Blog Posts

Benefits of NCR Secure Pay

Benefits of NCR Secure Pay

Without P2PE Hardware

NCR Secure Pay offers added security even when it is employed without Point-to-Point Encrypting (P2PE) Hardware.

Tokenization
The way card information is stored in your retail location is a key component of security. You need to ensure that you are storing cardholder information securely at all locations in your retail environment.

NCR Secure Pay utilizes tokenization, which is the most secure method of credit card data storage, also known as a token replacement. Tokenization allows NCR Counterpoint to store a token instead of an actual card number. If your system were breached, unauthorized users would only find the token information and not the actual card information, which is stored in a token vault hosted by NCR. With
the token, you can access the transaction information as needed for returns and other operations, including a card on file billing, while maintaining a secure system.

Host-Based Settlement
NCR Secure Pay uses host-based settlement, which stores transaction information at NCR’s host, rather than your NCR Counterpoint installation, until settlement. This provides flexibility allowing a settlement to be easily automated from the host or initiated from any web browser by using the NCR Secure Pay merchant portal.

In addition, with a host-based settlement, POS workstations running in “offline” mode can are still able to settle their transactions. This is a great benefit when offline workstations are disconnected for an extended period, such as during large upgrades.

With P2PE Hardware

Point-to-Point Encryption
Transmission of cardholder data between your system and the payment processor can be an area of a weakness that cyber payment criminals target.

To get an approval from a credit processor, card information must travel from the MSR (card reader) through the Point of Sale (POS) application and operating system (OS) to an application which communicates with the credit processor in order to get an authorization. Most systems pass the card data from the MSR unencrypted through the OS to the POS application and encrypt before sending the
approval communication to the credit processor.

With the addition of P2PE Hardware, NCR Secure Pay enables you to encrypt directly by the MSR hardware at the time the card is swiped, rather than solely during the transmission to the credit processor. The encryption happens in the hardware on the MSR device, not inside your NCR Counterpoint system and unencrypted data never exists on your POS network. This ensures sensitive cardholder information is encrypted throughout its lifecycle in your environment, limiting your risk of an unauthorized user scraping that data from memory.
Benefits of NCR Secure Pay

Another difference worth noting with P2PE as compared to traditional encryption is that the encryption and decryption processes use different keys. Even if you have the encrypting key, you can’t decrypt the data because the key to unlock the data is not the same. When using P2PE with NCR Secure Pay, the decryption key does not exist in the store environment, again reducing the risk that sensitive data could
be stolen from the system.

Contact CCS Retail Systems to get started with your NCR Secure Pay Systems.

Marilyn.

NOTICE: PCI DSS Requires Transition to Secure Pay Before April 30th, 2018!

PCI DSS Requires Transition to Secure Pay Before April 30th, 2018!

TSYS and WorldPay Ending CPGateway Support

TSYS will discontinue support for the NCR Counterpoint Gateway (CPGateway) platform on April 30th, 2018. Merchants who are currently processing EDC payments through TSYS via CPGateway are advised to migrate to NCR Secure Pay before this date to ensure they can continue processing without interruption.

In addition, Worldpay will discontinue support for CPGateway within a similar time frame (we will announce the actual date on which CPGateway support will end for Worldpay merchants as soon as it is confirmed). Again, we strongly encourage merchants who are currently processing EDC payments through Worldpay via CPGateway to migrate to a Worldpay (TCMP) account for NCR Secure Pay to avoid any interruptions.

TLS 1.2 Transition

Payment Card Industry Data Security Standards (PCI DSS) require all PA-DSS validated payment applications to discontinue the use of “early TLS” (i.e., all versions of SSL and TLS 1.0) by June 30th, 2018.

To comply with this requirement, NCR Secure Pay will no longer accept early TLS connections after 2:30 A.M. on June 5th, 2018. In addition, updates to NCR Counterpoint V8.5.4 and V8.4.6 that will require the use of TLS 1.2 for payment transactions processed through NCR Secure Pay will be released as follows:

  • V8.5.4 Patch 002: Scheduled for 2/20/2018
  • V8.4.6.19 Service Pack: Scheduled for 3/6/2018

NCR does not plan to release patches or Service Packs to support TLS 1.2 in other versions of NCR Counterpoint.

To sign up for an NCR Secure Pay account, Contact CCS Retail Systems  ASAP.

Marilyn.

Using The Passport Payroll and a Time Clock Function

Using The Passport Payroll and a Time Clock Function

Meet TimeClick 2018

Rated the best time clock software by Top Ten Reviews, TimeClick is a simple to use time clock program that allows employees to clock in and out from their computers. It keeps detailed records of all time worked for as long as the user wishes and allows reporting of any time period asked for. TimeClick works with Passport’s PBS Payroll to simplify payroll preparation.

And now, new TimeClick 2018 features a sleek interface that makes it easy for any employee to clock in/out, switch departments or jobs, review messages, view current hours, all on one customizable screen.

Real-time reporting allows instant viewing of employee hours and prevents unwanted overtime by using employee schedules with “early” clock in prevention.

Employees can be assigned to jobs and departments to break down hours worked into different categories and track where time is being expended.

Depending on settings, employees are able to access the Employee Options Menu, which allows employees to send/receive messages, request Vacation, Sick, or PTO off, receive notifications and submit missed time requests. This simple messaging system allows for easy communication!

Contact CCS Retail Systems to explore how a Time Clock can streamline your payroll operations efficiency and accuracy.

Marilyn

Card Not Present Disputes TIPS

Card Not Present Disputes TIPs

AMERICAN EXPRESS | GLOBAL MERCHANT SERVICES
 
CARD NOT PRESENT DISPUTES | CAN BE FRUSTRATING
 
We’d like to share a few tips that can help prevent

Card Not Present disputes from occurring.
PRESENTING:
THE MOST COMMON TYPES OF CARD NOT PRESENT DISPUTES
AND HOW TO PREVENT THEM.
#1 NO KNOWLEDGE
 
Problem: The customer claims they don’t recognize the transaction on their statement.
 
Tip: Use your customer-facing business name on billing statements. Contact your processor to review and/or update what is shown on the Card Member’s statement.
#2 RETURNED/CANCELLED
 
Problem: The Card Member claims that the product/service was returned/ canceled but doesn’t see the credit.
 
Tip: Send a confirmation notice when items are canceled or returned and outline what the Card Member should expect as a result of the return/cancellation.
#3 NOT RECEIVED
 
Problem: The Card Member claims that the goods or services were not received.
 
Tip: Wait to charge the Card Member until the shipping or service date.

CCS Achieves NCR Centurion Club Status

CCS Achieves NCR Centurion Club Status

NCR monitors the performance of its channel partners such as CCS Retail Systems, Inc.  Achieving Centurion Club Staus at CCS helps us maintain the best relationship possible with NCR.  This status ensures we get priority in pricing, discounts, shipping, and support from NCR for our customers.  We wish to thank all of our customers who helped make it possible for us to provide the maximum leverage of NCR resources to pass on to all customers.

“I wanted to congratulate you on meeting the Q4 Centurion Club requirements for 2017.  I also wanted to officially recognize CCS Retail Systems, Inc. and personally take the opportunity to say thank you for putting up a great Q4.

Best,

Jason Skolak
Channel Account Manager – Retail Solutions Division”

Marilyn

GDPR – The General Data Protection Regulation Compliance Requirements

GDPR – The General Data Protection Regulation

The GDPR imposes rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where those businesses are located. Among the key elements of the GDPR are the following:

Enhanced personal privacy rights – strengthened data protection for residents of the EU by ensuring that they have the right to access their personal data, to correct inaccuracies in that data, to erase that data, to object to processing of their personal data, and to move it

Increased duty for protecting personal data – reinforced accountability of organizations that process personal data, providing increased clarity of responsibility in ensuring compliance

Mandatory personal data breach reporting – organizations that control personal data are subject to stringent reporting and notification requirements in the event of a personal data breach

Significant penalties for non-compliance – steep sanctions, including substantial fines that are applicable whether an organization has intentionally or inadvertently failed to comply November Accelerate Your GDPR Journey 2017 13

As you might anticipate, the GDPR may have a significant impact on your business, potentially requiring you to update privacy policies, implement and strengthen data protection controls and breach notification procedures, deploy highly transparent policies, and further invest in IT and training.

If your company has business transactions that involve European Union (EU**) Companies or customers, you can contact CCS Retail Systems to help you plan how to avoid GDPR penalties before this regulation is enacted on May 25th, 2018.

**EU Austria, Belgium, Croatia, Bulgaria, Cyprus, CzechRepublic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxemburg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom
 
 

Marilyn McCormick

New Technology Requires Changes

New Technology Requires Changes

Have you ever had problems with your computer, like extreme slowness, after an update was applied? This problem happened to me a few days ago on my home computer, and I was perplexed as to what was going on. I had not done anything unusual on my PC, yet it was struggling to load anything.

Bryan, one of our great techs, checked it out for me and found that the memory was not sufficient to handle the update. The machine was also aging, so that complicated the issue. Additional memory was inserted, and it immediately solved the problem.

This kind of situation can happen in the office environment, also. Machines, as well as software, need to be updated as new technology increases the load. Sometimes a quick fix will correct the issue, but sometimes the machine itself will need to be replaced. Think of it this way: Would you like to try using an old rotary dial telephone with a party line in the age of smartphones?

Luckily, you can call us for assistance if something isn’t working right. Our techs have years of experience working with both POS Systems and Operating Systems. They can effectively pinpoint the problem and work with you to provide the best solution.

Our phone number is 425-672-4806, or you can email us. Solve that problem today!

Marlene

Historical Data Migrations From Old to New Platforms.

Historical Data Migrations From Old to New Platforms.

Data migrations can go awry for many reasons, however, most often these bad situation scenarios can be avoided with consultation with CCS Retail Systems Support and some careful planning.

Here are some recent examples.

  1. Data Migrations where corrupt data is present.

An IT person did an in-house test migration to a newer NCR Counterpoint software version. The company preferred to not purge history regularly. There were some known corrupt data records complicating the procedure. The company had some history that was over 10 years old. (A recommended policy is to try to keep 3 years of history at a maximum.)

The IT person planned to start the upgrade on a Friday night and complete it by the following Monday morning. This approximately 48+ hour time frame would be very aggressive when considering the scope and complexity of the conversion.

  1. Trying to using the current software on antiquated hardware and unsupported antiquated operating systems.

Attempting this sort of migration can be a recipe for disaster because damage to your data could occur from system architecture and software limitations.

For example, a business owner copied his current updated software installation onto an old server running an older, unsupported operating system. The performance of the software was then extremely inadequate for the task. Program completion times were decreased by as much as two orders of magnitude from current systems available.

  1. Some things that you can do to prevent the above-referenced scenarios are:

1. Verify that existing hardware, operating system, and software infrastructure meets or exceeds the minimum requirements for the new software. This should be considered mandatory

2. Get proper training on the new software in advance of doing either a test migration or a live migration.

3. Read all of the documentation related to the entire data migration process.

3. Plan to do a thorough test migration, This would include having end-users replicate normal processing work that represents a least several days’ worth of live data that was done in their old system.

4. Schedule CCS Retail Systems Support to do the entire data migration or provide your organization with assistance on the migration project.

– John

Recovering From a Ransomware Attack

Recovering From a Ransomware Attack

Ransomware attacks are on the rise. It is getting more common to get random emails with subjects indicating they are package tracking, voice mails, photo edits, and so on. Many of these are attempts to get you to take the bait, click the link, and ultimately install ransomware. Much has been written about recognizing malicious emails, not opening mail from unknown users, and other good advice. What happens, however, if you are unfortunate and do get hit with ransomware?

We are assuming this is a true Ransomware infection, where an active payload of malware has been added to your system. Another type of Ransomware is Scareware masquerading as Ransomware. This latter Ransomware has no payload but threatens you with data encryption as well. It is best to assume any Ransomware threat includes a payload, at first. A safe mode reboot investigation can help you check if a payload is active. If the infection is just Scareware, you may be safe with a reboot and comprehensive malware scan to confirm there is no infection active.

First, be very suspicious of any unusual activity. One of the first signs, even before the ransom notice pops up, is that programs will stop working, or documents will disappear. This activity is due to the malicious software starting to encrypt your files. If anything like that happens, take immediate action. First, disconnect your computer from your network. That is, physically disconnect the network cable, or if you use a wireless connection, turn it off. Also, immediately shut down your computer. I do not usually advocate just turning off the power, but this is one time that it is not a bad idea. The idea is that if ransomware has started on your system, to limit the damage occurring.

Try to start your computer in safe mode, and begin investigating. Make sure you lookup entering safe mode in Windows on your version to MAKE SURE you do NOT get a normal boot or the Ransomware will be active again. Check for those programs or documents that suddenly disappeared. If there is a file with the same name, but the extension has changed, most likely ransomware is the culprit. In that case, be prepared to do some research, and possibly still lose some work. It depends on the active Ransomware variant since some have been Ransomware payloads have been cracked and there are recover utilities available.

Other Ransomware payloads do not have removal utilities, and you will have to go to your back copies. Before that, however, you need to make sure that the machine is cleaned of the ransomware programs or your system will be reinfected and you will need to start over again. If utilities exist to clean the Ransomeware for your system, they should be used immediately. If not, a lot of digging and experimenting will be required. If there is no cleaning utility you may need to reformat the infected drives, reinstall the operating system, and then restore from a full image backup, NOT just a file backup. In either case, spend a lot of time checking your system, before putting it back on your network and getting on with your work. You want to be very, very, sure that the Ransomware is gone, or you will be exposing the rest of the computers on your network to Ransomware infections.

Recovering from Ransomware is a critical task that can be very complex.  This blog is just a simple overview.  We recommend you contact CCS Retail Systems Support for further guidance and services to ensure the Ransomware is properly eliminated from your systems. Remember that if you comply with the Ransomware demands there is NO guarantee that your payment will result in any recovery of your system.  The best course of action is to defeat the Ransomware request NOT honor it.

Dave.

Customizing CPSQL

Customizing CPSQL

I recently had a user ask me to notify NCR that a certain field in the customer table should be added as a search field because of how technology is advancing.

When this Counterpoint user added customers to their system, they were using the customer’s landline phone number as the customer account number.  Fortunately, in Counterpoint besides having a landline phone number field there is a mobile phone number field.

With more people choosing to not have a landline anymore, this user wanted to use the mobile phone number as a lookup field and wanted to give their mobile technicians an easier way to look up their customers when away from the office.

This can be accomplished easily in NCR Counterpoint by adding the mobile phone number field as a “keyword” to be used during lookups. As a matter of fact, just about any field can be set as a keyword field to be used for lookups.  Keywords can also be configured for item lookups, ticket history lookups, and most other table/field combination you need.

If you are not familiar with using some of the more advanced features of NCR Counterpoint, give the CCS Retail Systems Support department a call at 800.672.4806 or email us to help you make lookups more useful for you and your crew.

-Bryan