The Great Credit Card Conundrum

We rely on credit cards and other cashless forms of payment as business owners and consumers. As a result, we roll points, cash-back schemes and fee schedules into decisions about what we use and what we accept. We have our thoughts, but what are yours?

Here are ours.

We’re seeing more fees as a business and as a consumer. As a business, we can absorb fees on small amounts, but for large amounts, the fees are too large. In one recent month, we collected $4,300 in credit card sales and paid almost $67 in fees. We realize there’s a convenience factor that makes sense for us to pay the fees. We don’t have to spend time (which has a cost) to stamp checks and then use a mobile banking app to deposit each check. We can take the stamped checks to the bank, but that’s travel time. If you have a business, what role do fees play in your decision about whether to take a credit card?

Of course, if you have a business with walk-in traffic, you can get a break on fees. But that only works up to a point. For example, if you buy a car for $35,000, it would be nice to pay with your credit card and earn points or cash back. But if you’re the car dealer, you’ll absorb fees in the neighborhood of $1,000. Neither party in that deal benefits; only the bank benefits. How do you navigate this as a consumer or business?

Many nonprofits ask you to absorb the fee when you make a donation. Do you check the box to pay the fee?

In your business, do you prefer an alternative to credit cards, such as an ACH or a check? One benefit of taking a credit card is that can streamline your accounting system.

As a consumer, do you sometimes balk at putting your credit card number on the internet when you buy online or over the phone? If you’re afraid of having your credit card info exposed to hacking by entering your card on a website or giving it out by phone, you should know that a transaction in a store or office involves using the internet, and someone in that chain can be hacked.

You should also know that anyone who takes your credit card number by phone is NOT allowed to write down the full card number. They should be entering it on another website that will display only your last four numbers once it’s verified.

We are seeing one advance in using credit cards – or their numbers – in restaurants. We’ve never liked the fact that servers take your card to a location you can’t see to enter your card info. That disappearing act is the most serious threat to your card’s security. Having your server process your card at your table is better, but then your server is standing over you while you decide on the tip. That’s uncomfortable.

A better solution involves the use of your phone. When your server presents your bill electronically, there’s also a QR code you can scan. That puts it all on your phone. If you are set up to pay through your phone, you can add the tip and pay the bill without ever pulling out your physical wallet.

As we move farther into a cashless society, we can help you – as a business or consumer – to set up your technology to be more efficient and secure. And we can answer any questions you may have about how to use what you already have. Give us a call – 973-433-6676 – or email us.

Passwords Becoming Passé

I’m as tired as anyone else when it comes to remembering dozens of arcane passwords for all the websites I need to access. Current and future technology will be able to provide relief and stronger protection. Here’s the lowdown on locking down.

If we’ve learned anything at all from the monthly ransomware reports, electronic “locks” are pickable. We’ve also learned that time is money for hackers when it comes to planting ransomware and other viruses that can make life painful or costly or both.

Operating under the assumption that any electronic barrier can be hurdled in time, you want to lengthen the time of your defense as much as possible – and we’re talking decades. The longer and more complicated the password, the longer it will take for hacking software to crack your code. We all know that when you include uppercase and lowercase letters in combination with numbers and special characters, the time stretches out. Making sure it follows no special pattern – that it’s totally random – adds to the security.

Many theories abound as to how to create a complex, random password that’s easy to remember. One suggestion is to take a phrase or sentence that you can easily remember. Then, take the first or second letter in your phrase and turn some into uppercase letters, numbers or special characters in a random order.

I have one password I use for everything, and I am extremely confident its length and complexity will deter hackers. You may find fault that I have only one password, and that would be a valid criticism. If it’s cracked, someone could get into every internet account I have.

You can eliminate the need to remember multiple passwords by using a password manager program. Some are free and some have a nominal cost. Basically, you just need to remember a master password to get into the system. The password manager randomly generates new complex passwords when you visit each site. Yes, you can argue that somebody could crack the password manager’s system. It’s possible, but would you feel more comfortable with $1 million under your mattress or in a vault that’s a half-mile underground, encased in 20 feet of concrete and guarded by a randomly rotated army that’s always being retrained?

You can augment the password manager with two-factor authentication, something we’ve liked and used for years. In many cases, you need to answer a question, and it should be something only you know. Other measures might include answers to randomly generated multiple choice questions based on publicly available information that can be verified as “right” or “wrong.” No “maybes” allowed.

In the future, passwords will give way to biometrics. The software is there; the hardware needs to catch up. Windows 10’s Hello can handle the biometrics, but most computers don’t have the 3-D cameras needed to use the feature. Some Microsoft Surface tablets have the cameras, and if you are in the right place, it works really well.

Regardless of what technology you use, don’t let your guard down. Don’t buy things or do your banking over a public Wi-Fi network. Use a trusted, secure network or a cellular data network. Make sure the networks you control are secure with up-to-date firewalls and anti-virus and anti-malware software. Make sure all operating systems and firmware are current with all bug fixes and security patches.

Remember that we can help you with all of your internet password and security needs, including choosing and setting up a password manager, setting up two-factor authentication and answering your questions about biometrics systems. Call us – 973-433-6676 – email us to set up an appointment.

Payments and Rewards with Your Smart Phone

We love near-field communications (NFC), the technology that enables you to pay for purchases with your smart phone. We love the security factors built into it. Banks and merchants are loving it more, too, because now they launch more loyalty programs to reward themselves – and even you. It’s the logical extension of programs that started with books of trading stamps from grocery stores and gas stations and now extend electronically from purchases at coffee bars to international vacation packages.

There’s a lot at stake for banks and retailers because the citizens of nations with developed economies still spend a lot of money. And while some older consumers dislike waiting for charges to be approved using the more secure chips in their credit cards, millennials and their older siblings are embracing mobile payments. With smart phones almost always accessible, it’s easy to tap a payment station with your phone or hold it close to the station, enter your passcode and keep going with life.

That phone, of course, contains a wealth of information that merchants and banks can tap into with their big-data systems. They can use the data to optimize rewards programs for their customers based on what you and where you buy it. Financial industry research shows that the more affluent you are, the more likely you are to use digital payments whenever you can. And a good number of you are likely to use digital coupons on your smart phone.

You might say a perfect storm is forming. As the use of smart phones grows for all sorts of purchases, merchants and bankers will offer more incentives, and that will draw more people to the technology. That will ratchet up new programs to attract more users in a continuing spiral. The financial industry sees big changes in the next three to five years.

What can our transactional environment look like over the next few years? It’s not that hard to imagine. Your browsing history may show, for example, that you are looking for a new computer in the $1,000 range. With location services turned on for your phone – because you used it to find the fastest route to the shopping mall – the retailer and the bank that supports your credit card can easily deduce that you are entering a store to make a purchase.

Together, the retailer and bank can send a message to your phone to let you know that if you buy a specific computer-and-accessory package today, you are eligible for a discount from the price you saw during your online shopping – or you may be eligible for extra miles from the airline that sponsors your credit card – or you may get extra cash back for this purchase.

Or, your credit card company may have an arrangement with another retailer nearby, and they can offer you rewards to go to their retailer. They can let you know about their specials before you go into any store.

The driver in all of this is likely to be the bank that supports your credit card – or more realistically that has the credit account you access from your phone. They are the ones who “lend” the money when you charge a purchase or collect a handling fee on a debit purchase. The sheer volume of money changing hands creates incentives for them to incentivize you.

In turn, you will need to pay closer attention to the security of your smart phone. You will need to make sure you always have the latest operating system on your phone and that you have all appropriate anti-virus and anti-malware software running – on your computer or tablet as well as on your phone. And you will need to pay special attention to all offers you receive over your smart phone. If a retailer or bank can send a special offer to your smart phone, so can a scammer.

We can help you reap all the benefits of your rewards programs by making sure all of your technology has the latest security software properly set up to match the way you live. Call us – 973-433-6676 – or email us to help you make sure you are good to go.


Armor for Your Mobile Wallet

The battle between Apple Pay and Current C is about to intensify as more shoppers start to use the mobile wallet functions in their smartphones and devices. We believe Apple Pay has better security, giving you more armor for your iPhone’s commercial capabilities.

The heavy-duty armor, as far as we are concerned, is the two-factor authentication that’s part of the Apple Pay system. The system keeps your credit card information separate from the transaction, and you need a fingerprint to complete the transaction. So, if somebody steals your iPhone, they’ll also need to cut off the finger with the print you’ve registered as your “signature.”

The banks and financial companies who back various credit cards have bought into Apple Pay, too, and it would likely behoove many merchants to go along with the idea. Banks and credit card companies are moving to the EMV (EuroPay, MasterCard, Visa) system that replaces the magnetic stripe with a chip, and they are shedding their responsibility for covering fraudulent charges. That responsibility will shift to the merchants.

The security benefits are enhanced by Apple Pay’s ease of use with Near Field Communication (NFC). A post on Tech Radar gives you a simple explanation, but we’ll simplify it a little more for those who don’t want to click through.

It’s a short-range, low power wireless link that essentially uses radio-frequency identification (RFID) technology (think EZ Pass) to transfer small amounts of data between two devices just a few inches apart. It doesn’t need any pairing code as with Bluetooth, and it’s so low-power, it doesn’t need a battery in the device being read. Tapping your phone on a contactless payment terminal in a shop, train station or coffee shop identifies your account and takes payment through the app on your phone.

Your phone’s SIM card is a smart card that identified your phone to a network, and phones besides iPhones have NFC capability.

We have some issues with one of Apple Pay’s major competitors, Current C. I don’t think it’s as easy to use, but more important, the system collects a lot of personal information, and it has been hacked. Current C, as we understand it, is linked to a consumer’s checking account, and we don’t use debit cards because of the risk associated with debit card security issues.

We also don’t like the customer-data collection aspects of Current C. It functions like a loyalty program, and we should all have the choice of deciding if we want to be part of any merchant’s loyalty program.

Finally, Current C is more cumbersome to use. You need to log in and pull up a QR code that the store reads. With Apple Pay, you just hold your phone close enough to the reader for it to read your fingerprint.

We think the finger is just scratching the surface. Because fingerprints are unique – even with identical twins – mobile wallets using the Apple Pay principles can spread to boarding passes, door locks or anything else requiring accurate identification.

What are your thoughts? Leave a comment and start a conversation. And if you have any questions about setting up an Apple Pay account on your iPhone, we’d be happy to help. A phone call – 973-433-6676 – or an email will get it started.


Credit Cards: Small Businesses are Big Targets

Accepting credit cards is a way of life for many small businesses, and most owners don’t give a second thought to extra layers of data security. After all, what can a small mom-and-pop store have that would be attractive to hackers? Well, as it turns out, small businesses are big targets because they’re pretty easy to hack – and a valid credit card number is a treasure.

The Wall Street Journal a year ago chronicled the tale of a newsstand owner with two stores who was victimized. And even though he thought he was taking precautions to protect his customers’ data, cyber thieves planted a software program on the cash registers at his shops that sent customer credit-card numbers to Russia. At the time the story was written, he was out about $22,000 because the credit-card company said he didn’t do enough. They said his weak password for his cash-register software, pos, was easy for hackers to try.

But a weak password is only part of the problem for most small businesses. Too many small businesses store passwords to sensitive data in Outlook or other email clients, and the data can frequently be found easily hacked Excel spreadsheets. Even if you have antivirus and antimalware software, there are numerous ways that hackers can find their way into your system. For some, it’s like taking candy from a baby.

However, you can put up some protective fences around your data. The measures may cost a little more money than you’d like, but those costs are smaller than the liability you could face from a breach of your data.

  • Get “business-grade” antivirus and antimalware software. We offer it for $4.25/mo/computer, and we set it up and monitor your threat activity. In addition, we assist you on any software changes you make to ensure that your virus and malware protection remain at your expected level of performance. Why is this important? You need to protect yourself against somebody installing a Trojan horse that can turn up years later. The newsstand owner’s system was compromised two years before anything happened. You can have the same protection that big corporations buy.
  • Don’t keep user names and passwords in Outlook folders or Excel files. To be honest, they shouldn’t be on a computer. You should write them down on a piece of paper and store them under lock-and-key. Having your data compromised through an email backdoor is a growing problem. (See Lowdown on Hijacked Email, the next article in this newsletter issue.) If you get an email from your bank, credit-card processor or PayPal, don’t just click and reply. Hover over any link or email address and see where it’s really going. Better still, go to your provider’s website independently of the email or pick up the phone and call customer service.
  • Use strong passwords. If I had a nickel for every a-b-c or 1-2-3 password I’ve seen, I’d be managing a large investment portfolio instead of IT systems. Make your passwords long or complex or both. Use uppercase and lowercase letters, numbers and special characters.
  • Keep your Wi-Fi network secure. Networks are all over the place in commercial and residential areas. Just take out your smartphone and see how many networks are in your range. If your network is unprotected, anyone can sit in range unnoticed for as long as they need to find a pathway to your valuables

We would welcome the opportunity to provide a free risk-management assessment of your practices and systems. Call us at 973-433-6676 or send us an email and feel more secure.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.