logo
index forums products newslinks services banner
spacer
August 2009 Newsletter

In an effort to inform DataWedge customers we publish a monthly newsletter highlighting our flagship software, and provide information related to the RDS industry. We encourage you to share this newsletter with your colleagues and friends hoping the information will assist you in becoming more productive.
bottum frame
 
More notes from the credit card arena...  


With Heartland's gigantic hack, the credit card industry is only getting tighter.
Unless you have been living under a rock, you have probably heard about it in the news... Heartland Payment Systems had somewhere around 130 MILLION credit card number stolen from their network systems.

(For more details, you can read THIS article).

This should be yet another wake-up call for any customer that has been putting off PCI Certification, or has simply dismissed it as "not pertaining to them".

With Heartland's hack leaving a VERY LARGE black eye on the credit card processesing world, the credit card providers of the world are ratcheting down ever more tightly in the universe.  It's becoming more and more obvious to us that the credit card world is becoming less and less tolerant of bad security practices, and is taking more steps to shine some light into crevices that previously went unchecked in terms of credit card processesing and storage.

Translation:  it's only a matter of time before that spotlight shines on your operation.

From DataWedge's standpoint, as a software vendor and services supplier to our BUSINESSES that also process credit cards, our security criteria is a HUGE expense of time and energy.  To certifiy our software and processes takes not only continual changes to our software development policy, but also AUDITS of our source code and software development life cycles, as well as VISITS and INSPECTIONS to our data centers and credit card storage locations.  

What originally we planned as taking our company a few short months to complete has taken us the bulk of a year, as well as several operational overhauls and data-center changes.  By the end of 2009, we believe we will have finally completed the process of PCI LEVEL 1 and PA-DSS certifications in regards to our processing environment and data center hosting.

The cost of our PCI and PA-DSS certifications are going to cost our company tens-of-thousands of dollars over the next few years... all because we DEAL WITH CREDIT CARDS.

If this is intended to scare you a bit, then that's good... because shortly after the spotlight is done being shined on OUR level of the industry (Levels 1,2 and 3), it will start shining on YOUR level of the industry (Level 4 and below).

As a software vendor, we are forced to certify to a higher standard than our customers.  (Consider it the "trickle-down" theory of credit card processesing).  

But our certification levels have next to ZERO OVERLAP with your business or operation as far as PCI compliance is concerned.   Just because you are running software that is "PCI Compliant" doesn't mean anything if your company has also not certified.  

It's also important to remember that PCI-Certification has MUCH LESS to do with the software you use, and MUCH MORE to do with your network operating environment and operational security.  (As an example:  running PCI complaint sofware does you no good if your SQL Server with all of your credit card data is located in the middle of a room where anyone could simply walk out the door with the machine).

The due date for PCI Complaince for ALL LEVELS is July of 2010.  At this point, all merchants that fall into ALL categories of processesing must demonstrate PCI Complaince for their processesing level.

If you have NOT paid attention to PCI Complaince, NOW IS THE TIME.

Visit our discussion forums at:  http://forums.datawedge.com, and go through the PCI Compliance section... in there you will find where we have "translated" many of the questions into a much-more readable form of text...

FIND AN NETWORK/IT PERSON... one of the misconceptions is that "DataWedge can just 'do this for you'".  Remember that only a SMALL part of PCI-Compliance has to do with software.  The remainder has to do with you NETWORK, your OPERATIONAL SECURITY, your INFRASTRUCTURE... all of these items are things that are well-outside anything that DataWedge has any local knowledge of in reference to your office and policies.



  


Notes regarding our web engines:


One of the biggest advantages our DataWedge customers have in regards to PCI Compliance is that the WEB ENGINE that hosts the credit cards is NOT run locally on your network.  

This means that you have a HUGE burden lifted off of your shoulders in terms of certifying your operations from a web standpoint, as you have no locally installed web site in the same location as your database.  (According to PCI specs, if you host your own web engine that stores or processes credit cards, it must be run on a separately installed database servers on your network, separated by individual firewalls (or DMZ), and must be have an on-site inspection to demonstrate this level of security and operating environment).

Whilethis shifts the burden of security in regards to the web to OUR operating environment, it has forced us to make some choices in regards to which web applications and servers are going to be "PCI Complaint", and which ones are not.

To greatly lower our costs and help speed up the compliance process, we have dedided to RETIRE all DIXIE WEB ENGINES by the end of 2009.

This means that by December 31st, 2009, ALL CUSTOMERS must upgrade to both the .NET version of DMS and the PHOENIX version of our web site.  As of that date, the DIXIE web engine will no longer be supported or be allowed to run, and the servers that generate those environments will be shut down.

If you have questions, please give us a call.

THE CREDIT CARD PLOY
Lastly, I wanted to draw your attention again to what we call "THE PLOY" in terms of accepting "check cards".

First, some definitions...

Most folks refer to "Check Cards" erroneously as "Debit Cards".  

A DEBIT CARD is a card that requires the use of a PIN.  DMS does not accept DEBIT CARDS, as we have no method of ACCEPTING and ENCRYPTING the PIN number from the customer in RDS operations.

A CHECK CARD is a card that is set to use a customer's CHECKING ACCOUNT as source of funding during the course of a credit card transaction, as opposed to a CREDIT LINE on a CREDIT CARD.

Most folks in the RDS industry know that using a CHECK CARD means that the customer sees an immediate DROP in their on-line checking account balance, even before any batching has occurred.  

The banks, then, are showing an "AVAILABLE BALANCE" on-line that immediately reflects all "HOLDS" (or authorizations" placed on that account, regardless on whether or not any money has actually been transferred via a batching process.

ENTER "THE PLOY".

Most folks are completely oblivious to how the credit card companies and their bank actually talk to each other... they just want to eat.

Here are the steps:

1)  Customer orders food, using CHECK CARD.
2)  Customer SEES the CHARGE on their on-line bank statement for the order PRIOR to the food ever being delivered.
3)  Customer calls and complains to the RDS manager that the charge has been made before any product has been received.
4)  Customer DEMANDS that a refund be placed back into their account for the money "taken", and cancels the order.

A select few understand the 'black magic' behind the curtain, and try to turn this scenario to their advantage.

The BANK is the controlling entity in terms of "when the funds will be released", NOT the RDS.  If an unwitting RDS manager puts in a CREDIT to the customer in the amount of the food, as well as VOIDING the customers order, it means that the CUSTOMER WILL MAKE A PROFIT in the amount of the food order.

The CREDIT will go into the user's account soon after the batch is sent that night... and the VOID of the order will mean that the customer didn't get CHARGED for the amount of the voided order in the first place.

Finally, the BANK will typically release the funds of the original charge back into the customer's checking account from the original AUTH a day or so later...

..... winding up with the net result that the CUSTOMER came out ahead.


Did You Know
 

During the nightly maintenance in DMS you can receive a sticky note when a new update is available. If you have the sticky note notice turned off, in DMS go to the Help link then click "Check For Updates". DMS will close and the update screen will open. Then click on the button that says "View Available Downloads" Highlight the newest update then click on the Download button in the bottom left corner.

Always do the update on the server first pulling from the DataWedge server. When you do the updates on your workstations pull from your DMS server. If the Download Manager is expired call support for the latest Download Manager.


DataWedge Forum

You can find the forums at http://forums.datawedge.com, or you can just follow the FORUMS link off of the DataWedge home page.

While our support staff is always willing, our resources are never as plentiful as the entire RDS community at large.  The DataWedge forums are a place where you can post your questions and contact other members of the RDS industry directly.


Web Services...

The process of caring and feeding your own web server on your local network can be an expensive and daunting task. Not many companies have the financial resources to purchase and maintain the hardware necessary to run a web server out of their office, in addition to the technical savvy necessary to keep it secure from hackers on the internet.

DataWedge created an On-Line Ordering engine to help solve some of these problems. Your restaurant and menu data is uploaded and hosted securely on a DataWedge professionally hosted internet server, away from your office internet connection - giving hackers no place to scratch away at your network.

sample siteDataWedge Sample Site.
The DataWedge system is a "pay-for-what-you-use" system.  This means for as little as $30 per month, you can have a professional web presence available on the internet including restaurant information, menus, and on-line ordering. Use of our templates and get on the internet in a matter of days! For an example of a template site, you can click here, or click here.

Do you have an existing web site, but just want to include on-line ordering functionality? No problem... our On-Line Web engine has the ability to be wrapped inside a frame. Measuring only 720 pixels wide, you can easily integrate your own web site around an instance of an ordering engine, and have the ability to push DMS data out to the internet, and have orders push directly into your system. To see examples of companies that have integrated their own web sites with our ordering engines, you can click here, or you can click here.

If you would like more information on our on-line ordering engine, please don't hesitate to contact us (208) 874-4185.


FoodGetters...

foodgetters logoFoodGetters.com represents our new aggregated web site, aimed at being firmly planted as a national on-line food ordering portal. Because DataWedge utilizes a "pay-for-what-you-use" billing system, it's in our best interest to drive as many transactions as we can towards your service.

FoodGetters.com currently is in beta with our brand new web engine, and hopes to go live in January of 2010 with as many RDS's that wish to join.  At this time we are not accepting any new members for our BETA period.

If you would like more information on being a part of FoodGetters after the BETA period, please contact us (208) 874-4185.
     
nxgen logo

Credit Card Processing...

 nxgen logo

DataWedge has teamed with Elavon - the nation's second-largest credit card processing system - to provide a seamless charge authorization system that accepts a full range of bank and T&E cards. The DataWedge/Elavon partnership offers a number of advantages over other card processing alternatives:

  • Elimination of ICVerify as a card processing gateway. DMS is certified with the Elavon system for direct data transmission to their system.
  • The ease and efficiency of a "seamless" process from order entry to authorization to funds transfer into your account

If you would like more information about our credit card services, please click here and fill out our request form

Newsletter Copyright 2005-2008, DataWedge, LLC
 
Privacy Policy

Copyright ©  2007-2008 DataWedge, LLC.