November 5, 2013

Hiring for the Holidays? 5 Security Tips You Need to Know

With the holidays fast approaching, you’re probably beginning to bring on some extra help for the busy fourth quarter. We’d like to take this time to remind you to think about security when on-boarding new team members so your team works safely and securely even when things get hectic. Unfortunately, criminals understand this time of year means businesses are busier and therefore more distracted, and they know that minimally trained seasonal staff are easier to scam. Here are five important tips to help make this time a safe and happy holiday season for your business:
1) Don’t Share LoginsYou’ll likely have experienced employees train the seasonal hires, so be sure to remind everyone that there are individual logins for a reason. It’s not just so you can track potential “trusted-employee” fraud (although that is a main reason for you), but also it limits the access each employee has within DOLLARS ON THE NET® and in your POS.

Most seasonal employees will only receive the minimum access needed to do their job while more experienced employees probably have expanded access. You don’t want the new team member using their trainer’s login to access features and reports that may not be secure (or smart) for them to access.

2) Watch for SkimmingYour managers and supervisors know to look out for suspicious behavior, but skimming doesn’t just mean taking money out of the cash register. Thieves can have small swipe devices attached to their belt or hidden in their pockets that capture the data of any payment card swiped through them. Then the thief can use the card numbers captured to make unauthorized purchases or withdrawals. This practice is most common in restaurants due to the fact that the server usually takes the customer’s card with them, out of sight of the card owner, in order to pay for the meal on the POS.

In a retail environment, skimming devices are more often attached to the payment terminal at the checkout counter. (Sometimes thieves even replace the whole unit with a hacked version.) Train your staff to check their equipment daily, looking for extra wires or a false card swipe slot that may be attached on top of the real one, and to keep a close eye on anyone who appears to be “repairing” the devices. They should always report this type of activity to management.

3) Don’t Install Anything This one is pretty straightforward. Remind your new and seasonal employees not to install or upgrade anything, even when prompted to. Leave that to your IT guy or whoever manages your computer software (maybe that’s just you). Tell staff to inform their supervisor whenever a prompt does come up.

4) Keep Antivirus Up to DateYour antivirus software sends out updates not just for performance upgrades or changes, but more importantly, to establish security against newly discovered viruses that have been identified as risks to your system. Ignoring these updates could leave your computer system susceptible to such viruses. Make sure your team informs you, or the point of contact you have chosen for IT issues, every time they are prompted to update the antivirus software. Like tip #3 says, make sure they understand to not begin the update themselves, but to make note of it and inform their supervisor at the earliest convenience.

We are often asked how frequently antivirus definitions should be updated, and while there is no specific rule, we recommend updating daily if possible. Most antivirus software can be configured to automatically update itself each time it starts up. At Shift4 we update our antivirus definitions multiple times each day.

5) Call in for Voice AuthorizationsMake sure your team understands the importance of voice authorizations so they aren’t tempted to enter a false code quickly without calling for a true voice auth in order to keep the lines moving when things get busy. A main reason your processor prompts for a voice auth is to prevent fraud in a suspicious instance. This is not to say that every customer who requires a voice auth is a criminal, but it is a simple measure you should be taking to protect your business against fraud and delays in batch processing.

Remember, most seasonal help are great workers who are anxious to impress you and to hold on to their new position long after the holiday season. These tips will help them build a solid security foundation and will keep any who may not be so honest from ruining your holiday. Take time before the holiday rush begins to review these tips and your company’s PCI training materials with all your employees. With a little preparation and diligence, you can keep your holiday season secure, happy, and prosperous.