Your Questions Answered About Mobile Marketing

Mobile marketing requires much more compact usage of space, so you will need to plan your content to be more concise. It’s important not to have rambling pages that have a lot of fluff. Mobile marketing requires you to stick rigidly to the focus of the topic in a concise, yet thorough, manner.

Be concise and user-friendly. Keeping the minimum number of clicks feature will help maximize your success. Typing a lot can get frustrating, especially on tiny mobile keypads. Focus on the essential elements of your campaign and get rid of what is not necessary.

Create your own app. Customers can use the app to conveniently keep tabs on possible sales and special offers. It will also help increase your brand recognition and overall business traffic. The price of an app can vary considerably so consult a professional regarding the development process.

One of the most effective methods of increasing your profits is to use mobile marketing. Nowadays, many people use their phones for downloading apps or browsing social networking sites. Mobile devices and social networks are great platforms to advertise your products and services. You must be willing to adopt new marketing strategies based on the platforms that your customers are using.

Expert mobile marketers deploy various aspects of their marketing strategies in sequence. That is what you should do too. You can start with a text messaging campaign, expand into using mobile websites, then incorporate mobile apps and eventually deliver videos to mobile devices. Keep progressing and improving your overall mobile marketing campaign. Utilize all available tools.

Test your mobile marketing to see that it works on every type of platform your readers could use. Your message must display properly on all three major smart-phone marketplaces: Android, Blackberry and iPhone. It will be easier for you if you can simplify the messages that you are sending instead of trying to make custom messages for each device. You should always aim to keep things simple.

Mobile marketing covers a wide range of subjects. Businesses are all very different, and so are their marketing campaigns. Some entities may find a specific method to be effective, while another may need to apply a different strategy. Hopefully, the insights in this article have helped you on the way to finding what works for you and your business needs.

Mobile Marketing is very important for any business. It can make the difference between being in front of your competition or being behind. Would you spend thousands on an advert done that no one could see?

With so many good telephone marketing Companies in cities like Glasgow and London, all you really need is one good and reliable Consultant.

At Just Voice & Data, we are one of the leading Glasgow Based Telecoms Companies.

We specialise in Telecoms and pride ourselves on our ongoing support to our clients.

We have worked with businesses of all sizes, types and with variety of budgets.

Contact Us if you are looking for more customers and bigger sales.

PCI DSS, Myths

There is a lot, a heck of a lot of mis information doing the rounds in regards to the PCI DSS.

We have put together some of the most common myths in relation to PCI compliance, below are a couple of myths doing the rounds, if you would like the full list then please use the contact page and we will email the full document to you.

Most of our transactions are online and therefore we do not take sufficient amounts of transactions over the phone to warrant compliance above level 4…..

The number of transactions conducted over the phone, internet and other applications are cumulative and therefore it is the total number of transactions that are relevant regardless as to where or how they have been processed. For example if an organisation takes less than 20,000 Visa/MasterCard transactions over the phone but process over 1 million via other means such as internet, tablet applications etc they must ensure they meet all the controls for level 2 compliance for phone calls as well as e commerce.

 

My organisation is buying/has bought PCI FAS approved equipment

Many organisations are investing high levels of capex into PCI DSS approved equipment to address the requirement to be approved, the issue with this is although it is useful to have PCI compliant hardware and software to meet certain requirements, the organisation still has to meet ALL of the controls in order to pass the audit which will in all certainty still be a complex, expensive and long-winded process.

Do organisations using third-party processors have to be PCI compliant?
Yes. Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance.  However, it does not mean they can ignore PCI. You and or your organisation must ensure ALL controls are met and maintain.

I’m a small merchant who only takes a handful of cards, so I don’t need PCI.
This is a common misunderstanding, small merchants handling small numbers of transactions per year believe they are either exempt from compliance or believe they only need to be level self certified. If you are a merchant and are set up to take/process cards transactions by any mechanism – then you need to be complaint. In addition all transaction types count towards a cumulative total to determine what level of compliance a merchant or organisation needs to adhere to.

One vendor and product will make us compliant.
Many vendors offer an array of software and services for PCI compliance. No single vendor or product, however, fully addresses all 12 requirements of PCI DSS. When marketing focuses on one product’s capabilities and excludes positioning these with other requirements of PCI DSS, the resulting perception of a ‘silver bullet’ might lead some to believe that the point product provides ‘compliance’, when it’s really implementing just one or a few pieces of the standard. The PCI Security Standards Council urges merchants and processors to avoid focusing on point products for PCI security and compliance. Instead of relying on a single product or vendor, you should implement a holistic security strategy that focuses on the ‘big picture’ related to the intent of PCI DSS requirements.

PCI DSS, CVV seller network closed down

The Serious Organised Crime Agency (SOCA), working in collaboration with the FBI and the US Ministry of Justice, has shut down 36 major CVV sellers’ websites that were trading in stolen credit card details and online banking credentials. SOCA says the closures will reduce international fraud by more than £500 million a year.

The carder sites acted as online marketplaces for stolen card data, using e-commerce platforms known as Automated Vending Carts (AVCs) to collect the card data from criminals and then resell the account details to buyers around the world.

SOCA, the UK national police agency whose auspices include fraud and computer crime, said it has been tracking the development of AVCs and monitoring their use for some time. Over a two-year period, it worked with the FBI in the US, the BKA in Germany, the KLPD in the Netherlands, the Ukraine Ministry of Internal Affairs, the Australian Federal Police and the Romanian National Police, to recover more than 2.5 million cards and credentials of compromised personal and financial information. It said the recovered data has been passed to UK and overseas financial institutions to help prevent further fraud from taking place against the accounts.

The case underlines the need for merchants and service providers to “ensure they comply with the requirements of PCI DSS to protect card holder data and prevent it from ending up on sites where the data can be sold for a couple of pounds.”

For the full story visit Search Security

VOIP – Is it Secure?

Is VOIP secure?

That is a question I am often asked by clients, especially when they decide to move from traditional voice services such as PSTN or ISDN.  What we have to bear in mind is that no telephone service is 100% secure, after all phreaking, or phone fraud as us mere mortals call it, is big business for the criminals of today.

Would I use VOIP on my own telephone system?

Let me try and answer that, I have used VOIP previously, I did have a hosted call centre switch/system a few years back, all using SIP trunks (VOIP telephone Lines) and soft phones on the agents PC’s. I wouldn’t even think about such a set up now!

Whilst on a recent training course about a hosted PCI DSS solution, the developers of the product recounted a tale of their attempts to use SIP on their server, the server cost £1.5million, was housed at a main networks major data centre, millions of pounds spent on security, inside 2 hours of a single SIP trunk being activated on their server, not advertised or promoted anywhere, remember this was during trials only! Inside 2 hours the server was hacked. Needless to say the server was turned off, and SIP has never been used since. Not only that they will not allow their product to be used by businesses who use VOIP!

Here’s the thing, if you use VOIP for your phones in your office, have softphones on your PC, hackers can utilise that VOIP to gain access to your internal network, remember the PCI solutions server was behind millions of pounds worth of network security such as firewalls and was hacked in 2 hours. VOIP in your business, without additional security, is an open door for hackers to gain access to your internal server, with the potential to steal your clients information, a clear breach of the data protection act on your part!

Is VOIP secure? That’s for you to decide, but my opinion, No, it is not.

 

CONCERNS
There have been raised concerns about VoIP systems amongst users, and especially business clients have been concerned.

Integrity of systems is one concern as voice quality should be excellent and the availability should be 365/24/7 dial-tone.

The confidentiality is another concern raised by business users, as all communication should remain confidential.

Authenticity is a factor ranked high as valid subscribers should be able to access the service provider’s network. And last but not least the regulatory compliance issue is a must. This also makes the need for corporate best practice documentation and routines.

SECURITY THREATS
There are security threats to an IP network which VoIP uses. These threats are of a widespread type. It could be denial of service attacks, called DDOS attacks, Spoofing (caller ID), voice alteration (hijacking) and toll fraud (theft of service). All these types of threats can result in the loss of privacy and integrity of users on VoIP.

You also have the chance of SPIT (Spam over Internet Telephony or VoIP). You will also have the chance of being exposed to advertising that appears in a VoIP voice mailbox.  Then there is the chance of Vishing which is the process of persuading users to reveal personal information.

SECURITY MEASURES
So, certain security measures need to take place before serious business use of VoIP systems can take place.

Use of Encryption and VPN systems will become a necessity as well as the use of Digital Certificates. There needs to be a separate VoIP network from the data network in a company or in a household. Computer systems need to have installation of Intrusion Prevention Systems and Firewalls. Use of Session Border Controllers (threshold policy rules) will have to take place. There is a need to implement a campaign to make awareness on using high-risk programs that expose the company or household to outside attacks.

If you are offered VOIP as a solution, remember,  think security and ask those offering how secure is it and show me the proof!

PCI DSS Am I Affected?

This is a question I am often asked, the short and simple answer is yes.

Don’t just take my word for it, View this short animated video for a “tongue in cheek” look at the history of the evolution of payment card security and the PCI Security Standards Council (PCI SSC), the organization responsible for the PCI Data Security Standard (PCI DSS) and other standards for keeping cardholder data secure

 

Why it is essential to be PCI DSS Compliant

It is really not surprising to find that many people now who hardly take any cash with them. For them, purchases are now paid either through debit or credit cards. Many go for these type of transaction resulting from a few individual reasons. It is actually less bulky, you don’t have to carry change and you can actually look back on your expenditure for record and accounting purposes. For lots of people, they genuinely feel safer not having to lug money around. All this is possible because the numbers of merchants accepting debit and credit card transactions is actually growing.

Now, looking again at safety, lots of people actually feel safer if they have less money in their wallets, of course, given they have got enough in their bank accounts, then they can use their debit and credit cards. Regrettably, using debit and credit cards opens us up as well, to a much more modern means of losing money: online/over the phone fraud.

Hackers get better every day. That is the truth. The challenge of safeguarding data available on site or online has become tougher and tougher . It’s a constant battle between the good and the bad. Hackers exert intense efforts in searching for the weaknesses. During the process of paying for your groceries, your coffee or your petrol, an unprotected merchant is most often than not the weakest link.

This really is exactly why Payment Card Industry Data Security Standards (PCI DSS) came to be. The target is to protect both the consumer as well as the merchant facilitating the card payment transactions. From a simple payment receipt left lying on a table to something as complicated as the encryption of data being transferred wirelessly, PCI DSS does its best to cover all bases, to ensure our data is protected at all times.

For the merchant, you definitely need to be PCI DSS compliant. Implications can certainly be unimaginable if you as a a merchant do not consider this very seriously. Regardless of whether you are simply charging a £2 turkey sandwich or a £1000 computer, your consumer can actually become a victim and lose anything he has on their debit or credit card. If that is in the millions, then your company can be an unknowing participant in the million-pound fraud that is card fraud. No business owner should ever like to be caught up in such fraud. But, yes, unfortunately this is possible if your business is not PCI DSS compliant. If you take payments by card, online or off line then you have an obligation to be compliant. Otherwise, you face the prospect of large fines AND the loss of your merchant facility, enough to put a small business out of business.

W offer a solution that helpswith pci compliance when taking payment over the telephone, it’s called PAY-TEL click on the link to find out more

PCI DSS and Call Recording

Many organisations that use voice recordings within the Contact Centre do so because it is required for business reasons, such as agent training or confirmation of verbal contractual agreements that are carried out over the telephone channel when selling services.

Depending upon the transaction type, regulatory requirements to keep any recordings (for varying periods of time) for playback apply. For businesses, particularly in the financial services and retail sectors, further requirements apply due to the fact that when purchase transactions are completed over the telephone using payment cards, certain data needs to be protected.

For organisations that are required to record telephone conversations and also take payment card details over the phonethe recording and storage of this data can become a PCI compliance issue.

Typically the call recording will record the whole conversation including the Primary Account Number (PAN) and the three or four digit security code (CAV2, CVC2, CVV2 or CID). In addition to the considerations required around the call recordings, enhanced processes and procedures are required for all of other stages involved in and around the initial call.

There are many things to be considered when recording a call containing cardholder data, it is vital to quickly determine what data needs to be protected, for what length of time and depending upon what analytical tooling is in place within your business; the appropriate management and protection of this information is paramount. It is worth noting that some of the largest fraudulent activities that occur are often from within the organisation, so it is imperative to ensure that voice recording is looked at from both a technology and a user process perspective, as they go hand in hand.

Some things to consider

  1. Is a formal Security Awareness Training programme in place and being maintained?
  2. Have you developed and implemented a set of PCI DSS compliant Policies?
  3. Are the call recordings stored securely?
  4. Is your network securely maintained and protected against attack?
  5. Do you maintain and secure a detailed set of auditable logs

Where technology exists to prevent recording of these data elements, such technology should be enabled. If these recordings cannot be data mined, storage of CAV2, CVC2, CVV2 or CID codes after authorisation may be permissible as long as appropriate validation has been performed. This includes the physical and logical protections defined in PCI DSS that must still be applied to these call recording formats.

What this means:

Essentially, the Card Verification Value (CVV) must not be retained post authorisation. In any event, and only as a last resort, where a CVV is retained it must be held subject to additional security controls to meet the intent of the Standard, but always via a compensating control.

Before any such compensation control can be implemented it must be verified by a Qualified Security Assessor (QSA) in turn approval must be obtained for the compensation control from the acquiring bank.

PCI

PCI DSS will become a major issue for merchants this year, as from now, January 2012 all assessments will now be based on version 2.

PCI DSS requirements or controls are mandatory – if an organisation wants to comply with
PCI DSS then it must comply with every requirement laid out in the standard. In contrast, ISO 27001 controls are suggested controls, and each organisation has the flexibility to decide which controls it wants to implement dependent upon the risk appetite of the organisation.

PCI DSS version 2. must be adopted by all organisations with payment card data by 1 January 2011, and from 1 January 2012 all assessments must be against version 2. of the standard.

PCI DSS was developed by the major credit card companies as a guideline to help protect organizations that process card payments against fraud, hacking and various other security vulnerabilities and threats.

PCI DSS requires internal and external scanning of both wired and wireless networks.

PCI DSS mandates that scanning actually happens on schedule, while vulnerability
assessment helps find the holes that attackers may exploit to steal the card data. PCI DSS compliance for large merchants (Level 1) is a major undertaking that costs tens of thousands of pounds and takes many months.

Security scanning companies interested in providing scan services as part of the PCI program must comply with the requirements of the PCI DSS and must successfully complete the PCI Security Scanning Vendor Testing and Approval Process. Qualified Security Assessors (PA-QSAs)

The Payment Card Data Security Standards (PCI DSS) defines twelve (12) requirements for compliance, organized into six (6) categories, below . . .

BUILD AND MAINTAIN A SECURE NETWORK

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

PROTECT CARDHOLDER DATA

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

IMPLEMENT STRONG ACCESS CONTROL MEASURES

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

REGULARLY MONITOR AND TEST NETWORKS

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

MAINTAIN AN INFORMATION SECURITY POLICY

Requirement 12: Maintain a policy that addresses information security

Hotels| PCI DSS| Credit Cards

Telephone & internet hacking and data theft are becoming major concerns for businesses across industries. Irrespective of size, if your business accepts credit cards as a mode of payment, it immediately exposes itself to the huge threat of data hacking, theft and breach. The hospitality industry is no different. With the travel industry growing rapidly, hotels and restaurants access and store customers credit card information and feedback forms as part of their accounts and CRM on a daily basis.  It has become imperative to protect this guest information and data with uttermost privacy. In fact, according to a recent study, hotels and restaurants have accounted for the largest amount of credit card breaches. Thus, the hospitality sector has no choice but to comply with Payment Card Industry Data Security Standard (PCI DSS) requirements to secure itself and protect against data thefts and loss.

PCI DSS standards maybe overwhelming for smaller hotels and restaurants, but with a robust hotel software or hotel ERP, hoteliers can secure their networks to run at optimal capacity.

What is PCI DSS?

Payment Card Industry Data Security Standard (PCI DSS), are a set of requirements that any business using credit card as a payment mode must adhere to. These are a set of guidelines and IT requirements that can be implemented while configuring IT and payment processing environments.

PCI DSS was established by five of the world’s major card networks: American Express, Visa, Discover, JCB and MasterCard.

Where Do PCI DSS Standards Apply?

PCI DSS standards are a set of international security requirements that govern all areas of sensitive guest payment card data processing such as:

  • Magnetic card stripe
  • Security codes and passwords on all property applications, includingWindows
  • PIN that results when a transaction is authorized
  • Physical security of printed reports

Requirements for a PCI DSS Certification

Hotels must meet specific requirements to earn a PCI DSS certification.  These requirements include standards for:

  • Network security – firewalls and password configuration
  • Using secure PCI-certified system applications
  • Restrictions on cardholder data access – both electronically and physically

Advantages of PCI DSS to the Hospitality Sector

Data theft could result in a hotel or restaurant being black listed, resulting in loss of thousands of dollars of revenue. PCI DSS benefits a hospitality property in terms of

  • Better protection of sensitive company & guest data
  • Reduced risk of data theft
  • New revenue opportunities
  • Optimized processes and systems
  • Improved efficiency and brand value

PCI DSS also protects a hotel in terms of providing strong access control measures. It also regularly monitors and tests security of the network and maintains a vulnerability management program to deal with breach.

How to Stay PCI DSS Compliant

Here is a quick list of things to do so that your hotel property becomes PCI DSS compliant

  • Install and maintain a firewall to protect cardholder data
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Avoid using vendor-supplied default settings for system passwords and other security parameters
  • Encrypt transmission of cardholder data across open and public networks
  • Ensure your anti-virus software is always updated
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security

The onus really is on you to become PCI DSS compliant and verify your compliance with each payment card brand if you are an independent hotel, restaurant or resort. If you are part of a franchise, reach out to your franchisor to see they have implemented a PCI compliance program for their franchisees or if they are offering any guidance.

PCI DSS Compliance

Compliance with PCI DSS can be challenging due to the broad scope of the standard.

PCI DSS really is a security framework for protecting cardholder data. Compliance does not equal security, so merchants continue to experience data breaches – Data breaches at organizations of all types and sizes continue to make headline news.

A card-not-present transaction can include Internet, mail, fax, or telephone acceptance of credit card account information. e.g. during the course of performing their job responsibilities, telephone sales representatives will have access to full credit card numbers, billing addresses, and CVV2 codes.

PCI DSS is intended to protect cardholder data in the card-not-present industry as described above.

Despite the standard becoming mandatory for ALL since Oct 2010, many business and organisations are still unfamiliar with PCI DSS, or at least, uncertain as to how to comply with it. With the threat of fines of up to £300,000, and the risk of losing a merchant account and possibly irreparable damage to a businesses reputation should non-compliance lead to data loss or theft it would make perfect sense to find out more.

The Payment Card Industry (PCI – set up by the likes of Visa and American Express) requires that all retailers and businesses wishing to take payments over the phone must adhere to its strict regulations. With an increase in debit and credit card fraud, these regulations were recently tightened (January 2011) and businesses had until December 2011 to meet the new standards.