecure.co.uk, or give us a call on 0333 320 8848.

Study shows that retail consumers want free WiFi

Have you been debating whether to invest in guest WiFi at your store? A recent study by YouGov has shown that this is something that should not even be up for debate. The ‘Innovations in Retailing 2015’ report has revealed that customers want to have free WiFi in stores as a standard. Read on to discover more about the findings of the study and details on how customer WiFi will benefit your store.

Innovations in Retailing 2015 report findings

The report concluded that 35 per cent of customers would like free WiFi to be offered as a standard when visiting a retail store. They would rather see this than barcodes that can be scanned to give customers information on products, which only 19 per cent of respondents expressed a desire for. It is also more popular than staff equipped with tablets so they can assist customers with purchases in-store (21 per cent). Just to highlight how dominant customer WiFi has become, it is only five per cent behind self-service checkouts in the most wanted innovations in the retail sector.

Perhaps the most compelling finding of them all is that customers labelled free in-store WiFi as the technology that would be most likely to encourage them to choose one retailer over another. Therefore, by offering free WiFi to your customers, you can gain a clear advantage over your competition.

In addition to this, respondents to the survey seemed keen on using connected devices while shopping to enhance the experience. 23 per cent of those surveyed said that they have used a device to compare prices while shopping. This figure is greatest for 25-29 year olds (33 per cent), while 30 per cent of 16 to 24 year olds said they have done this.

Enhancing your retail store

The demand for free WiFi is evident, and there are many benefits your store can reap the rewards of by going for this approach. Of course, you will attract more people to your business, but the benefits extend beyond this. Do you know that you can also collect data about all of your customers in order to offer a better shopping experience and improve your targeted marketing campaign?

Whenever a customer connects to your WiFi network, you will instantly receive data about them. You can use this information to send targeted notifications to your consumers. This could be anything from special offers, to voucher codes, to information about new stock. You can use this to encourage your customers to spend more now or to lock in business in the future. To discover more about this, as well as the other features our retail guest WiFi service provides, simply click here.

The Takeaway & Restaurant Innovation Expo 2016

It’s been a productive week here at Retail Secure, as we exhibited at the Takeaway & Restaurant Innovation Expo in London. The two-day event, which took place on Tuesday and Wednesday, went really well and we had the chance to make lots of great contacts.

The Exhibition

We were in good company too, as a huge number of impressive companies and organisations took part in the event, including The Nationwide Caterers Association (NCASS), Oneworld Packaging, QuickBite Magazine, Basilur Tea UK Ltd, and much more. In fact, our stand was right next to Just Eat, which we must admit we’ve ordered a takeaway or two via before!

screen-shot-2016-11-20-at-10-50-05

 

The exhibition is the only one in the UK for takeaway and restaurant businesses, and there was a lot going on over the two days. Not only were there 300 exhibiting suppliers, but there were also free master classes and seminars, as well as interactive features and expert advice areas.

The event was an excellent opportunity for us to reach more businesses in this industry. We have already provided both of our flagship products, RetailCompli and Legally Compliant Guest WiFi, for a number of companies in the sector, and aim to build our client base over the coming year.

Our products and the Food Sector

Guest WiFi is a must for takeaways and restaurants nowadays, as this is something customers look for when they are choosing somewhere to eat. We were able to show businesses how they can use this platform to leverage numerous marketing opportunities.

Cyber security is also something that needs greater attention in this sector, and we enjoyed introducing our RetailCompli solution to many in attendance. Data breaches are growing by the day, and the food industry is not immune from the threat. All takeaways and restaurants that take payment via card need to comply with PCI DSS, which is something not all businesses do. Our solution helps to achieve this.

Our takeaway website: https://takeaways.retailsecure.co.uk/

Our restaurant website: https://restaurants.retailsecure.co.uk/

Unexpected benefits of guest WiFi

More and more businesses are offering free WiFi to their customers. This is a great way to enhance the service you provide to your customers, no matter whether you run a café, a hair salon, or a clothing store. However, the benefits extend a lot further than this, which is something not everyone realises. With that being said, read on to discover more about the unexpected benefits of guest WiFi.

  • Get to know your customers better – Many business owners do not realise that free WiFi is a great way to get to know your customers. Whenever someone connects to your WiFi network, data will instantly be sent to your central interface. This is extremely useful. After all, the only way to ensure your marketing plan is successful is to get a better understanding of your client base.
  • Make money there and then – Customer WiFi encourages people to spend more. There are numerous ways this is achieved. Firstly, when it comes to the likes of cafes and restaurants, customers are likely to stay at your business longer while using the WiFi, and this will result in them buying more drinks and food, and thus spending more. You can also send targeted marketing messages to those in your store, encouraging them to buy something. For example, you could provide a voucher code or reveal details of a special discount code you have running.
  • Ensure repeat business – Another benefit of guest WiFi is the ability to secure repeat business. You can send discounts for future visits, or you can offer customers a special discount if they refer a friend or family member to your business.
  • Differentiate your company – Offering guest WiFi is a great way to make your business stand out from the competition. Nowadays, more and more people look for free WiFi access when they are determining where to grab a bite to eat or where to go shopping.
  • Take advantage of new advertising channels – Guest WiFi opens you up to a wealth of different opportunities. Friendly WiFi is a prime example. If you become a Friendly WiFi provider, you will feature on a search base for parents and young adults that are seeking family-friendly WiFi. Not only does this shed your business in a good light, but it gives you another marketing medium as well.
  • Customised landing pages – Finally, another benefit associated with guest WiFi is the ability to have a customised login page. This is the page that all of your customers will see whenever they go to sign into your WiFi network. You can incorporate your logo on this page and any other marketing messages you believe will have an impact.

When you take the six points that have been mentioned above into consideration, it is not tough to understand why so many businesses are turning to guest WiFi to boost their popularity and profits.

Hotel Industry Needs To Step & Protect Their PoS Systems

Over the past few years, the attacks on point of sale (PoS) systems at hotels across the world have highlighted the need for hospitality businesses to act in order to protect the future of their company. A lot of experts have expressed that they believe security standards and central support need to be implemented for franchisees in the hotel sector. However, if you are reading this, you should not wait for someone to show you the way regarding cyber security, no matter what industry you operate in. There is no time to wait.

Hotel-room-renaissance-columbus-ohio

One of the most recent attacks involved the HEI Hotels and Resorts Group, with twenty hotels being hit by malware that targeted their PoS systems. The group is not the first one to report PoS malware card data breaches, and the way that things are going they won’t be the last. HEI Hotels and Resorts Group includes popular hotels such as Sheraton, Le Meridien, and the Marriott. Of course, the financial damage of such a breach is extortionate, but the fall-out is often a lot worse than most business owners consider.

Firstly, you will have to ensure you take all of the steps to stop the problem from getting worse, which can mean being out of business for a while. You also need to alert your customers, and you need to get to the bottom of the security vulnerability so that you can rectify it. This can be a lot more difficult than anticipated, and a lot of security breaches go unnoticed for months on end. You will then face fraud losses, and you will need to payout compensation to those that have been affected. And, what about non-compliance fines? All businesses that take card payments need to comply with the PCI DSS security standards. As you have failed to do this, you can expect extortionate fines passed on from your bank. Moreover, your interest rates are likely to go up as a result – that is if the bank will continue to do business with you.

All of this is without even considering the damage that a data breach can do to your reputation. When businesses book a stay at a hotel, they expect a relaxing time where they can let their troubles drift away. They don’t expect to be the victim of credit fraud, or at least to worry that they could be. You have a responsibility to protect your customers’ card data, and when you fail, trust is broken. This is something that is notoriously difficult to rectify, especially in an industry where there are so many businesses you are competing against, and so many other hotels that customers could go for instead.

Don’t be the next hotel to suffer a data breach. Make sure your business is protected. If you don’t know where to start, don’t fret, as Retail Secure can assist. All you need to do is give us a call to get started. You can be sure that our solution is one of the best in the industry, and it is affordable too.

Is your email address for sale on the dark web?

Recent news has come to light that there could have been a significant data breach at Yahoo. A hacker has claimed that they have 200 million Yahoo accounts for sale, after listing them on the dark web market. These accounts are being sold for three Bitcoins, which relates to roughly £1,350 per entry. The data reveals the username, password, and birth date of the account holder. A test of a sample set has been conducted and it proves that the usernames do correspond to real accounts. Yahoo has yet to confirm or deny that a breach has taken place.

at-1020063_960_720

The cyber criminal, who has the moniker ‘Peace’, has also stolen email addresses and passwords from LinkedIn and MySpace in the past. Users need to purchase a key in order to unscramble the passwords. Yahoo has revealed that they are working to go to the bottom of the issue. The company, which was only sold to Verizon last week, is attempting to firstly determine if the details are in fact correct, and then if they were obtained during a hack.

Information surfacing indicates that the data was stolen back in 2012. This may seem alarming to many that a potential data breach could go unnoticed for roughly four years. However, it is not uncommon for data breaches to be undetected for a long time. A lot of businesses right now will have been the victim of a cyber attack and they won’t even realise it.

The attack is also similar to a lot of breaches that we have heard about lately. Only a few months ago, the credentials of 360 million MySpace accounts were put up for sale on the dark web. We have also experienced the sale of 65 million Tumblr emails and 117 million LinkedIn account details. So, what do you do if your email account has been hacked?

Firstly, you should change your password. This is something all Yahoo email users are advised to do as soon as possible. In fact, changing your password every three months is advised in any case. Choose a strong password that incorporates capital letters, lower case letters, symbols, and numbers, and make sure you don’t include any full words. If it is too late, and the hacker has already changed your account, you need to follow the ‘forgot your password’ link, and if that is unsuccessful, get in touch with the email account provider.

When possible, implement two-factor authentication, which involves adding another security layer aside from entering a password. For example, you may receive a new code via your phone whenever you want to login to your email account. This reduces the chance of someone gaining access. Yahoo, Hotmail, Microsoft, and Gmail offer two-factor authentication.

Last but not least, check your email settings. If your account has been breached, the hacker may have changed the settings so that every email you send or receive is forwarded to them. This allows them to look for your login details for other websites, which can lead to more serious issues.

Free WiFi in the Food Industry: Why Restaurants and Takeaways Need to Invest

If you run a takeaway or restaurant, you cannot overlook the opportunity of investing in guest WiFi. Gone are the days when consumers considered free WiFi access a luxury; they now expect it, and by catering to their demand you can reap greater rewards than you probably realise.

wifi-640404_960_720

 

Did you know that 61 per cent of people look for a WiFi hotspot when choosing a place to eat and drink? This is according to BT research. The study also concluded that 20 per cent said they would buy more in the food outlet if WiFi was provided, 27 per cent stated they would visit more regularly, and 36 per cent said they would visit the place again.

As you can see, the demand for guest WiFi is certainly there, and thus you are guaranteed to attract more people to your takeaway or restaurant by offering free WiFi access. You also improve the service you provide to your current customers, encouraging them to stay longer and, therefore, spend more on food and drink.

However, this merely scratches the surface when it comes to offering free WiFi. The marketing opportunities you have at your disposal are massive. Guest WiFi gives you the ability to collect useful data about all connected customers. With the Retail Secure solution, you will immediately receive insights about a consumer whenever they connect to your WiFi network. This allows you to get to know your customers better, which means you can send targeted marketing messages that have a much higher impact.

Almost three in every ten people access WiFi at food establishments because they want to look for discount codes or vouchers. You can take advantage of this. Why not send your customers a 10 per cent discount code for their next visit to your takeaway? This encourages repeat business. Or, you could send a buy one get one free offer on drinks to those in your restaurant? This encourages your customers to spend more then and there. The possibilities are endless; you could also send details about new food on the menu, any events coming up, and so on.

With our solution, you will also benefit from a customised landing page. This is the page your customers will see when they go to log in to your WiFi network. It is like your digital shop window. We will incorporate your logo and any other marketing message you wish to include. Customers can also log in via their social media accounts, encouraging more likes and followers, and once they have entered their details they won’t need to do so next time they visit, enhancing the service you provide them.

One thing you do need to be wary of when providing free WiFi is security. There are many companies providing WiFi services with little regard for this, as well as restaurants and takeaways that simply place their WiFi code in view for their customers to access their network in this way. This is not advised, and can cause huge problems, including large fines.

With more than 25 years of experience in security and communications, this is something you do not need to worry about with our solution. It is 100 per cent legally compliant with all applicable legislation, including the Digital Economy Act and the Data Protection Acts. Our content filtering feature also gives you the ability to block inappropriate material. And, as a Friendly WiFi provider, we offer family-friendly WiFi, meaning we prohibit all websites on the Internet Watch Foundation’s block list.

All of our customers have the option to display the official Friendly WiFi logo at their venue, showcasing that they are a safe and responsible provide. Plus, your takeaway or restaurant can feature on the Friendly WiFi database, whereby parents and young children look for Friendly WiFi approved venues. This is another marketing platform for you to take advantage of.

If you would like to discover more about our service, and how it can benefit your restaurant or takeaway specifically, please do not hesitate to get in touch. Browse our website, or give us a call on 0333 320 8848.

Huge data breach at Wendy’s fast food chain

Another day, another data breach, and this time it is a big one! US fast food chain, Wendy’s, has revealed that they have suffered a breach that has impacted more than 1,000 of their food establishments. Customers’ credit card and debit card information has been compromised, and it is believed that the attack occurred due to malware being installed on the point-of-sale systems.

Screen Shot 2016-07-08 at 23.27.12

The news of a data breach at Wendy’s is not too surprising, as the company admitted several months ago in February that they were looking into a possible breach. Over the months, the extent of this breach has slowly been revealed. In May, Wendy’s confirmed that they located malware on their PoS systems. They then gave an update stating that details were stolen from fewer than 300 locations. These details include debit and credit card numbers, service codes, cardholder verification values, and expiration dates. However, if that was not bad enough, the fast food chain has just revealed that actually more than 1,000 venues were impacted.

Wendy’s have reassured customers that all of the locations are now free of malware. Nevertheless, this is unlikely to put customers at ease, as they worry whether they will be victims of fraud. The company explained that it is probable that the cyber attack came from the remote access credentials of the franchisees being compromised. This meant that the cyber criminals were able to install malware, which then swiped details whenever someone paid via their debit or credit card. Of course, considering the number of updates that there have been already, there could well be some more information on the way.

This incident should be a warning sign to all businesses, as it shows how easily point of sale systems can be compromised. If you don’t have efficient cyber security in position at present, it is likely that access to your PoS systems is available via all avenues, from extranet to email to social media. This means that it is easy for hackers to find a way in. Wendy’s should have taken the necessary steps to limit this access.

To do this, LAN segregation is a must. At Retail Secure, we achieve this by creating a separate Cardholder Data Environment (CDE) whereby access is restricted. This makes it extremely difficult for cyber criminals to find a way in and compromise your payment systems. It also means you comply with PCI DSS, which is a standard that is applicable to all UK businesses that take any payments via debit or credit card. If you are not compliant, you could face huge fines, and the reputational damage is something that is difficult to come back from.

Now, Wendy’s face the challenging process of rebuilding the trust that has been broken. You only have to look at the decline in TalkTalk’s profits to see how difficult this is. Don’t put your business in this position to begin with!

The benefits of offering free WiFi at your café

If your business is yet to offer free WiFi, irrespective of whether you run a small independent café or you run a national chain of coffee shops, you are missing out on a huge opportunity. With that being said, read on to discover more about the benefits of offering free WiFi at your café.

coffee-608968_960_720

  • Attract more customers to your café – There is only one place to begin, and this is with the fact that you are guaranteed to attract more people to your café. Research indicates that free WiFi provision is one of the main things customers look for when looking for somewhere to eat or drink. This is especially true when it comes to coffee shops, as a lot of people like to bring their laptop and connect to the Internet so that they can check their work emails or finish a university assignment. All in all, this is a great way to make your business stand out from the competition.
  • Encourage customers to spend more – By offering free WiFi at your café, you are encouraging customers to stay at your venue longer, which will result in them spending more. This can result in a significant increase in profits over time. After all, if a customer comes to your coffee shop to use your WiFi, they are going to order an extra coffee than they usually would, and perhaps they will even have a bite to eat.
  • Target marketing more effectively – One of the key benefits associated with guest WiFi is the ability to gain real-time data about all of your connected customers. You can then use this information to send targeted marketing messages to those in your café. This could be a discount off their next drink, or you could advertise new items on your menu, for example. By having such data handy, you will be able to increase the likelihood of your advertising messages being a success, as you will have tailored them to the customer in question.
  • Brand your café with a customised landing page – Your landing page is like your digital shop window. This is what your customers will first see whenever they go to connect to your network. Therefore, you can use this page to brand your company to full effect. Why not include your logo and any other compelling marketing messages? Maybe you could advertise any special deals you have running?
  • Get your customers to advertise for you – You can encourage your customers to ‘check-in’ at your venue on Facebook or to share pictures of their coffee on Instagram. By doing this, your customers are going to be effectively advertising for you.
  • Increase customer loyalty – Last but not least, not only will you attract new customers to your café, but also you will increase loyalty amongst your current customers. This is because you are enhancing your service to them, not only by giving them free WiFi access but also by sending voucher codes and other special offers.