Blog Posts

Training and Monitoring Your Checkout Personnel

Training and Monitoring Your Checkout Personnel

Recently CCS had a customer call about a problem with two purchases and credit/debit payments.

A Short overview:

Customer A finished shopping, made a $50 purchase and left. She did not get a receipt.

Customer B was next at the checkout. He made his $110 purchase and left with a receipt.

Later that day, Customer A called and said she was charged $110 on her debit card when it should have been $50. Our customer reviewed their system and could not find a ticket for Customer A. They did find the ticket for Customer B and on the Secure Pay payment portal saw that Customer B was billed to Customer A’s card.

What had happened? Luckily our customers have surveillance cameras over their registers. They went back and reviewed the transactions for that period.

They were able to see that the clerk had not finished the 1st transaction. So Customer A had not received a receipt. Instead of completing or clearing the complete Customer A transaction, the clerk just deleted the line items. The clerk rang up Customer B on the same ticket, and since the payment was still attached to it, Customer A’s card was charged.

Luckily by having the cameras, they were able to solve the problem. Are cameras something you should consider to ensure proper checkout activities?

Some additional training would be a good idea for the clerks. CCS has a full suite of classroom, onsite, and Webinar training offerings. A firm policy that every customer gets a receipt – either paper or email should be implemented. Therefore, a transaction is always completed for each customer.


Having a good backup saved me and could save you too!

I know I have blogged about this before, but I have to again as having a good backup saved me and could save you too

So, the other day I noticed that I needed to update Windows on my work PC. So as usual, I installed them and waited to reboot as I had some projects going on. Once my projects were complete, I rebooted. That’s where the trouble begins. No matter what I did, I could not boot back into Windows, I tried everything I could, looked online for things I may not have tried, made changes to this, to that, run commands in a recovery mode, nothing would work. So as a last resort, I used my last backup from the day before, to restore my system from bare metal.

I am using a Cloud/local backup product from Solarwinds. It is kind of a “set it and forget it” program, although there is not much to do once it is setup, it is still a good idea to check on the status of your backup. Knowing I had a good backup, I started the restore utility and started downloading my backup from the previous day. It did take some time being it was downloading some 400GB+ of data (If I was using an external drive it would have been faster), but when I came into the office Monday morning, the restore operation was complete. I removed the recovery disk and rebooted. Next thing I know, my PC is backup and running. It was very easy, everything worked as before and with the exception of a couple of emails, all my data was there too.

The nice thing about Solarwinds backup is that it can be both local and cloud-based at the same time. As mentioned before, If I had a local external hard drive, the amount of time it would have taken would probably be a third of what it did take, but with the ease of the whole process, I cannot complain. Besides doing a full restore as I did, there is also an option for just restoring 1 file or a whole folder if necessary. The backup can even backup SQL databases (perfect for CPSQL customers).

So, if you are not currently backing up your system to the cloud or otherwise, please look into getting this setup. CCS can get you setup, have a status email sent you daily and help you any way we can.


Cryptojacking is on the rise again

Cryptojacking is on the rise again

After dropping off last year, the prevalence of cryptojacking is on the rise again. Cryptojacking is where the bad guys hijack your computer to mine cryptocurrency. That is, they use your computer hardware, and electricity, to mine cryptocurrency for their pockets.

While this is not as invasive, or devastating, as more malicious attacks such as ransomware, it still is taking money out of your pocket as well as impacting the use of your computer. By using the time that your CPU would normally be idle, the cryptojackers cause your system to use more power. That is in addition to slowing your system when you are actively using it.

In a simple form, your system could be hijacked by simply browsing a web site with a cryptojacking javascript. In that case, while you are on that website, your computer will be participating in the mining scheme and will stop when you go to another site, or close your browser. However, if the site can successfully infiltrate your system, it may load a persistent mining payload, and your system will then be mining until it is removed.

Of course, other avenues of an attack like phishing emails common, also. So, the usual warnings apply here, too, such as be very suspicious of any emails from people that you don’t know, keep your patches and anti-virus/anti-malware up to date, and so on.

If you are infected with a cryptojacker, the most likely thing that you will see is a general slowness using your computer. That is, until your electric bill arrives, which may be very much higher than you expected. Another indication, especially on a laptop, is that your cooling fan constantly runs at a higher rate than normal, indicating that your system is running hotter.

While cryptojacking software is typically not difficult to remove, it may be that other malicious software has also been loaded. Therefore, a good inspection of your system is in order.


About Customer Service

About Customer Service

Have you ever said to yourself, “I’ll never shop here again!” as you left the store in which you were shopping? That has happened to me numerous times throughout the years, and it’s often for the same reasons. Here are some of them:

  • The clerk was talking to a fellow employee about his/her work schedule rather than paying attention to my order.
  • Groceries were loaded haphazardly into the bags with bread and eggs on the bottom.
  • Bills, receipts, coupons, and coins were thrust at me with the coins on top. (The coins always get spilled!)
  • The clerk had a sour face and barely acknowledged my presence.
  • The clerk acted annoyed if I had coupons or because I had a question about a product.
  • The clerk wasted a lot of MY time talking about his/her life while checking out my order.
  • The clerk started ringing up the next person’s purchases while I was still loading my purchases into my cart. (Here’s your hat, what’s your hurry?)

The list goes on and on. I’m sure you could add a few of your pet peeves to my list. While I know that everybody has a bad day now and then, putting yourself “in the shoes of your customer” can go a long way towards correcting many errors that could turn business away from you.

Good customer service provides something to the customer as they exit your business that causes them to remember their experience and want to return for more of the same. Here are some examples of things that you can do to please, not annoy, your customers:

  • Stay focused on your job. Chat small talk with fellow workers at a better time.
  • Be organized. Load items as if you had to unload them at your home!
  • Hand coins to the customer first, then other receipts.
  • Be pleasant and polite. Smile!
  • Engage your customer by asking questions like:

Did you find everything that you wanted?

Do you want your receipt with you or in the bag?

Can I help you with those bags?

Do you need help getting these to your car?

  • Don’t rush into your next sale until the current customer has left your space.
  • If a customer says “thank you”, the polite answer is “you’re welcome” or “my pleasure”.

“No problem” is not an appropriate answer!

Good customer service is just that–giving good service to those people you want to see again, purchasers who will keep your business alive and well. Isn’t it worth the effort?


Washington State Family and Medical Leave Update for July 2019

Washington State Family and Medical Leave Update for July 2019

Paid Family and Medical Leave reporting and payment requirements have now changed for the Quarter 1 and Quarter 2 of 2019.

As of July 1st, 2019, you will now not only be required to submit your quarterly reports, but you will now be required

to make your business payments for both the 1st and 2nd quarter of 2019.

Information on reporting requirements can be found at:

After gathering all of the reporting data requirements, the Employer needs to log into the Employers Secure Access Washington account in order to make a payment.

If you don’t currently have a SAW account, the need to first sign-up in order to be able to make payments. You will be required to have your UBI number.

If you don’t know your UBI number, you can look this up at:

If you use a 3rd party administrator, CPA, or business manager, make sure that they plan to submit your Q1 and Q2 payments on your behalf.

More information for 3rd party administrators can be found at:

Of note… when signing your employer agent up, you will need to request an access pin number. This process may require a 3-5 day wait before the actual pin number is

sent to you.

– John

Securing your Browser.

With the security issues involving your web browser these days, such as drive-by downloads, and other malicious attacks, it is important to do as much as you can to secure your browser. One thing that can be done, to help block a common avenue of attack, is to install a JavaScript blocker.

While it used to be that one could disable JavaScript, so many sites these days rely on it, that disabling it is no longer feasible. By using a blocker, one can selectively enable JavaScript only where needed. The methodology is to install the blocker, which normally disables JavaScript at all sites. Of course, you then start seeing sites that are not functioning properly due to JavaScript blocking. When that happens, you can enable JavaScript only for that site. Or, more to the point, only for the scripts on that site that are required. You will be surprised at the number of JavaScripts that many sites run, which are not directly related to what that site is doing.

A site may be running 10, 15, 20, or more, JavaScripts, of which only one or two may need to be enabled to get the site functioning. The rest are feeding your data to ad sites, and other data trackers, all without informing you.

Adding a JavaScript blocker to your browser varies by the browser you use. You may find it by looking at the available plugins for your specific web browser, or you may need to use a search engine to find one that works for your browser. It is worth it to spend a bit of time searching out, and implementing, a blocker. Once you get used to it, it only takes a few seconds to grant the needed functions on a web site, while leaving non-essential scripting blocked.


Administrative access is often Overused.

Administrative access, root access in the Linux world, is often overused. For the most part, these super-user level logins should only be used for system setup and administration, and not for everyday use.

Most of the packages that allow remote access, at least in the Linux world, such as ssh and Samba, do not allow the root account to be used by default. While they can be configured to allow access for the root account, they require that it specifically be setup to do so. While it may be tempting to set them up, it should be considered whether or not it is needed. There are very few cases where such a need can be justified.

In the majority of cases, it is better to leave root access disabled. Of course, access for regular users should be thought out and implemented only where needed. When root access is needed in the Linux world, it can usually be handled with much finer control via such things as sudo. For example, the ability to do a system shutdown can be granted to specific users through sudo (sudo shutdown), without giving them access to other superuser level functions.

While the sudo approach takes a little time for planning and implementation, it is much more secure. Far better to spend a little time, than have to recover from a user mistake where they have unlimited access. Or, a malicious, disgruntled employee, which we all hope never happens.


Social Media is used by Bad Actors also.

The rise in social media, often means that you have to take part, to a degree, to help your business grow and prosper. Most businesses have at least some social media presence. It is another method to promote your business, by at least making others aware that it exists. Many of you, I am sure, take a more aggressive approach using social media to promote your business actively.

One thing to keep in mind, however, is that social media is used by the bad actors, also. It is quite common, for them to try to “connect” with a business, often by sending “friend” requests. Accepting such requests should not be the automatic process that many use. By that, I mean that they accept any, and all, such requests.

There have been many cases where “friend” requests on sites such as Facebook, and LinkedIn was not from people wishing to support your business. Requests were used for more nefarious purposes. They may be trying to use the status of your “friend” to get access to other information, such as who else is on your friend’s list.

There have been cases, also, of using those that have accepted friend requests to leverage their position. By that, I mean that they use those on their friend list, to bolster their position when contacting others, by claiming to have contact sources (or influence) with you or your business. Think of the implications of someone saying “As you can see, I know the CEO of XYZ company, and they said…”, and they can then claim whatever they want.

Like many other things, a little time, and thought should go into your social media presence, like any other aspect of your business.


Advances in Automated Delivery Services.

Advances in Automated Delivery Services.

While plans for using automated drones to deliver packages have been around for quite some time, what is not commonly known is that that are actually other similar types of delivery services already in operation throughout the world.

A recent example of this involves smaller automated delivery services such as the experimental Amazon Prime “Scout” delivery service which has been undergoing testing in the small town of Snohomish, WA

Link to a recent article:

Eventually, these types of services will likely expand into all areas of retailing:

As examples:

  • You could be online ordering groceries from a local grocery store and have the items delivered at your convenience.
  • You are physically at the grocery store and realize that have you have to run other errands and don’t want your food items to spoil in your hot car. – You could have all or a portion of the purchases delivered later via automated delivery on your terms.
  • Hot and cold meal deliveries – Things such as takeout meals, luxury restaurant meals and perishable items like ice cream could be delivered via heated or refrigerated drones.
  • Potentially, this could eventually involve larger delivery vehicles delivering items such as garden soil, lumber for your new deck, or bricks for your new patio.

– John

Are Credit Card Signatures still Required?

Are Credit Card Signatures still Required?

Excerpted from

As of April 2018, signatures are no longer required by major credit card companies. As Matt Schulz from Credit explains “Signatures are no longer considered to be any real deterrent to fraud”, “Most people don’t sign their name in full or take it all that seriously”

The signature requirement has already been going to the wayside, especially for smaller purchases. For example, American Express has not required a signature for transactions under $50 in the US since 2012. More than 80% of Mastercard in-store transactions already did not require a signature Mastercard said in 2017, but many businesses, mostly restaurants, and rental car companies still do.

Schulz says that he expects many merchants to leave the signature requirement in place as “The requirement is built into the credit card terminal, they would need to take steps to eliminate it.”

Credit Card companies have been enhancing card security to help reduce fraud, as you know most card companies have been replacing expired cards or sending new cards that take advantage of the EMV chip capabilities, which is considered more secure than the traditional magnetic stripe.

Schulz expects PIN codes and biometrics to become more common but stresses that you should still do your best to protect your identity. He says “ You are your own best last line of defense on identity theft. It is important you take the time to check your online bank and credit card statements. People need to build regular identity theft checks into their financial routine.