Posts

Man hands woman standing at cash register a golden credit card.

Why Cashless Stores Aren’t Always Good News

On March 7 Philadelphia became the first major U.S. city to ban cashless stores. In our increasingly digital world, where nearly all businesses accept electronic forms of payment, it seems only logical to transition to a completely cashless system. So why did lawmakers ban businesses from refusing to accept cash?

In 2017, nearly 6 percent of the population of Philadelphia was “unbanked,” which are people who do not have a checking or savings account and only use cash. About 22 percent of the population was “underbanked,” which are those who have bank accounts but still use alternative financial services, such as check cashers. These statistics have remained virtually unchanged since 2015, according to surveys from the Federal Deposit Insurance Corp.

According to Philly.com, supporters of this legislation, which goes into effect on July 1, argued that cashless stores effectively discriminated against poor consumers. A report from the Federal Reserve found that the unbanked and the underbanked are more likely to have low income, less education or be in a racial or ethnic minority group.

This population is not unique to Philadelphia: according to the Fed, about 5 percent of adults in the U.S. in 2017 were unbanked and 18 percent were underbanked. Though these numbers have decreased in recent years, that is still about 13 million unbanked Americans who would be unable to access cashless businesses.

Businesses, such as Sweetgreen, have gone cashless in recent years in order to improve efficiency and reduce the risk of robbery. The National Retail Federation opposes the ban on cashless stores, saying that merchants should decide which payments to accept (or deny).

The conversion to a completely cashless system would also have a significant impact on cash-in-transit companies, who would lose a large customer base that no longer needs armored couriers to securely transport their cash. This could also affect banks who depend on their commercial customers for business.

Along with the Philadelphia City Council, the New Jersey Legislature has also passed a measure to ban cashless stores. New York City, San Francisco, Chicago and Washington are considering similar bills.

Some countries around the world are completely cashless: In Sweden, only 15 percent of payments involve cash transactions, and in the U.K. credit and debit cards and other forms of contactless payments are the most common forms of payment.

Can Your Company Survive the Apocalypse?

Business Continuity Planning is a Necessity for Companies of All Sizes

No, we’re not privy to top secret information being held by the government or some other authority. And as far as we know, the only “apocalypse now” is a classic 1979 movie featuring Martin Sheen.

But running a business can be unpredictable. Whether it’s daily operations and logistics, or more drastic crises such as natural disasters and other emergencies that disrupt normal operations, things happen. And we’re sure you’re thinking, amidst everything that needs to get done to make your business operate smoothly, “I have plenty of free time to craft a business continuity plan!” Or not.

Despite all the other critical things requiring a business owner or leader’s attention, business continuity planning (BCP) is your way of preparing in advance for unexpected incidents so that you are able to respond swiftly (if they occur). It’s your roadmap for emergencies so you can keep your business moving at optimum speed, even when something unexpected happens.

For example, this summer many parts of California have been actively fighting some of the largest blazes in the state’s history. Fires spreading quickly in Mendocino County in the Northern part of the state prompted this now infamous line quoted in the Los Angeles Times: “We broke the record. That’s one of those records you don’t want to see,” said Scott McLean, a deputy chief with Cal Fire.

Let’s not get doomsday (or apocalyptic?) about this though – natural disasters such as fire are a real threat at times, but you can plan ahead to minimize damage if something disastrous were to cross paths with your business. Statistics say that on average, data centers go down for more than 10 days after a disaster. Can your business survive that? More importantly, do you know how you would react to something like that if it happened to your business?

BCP and disaster recovery (DR) are about as appealing as getting a root canal at the dentist, but you’ve worked hard to build your business and establish your reputation. So, just as you want to keep your teeth for as long as possible, you want your business to be viable as long as it possibly can. The BCP and DR are the investment you make for the long term health and planning of your organization.

Here are a few ideas to get you motivated and started on your planning:

  1. Analyze your business and discover your needs: If your headquarters were knocked offline tomorrow, how would you ensure data recovery?
  2. Include disaster recovery: You can’t stop Bob from eating the last donut, but you can prepare for how to protect your IT infrastructure in the case of flood, earthquake or fire.
  3. Use role-playing with team members to work through possible scenarios: Get your employees together and discuss possible scenarios, and how you would respond. Getting input from the group means you’ll have all the information you need to address potential pitfalls. And, adding free pizza to the mix turns it into a team-building exercise!

So, how will you get started preparing your business for the unexpected?

Insert ATM Card, Remove Keypad?

Wait, what?! A few days ago, an Oklahoma City police officer pulled the entire keypad off an ATM machine! No, he wasn’t trying to prove his strength, although that would have been quite impressive.

The outdoor ATM at Bank of Oklahoma in Tulsa Hills was weathered, but the officer noticed the keypad seemed brand new. When he began to inspect it further, the entire thing popped right off. “It kind of felt weird being a police officer and calling 911, but that’s what I did,” said Master Sergeant Corey Nooner in the NewsOn6 article.

ATM skimming fraud is getting so advanced that this “press-on” keypad can actually send data via Bluetooth to thieves. KrebsOnSecurity.com says that fraud devices are often placed on the ATM with glue or double-sided tape. While some banks have implemented skimming detection devices, some fraudsters in turn started using insertable skimming devices to avoid being detected.

Hackers use the information from the skimming device to create fraudulent copies of debit and credit cards. “Once they are into the system, they go to the administrative account and they remove any sort of limitations, so whatever’s in the bank at that time, they can cash that, and they do it at a pre-determined time, all over the world,” explains San Jose State University Professor Dr. Ahmed Banafa.

You know the threat is real when the FBI issues a warning of a “potential ATM bank heist” that could cost upwards of millions globally. USA today coverage said the FBI warned: “Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cybersecurity controls, budgets, or third-party vendor vulnerabilities.”

Okay, so don’t get too alarmed. Financial institutions use these warning to trigger “fail safe positions” and increase security. And, ATM owners can take the following precautions to see if there is a skimming device on their cash machine:

  1. Camera check: Check the area for small, wireless cameras that may be placed on or near the ATM.
  2. Increase visibility: Visit a high-traffic and highly visible ATM to reduce risk says Forbes magazine. Owners can place machines where they are highly visible, and unobscured by retail displays or other items.
  3. Routinely inspect your machine: Inspect your ATM for a keyboard overlay placed over the normal keypad, or internal skimming devices if you have access to the interior of your cash machine.

As the famous G.I. Joe quotes goes, “knowing is half the battle.” The other half involves being more aware of ATM conditions and possibly, contacting 911.

When Hitting The Jackpot Means…
You Lose!

A New Threat to ATM Machines Has Arrived to the U.S.

When we first heard about the term jackpotting, we thought “how exciting!” It felt like time to go to Vegas or somewhere else that had slot machines and card tables in order to claim our share of the big winnings.

But when the term jackpotting came directly from the Secret Service as a warning to U.S. banks—the domestic ATMs had been the target of jackpotting attacks—it made us think twice. What on earth was going on?

Thanks to Krebs on Security, we discovered the details about how this crime works, in which “thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand.” The cash on demand part sounds interesting, but for ATM owners, the malicious part does not.

Interesting fact about this is that hackers have used a doctor’s endoscope—a tool used in medicine to look inside the body—to connect to cash machines. A pretty innovative hack that crosses industry applications. A report by ABC News said that thieves often pose as technicians, even wearing a uniform in some cases.

It all started with Cutler Maker, and we’re not talking about making chicken for dinner. This is actually the name of the malware package that helps thieves retrieve money from ATMs. A Forbes magazine article about the attacks suggests the unusual name might derive from the Russian slang term ‘Cutlet’ that means a bundle of money, since jackpotting original was an international phenomena that did not seem to be affecting the U.S. until the recent warning from the Secret Service.

So you’re probably wondering, is my ATM at risk? Well, it never hurts to take precautions. Data is showing that stand-alone ATMs have been the most common target of jackpotting schemes, with multiple news outlets referencing ATMs located in “pharmacies, big box retailers, and drive-thru ATMs.” If your ATM is visible to the public, and easy to observe, it might pose less of a target.

ATMs running Windows XP are more vulnerable than others, so one simple way to lower your risk is to upgrade your ATM to a current operating system.

Krebs on Security offers these tips to prevent jackpotting such as:

  1. Control physical access to the ATM.
  2. Update to the latest firmware.
  3. Investigate suspicious activity.

As Benjamin Franklin would say “an ounce of prevention is worth a pound of cure.” So being aware of the jackpotting problem and some tips to minimize risk, is definitely a start in the right direction.