Blog Posts

Shimming to Clone the Mag Swipe Data that can be used to commit fraud

Shimming

Everyone has heard of “skimming” when it comes to credit card fraud. But have you ever heard of “shimming”?

Shimming is the new “skimming” in the world of EMV chip cards. Shimming is done by inserting a paper thin card sized shim containing an embedded microchip and flash storage into the credit card slot where it intercepts data from the EMV chip of your credit or debit card. Although the data that is captured cannot be used to clone the chip itself, it can be used to clone the mag swipe data that can be used to commit fraud.

How can you protect yourself from this type of fraud? For starters, you can start using the “contactless” feature of the card if available (NCR Counterpoint 8.5.4.1+ supports this feature). Another way would be to use Apple Pay or Google Pay, or any of the smartphone-related payment apps if the retailer your shopping at supports these payment methods.

Another smart move, that you should already be doing, is checking your bank and credit card statements for any transactions not made by you and report any fraud immediately to your bank or card issuer. Most banks and credit card issuers already have apps that can be setup to alert you via text, email or both if any transaction over a certain dollar occurs.

For more information about the EMV capabilities of NCR Counterpoint or upgrading your system to be able to use EMV and contactless payments, contact the CCS Retail Systems Support Department at 800.672.4806 or email us.

-Bryan

Is there a Gap in your GAAP?

Is there a Gap in your GAAP?

GAAP (Generally Accepted Accounting Practice) standards are often overlooked. Things that you should look for are:

1. Running edit lists to review transactional data before posting it in batch. – This allows you to catch any errors or omissions prior to posting.

2. Documents that you create should always have unique numbers. This would be true regardless of what area of the software that the document being created in.

Examples: POS Orders and Invoices, A/P Vouchers and Checks (paper and EFT), Payroll Checks, General Journal numbers, etc.

3. Auditing as you go – Whenever you are doing transaction input, after auditing your work, you should have another staff member review it before you post it.

4. Grouping transactions by date or period– As you are making any adjustments, make sure that all adjustments that are posted together are on the same date and/or within the same accounting period – Meaning don’t post entries dated in January with activity for February or March.

Typically, in most software applications, a document number is considered a Primary Key, so it should be considered “Unique” and would not be duplicated. However, there are some programs where it might be a Secondary key where multiples might be allowed, such as using a sequence Number, such as when using duplicate entries and historical tables such as Check History (e.g. checks, voids for the same checks, or manual payments, EFT transactions, etc.).

Just because a program might allow you to insert duplicate data, that isn’t necessarily a good thing to do

Even in situations where the programming might allow for this sort of thing, a duplicate document number might cause other issues with software functionality. -As examples.

• Unique document numbers make auditing easier. If an auditor sees a lot of duplicate documents, it may prompt the auditor to dig deeper looking for other accounting irregularities, thereby artificially extending the length of the audit. An example of this sort of this would be a local, state or federal tax audit.

• A Ticket/Invoice number exists in history multiple times – So A user runs a report on ticket #54653 without having specified a date or date range. The subsequent report returns a dozen documents created over a period of 10 years.

• Problems posting – I have seen examples where end-users have used the same invoice number dozens of times. When they try to post a new voucher using the same invoice number, the program may hang or crash while it attempting multiple times to create a “New” document for one that already existed previously. As an example, the program might be writing data for the same document into history a dozen times, and they just stop the attempts to write the new data.

The worst example of this that I have seen so far, is with one vendor that 21 manual payments on file using an invoice and check number of “SUPPLIES”

In this case, a better example of document number creation would have been to enter numbers in a format like the following: “SUPMMDDYY” (e.g. SUP042519… or Supplies for 04/25/2019), or “VendNoPrefixMM252019) (e.g. BOS042519, Bobs Office Supplies for 04/25/2019).

Check number and Invoice numbers should always be auto-assigned.

If you have any questions or need assistance with the creating your own document number assignment schema, please contact the CCS Retail Systems Support department.

– John

Why Training Is Extremely Important

Why Training Is Extremely Important

Technology is changing at such an incredibly fast rate in today’s world that we sometimes forget that there are people out there whose knowledge of these changes hasn’t kept pace. Our customers represent many types of businesses, some of which employ volunteers to assist with their operations. These good-hearted people want to help with whatever is needed, but sometimes lack the training for the job for which they have been assigned.

One of these people called in for help recently, and to our tech’s astonishment, didn’t know what a “mouse” was! This is an extreme example, of course, of the point I’m addressing. It does point out, however, that POS training is very important for a business to provide for its employees.

At CCS, we offer training classes from an expert instructor who will help you get the best benefit from your Counterpoint POS System. This can be done in our classroom, on-site at your business, or even remotely. We can accommodate several people or just one – whatever you need. You can choose just an Overview, or pick from many different topics available. Manuals are provided to allow you to have “look-up” material for later reference. Hands-on practice is a part of classroom instruction.

You might want to take a class individually, and then go back to your business and use that information to relay just what is needed for a specific worker.

Training will certainly eliminate the time, stress, and expense involved in fixing problems that are created when employees are not knowledgeable about how to use their system.

Need some training for your company? Call us now at 425-672-4806 or email us for more information. You’ll be glad you did!

Marlene

Using Proper Physical Count Procedures

Using Proper Physical Count Procedures

It’s always a good idea to make copious notes about physical count configuration and usage issue and to review them prior to doing the actual work.

Typically, this process would include:

  • Making backups of current data. – Typically, this would involve backing-up the full database.
  • Archiving old count files for previous periods or years. – This would ensure that old files are not accidentally imported.
  • Making sure that PDT’s (Physical count device) batteries are fully charged, and that any old count data is cleared from the devices.
  • Training staff who will actually be doing the work to properly use both the software and hardware functions.

Taking this proactive approach is vitally important, especially if you only do inventories once a year or less frequently. Failing to do this can mean a potential disaster waiting to happen…

As an example…

An end-user who had just completed a physical count determined that ALL of the adjusted inventory levels were wrong for all of their locations.

In working with the counter staff, the following was later determined:

  • When importing the count file into the default PDT’s (Physical count device) software directory, the file downloaded was named the same as what it was last year and downloaded to PDT software’s default directory.
  • However, their default NCR Counterpoint parameter was pointing to a different import folder than the PDT software default. When the staff imported the count file, they were actually importing the previous year’s physical count file. – No one had checked the date of the file or the content before importing it.
  • After importing the count file, the user did a blind post the count data without checking any of the data, and just let the system to adjust all items not counted to zero.

To compound matters…

  • No backup of the existing CounterPoint data files was done prior to the start of the import process. – This means that they had no recourse but to restart the physical count process.
  • The count file had obvious errors in it (Barcodes scanned into the quantity field; Quantities input into the barcode field; Blank Quantities; etc.). – The NCR Counterpoint software has both a verify function that can be used prior to importing data and various worksheets that can be used for reviewing and validating data.
  • Other users had started multiple physical count snap-shots that involved many of the same items. Some of these has been open for as long as a year.
  • On detecting the initial problem, the staff repeated the exact same import/post process (using the wrong file) at least twice, before finally creating a new physical count, and without doing any imports, then zeroed-out

the entire inventory for that location.

The one saving grace here was the current year’s count file uploaded not been deleted, nor had the PDT been purged after the upload.

If you are unsure of any part of the physical count process, CCS Retail Systems can provide both training and technical assistance prior to starting the count, as well as ongoing process support during the actual count.

– John

No More Passwords?

No More Passwords?

No one likes those clunky passwords we use at work, home, and online. And most of us tend to forget a lot of them, especially with auto-save features on so many platforms. But now there’s good news for forgetful web users with a new standard that could do away with your old passwords.

The World Wide Web Consortium is the organization that creates internet standards and arbitrates major disputes. They’ve approved a new protocol called “web authentication” which could soon replace traditional passwords online with things like USB keys, smart devices, or biometrics like face I.D. or fingerprints. The Consortium says passwords that are stolen, are too weak, or left as “default” are to blame for 81% of data breaches.

Now, if a site supports the new “web authentication”, you can get in using USB or biometric confirmation, with no need to type in a password, giving us a look at what a password-free world might look like.

Many big companies are already joining up to create new password-free authentication protocols led by Silicon Valley. Google has already replaced most of its password-driven security with a set of physical security keys to access computers, and it’s paying off big, eliminating breaches throughout the company. And experts say the technology has the potential to go even farther, with a set of standards possibly spurring innovation and lowering the cost of the devices to access sites without passwords. “Web authentication” is already enabled system-wide on Chrome OS and Windows 10, and on the most commonly-used web browsers, like FireFox, Chrome, and Safari. So if you’ve been wanting to ditch your passwords, we are almost there.

-Bryan

Protecting Your Business

Protecting Your Business

Hopefully, the severe weather is over for this winter, but severe weather conditions can happen during any time of the year. Excessive winds, rain, fires, flooding—all can cause power outages that can affect your computer systems and your business. Also, other unexpected events, like theft, can impact your business. Knowing what to do, in advance, can protect you from losses that could have been prevented.

Your first line of defense should be your attention to backing up your system, consistently, and storing that information in a safe place. In that way, if the unexpected does happen, everything can be restored once the event is over.

Recently, a friend of mine who owns and operates a small engineering business had his building broken into one night. The thieves took a laptop computer on which a large number of his engineering designs were stored. The thieves were caught, and the computer was recovered, but the files were overwritten with computer games. Unfortunately, the files had not been backed up, so much valuable information was lost.

Don’t wait for a disaster like this to happen, or for weather conditions to damage your system. If you need help with your backup setup, or if you need to restore files from your backups, we’re here to assist you. We can be reached at 425-672-4806 or you can email us.

Be safe. Plan now.

Marlene

NCR Counterpoint Supports Windows 10

NCR Counterpoint Supports Windows 10.

It is getting harder and harder to find and install the tried and true Windows 7 operating system. And like Windows XP before it, it will soon be obsolete and unsupported. In comes Windows 10, which I see as a kind of mash between the best of Windows 7 with a feel of Windows 8. NCR Counterpoint versions 8.5.2 and above are certified for use with Windows 10. As with all changes, there is a little learning curve to Windows 10, and like the previous version of the Windows OS, there’s usually more than one way to accomplish the same task. Windows 10 aims to be more user-friendly by giving the user more of an On/Off or Yes/No type options depending on where you are making changes. There is still the old Control Panel as before, but Windows 10 has added the “PC Settings” which gives you more of an explanation of what you are trying to change and an option to search for a specific setting unlike the regular control panel. There are many other helpful and useful features in Windows 10 which can be found on the Internet. Before upgrading or replacing any equipment to run Windows 10, be sure to check your other hardware (i.e. printers, network cards, devices) that they are compatible or that the manufacturer has updated drivers that will work.

As mentioned NCR Counterpoint is Windows 10 ready, and NCR is now offering both the XR7 and XR5 all in one terminal with Windows 10 preinstalled.

For any question about running Windows 10 in your NCR Counterpoint environment, please call the CCS Retail Systems Support Department at 800.672.4806 or email us.

-Bryan

Tech Support Scams

Tech Support Scams

Lately, I have been receiving lots of pop-up messages on my computer that tell me that something needs to be “fixed” on my computer. The message may say that my computer is running too slow because it has registry errors or someone can “see” my information. Sometimes it tells me that a virus or malware has been detected on my computer. Often, a free “security” scan is offered, or a website is shown that I can access as a way to correct my computer’s “ills.”

The messages usually come from what looks like a legitimate company, complete with the appropriate logo, like Microsoft or Apple. Sometimes free software is offered that I can download, guaranteed to make my computer run faster and better.

Unfortunately, most of these pop-ups are from scammers. They want to convince me that I have computer problems so that they can sell me worthless software, try to enroll me in cheap computer maintenance or warranty programs, or trick me into giving them access to my computer so they can steal sensitive data, like usernames and passwords.

How do I know this? I already have my computer loaded with security protection from trustworthy companies. Some of it is free and some I purchased. I use these software programs regularly to keep my computer safe.

So how do you cope with these malicious pop-ups? Don’t click on messages that look questionable. Never go to an unknown website that is suggested in one of these pop-ups, or call a phone number that claims to be “tech support.” Make sure you are using appropriate, legitimate anti-virus software on a regular basis. And most of all, think before you act when it comes to anything unsolicited that pops up on your computer screen.

If you need help or advice on computer security, we can help you. Our number is 425-672-4806, or you can email us. Be safe, not sorry.

Marlene

Some good reasons to keep your software subscriptions current

Some good reasons to keep your software subscriptions current

  1. License key validation – Most software subscriptions are issued with an annual license that requires a renewal in order to be either installed as either a new installation or re-installed as of the current date.

As examples:

  • The currently installed application software is only supported running on the currently installed operating system. If you want to move the installation to a newer server or workstation operating system environment, you’ll need to have a current license key in order to physically move or update the software.
  • Passport will not let you either re-install software or install new software using an old expired license. This means that you are required to renew your subscription first.
  1. The application software environment becomes corrupted over time – This requires re-installing the software or a service pack which may require downloading software. – Many software applications now have huge installation files, this can be true whether or not you plan on doing a full installation or simply installing an incremental service pack.

For example:

  • If your NCR CounterPoint Subscription license isn’t current, you will not be able to download any software, or access NCR’s customer support website. Considering that it is common for downloads to be several gigabytes in size, it can take hours just to do the downloads prior to any installation attempt even being made. Not having this as of a specific deadline date, can mean having to reschedule a critical installation or cause you and your organization some unwanted hardship or downtime. Inability to access the website can mean not being able to download installation and configuration manuals or updated training manuals.
  1. Some of your software applications stop working – If a license expires, it may take time to get it renewed.

For example:

  • Your ShipRush or StarShip shipping software and interface to NCR CounterPoint expires. Until the license is renewed, you will not be able to use the shipping software or the software interface for NCR Counterpoint.

Please contact the CCS Support department if you have any questions or for assistance with updating your software subscriptions.

– John

PC Cleaners/Registry Cleaners

PC Cleaners/Registry Cleaners

Although I do not advise using these software’s regularly, there are times when they are useful. Over the years I have found that these registry and PC cleaners sometimes cause more harm than good. For example, I have run into systems where these tools are run regularly and have problems installing or re-installing software, some of these programs even boast about cleaning or completely uninstalling software, only to find out it has left the main directory in place preventing the re-installation, or it has left the Windows service installed causing the same thing.

Depending on what you are trying to accomplish with these “cleaning” programs, I have never seen one speed up my PC. The times I do use these cleaning programs is usually after either an infection or failed hardware. But some manual cleaning is always required.

If your PC needs “cleaning” I would recommend using the built-in or downloadable tools from the programs manufacture to clean a program up. Most hard to uninstall software has a “clean up” tool available from the makers to make your uninstallation easier and actually clean your PC.

If you have any support questions or concerns, please contact the CCS Retail Systems support department @800.672.4806 or email us at support

-Bryan