xImportant Alerts

Please remember that Jefferson Bank will never contact you and ask you for personal information. Should you ever feel like your information has been compromised, please contact us at (210) 736-7600.

Tips, Best Practices, and Recommendations for a More Secure Merchant Experience

As a merchant, the development and maintenance of security is a priority, as an insecure infrastructure can lead to data compromises. Implementing best practices can be beneficial to the security of your business and your customers. It is important to remain diligent and maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS) at all times.

Best Practices

Organizational SecurityReduce the possibility of hiring employees with criminal backgrounds that may have the potential of accessing secure information for malicious purposes.

  • Complete background checks on new employees and contractors prior to hire. This will ensure you have completed your due diligence for individuals that may potentially have access to secure systems or areas of your business.
  • Limit the likelihood of employees with weak security practices from adding any vulnerability into your payment system and exposing cardholder information.
  • Establish an Employee Awareness Program regarding internal and external software security. This will assist in maintaining security requirements and strengthening your employee awareness.
  • Restrict your employees from “Surfing the Web” on any equipment or system that is used for your card processing or contains any information related to your customers. Surfing can attract all types of predators, and you need to keep this in mind when employees are allowed to use office computers. Malware originates from other sites, such as social media sites, and can cause great harm to your business and your customers.

Mature Software Development - Adopt and adhere to common methodologies, assuring customers that software is being properly managed.

  • Awareness of the typical life cycle of your software is key; this will allow you to remain current with the most updated security products while working to keep information secure.
  • Provide customers with only Payment Application Data Security Standard (PA-DSS) compliant payment applications (i.e., Sales Terminal, Payment Gateway, Payment Software, Mobile Device).
  • Verify that any software versions updated are within the required compliance of the PA-DSS. Be assured that any payment systems you utilize which are supported by Jefferson Bank will be PA-DSS compliant.

Product Vulnerability Management - Correct any identified issues with your payment applications by testing for vulnerabilities. This allows a decreased likelihood of compromise for your customers.

  • Test the vulnerability of your system, prior to beginning sales, through the completion of detection tests and code reviews.
  • Discontinue using any potential payment applications that may pose a threat of vulnerability.
  • Remain active in identifying payment systems that store any sensitive data and notify FiTech by Deluxe®, our trusted provider of merchant services equipment, if any potentially affected customers are identified. For this reason, security of your payment system is vital.

Secure Implementation - Factors that could potentially cause exposure of customer data include poor implementation, and maintenance or support by independent integrators or sellers. Be sure to enforce data security requirements as mandated.

  • Implementation of a certification program allows you to enforce adequate data security, thus the ability to assure your customers that their information is secure.
  • Staying current with compromise trends will assist your company in adhering to best practices as recommended.
  • Utilize payment applications that remain secure and current with the most recent updates.
  • Maintain PCI DSS requirements to ensure you are securing the information of your customers, your operating systems and your business.

Recommendations

Take the Order, but Don’t Get Taken In - Never ship a valuable order unless it checks out and has been authorized. You can always contact FiTech by Deluxe® at (844) 822-1281, our trusted provider of merchant services equipment, to verify a card if you become suspicious of an order.

  • Maintain a customer database or account history to track buying patterns and compare individual sales for indicators of possible fraud. Ensure this database does not store any card or personal information about the customer.
  • Keep in mind, none of these events alone means you’re being scammed, but several of them together might:
    • First time shopper.
    • Larger than normal orders.
    • Orders consisting of several of the same item.
    • Orders made up of “big-ticket” items.
    • Orders requested to be shipped via rush or overnight delivery.
    • Orders shipped to an international address.
    • Orders shipped to a single address but made on multiple cards.
    • Multiple transactions on one card or similar cards with a single billing address, but multiple shipping addresses.
    • Multiple cards used from a single IP (Internet Protocol) address.

Skimming is a Scam - Skimming is just one trick criminals use to illegally obtain credit card information. It’s an illegal act that helps criminals obtain credit card account information to produce counterfeit cards. Skimming devices record and store credit card account information and these devices are small, portable and may resemble a cell phone. Skimming usually occurs when someone from the workplace swipes the card through this device and uses this stolen information to code onto a counterfeit card, which is then used to make fraudulent purchases.

  • Be aware of any employees or management using a device that is not part of your day-to-day activities.
  • Never accept money from anyone to record card account information.

Phony Phone Calls - Criminals often misrepresent themselves to call businesses and ask unsuspecting employees for account information, saying that they are your “merchant bank”, “payment card processing company”, or one of your company’s software vendors. They might say their system has been down and they “lost” all the transaction activity for the day. They then ask the employee for all related transaction information so they can “restore their files”.

  • Avoid giving out account information over the phone unless the call was initiated by you.
  • Ask the caller to provide a call-back number to verify if it matches your payment processors information and call your processor to confirm the call.
  • Trust your instincts. If it doesn’t seem right, call your payment processor to verify.

Keep Your Head Up - Paying attention to your customers confirms that you care, and it shows the criminals that you are observant and aware. Certain customer behavior could point to a fraudulent card being used; so, know your customers and let your instincts steer you in the right direction. Notify Fitech by Deluxe® at (844) 822-1281 if you are suspicious of any sale.

Watch out for customers who:

  • Purchase a lot of merchandise without regard to size, color, style, or price.
  • Ask no questions on major purchases.
  • Try to distract or rush you during the sale.
  • Make purchases, leave the store, and return to make more purchases.
  • Make large purchases right at opening or at the last minute when the store is closing.
  • Refuse free delivery for large items.

Card Not There, Be More Aware - With the right tools and education, you can detect fraud and avoid card losses when accepting mail order, telephone order and internet sales.

  • Ask the customer for the card expiration date and include it in your authorization request. An invalid or missing expiration date can be an indicator that the person on the other end does not have the actual card in hand.
  • Use fraud detection tools like the Address Verification Service (AVS) and Card Verification Value 2 (CVV2) as part of the authorization process.
  • Be on the lookout for questionable transaction data or other signs indicating “out of pattern” orders.
  • Ask the customer for additional information; such as, their day/evening phone numbers or bank name on the front of the card.
  • Confirm the customer’s email address to send a confirmation receipt. If the email is invalid or returned, hold on shipping the merchandise until further investigation.
  • Confirm the order separately by sending a note via the customer’s billing address, rather than the shipping one that was provided.

Monitor Your Batch Settlements - Know what time your transactions settle and review your batches for unusual activity.

  • Review for an unusual number of Authorization-only transactions, which could indicate testing for vulnerability.
  • Look for an unusually high quantity, average size, or volume of credits, as this could indicate fraudulent credits.
  • Look for transactions submitted without an AVS or CVV2 response in the authorization record.
  • Look for patterns of identical transaction amounts or multiple transactions on a single card over a very short period of time.

Business Tips

  • As a business, systems and processes should be built securely from the beginning. Businesses that adhere to this recommendation have a greater success in ensuring security and achieve value from their compliance activities.
  • Compliance and Security go hand-in-hand; by grouping the two, compliance is more easily achieved with security regulations such as PCI DSS.
  • Compliance and Security should be maintained on a daily basis rather than monthly or quarterly. This allows for alerts to be immediately taken care of.
  • Limit unnecessary access for individuals to limit vulnerabilities to systems by numerous personnel.
  • Keep your security versions updated; an attack is less likely when these recommendations are followed.
  • Maintain a Disaster Recovery Plan and update annually; this will allow precision in implementation if the need arises and security of standard proprietary information.
  • If your system is breached, examine your systems for deficiencies and work consciously to diffuse the issue while maintaining the best social techniques to address the breach. You must also contact Fitech by Deluxe® at (844) 822-1281 if a breach is identified.

 

Notices & Disclosures

Jefferson Bank is chartered under the laws of the State of Texas and by state law is subject to regulatory oversight by the Texas Department of Banking. Any consumer wishing to file a complaint against Jefferson Bank should contact the Texas Department of Banking through one of the means indicated below:

  • In Person or U.S. Mail : 2601 North Lamar Boulevard, Suite 300, Austin, Texas 78705-4294
  • Telephone No: (877) 276-5554, Fax No.: (512) 475-1313
  • Email: [email protected]
  • (link sends e-mail)
  • Website: www.dob.texas.gov

Investment and Insurance Products are:

  • Not insured by the FDIC or any Federal Government Agency
  • Not a Deposit or Other Obligation of, or Guaranteed by, the Bank or Any Bank Affiliate
  • Subject to Investment Risks, Including Possible Loss of the Principal Amount Invested

Deposit products offered by Jefferson Bank. Member FDIC

EHL logo Blue

NMLS# 597833

X