Blog Archives

Nodus Products Have Been Revalidated Against PA-DSS

recertified

For the third time, Nodus Credit Card Advantage, ePay Advantage and eStore Solution Stack have been validated against the Payment Application Data Security Standard (PA-DSS). This time, the Nodus solutions have been validated under the new PA-DSS version 3.2 which requires support for only secure encryption protocols such as TLS 1.2.

“Nodus is very dedicated to maintaining our PA-DSS certification for all of our solutions,” said Nikki Nguyen, Director of Product Management, “Providing secure applications for processing electronic payments helps us maintain trust with our loyal customers and partners.”

Due to the new industry requirement, Nodus is highly recommending that all current customers upgrade to the newest versions of their Nodus software to utilize the TLS 1.2 encryption protocol. This upgrade should be scheduled as soon as possible to avoid any disruption when Payment Gateways begin to turn off the previous insecure encryption protocols. More information on the TLS 1.2 Security update can be found at:  http://www.nodus.com/nodus_TLS_Security_Update.html

Customers interested in upgrading can contact Nodus Technologies Support at (909) 482-4701 option 2 or by e-mailing support@nodus.com.


What is PA-DSS?

The PCI’s Payment Application Data Security Standards (PA-DSS) defines security requirements & procedures for software vendors of payment applications to securely manage and protect card data. A validated PA-DSS application means that the payment application has been assessed to ensure it meets all of the security requirements of the Payment Card Industry Security Standards Council (PCI-SSC).


How does the PA-DSS impact customers?

Secure payment applications help to facilitate a customer’s PCI DSS compliance. When implemented in a DSS-compliant environment, PA-DSS validated payment applications will minimize the potential for security breaches leading to compromises of full magnetic stripe data, card validation codes and values (CAV2, CID, CVC2, and CVV2), PINs and PIN blocks.

Advertisements

Understanding Costs of Not Integrating

When selecting an ecommerce solution you will find both integrated and non-integrated software products available in the market. The initial investment of an integrated solution may appear higher and cause you to wonder just how much is the business process automation and integration with back office or ERP systems really worth? To assist with this analysis, think of the labor required for each step throughout the order cycle.

With a non-integrated solution, you will need to hire workers to enter orders that come in from your website into your accounting or ERP system. Any customer information that is captured will need to be re-entered as well. This duplicative data-entry is manual and prone to keying errors, which can result in additional cost that is not necessary, and could virtually be eliminated with an integrated, automated solution.

Once an order has been placed on your website and entered into your accounting system, a non-integrated solution will require you to hire workers to manually check inventory and see if the product is available in your warehouse. If an item is backordered, you will need to have workers manually contact the customer to inform them of the delayed shipping date, and hope this bad news does not upset the customer and cause them to cancel or delay their order.

If there is a change in a product’s price or you would like to run a promotion, you will need to have workers manually update items online in your web store as well as in your accounting database for each product or stock keeping unit (SKU). Again, these operations are duplicative, labor intensive and more prone to human-error when using a non-integrated ecommerce system, and the associated cost of each step slowly eats away at your margins. Now imagine these issues with thousands of products and / or customers. The diminishing effects on your ROI can be staggering.

After an order has been fulfilled and shipped to the customer, not having real-time automated tracking numbers and shipping notifications readily available through your web store will prohibit customers from self-managing their orders, and often result in increased call center demands for your non-integrated ecommerce business. This means you will need to hire workers to manually service customers and look up information that could be provided automatically with an integrated ecommerce solution. When you consider this in light of a successful web store, it’s clear this type of inefficient business process could weaken profits if not optimized correctly.

The issues discussed above become exponentially more treacherous the more products and customers you serve with your ecommerce storefront. Managing suppliers, large inventories of items in your warehouse and large numbers of customer records in your CRM is difficult, compared to small scale operations, and often prone to waste and error. Even more challenging is constantly keeping accurate, detailed information available for all product SKU’s and customers in your internal accounting database. Updates using non-integrated solutions will require you to hire workers to make duplicative changes to both your online web store and your ERP system each time something changes with a particular item. Over time, and with large inventories of items, this process becomes costly and further undermines profits. Contact us for a free copy of our latest white paper, Planning for Success: Nodus eStore Solution Stack, An Integrated Ecommerce Solution For Microsoft Dynamics GP.

Don’t Let a Breach Dampen the Holiday Season

The holidays are approaching which means a time for cheer and presents—which means more money is being spent—which means more credit card fraud. With millions of card numbers already stolen this year, it is only a matter of course that much more will be stolen with the increased shopping of the holiday season.

Hackers who work on the good side of the law, investigating security breaches, have found even their own stolen information many times. In fact, Bryan Sartin of Verizon’s forensic computer tech team remembers finding a desk mate’s credit card information in two out of three cases, and when it wasn’t there, found his wife’s!  With this amount of fraud going on, it’s unnerving to think that some merchants are not implementing any improved practices that will help secure their customers information during this holiday season. The last thing anyone wants is to deal with is credit card fraud when they could be spending quality time with family and friends.

A reason Sartin mentions about why the U.S. is so prone to credit card data security breaches is the way they are being processed. Credit card information goes through multiple systems, flying through the internet, and continues to travel to complete the transaction even after returning an accepted or declined message.

Mallory Duncan, general counsel at the National Retail Federation, proposes tokenization as a potential solution. With tokenization, the card information is taken to the gateway, and a token is returned. This token has no credit card data behind it—so even if it is stolen, it would be meaningless to the hacker.

Nodus provides the option of tokenization with all its products. Our solutions are PCI PA-DSS certified and we are always improving our solutions to help your business become more secure. Improve your processes to keep your customers’ credit card data safe during this holiday season and let the holidays get back to meaning joy and comfort.

To learn more about tokenization and securing your payment processing systems, schedule a free demo with us today at http://www.nodus.com/schedule_demo.html

Source: npr: National Public Radio