The 2008 Cybersource ePayment Management Guide offers benchmarks, key projects, and practical approaches that leading merchants are adopting to optimize business results.
Payment consultants Dave Glaser and Paul Brock review strategies to optimize business results in 2008.
Topics covered include:
- A framework for managing payment operations in 2008
- Key process benchmarks by merchant size (see how you compare)
- Adding new payment types (alternative, global)
- Optimizing fraud management operations
- Managing payment security and system centralization
Click here to download a free copy.
Saturday, October 27, 2007
Friday, October 26, 2007
TJX, PCI Compliance Update
According to Storefront Backtalk, attorneys suing TJX about its data breach have cited new information from the clothing retail chain to amend their complaints on Thursday and want a jury to evaluate TJX's security professionalism.
- New details that emerged from documents filed in federal court Thursday indicate that a TJX consultant found that not only was TJX not PCI-compliant, but that it had failed to comply with nine of the 12 applicable PCI requirements. Many were "high-level deficiencies," the consultant said.
- "After locating the stored data on the TJX servers, the intruder used the TJX high-speed connection in Massachusetts to transfer this data to another site on the Internet" in California. More than "80 GBytes of stored data improperly retained by TJX was transferred in this manner. TJX did not detect this transfer."
- In May 2006, a traffic capture/sniffer program was installed on the TJX network by the cyber thieves, where it remained undetected for seven months, "capturing sensitive cardholder data as it was transmitted in the clear by TJX."
- In 2004, before the attacks began, TJX was issued a report on its security compliance that "identified numerous serious deficiencies at TJX, including specific violations. TJX did not remedy many of these definciences.
- At his deposition, the unnamed TJX consultant said that "he had never seen such a void of monitoring and capturing via logs activity at a Level One merchant as he saw at TJX."
- "The data breach at TJX affected more than 100 million separate and distinct credit and debit card account numbers, more than twice the size of the next largest data breach in the history of the country."
# The filings confirmed that both Visa and MasterCard have fined TJX. Visa issued "a substantial fine" in connection with the TJX data breach, dubbing it an "egregious violation" of security procedures. The sizes of the fines were not specified.
The filings for the first time also listed the key security problems that a TJX consultant found: improperly configuring its wireless network; not segmenting cardholder data devices from the rest of network traffic; "TJX did not have an IT department that was properly tasked to manage the environment used to store, process or transmit cardholder data;" improperly storing prohibited cardholder data; using usernames and passwords "that were easy to penetrate;" improper patch procedures; logs not properly maintained; antivirus protection "improper;" and weak intrusion detection.
Thursday's revised complaint linked the bad security practices with the computer breach, which forces banks to take expensive actions to defend themselves. One key issue in civil cases such as this is whether the defendant can be shown to be simply careless or deliberately reckless. That distinction relies on showing what was likely in the defendant's mind at the time of the acts that lead to the data breach.
Attorneys for the banks indicated they would try to show that intent with internal TJX documents obtained during discovery. "TJX knew —- and discussed internally prior to the breach —- that its deficiencies in network and data security could lead to the exact losses incurred here in the many millions of dollars," said the filing, "and that had TJX properly disclosed information about the extent of its noncompliance with network security requirements prior to the breach, then actions to correct the deficiencies and prevent the breach could have been taken."
On a related matter, Visa on Wednesday reported that some 65 percent of the nation's largest retailers are now compliant with the industry standard Payment Card Industry Data Security Standard (PCI). That means that that 35 percent -— more than one out of every three —- large retailers today are still not PCI-compliant, despite the passing of the Sept. 30 deadline and the start of the promised $25,000/month fines for non-compliance.
On a potentially even more scary note, Visa reported that PCI compliance among the more numerous Level 2 retailers —- who process between one million and six million Visa transactions a year —- is only at 43 percent, as of Sept. 30, 2007.
However, Visa did say that 99 percent of Level 1 and Level 2 retailers "confirmed they are not storing prohibited account data such as magnetic stripe -- also known as track data -- CVV2 (the security code on the back of the card) and PIN data." That's up from the 96 percent that Visa reported in July. Those sets of prohibited data are seen as especially attractive to data thieves.
- New details that emerged from documents filed in federal court Thursday indicate that a TJX consultant found that not only was TJX not PCI-compliant, but that it had failed to comply with nine of the 12 applicable PCI requirements. Many were "high-level deficiencies," the consultant said.
- "After locating the stored data on the TJX servers, the intruder used the TJX high-speed connection in Massachusetts to transfer this data to another site on the Internet" in California. More than "80 GBytes of stored data improperly retained by TJX was transferred in this manner. TJX did not detect this transfer."
- In May 2006, a traffic capture/sniffer program was installed on the TJX network by the cyber thieves, where it remained undetected for seven months, "capturing sensitive cardholder data as it was transmitted in the clear by TJX."
- In 2004, before the attacks began, TJX was issued a report on its security compliance that "identified numerous serious deficiencies at TJX, including specific violations. TJX did not remedy many of these definciences.
- At his deposition, the unnamed TJX consultant said that "he had never seen such a void of monitoring and capturing via logs activity at a Level One merchant as he saw at TJX."
- "The data breach at TJX affected more than 100 million separate and distinct credit and debit card account numbers, more than twice the size of the next largest data breach in the history of the country."
# The filings confirmed that both Visa and MasterCard have fined TJX. Visa issued "a substantial fine" in connection with the TJX data breach, dubbing it an "egregious violation" of security procedures. The sizes of the fines were not specified.
The filings for the first time also listed the key security problems that a TJX consultant found: improperly configuring its wireless network; not segmenting cardholder data devices from the rest of network traffic; "TJX did not have an IT department that was properly tasked to manage the environment used to store, process or transmit cardholder data;" improperly storing prohibited cardholder data; using usernames and passwords "that were easy to penetrate;" improper patch procedures; logs not properly maintained; antivirus protection "improper;" and weak intrusion detection.
Thursday's revised complaint linked the bad security practices with the computer breach, which forces banks to take expensive actions to defend themselves. One key issue in civil cases such as this is whether the defendant can be shown to be simply careless or deliberately reckless. That distinction relies on showing what was likely in the defendant's mind at the time of the acts that lead to the data breach.
Attorneys for the banks indicated they would try to show that intent with internal TJX documents obtained during discovery. "TJX knew —- and discussed internally prior to the breach —- that its deficiencies in network and data security could lead to the exact losses incurred here in the many millions of dollars," said the filing, "and that had TJX properly disclosed information about the extent of its noncompliance with network security requirements prior to the breach, then actions to correct the deficiencies and prevent the breach could have been taken."
On a related matter, Visa on Wednesday reported that some 65 percent of the nation's largest retailers are now compliant with the industry standard Payment Card Industry Data Security Standard (PCI). That means that that 35 percent -— more than one out of every three —- large retailers today are still not PCI-compliant, despite the passing of the Sept. 30 deadline and the start of the promised $25,000/month fines for non-compliance.
On a potentially even more scary note, Visa reported that PCI compliance among the more numerous Level 2 retailers —- who process between one million and six million Visa transactions a year —- is only at 43 percent, as of Sept. 30, 2007.
However, Visa did say that 99 percent of Level 1 and Level 2 retailers "confirmed they are not storing prohibited account data such as magnetic stripe -- also known as track data -- CVV2 (the security code on the back of the card) and PIN data." That's up from the 96 percent that Visa reported in July. Those sets of prohibited data are seen as especially attractive to data thieves.
Thursday, October 18, 2007
Business Systems Director, Consumer Sales
NBTY, Inc., a global leader in the Nutritional Supplement industry, located in Ronkonkoma, NY, is looking for a Business Systems Director, Consumer Sales.
For information, see the listing on Monster.com.
For information, see the listing on Monster.com.
Tuesday, October 09, 2007
Cognos 8 Has Excel Interface
Cognos has introduced an add-in for Microsoft's Excel spreadsheet in "Cognos 8 BI Analysis for Microsoft Excel 8.2," providing users a familiar interface to slice, dice and drill down on OLAP data sources, including relational data in a data warehouse, Microsoft's Analysis Services, or Cognos's PowerCubes, which are dimensionally modeled data sets generated within Cognos 8.
It is designed for the business or financial analyst who works regularly in Excel under tight time pressures to create ad-hoc analysis and reports that access multiple data sources.
The popularity and benefits of spreadsheets create many management and control issues and challenges for both enterprise users and IT professionals. Spreadsheets traditionally lack integrity, traceability, consistency, redundancy, security, and compliance, which ultimately erode confidence in spreadsheet data, information, and results. When spreadsheets are tightly integrated with business processes, there’s a much higher risk that lack of controls will introduce error and risk into the process.
Circuit City, Manpower, and Bloorview Kids Rehab are representative customer organizations who beta-tested Cognos 8 BI Analysis for Microsoft Excel 8.2. Their business and financial analysts and line managers were able to interactively explore and analyze multidimensional performance information by region, product, customer or business unit within Microsoft Excel, while leveraging the Cognos 8 BI infrastructure for data consistency, freshness and security, all without additional IT resources.
“With Cognos 8 BI Analysis for Microsoft Excel, we appreciated the ability to analyze multiple data sources together in one spreadsheet, while maintaining data consistency and security,” said Bill McCorey, senior vice president and chief information officer of Circuit City Stores, Inc. “Our team saw tremendous value in conducting exploration and analysis of enterprise performance information while working within Excel. Our financial analysts quickly saw the benefit of being able to perform their own ad-hoc self-serve analysis in situations that previously required IT involvement. They were able to quickly and independently resolve issues by finding answers and presenting scenario results to answer typical business questions.”
“Our analysts were able to use the sophisticated functionality and benefit from the power of Cognos 8 BI, while remaining within the familiar environment of Excel,” said Hakim Lakhani, director, decision support and planning, Bloorview Kids Rehab. “They could enhance the Cognos data with specific Excel functions and formulas and add data from various applications while keeping both the data and their calculations dynamic.”
It is designed for the business or financial analyst who works regularly in Excel under tight time pressures to create ad-hoc analysis and reports that access multiple data sources.
The popularity and benefits of spreadsheets create many management and control issues and challenges for both enterprise users and IT professionals. Spreadsheets traditionally lack integrity, traceability, consistency, redundancy, security, and compliance, which ultimately erode confidence in spreadsheet data, information, and results. When spreadsheets are tightly integrated with business processes, there’s a much higher risk that lack of controls will introduce error and risk into the process.
Circuit City, Manpower, and Bloorview Kids Rehab are representative customer organizations who beta-tested Cognos 8 BI Analysis for Microsoft Excel 8.2. Their business and financial analysts and line managers were able to interactively explore and analyze multidimensional performance information by region, product, customer or business unit within Microsoft Excel, while leveraging the Cognos 8 BI infrastructure for data consistency, freshness and security, all without additional IT resources.
“With Cognos 8 BI Analysis for Microsoft Excel, we appreciated the ability to analyze multiple data sources together in one spreadsheet, while maintaining data consistency and security,” said Bill McCorey, senior vice president and chief information officer of Circuit City Stores, Inc. “Our team saw tremendous value in conducting exploration and analysis of enterprise performance information while working within Excel. Our financial analysts quickly saw the benefit of being able to perform their own ad-hoc self-serve analysis in situations that previously required IT involvement. They were able to quickly and independently resolve issues by finding answers and presenting scenario results to answer typical business questions.”
“Our analysts were able to use the sophisticated functionality and benefit from the power of Cognos 8 BI, while remaining within the familiar environment of Excel,” said Hakim Lakhani, director, decision support and planning, Bloorview Kids Rehab. “They could enhance the Cognos data with specific Excel functions and formulas and add data from various applications while keeping both the data and their calculations dynamic.”
Monday, October 08, 2007
Open Source Solution Previews Vers. 1.0
The past few months have been a period of significant changes in opentaps. By incorporating several new open source applications into its core framework, the system is now positioned to transform itself from an ERP application to an enterprise-wide application platform. The new opentaps 1.0, to be released shortly, will offer a full range of capabilities, including:
- New sales order entry systems in the CRM module, with enhanced support for bulk mailings and customer address validation.
- New tools for integrating opentaps with Amazon.com, eBay, and Froogle.
- Voice Over IP integration into opentaps CRM.
- New opentaps Ajax UI framework tools have been developed and will now allow for re-designing much of the legacy static screens and forms.
- New warehouse management applications for managing inventory, shipping (including UPS/DHL/FedEx integration), and manufacturing.
- New purchasing application for managing suppliers, purchase orders, and automating the procurement process.
- Support for lot-level inventory management for food and beverage, pharmaceutical, and chemical industries.
- Support for payroll, commissions, third party billing, and contract-based billing.
- New library of tools for building online stores for opentaps with other languages and frameworks, developed in conjunction with the open source Joomla! content management project.
- Last but not least, a new opentaps documentation site which will be professionally developed and freely available to all opentaps users.
opentaps is an open source ERP and CRM application with an out-of-the-box feature set for product-based eTailers, retailers, manufacturers, and distributors. Its modules are represented in the diagram below.
- New sales order entry systems in the CRM module, with enhanced support for bulk mailings and customer address validation.
- New tools for integrating opentaps with Amazon.com, eBay, and Froogle.
- Voice Over IP integration into opentaps CRM.
- New opentaps Ajax UI framework tools have been developed and will now allow for re-designing much of the legacy static screens and forms.
- New warehouse management applications for managing inventory, shipping (including UPS/DHL/FedEx integration), and manufacturing.
- New purchasing application for managing suppliers, purchase orders, and automating the procurement process.
- Support for lot-level inventory management for food and beverage, pharmaceutical, and chemical industries.
- Support for payroll, commissions, third party billing, and contract-based billing.
- New library of tools for building online stores for opentaps with other languages and frameworks, developed in conjunction with the open source Joomla! content management project.
- Last but not least, a new opentaps documentation site which will be professionally developed and freely available to all opentaps users.
opentaps is an open source ERP and CRM application with an out-of-the-box feature set for product-based eTailers, retailers, manufacturers, and distributors. Its modules are represented in the diagram below.
SAP to Acquire Business Objects
SAP announced on Sunday that it will acquire business intelligence firm Business Objects, vendor of BusinessObjects XI and Crystal Reports, for 42 euros in cash for each share in Business Objects, a 20% premium over the stock's closing price on Friday.
SAP will finance the deal with available cash and borrowed funds. It cautioned, however, that the acquisition would reduce earnings in 2008 before boosting profit in 2009. The acquisition is SAP's largest to date and a reversal of its avowed organic-growth strategy.
The Germany-based software giant said the primary driver for the deal was the opportunity to gain new business. The company is racing to double its customer base to 100,000 by 2010 by wooing more small- and medium-sized firms. The business intelligence market is estimated to be worth $10 billion in annual revenue and is growing at 10% a year.
The purchase comes in the wake of a shopping spree by rival Oracle Corp. , which has spent more than $25 billion on acquisitions since 2005. Earlier this year, Oracle bought Business Objects' competitor Hyperion Solutions for $3.3 billion.
Analysts warned that the transaction could damage the company's relationship with Microsoft Corp., as Business Objects is Microsoft's primary competitor in the mid-market space. Goldman Sachs analysts cautioned that SAP now has a "significant need" to prove it can integrate Business Objects successfully, particularly given its limited experience to date with acquisitions.
Business Objects management said it supports the takeover and that its board plans to recommend the offer to shareholders. The company will operate as a stand-alone unit in the SAP group, the companies said.
SAP will finance the deal with available cash and borrowed funds. It cautioned, however, that the acquisition would reduce earnings in 2008 before boosting profit in 2009. The acquisition is SAP's largest to date and a reversal of its avowed organic-growth strategy.
The Germany-based software giant said the primary driver for the deal was the opportunity to gain new business. The company is racing to double its customer base to 100,000 by 2010 by wooing more small- and medium-sized firms. The business intelligence market is estimated to be worth $10 billion in annual revenue and is growing at 10% a year.
The purchase comes in the wake of a shopping spree by rival Oracle Corp. , which has spent more than $25 billion on acquisitions since 2005. Earlier this year, Oracle bought Business Objects' competitor Hyperion Solutions for $3.3 billion.
Analysts warned that the transaction could damage the company's relationship with Microsoft Corp., as Business Objects is Microsoft's primary competitor in the mid-market space. Goldman Sachs analysts cautioned that SAP now has a "significant need" to prove it can integrate Business Objects successfully, particularly given its limited experience to date with acquisitions.
Business Objects management said it supports the takeover and that its board plans to recommend the offer to shareholders. The company will operate as a stand-alone unit in the SAP group, the companies said.
Subscribe to:
Posts (Atom)