Cybersecurity threats abound.

Threats can lurk in strange places, so, as a card program manager, it is necessary to think broadly. Driving this point home, the presenter at a recent cybersecurity conference shared how a financial services company was breached through an unlikely source. It gave fraudsters access to all the company’s files, including sensitive client information. The source? A new thermostat in the building for which the company never changed the default password. If this story sounds familiar, it is reminiscent of the fraudsters who accessed Target’s POS systems in 2013 through the login of an HVAC company. Apparently, some companies did not learn from Target’s experience. What about your organization? Stories like these highlight how, even though you might be protecting data within your line of job duties, additional threats may still remain. Following is another example from the cybersecurity conference presenter and some things you can do.

Another Threat

Mobile devices represent another broad threat. The cybersecurity presenter recommended that, if employees access work email via their devices (and who doesn’t do this?), they should:

  • lock their device when not in use
  • have a strong password of letters, numbers, and characters to unlock the device 

The presenter went on to describe how, if an employee were to lose their device, the employee should contact the company IT department, who should be able to remotely wipe out that employee’s phone to prevent fraudsters from using it. Lots of “should” statements. There are also complicating factors if it is a personal mobile device that the employee uses for work.

Could fraudsters access your card-related data through a back door?

Could fraudsters access your card-related data through a back door?

Who is Responsible?

Going back to the first example, whose job was it to change the default thermostat password? It likely fell to maintenance personnel—people you would never think about as being potential gatekeepers to sensitive files. In reality, cybersecurity is everyone’s responsibility. Are all employees in your organization trained on security at least annually? What are your policies pertaining to mobile devices?

What You Can Do

If you are a card program manager wondering what you can do with this broad information, a good start is simply having a discussion with your management and/or IT representative. Since you handle sensitive information, it might also be beneficial for you to be part of a more general team within your organization that looks at security holistically. At a minimum, make sure you know:

  • where your card-related data is stored, including any sensitive/personal cardholder information
  • who has access and whether the access is appropriate
  • the potential vulnerabilities that could impact your program; for example, you do not want a lost mobile device in another part of your organization to open the door to fraud
  • what protective actions are possible to keep the data separate and restricted

Finally, continue to incorporate security topics into card program training.

Available External Resource

Ironically, just as I was about to publish this post, I was notified about the Verizon report, Data Breach Digest: Perspective is Reality, which is filled with cybercrime case studies and tips. If you want to dive in (it is a 100-page report), download it from: http://www.verizonenterprise.com/verizon-insights-lab/data-breach-digest/2017/.

Data breaches—and the lingering postbreach
aftereffects—aren’t just an IT
security problem: they’re an enterprise
problem.
— Verizon's Data Breach Digest

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Surcharging arguments in Supreme Court.

Tuesday, January 10, marks when the U.S. Supreme Court will hear arguments pertaining to a case by a group of New York merchants who claim New York’s “no surcharge” law violates their First Amendment free speech rights. Ronald Mann, a professor of law at Columbia, provided an argument preview last week, digging into the merchants’ claim and New York’s defense. Below is an excerpt from his post and the link to the complete content, which I encourage you to read.

Update

Visit the Surcharge News webpage to see the March 29, 2017, Supreme Court outcome.

In Review

When I reported last year that the U.S. Supreme Court (“Court”) agreed to hear this case, I observed what could happen if the merchants are successful. Specifically, it sets the stage for the removal of “no surcharge” laws in the handful of states, including New York, that have such laws. This would not necessarily lead to a pike in merchants surcharging for credit card use, but it is certainly something to watch. It could be days or weeks before the Court renders a decision. Stay tuned to Recharged Education! 

The surcharge battle has been a long one. We now await the outcome of the case presented to the U.S. Supreme Court.

The surcharge battle has been a long one. We now await the outcome of the case presented to the U.S. Supreme Court.

Excerpt from Ronald Mann's Post

Argument preview: Merchants bring payment-card interchange wars to the Supreme Court

The remarkable volume of amicus briefs underscores the high stakes in play: twelve in support of the merchants, ten in support of New York, and one (from the United States) in support of neither party. In part, the variegated interests reflect the cross-cutting concerns that the litigation raises. Because the case turns on the doctrinal framework for assessing commercial speech under the First Amendment, First Amendment scholars are concerned, weighing in with dueling amicus briefs on each side of the case. Because a central debate in the case involves the idea that consumers react differently to “discounts” and “surcharges,” behavioral economists have a lot to say; competing groups of economics scholars also chime in on both sides of the matter. Consumer advocates concerned about the market power of credit-card networks appear in support of the merchants. Other consumer advocates join state governments in supporting New York, attempting to ensure that states are free to adopt consumer-protective pricing regulations. And that doesn’t even get to the briefs from businesses with a relatively direct interest in the question as a matter of profit and loss.

Access the complete content, including his conclusion on the main thing to watch.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Three things to celebrate.

Established in January 2014, Recharged Education is now three years old with a lot to celebrate. When I started this business, I initially called it my two-year experiment, committed to seeing it through the end of 2015 and then evaluating from there. Here we are, though, three years later and I still feel recharged. My passion is helping organizations improve their purchase-to-pay strategies, specifically through the usage of Commercial Cards. In honor of Recharged Education’s mission, I am celebrating three things, beginning with people.

People

I thank you—readers, subscribers, and contributors who give life to this P-Cards Refocused blog. There is now a collection of more than 100 blog posts. Those who contributed to the blog content in 2016 include:

  • Isaac Balasundaram, Missouri State University

  • BMO Financial Group

  • Julie Conroy, Aite Group

  • Vince Eavis, PayTech Commercial AS

  • Governing Institute

  • Greg Hamilton, Mastercard

  • Frank Martien, First Annapolis Consulting

  • Jessica Perdue, CPCP, The Nature Conservancy

  • Chad Robison, CPCP, Intermountain Healthcare

  • Bogdan Roman, end-user

  • Mary Schaeffer, AP Now

  • Dana Simms, City of Lenexa

  • Rick Swartwood, CPCP, end-user

Please contact me if you are interested in contributing in the future.

In addition, many organizations have utilized the other part of my business—fee-based products and services. This includes customized training, content development, and consulting. Submit a contact form to relay your needs or see examples of customized products and services Recharged Education can develop for you, whether your organization is a provider or end-user. 

Recharged Education is three years old this month with a lot to celebrate.

Recharged Education is three years old this month with a lot to celebrate.

Industry Evolution

When I started in this industry in the 1990s, it was all about plastic cards. Program management technology was limited and there was a lack of educational resources to help end-user organizations develop their card programs. Today is completely different. Plastic has become more sophisticated with smart chips. Technology thrives. Commercial Card solutions, including non-plastic options, are abundant and diverse. Fintech companies are proliferating. The list goes on. It is an exciting time to be part of the industry. This leads to the next point.  

Opportunity

The industry will continue to evolve. So, too, should organizations’ payment strategies and the professionals who support them. There is enormous opportunity. What can your organization do in 2017 to make its card programs stronger? How will you continue to be successful in your role and career? I plan to keep learning and sharing my knowledge to help others. Continuous improvement reaps rewards. Happy 2017!

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.