Securing your Browser.

With the security issues involving your web browser these days, such as drive-by downloads, and other malicious attacks, it is important to do as much as you can to secure your browser. One thing that can be done, to help block a common avenue of attack, is to install a JavaScript blocker.

While it used to be that one could disable JavaScript, so many sites these days rely on it, that disabling it is no longer feasible. By using a blocker, one can selectively enable JavaScript only where needed. The methodology is to install the blocker, which normally disables JavaScript at all sites. Of course, you then start seeing sites that are not functioning properly due to JavaScript blocking. When that happens, you can enable JavaScript only for that site. Or, more to the point, only for the scripts on that site that are required. You will be surprised at the number of JavaScripts that many sites run, which are not directly related to what that site is doing.

A site may be running 10, 15, 20, or more, JavaScripts, of which only one or two may need to be enabled to get the site functioning. The rest are feeding your data to ad sites, and other data trackers, all without informing you.

Adding a JavaScript blocker to your browser varies by the browser you use. You may find it by looking at the available plugins for your specific web browser, or you may need to use a search engine to find one that works for your browser. It is worth it to spend a bit of time searching out, and implementing, a blocker. Once you get used to it, it only takes a few seconds to grant the needed functions on a web site, while leaving non-essential scripting blocked.

Dave.

Administrative access is often Overused.

Administrative access, root access in the Linux world, is often overused. For the most part, these super-user level logins should only be used for system setup and administration, and not for everyday use.

Most of the packages that allow remote access, at least in the Linux world, such as ssh and Samba, do not allow the root account to be used by default. While they can be configured to allow access for the root account, they require that it specifically be setup to do so. While it may be tempting to set them up, it should be considered whether or not it is needed. There are very few cases where such a need can be justified.

In the majority of cases, it is better to leave root access disabled. Of course, access for regular users should be thought out and implemented only where needed. When root access is needed in the Linux world, it can usually be handled with much finer control via such things as sudo. For example, the ability to do a system shutdown can be granted to specific users through sudo (sudo shutdown), without giving them access to other superuser level functions.

While the sudo approach takes a little time for planning and implementation, it is much more secure. Far better to spend a little time, than have to recover from a user mistake where they have unlimited access. Or, a malicious, disgruntled employee, which we all hope never happens.

Dave.

Social Media is used by Bad Actors also.

The rise in social media, often means that you have to take part, to a degree, to help your business grow and prosper. Most businesses have at least some social media presence. It is another method to promote your business, by at least making others aware that it exists. Many of you, I am sure, take a more aggressive approach using social media to promote your business actively.

One thing to keep in mind, however, is that social media is used by the bad actors, also. It is quite common, for them to try to “connect” with a business, often by sending “friend” requests. Accepting such requests should not be the automatic process that many use. By that, I mean that they accept any, and all, such requests.

There have been many cases where “friend” requests on sites such as Facebook, and LinkedIn was not from people wishing to support your business. Requests were used for more nefarious purposes. They may be trying to use the status of your “friend” to get access to other information, such as who else is on your friend’s list.

There have been cases, also, of using those that have accepted friend requests to leverage their position. By that, I mean that they use those on their friend list, to bolster their position when contacting others, by claiming to have contact sources (or influence) with you or your business. Think of the implications of someone saying “As you can see, I know the CEO of XYZ company, and they said…”, and they can then claim whatever they want.

Like many other things, a little time, and thought should go into your social media presence, like any other aspect of your business.

Dave.

Advances in Automated Delivery Services.

Advances in Automated Delivery Services.

While plans for using automated drones to deliver packages have been around for quite some time, what is not commonly known is that that are actually other similar types of delivery services already in operation throughout the world.

A recent example of this involves smaller automated delivery services such as the experimental Amazon Prime “Scout” delivery service which has been undergoing testing in the small town of Snohomish, WA

Link to a recent article: https://www.cnet.com/news/amazons-scout-robots-thats-no-cooler-thats-your-prime-delivery/

Eventually, these types of services will likely expand into all areas of retailing:

As examples:

  • You could be online ordering groceries from a local grocery store and have the items delivered at your convenience.
  • You are physically at the grocery store and realize that have you have to run other errands and don’t want your food items to spoil in your hot car. – You could have all or a portion of the purchases delivered later via automated delivery on your terms.
  • Hot and cold meal deliveries – Things such as takeout meals, luxury restaurant meals and perishable items like ice cream could be delivered via heated or refrigerated drones.
  • Potentially, this could eventually involve larger delivery vehicles delivering items such as garden soil, lumber for your new deck, or bricks for your new patio.

– John

Are Credit Card Signatures still Required?

Are Credit Card Signatures still Required?

Excerpted from money.cnn.com

As of April 2018, signatures are no longer required by major credit card companies. As Matt Schulz from Credit Cards.com explains “Signatures are no longer considered to be any real deterrent to fraud”, “Most people don’t sign their name in full or take it all that seriously”

The signature requirement has already been going to the wayside, especially for smaller purchases. For example, American Express has not required a signature for transactions under $50 in the US since 2012. More than 80% of Mastercard in-store transactions already did not require a signature Mastercard said in 2017, but many businesses, mostly restaurants, and rental car companies still do.

Schulz says that he expects many merchants to leave the signature requirement in place as “The requirement is built into the credit card terminal, they would need to take steps to eliminate it.”

Credit Card companies have been enhancing card security to help reduce fraud, as you know most card companies have been replacing expired cards or sending new cards that take advantage of the EMV chip capabilities, which is considered more secure than the traditional magnetic stripe.

Schulz expects PIN codes and biometrics to become more common but stresses that you should still do your best to protect your identity. He says “ You are your own best last line of defense on identity theft. It is important you take the time to check your online bank and credit card statements. People need to build regular identity theft checks into their financial routine.

-Bryan

Speeding Up Your Computer

Speeding Up Your Computer

Have you noticed recently that your emails are not zipping out rapidly as they once did? Maybe your programs are loading slowly, or documents or pictures take forever to come up. Perhaps your most-used browser just hangs there for a while before doing its job.

It is so annoying when your computer starts slowing down, but it’s useful to know that this will happen, sooner or later, to all computers if some basic steps aren’t taken. There are many reasons why computers slow down, but here are some basic steps that you can take as a starting point to help solve the problem.

Clean out your trash bin. The items you have put there are not removed from your hard drive but kept there so they can be restored if you need them later. Check contents first, then delete those that will not be needed in the future.

Clean out your Temporary Internet Files. If you do a lot of web browsing, information accumulates rapidly here. Close all Internet browsers, open “Internet Options,” then click delete in “Browsing History” section.

Get rid of unneeded programs. Remove all programs that are no longer used, but make sure that you have completely uninstalled them, leaving no application leftovers that will slow down your computer.

Re-organize your desktop. Desktop icons are there to make it easier to navigate your system, but too many files or widgets can clutter your desktop and slow your system. Remove icons that are seldom used.

Keep your computer updated. Hardware, software, and operating system should all be in sync. New updates often have bug fixes that can improve your computer’s speed and performance.

If your business needs to purge files that are no longer needed, we can help you take care of this quickly and safely. Just give us a call at 800/425-672-4806 or email us for professional service that will enhance your business needs. Call today!

Marlene

Counterpoint Performance Tuning

The performance of your Counterpoint can usually be helped, with some tuning of the SQL server. Among the items that can impact performance, are memory allocation, file settings, indexing, and statistics.

When the SQL server is installed, the setting for memory is to be dynamically allocated, and the upper limit is way beyond the amount of memory you have in your machine. Left this way, memory swapping can occur. The upper limit should be reduced to a realistic level, at a minimum. Ideally, the lower and upper values are the same, so that no dynamic allocation occurs, which reduces overhead.

The file growth setting can have a significant impact at times.
Particularly during posting in various places, when large numbers of records are being created. When file growth does need to occur, it is better to allocate a significant new amount, rather than continually adding small amounts.

Finally, over time, as records are added and updated in a table, SQL server will eventually stop using indexes and start doing large sequential reads. This greatly affects performance! Performance can be restored by rebuilding indexes and updating statistics.

We would be happy to help you adjust your SQL server settings, to get the best performance from your system.

Dave.

How the Wayfair Decision Affects You.

How the Wayfair Decision Affects You

Four primary facets of the law.

1. The law applies only to sellers who run a substantial amount of business in the state of South Dakota.

So what qualifies as substantial?

The state can’t just tax any seller. They can only tax sellers who have reached what is commonly referred to as a “minimum presence threshold.” For South Dakota, a threshold placed on total sales and/or total transactions.

Retailers with annual sales that either exceed $100,000 or that have more than 200 separate transactions in the state must set up their POS and sales systems to collect and pay taxes for the state.

2. The state had a simplified standardized tax code that was easy to comply with.

South Dakota is part of the Streamlined Sales and Use Tax Agreement (SSUTA), along with sixteen other states. These states share a simpler, more uniform tax system, which includes everything from product definitions to tax policy. The simplicity and uniformity of it removes some of the “undue burdens” of doing business in a different state and complying with their tax laws.

That said, cost of compliance remains a huge concern for some Court Justices and business owners everywhere.

As part of the decision, Justice Roberts expressed concerns in his final comments as:

“Correctly calculating and remitting sales taxes on all e-commerce sales will likely prove baffling for many retailers. Over 10,000 jurisdictions levy sales taxes, each with ‘different tax rates, different rules governing tax-exempt goods and services, different product category definitions, and different standards for determining whether an out-of-state seller has a substantial presence’ in the jurisdiction.”

3. The law will not tax out-of-state businesses for past sales.

This means that online retailers are legally protected from any retroactive taxes being assessed by any state or local municipality.

4. The state is providing free tax software to remote retailers.

The cost of compliance with all the various state and local taxes is a concern, and there was a concern that sales tax compliance software would not be available immediately or within the near future. Also, while there was confidence that the free market would quickly provide affordable solutions. Another caveat to this Court ruling was that only Congress actually has authority over this issue, and politicians could write legislation that contradicts or supersedes the Court’s ruling.

Because of the profit potential, many states are now following South Dakota’s lead in mimicking this new law.

How does this potentially impact you?

  • States can tax remote sellers.
  • Retailers must track sales levels and tax law changes in all states where they do business.
  • Retailers must set up operations to collect tax wherever they sell, and then pay taxes on each state’s schedule, so this could require substantial additional business overhead in order to be compliant, especially if a business doesn’t have good reporting software on hand.
  • Competing for business now presents a more even playing field. So If an online business must start charging tax, they lose the competitive advantage of being tax-free. This makes remote retailers more vulnerable to competitors,

including local brick-and-mortar shops. Huge online business such as Amazon are least likely to notice much of an impact because of the sheer scale of their business and their profit volumes. It’s feared that many small merchants will really suffer as a result of this ruling, however, if they don’t reach the minimum presence threshold, then they aren’t affected at all.

Medium-sized businesses might feel this the most, as they will be required to take on the pressures of tracking tax law changes, tracking their own sales volumes in each states taxing jurisdiction, and then actually collecting and paying the sales

tax when they need to.

– John

Shimming to Clone the Mag Swipe Data that can be used to commit fraud

Shimming

Everyone has heard of “skimming” when it comes to credit card fraud. But have you ever heard of “shimming”?

Shimming is the new “skimming” in the world of EMV chip cards. Shimming is done by inserting a paper thin card sized shim containing an embedded microchip and flash storage into the credit card slot where it intercepts data from the EMV chip of your credit or debit card. Although the data that is captured cannot be used to clone the chip itself, it can be used to clone the mag swipe data that can be used to commit fraud.

How can you protect yourself from this type of fraud? For starters, you can start using the “contactless” feature of the card if available (NCR Counterpoint 8.5.4.1+ supports this feature). Another way would be to use Apple Pay or Google Pay, or any of the smartphone-related payment apps if the retailer your shopping at supports these payment methods.

Another smart move, that you should already be doing, is checking your bank and credit card statements for any transactions not made by you and report any fraud immediately to your bank or card issuer. Most banks and credit card issuers already have apps that can be setup to alert you via text, email or both if any transaction over a certain dollar occurs.

For more information about the EMV capabilities of NCR Counterpoint or upgrading your system to be able to use EMV and contactless payments, contact the CCS Retail Systems Support Department at 800.672.4806 or email us.

-Bryan

Is there a Gap in your GAAP?

Is there a Gap in your GAAP?

GAAP (Generally Accepted Accounting Practice) standards are often overlooked. Things that you should look for are:

1. Running edit lists to review transactional data before posting it in batch. – This allows you to catch any errors or omissions prior to posting.

2. Documents that you create should always have unique numbers. This would be true regardless of what area of the software that the document being created in.

Examples: POS Orders and Invoices, A/P Vouchers and Checks (paper and EFT), Payroll Checks, General Journal numbers, etc.

3. Auditing as you go – Whenever you are doing transaction input, after auditing your work, you should have another staff member review it before you post it.

4. Grouping transactions by date or period– As you are making any adjustments, make sure that all adjustments that are posted together are on the same date and/or within the same accounting period – Meaning don’t post entries dated in January with activity for February or March.

Typically, in most software applications, a document number is considered a Primary Key, so it should be considered “Unique” and would not be duplicated. However, there are some programs where it might be a Secondary key where multiples might be allowed, such as using a sequence Number, such as when using duplicate entries and historical tables such as Check History (e.g. checks, voids for the same checks, or manual payments, EFT transactions, etc.).

Just because a program might allow you to insert duplicate data, that isn’t necessarily a good thing to do

Even in situations where the programming might allow for this sort of thing, a duplicate document number might cause other issues with software functionality. -As examples.

• Unique document numbers make auditing easier. If an auditor sees a lot of duplicate documents, it may prompt the auditor to dig deeper looking for other accounting irregularities, thereby artificially extending the length of the audit. An example of this sort of this would be a local, state or federal tax audit.

• A Ticket/Invoice number exists in history multiple times – So A user runs a report on ticket #54653 without having specified a date or date range. The subsequent report returns a dozen documents created over a period of 10 years.

• Problems posting – I have seen examples where end-users have used the same invoice number dozens of times. When they try to post a new voucher using the same invoice number, the program may hang or crash while it attempting multiple times to create a “New” document for one that already existed previously. As an example, the program might be writing data for the same document into history a dozen times, and they just stop the attempts to write the new data.

The worst example of this that I have seen so far, is with one vendor that 21 manual payments on file using an invoice and check number of “SUPPLIES”

In this case, a better example of document number creation would have been to enter numbers in a format like the following: “SUPMMDDYY” (e.g. SUP042519… or Supplies for 04/25/2019), or “VendNoPrefixMM252019) (e.g. BOS042519, Bobs Office Supplies for 04/25/2019).

Check number and Invoice numbers should always be auto-assigned.

If you have any questions or need assistance with the creating your own document number assignment schema, please contact the CCS Retail Systems Support department.

– John