Category Archives: Ecommerce

Will Your Payment Processing Break Due To Mandatory Security Update? – 2017 Deadline Approaching for TLS 1.2 Requirement

The PCI Security Council has mandated that online merchants who accept credit cards must upgrade from the older SSL and early TLS security protocols, to the newer TLS 1.2 protocol. The required implementation dates to remain in compliance have changed multiple times, causing merchant confusion. To further this confusion, individual gateways and processors have their own implementation timelines for TLS 1.2 support.

Due to recent high profile attacks, some vendors have decided to expedite the transition to TLS 1.2 and completely end support of the older, less secure protocols.  This was primarily done because of the known risks of the older security protocols and the PCI Security Council’s assessment of the risk to merchants. The PCI Security Council has stated, “The vulnerabilities within SSL and early TLS are serious and left unaddressed put organizations at risk of being breached.”  Because of these known risks, payment technology vendors have become more aggressive in their implementation timeframes and are in the process of deprecating the older protocols beginning in 2017.

One such company is PayPal. PayPal just recently turned off support of the older protocol for test environments and will completely stop supporting the older protocols by June 30, 2017.  FOR MERCHANTS USING A PAYPAL PAYMENT GATEWAY WHO HAVE NOT UPGRADED THEIR SYSTEMS TO SUPPORT TLS 1.2, CREDIT CARD PROCESSING SERVICES WILL NO LONGER WORK AFTER THAT DATE.

Dates to know:

  • PCI Security Council original date of TLS 1.2 compliance was 2016
  • PCI Security Council new date of TLS 1.2 compliance is June, 2018
  • PayPal testing environment ended support of older protocols on February 15, 2017
  • PayPal production environment ends support of older protocols on June 30, 2017

How do you ensure you will be able to accept credit card payments after the June 30, 2017 deadline? The first thing merchants should do is contact their systems providers to determine all of the payment gateway connections their solution employs. Merchants should then verify that their solution has been upgraded to support the TLS 1.2 protocol.  This often times reveals a spider web of connections.  Many solution providers support a variety of gateways to reach a particular processing platform.

tls chart

In the example of PayPal, merchants may be unaware that their payment acceptance solution could utilize technology from PayPal even if they do not accept PayPal as a form of payment. PayPal Holdings, Inc. has acquired various payment technologies and companies (i.e. PayFlow Pro, BrainTree, Venmo, etc.) that many payment solutions employ in the background.  If a merchant’s solution utilizes a PayPal gateway and hasn’t been upgraded to support TLS 1.2, it will stop functioning after the June 30, 2017 date.

To avoid credit card acceptance interruption and protect yourself against malicious attacks, you should:

  1. Upgrade your systems to support the latest security protocol TLS 1.2
  2. Start your upgrade process today. System upgrades take time and a backlog is already forming with many vendors. This will result in many merchants unable to accept credit card payments after June 30, 2017
  3. Nodus customers should contact Nodus Support to discuss their upgrade options and ensure that the software versions they are using support TLS 1.2

 

Resources:

 

Chester Ritchie is the President of Nodus Technologies (http://www.nodus.com).  Nodus is a certified Microsoft Gold Level Partner for payment software within the Microsoft Dynamics family of accounting systems.  Nodus products allow users of Great Plains (GP), Solomon (SL), and AX to accept electronic payments inside of the accounting system. Accounting entries related to payments are automated and cash flow is increased.

Nodus Products Have Been Revalidated Against PA-DSS

recertified

For the third time, Nodus Credit Card Advantage, ePay Advantage and eStore Solution Stack have been validated against the Payment Application Data Security Standard (PA-DSS). This time, the Nodus solutions have been validated under the new PA-DSS version 3.2 which requires support for only secure encryption protocols such as TLS 1.2.

“Nodus is very dedicated to maintaining our PA-DSS certification for all of our solutions,” said Nikki Nguyen, Director of Product Management, “Providing secure applications for processing electronic payments helps us maintain trust with our loyal customers and partners.”

Due to the new industry requirement, Nodus is highly recommending that all current customers upgrade to the newest versions of their Nodus software to utilize the TLS 1.2 encryption protocol. This upgrade should be scheduled as soon as possible to avoid any disruption when Payment Gateways begin to turn off the previous insecure encryption protocols. More information on the TLS 1.2 Security update can be found at:  http://www.nodus.com/nodus_TLS_Security_Update.html

Customers interested in upgrading can contact Nodus Technologies Support at (909) 482-4701 option 2 or by e-mailing support@nodus.com.


What is PA-DSS?

The PCI’s Payment Application Data Security Standards (PA-DSS) defines security requirements & procedures for software vendors of payment applications to securely manage and protect card data. A validated PA-DSS application means that the payment application has been assessed to ensure it meets all of the security requirements of the Payment Card Industry Security Standards Council (PCI-SSC).


How does the PA-DSS impact customers?

Secure payment applications help to facilitate a customer’s PCI DSS compliance. When implemented in a DSS-compliant environment, PA-DSS validated payment applications will minimize the potential for security breaches leading to compromises of full magnetic stripe data, card validation codes and values (CAV2, CID, CVC2, and CVV2), PINs and PIN blocks.

Understanding Costs of Not Integrating

When selecting an ecommerce solution you will find both integrated and non-integrated software products available in the market. The initial investment of an integrated solution may appear higher and cause you to wonder just how much is the business process automation and integration with back office or ERP systems really worth? To assist with this analysis, think of the labor required for each step throughout the order cycle.

With a non-integrated solution, you will need to hire workers to enter orders that come in from your website into your accounting or ERP system. Any customer information that is captured will need to be re-entered as well. This duplicative data-entry is manual and prone to keying errors, which can result in additional cost that is not necessary, and could virtually be eliminated with an integrated, automated solution.

Once an order has been placed on your website and entered into your accounting system, a non-integrated solution will require you to hire workers to manually check inventory and see if the product is available in your warehouse. If an item is backordered, you will need to have workers manually contact the customer to inform them of the delayed shipping date, and hope this bad news does not upset the customer and cause them to cancel or delay their order.

If there is a change in a product’s price or you would like to run a promotion, you will need to have workers manually update items online in your web store as well as in your accounting database for each product or stock keeping unit (SKU). Again, these operations are duplicative, labor intensive and more prone to human-error when using a non-integrated ecommerce system, and the associated cost of each step slowly eats away at your margins. Now imagine these issues with thousands of products and / or customers. The diminishing effects on your ROI can be staggering.

After an order has been fulfilled and shipped to the customer, not having real-time automated tracking numbers and shipping notifications readily available through your web store will prohibit customers from self-managing their orders, and often result in increased call center demands for your non-integrated ecommerce business. This means you will need to hire workers to manually service customers and look up information that could be provided automatically with an integrated ecommerce solution. When you consider this in light of a successful web store, it’s clear this type of inefficient business process could weaken profits if not optimized correctly.

The issues discussed above become exponentially more treacherous the more products and customers you serve with your ecommerce storefront. Managing suppliers, large inventories of items in your warehouse and large numbers of customer records in your CRM is difficult, compared to small scale operations, and often prone to waste and error. Even more challenging is constantly keeping accurate, detailed information available for all product SKU’s and customers in your internal accounting database. Updates using non-integrated solutions will require you to hire workers to make duplicative changes to both your online web store and your ERP system each time something changes with a particular item. Over time, and with large inventories of items, this process becomes costly and further undermines profits. Contact us for a free copy of our latest white paper, Planning for Success: Nodus eStore Solution Stack, An Integrated Ecommerce Solution For Microsoft Dynamics GP.

Don’t Let a Breach Dampen the Holiday Season

The holidays are approaching which means a time for cheer and presents—which means more money is being spent—which means more credit card fraud. With millions of card numbers already stolen this year, it is only a matter of course that much more will be stolen with the increased shopping of the holiday season.

Hackers who work on the good side of the law, investigating security breaches, have found even their own stolen information many times. In fact, Bryan Sartin of Verizon’s forensic computer tech team remembers finding a desk mate’s credit card information in two out of three cases, and when it wasn’t there, found his wife’s!  With this amount of fraud going on, it’s unnerving to think that some merchants are not implementing any improved practices that will help secure their customers information during this holiday season. The last thing anyone wants is to deal with is credit card fraud when they could be spending quality time with family and friends.

A reason Sartin mentions about why the U.S. is so prone to credit card data security breaches is the way they are being processed. Credit card information goes through multiple systems, flying through the internet, and continues to travel to complete the transaction even after returning an accepted or declined message.

Mallory Duncan, general counsel at the National Retail Federation, proposes tokenization as a potential solution. With tokenization, the card information is taken to the gateway, and a token is returned. This token has no credit card data behind it—so even if it is stolen, it would be meaningless to the hacker.

Nodus provides the option of tokenization with all its products. Our solutions are PCI PA-DSS certified and we are always improving our solutions to help your business become more secure. Improve your processes to keep your customers’ credit card data safe during this holiday season and let the holidays get back to meaning joy and comfort.

To learn more about tokenization and securing your payment processing systems, schedule a free demo with us today at http://www.nodus.com/schedule_demo.html

Source: npr: National Public Radio

Keep your Customers Feeling Safe this Holiday Season

Surprisingly, according to a recent Gallup spending forecast, we can expect to see an increase in retail shopping this holiday season. The reason for this is due to the growing customer concern surrounding digital fraud which can cause customers to stray away from ePayments. Two-thirds of customers surveyed stated that they were worried about their credit cards being compromised. In fact, Americans have grown to become more afraid of credit card fraud than terrorism!

Credit card fraud can be a very frustrating situation for both you and your customer. Even with security measures in place which are intended to detect fraudulent activity and replace stolen funds, a hack can still be annoying—accounts can stop working during an inconvenient time, new cards can take a while to be sent in the mail, and funds can take up to an entire statement cycle to be restored. It’s no wonder customers would prefer to stay away from all the hassle, especially during the holidays.

Don’t let the customer’s fear of credit card fraud hinder your business this holiday season. Look towards using a secure and reliable application to process credit cards in order to keep your customers feeling safe. Here at Nodus, we know all about secure payment processes, from the deployment of an application to the storing of the sensitive information. All our solutions are PA-DSS certified to help your business be the one that customers can trust with their payment information.

To schedule a demo or talk to someone about our solutions, call 909-482-4701 or email sales@nodus.com.

Source: Fox Business

Things to Consider before selecting any Integrated Ecommerce Solution Provider

E-commerce has become a significant part of most business organizations due to the explosion and popularization of the use of internet and the ease of conducting business over it. Thus, it has become essential for eCommerce merchants to invest in quality and reliable integrated eCommerce to manage their online business and provide best service to their customers. However, it can be quite challenging to the e-Commerce merchants to choose the right eCommerce platforms to suit their requirements. This is of immense significance because even though most companies view their online business as a separate entity, the truth is that a major portion of their earnings comes through the internet. The eCommerce solutions help companies in better managing their websites by offering a number of user-friendly features. Thus, companies need to look for these features if they wish to maximize their business by selecting the e-Commerce solution provider best suited for them.

The choice of the integrated eCommerce solution should depend on the features that they need for their website. Some of the features that these solutions usually incorporate in their website include navigation, shopping cart, shipping, handling, taxes and order management system among others. The latest features offer greater ease of access to the

ecommerce solution

ecommerce solution

customers, which is essential for providing enjoyable shopping experience to the customers. Thus, companies need to decide upon the degree of flexibility and customization they require for their business. Customization can play a significant role in helping online promotional campaigns. This can include functions like auto-responders for sending automated replies and promotional materials to the customer and subscriber list. Thus, companies need to define their vision and requirements for selecting the correct eCommerce solution. Vendors offering a wider range of features and greater customization may charge more but will result in generating higher sales and revenues. Therefore, companies need to be sure of their requirements, which can help them selecting the right integrated e-Commerce solution for their online business.