Listed below is a link to an article that caught our attention about a number of credit card breaches.http://www.wired.com/threatlevel/2009/11/pos/
We take the threat of having RetailEdge Users having customer credit card data stolen very seriously. This is what we are doing and have done to make sure that RetailEdge users don't have a breach.
1. We have had RetailEdge PADSS validated. This is one of the major steps to having your business protected and means that RetailEdge is securely handling and transmitting credit card data.
2. We have incorporated all feature updates in our Version 8.1 service plans. This will ensure that if a user is on a service plan that they will have the latest version of the software and if there are security patches necessary that they will be available to them.
3. We have implemented the SMP so that customers who do not feel they need on-going support or can't afford it (although it is only $45/month/location) will have an alternative to allow them to get program updates. Note also that our updates are not only for update patches but also include new features as well. The SMP is a very affordable way to not only get these new features but make sure you have the latest most secure version of the software.
4. We have partnered with one of our merchant account partners to provide a free update for the first workstation from all previous versions of RetailEdge to the newest version. We want people to have an affordable way of getting the latest most secure version.
5. We have implemented secure swipes with our partner Payment Processing. This is not required by PCI but we felt it was an important inexpensive way of providing another layer of protection.
This is what we can do but as you can see from the article there are other things that businesses need to do to provide security that are outside the control of RetailEdge. For instance, turn on your firewalls, keep your Windows OS updated, and install anti-virus software. There are simple and in many cases free ways to keep yourself secure.
Another thing to do is change your passwords and use strong password. We understand that passwords are hard to manage and we all have hundreds that we have to manage. However, there are some simple inexpensive password managers that will allow you to generate and remember complex passwords (like GsdHRUxf3fEX4w). You should also change your passwords. RetailEdge requires your location passwords be updated annually. You should do this with all your passwords that are used to secure sensitive data.
Also something we see many times is the use of default or obvious user names and passwords (password, password, admin, administrator, etc.) These are well known and easy to hack.
In addition if you are accessing your systems remotely (you or your IT staff) you should implement something that provides two factor authentication or do if via a VPN. Windows Remote Desktop does not provide two factor authentication and so you should have a VPN if you are going to remotely access your computers this way. LogMeIn Pro does provide the two factor authentication. What this means is when you log into your system LogMeIn will e-mail to pre-assigned e-mail addresses a security code (the second factor), that you will need to access your system. So if someone does get a hold of your user name and password, they will still have no way of accessing your computer.
If you have any concerns or comments about any of these topics, you should feel free to contact us.