• Your 1st Merchant Account
    Already Have An Account?
    The Opportunity You Have Been Waiting For!

‘Heartbleed bug’ discovered in 2/3 of all websites

A major global security flaw has been discovered in an encryption method used on about two-thirds of all websites, including Google, Amazon, Yahoo and Facebook, potentially exposing web traffic, user data and stored content to cyber criminals.

The “heartbleed bug” was found in the OpenSSL software by a team of security engineers last week, leaving technology companies scrambling to fix their systems before it was announced on Monday night.

There is so far no evidence that a hacker has exploited the flaw, which has made systems vulnerable for up to three years. However, it is paramount that we all take necessary measures in order to ensure the safety of confidential information.

OpenSSL has released an update to repair the flaw and companies must update their software to be safe.

Google said it had fixed the flaw in key Google services and Facebook said it had added protections before the issue was publicly disclosed. Amazon Web Services, whose clients include sites from Netflix to Unilever, said it had applied “mitigations” so customers did not need to act. Yahoo said it had “made the appropriate corrections” to its main properties and was working to fix its other sites.

But even those who fix the software cannot necessarily see if a hacker has already used the vulnerability to access their systems. Netcraft, which monitors what code is used in each site, said more than half a million trusted websites were vulnerable to the bug. Wondering if your favorite sites are vulnerable? Filippo Valsorda, a consultant who specializes in cryptography and security, has created a Heartbleed test tool that you can use to check your favorite websites.

Matthew Prince, chief executive at Cloudflare, a company that provides a security barrier for about 5 per cent of web requests, said it had fixed its encryption after being alerted last week.

“This is very bad and it may be extremely bad,” he said. “This is one of the really bad internet bugs ever.”

Mr Prince warned that the flaw could affect “almost everyone” as the software is used by more than 60 per cent of all websites. He said the flaw could have allowed hackers to read everything in a computer’s memory.

As a consumer, what can I do?

 

Web server administrators are frantically patching their systems to protect against this vulnerability. However, many are suggesting that it's still very critical that you change absolutely every username/password combo you use on the internet in order to better protect yourself and your information from being vulnerable to cybercriminals. Note that just changing your password does not mean you are now safe. Web server administrators must first correct the Heartbleed within the server to ensure no further information can be leaked.

 

Although it is unknown at the moment if information was actually taken as a result of this vulnerability, it is extremely important that consumers monitor their payment cards and report any suspicious activity to their banks immediately.

 

As a business owner, what can I do?

 

First and foremost get in contact with your IT department and ensure that your servers have not been affected by the Heartbleed or have been patched. Taking any other steps without stopping the bleed will do nothing to protect the confidential information that you have been trusted with by your customers.

 

Secondly, make your customers aware of the situation. If you maintain a username and password database of customers, require that they change passwords on their next login.

 

And finally, educate your employees and monitor business transactions to ensure that out of the ordinary transactions are not processed without further investigation. For example, if you usually do not receive orders over $2,000 and one comes in for $7,000 then you should contact the issuing bank of the card to ensure the funds are available and the cardholder is the one facilitating the transaction. If you are an e-commerce business and cannot view the back of the physical credit card, contact your merchant services provider and they will obtain the information for you.

 

Is there a bright side to all this?

 

For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can be rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.

 

 

Comments closed

15 Business Tax Decutions You Don’t Want To Miss

Small Business Tax Deductions – Top 15

Ignoring tax credits is like tearing up a paycheck. Sadly, too many people do it. That’s unfortunate because each dollar of credit equals a dollar in tax savings. Don't miss out on deducting credits your business deserves for 2013.

Opportunities abound for small businesses to cut their tax bills. The key is understanding what's deductible for your business.

A good tax preparer can guide you, but it is your responsibility to save receipts throughout the year.

"Organization and good record keeping are the keys to lower tax preparation fees and painless IRS audits," says Sam Fawaz, a certified financial planner and certified public accountant with Y.D. Financial Services in Franklin, Tenn. "Bringing a shoe box to your CPA or accountant and saying, 'Here are my tax records; please prepare my return' will undoubtedly cost you more in compilation and accounting fees to arrive at tax return numbers."

Here's a rundown of expenses to track in preparation for tax day.

  1. Auto expenses: You may deduct mileage, parking fees and tolls for business use of your car. Most people take the standard mileage rate deduction because the record keeping requirements are less burdensome, but actual expenses often yield a larger deduction, says Fawaz. Keep track of the mileage, odometer start and finish for each trip, destination, the starting point and business purpose. "The actual expense method often yields a higher deduction, including repairs, insurance, maintenance and depreciation for the business portion of use," Fawaz says.
     
  2. Equipment, furniture and supplies: Look at your purchases and ask your tax preparer to run the calculations to see if you should expense it or depreciate it. But don't overdo it, says Clare Wherley, a certified financial planner and certified public accountant with Lassus Wherley in New Providence, N.J. "I've often had to caution the entrepreneur that buying a piece of equipment just to get a tax deduction isn't good business sense."
  3. Professional and legal expenses, and association dues: Professional and legal expenses are deductible, but if the costs are part of startup expenses, you may need to amortize the cost over 60 months. Association dues may include a portion for political contributions or lobbying, so those can't be deducted, Fawaz says, noting the association must disclose this amount or percentage.
  4. Expenses to start up or expand your business: The biggest mistake in deducting expenses to start up or expand your business is failing to make an election to amortize or deduct these expenses in the first year. A paper election is required to be attached to the return, stating your intention to amortize them, Fawaz says. Otherwise, the expenses become nondeductible until you sell or liquidate the business.
  5. Professional publications and software: Here again, the common error is taking the cost as an expense instead of amortizing, Fawaz says. Software licensing fees, for example, should be capitalized and amortized over 60 months unless it has a life of only one year, such as an annual maintenance agreement. Professional publications should be amortized over the subscription period if prepaid.
  6. Gifts and advertising: Client gifts are deductible up to only $25 per gift. And if you advertise, deductions taken for costs that cover multiple-year contracts must be spread over all the contract years, Wherley says.
  7. Home office: If you have a legitimate home office, don't be afraid to deduct it. To qualify, the room must be used exclusively for business. It can't double as a spare bedroom or toy room for your kids. You can deduct a portion of rent, utilities, insurance, taxes, maintenance, professional cleaning, depreciation and interest. State tax deductions will vary.
  8. Telephone and internet: Any dedicated services for your business are deductible. If you use your home or personal cell phone for business, you may only deduct the portion used for business purposes.
  9. Education and training: You may deduct the cost of continuing education or certification for the business you're already in, but education that qualifies you for a new line of business is not deductible, Fawaz says.
  10. Bad debts: A bad debt is only deductible if the income has been declared. Wherley offers this example: A business owner bills a client in December 2009 and declares that income on his 2009 return. By the end of 2010, he realizes he will not be paid by that client. So in 2010, he can take a bad debt deduction for the income previously declared. If that income was not declared, he can't take the bad debt deduction.
  11. Interest on loans: You can fully deduct interest on loans for your business. If you have a loan from a relative, make sure it conforms to IRS rules.
  12. Entertainment and travel expenses: Keep excellent records here, and keep a log of who you met, why, where, when and for what business purpose. "Only 50 percent of meals and entertainment costs is deductible, and none of the costs associated with country club memberships are deductible," Wherley says.
  13. Taxes and Social Security: State taxes paid are a healthy deduction; just don't allow yourself to be surprised by how high Uncle Sam's bill may be. "I often advise setting aside 50 percent of net income to cover everything," Wherley says. "If there is something left over, the refund is that much sweeter."
  14. Insurance: Insurance premiums for the business for one year or less are deductible currently, while excess prepaid premiums are deductible in subsequent years, Fawaz says.
  15. Charity: Save all your receipts, and don't forget to keep track of contributions of inventory or property

Source: http://www.entrepreneur.com/article/205334#

Comments closed

Small Business Owner Says Square Screwed Him Over

Alex Shvartsman, a science fiction writer and the owner of a small New York City game store, wrote a lengthy blog post accusing mobile payments startup Square of essentially screwing his small business out of thousands of dollars.  

In July 2013, Shvartsman began using Square to support his store's ecommerce. Then, in November, someone used stolen credit card numbers to place several large orders on his site, and he and his staff shipped $1,800 worth of trading cards to several different addresses. Shvartsman received two "chargeback" notices from Square, totaling nearly $1,200. 

What's a chargeback? When a a person notices a charge for something on their bank statement that they didn't purchase, they call their credit card company. That person generally gets their money back right away. The credit card company, however, then contacts the processor (in this case, Square), and so begins a complicated documentation process to determine whether or not the merchant who handled the fraudulent charge should be held responsible. The merchant either gets the money back, or they don't. The process can take a few days or a few weeks. 

According to Shvartsman, Square didn't handle the chargeback process well at all. He writes that for each chargeback, he had to fill out a survey with supporting data and documentation about his transactions with the buyers. Meanwhile, Square withdrew the disputed funds from his store's bank account. He writes that he wanted to speak to Square's fraud prevention department to figure out how to best comply with the company's policies to avoid future problems. He couldn't find a phone number, so he sent an email asking about protection from fraudulent charges, saying, "I wanted to make certain that it’s safe for us to continue accepting large orders via Square."

He wasn't happy with the response he got from Square, about a week later:

Thanks for writing in. At this time, we do not provide live phone support. Our Support team operates over email in order to serve you most effectively. We also need to keep all communication with our merchants documented in writing.

Thanks for providing the requested information and documentation. We will respond to your customer’s billing disputes on your behalf and hope to receive a resolution soon. We will notify you once we’ve received a decision from your customer’s bank. Please note that it may take up to 90 business days to resolve these disputes, but we will provide updates throughout this process.

Square pointed him to a help page and an email address.

At that point, Shvartsman recieved another chargeback, raising the total cost to $1,800. He writes:

$1800 is a lot of money to me. What’s worse, these items are sold on incredibly low margins. After the wholesale cost, shipping, and processing fees, I make approximately $5 in net profit for each $90 box of trading cards sold. (And that’s not counting fixed costs!) So an $1800 loss wipes out profits from literally tens of thousands of dollars in sales.

He continued to use Square to process transactions on his website. Fast-forward to February 2014: In the first week of the month, recieved another chargeback from a transaction that took place back in November. He filled out Square's documentation survey again, and received an email from the company that said:

Our Account Services team has concluded a review of your account and has determined it to be high risk. For security purposes, we have elected to deactivate your Square account. From the date of this letter forward, you will not be able to process credit card transactions using Square.

… We apologize for the inconvenience, but our decision is final.

Shvartsman wrote that it has been nearly 90 days since the initial chargeback and that he has received no updates throughout the process, that the company promised. The total he lost through the chargebacks was $2,300, but he said that it will cost him more in business, because his website no longer gives would-be customers a way to make purchases while he scrambles to get PayPal installed (to replace Square). 

He writes:

[Square] created a cool, innovative product, but it seems that, as they rapidly grew as a company, they failed to build a robust customer service department or even a reliable way to communicate well with their own merchants.

Business Insider reached out to Square about its chargeback policies. Here's what we got from a Square spokesperson:

Our goal is fast, efficient customer service that gets people immediate answers to their questions whenever and however possible. In addition to email and real-time Twitter support, we have a robust online Help Center that customers can visit anytime. We also provide phone support for some issues and continue to test new ways to help our customers as quickly and efficiently as we can.

Check out Alex Shvartsman's full blog post here.

UPDATE: Shvartsman got more than $2000 back from Square.

Read more from the source: http://www.businessinsider.com/square-fraud-customer-service-2014-2#ixzz2tKmLozSF

Comments closed
  • We’re Hiring!

    We're looking for agents all across the United States! If upfront and honest merchant services sales is where you want to be, let us take you there. We offer true residual splits, sales incentives, in-house customer service and true honesty. Contact our Sales Manager today at ext. 117!