Our easy-to-install shopping cart plugin offers seamless and secure payment acceptance for 3dcart users. You can now process credit cards directly in your online store using your low-rate CardConnect merchant account.
The best part? Every transaction is secure with CardSecure’s patented tokenization – protecting your customers’ cardholder data and simplifying PCI compliance requirements.
Using the 3dcart plugin comes with complimentary access to the MerchantCenter. You can see transactions from your online store in real-time and quickly process voids or refunds – even from your mobile device.
3dcart joins the growing list of CardConnect’s shopping cart integrations – click the below logos for more information. When you’re ready to give one a test drive, just fill out the form here.
by Chelsea Palo
Chelsea is CardConnect's Partner Marketing Manager and a big fan of yurts.
Get these posts delivered straight to your inbox!
Taylor Havlisch Data Security Jul 14 2017
Last week, our Chief Security Officer Rush Taggart, was featured on online security news outlet Help Net Security, as a contributor to the “Expert Corner.” There, he shared a few of his best tips for helping to keep a network safe from harm (AKA data breaches). Attempted data breaches occur everyday and unfortunately for the victims, many are “successful,” which is why it’s important to understand the steps that can be taken to reduce the chances of a breach having an impact on your business or organization. We don’t want to give too much away, because the full article is well-worth the read, but to get you started, we’ve included the highlights below: 1. DON'T KEEP DATA AROUND. The over-collection of data can clog a system and even lead losing track of information. 2. ARCHIVE THE IMPORTANT STUFF. You really only need to keep the day-to-day stuff around and put away the older data that can be pulled only when needed. 3. SEGMENT YOUR NETWORK. Make sure your network’s data is isolated and can only be accessed by a few staff members. 4. SANITIZE SENSITIVE DATA WITH TOKENS. Protect sensitive data with tokenization so in the event that your system is hacked, the information will be useless to the hacker. 5. PUT SOMEONE IN CHARGE. Appoint a manager or team to oversee the security plan in place and assess when updates are needed. Get the rest here! Five Crucial Ways to Help Keep A System Safe From Harm Rush has played an integral part in the development of CardConnect’s payment processing and security solutions, building and rebuilding applications in order to add significant user functionality and portability. In 2014, CardConnect was awarded two patents related to payment security that were a direct result of Taggart’s work. He also developed the CardPointe Terminal, which our small to medium sized business customers know and love, that provides a PCI-validated P2PE solution that is also EMV-ready.
Ellie Delany Data Security Jun 29 2017
It’s been almost four years since the infamous Black Friday data breach occurred at Target stores across the nation, compromising over 40 million credit and debit card numbers. Last month, Target reached an 18.5-million-dollar multistate settlement, requiring they employ an executive to oversee a comprehensive security program. The company is also required to hire a third-party which will encrypt and protect card information, ensuring their data is secured and unreadable if accessed. Target is now adopting appropriate measures to keep their customer’s information safe – but what was lacking before? We’ve compiled a comprehensive autopsy, diagnosing several factors and components which led to Target’s massive hack. What exactly happened According to Krebs on Security, who first reported the news of Target, the breach involved the acquiring of customer information stored in the magnetic strip on the back of their payment cards. Undetectable malware was installed on a number of point-of-sale systems in a short amount of time, which indicates the software may have been installed via an automatic updating process. The attackers completed their hack by accessing one of Target’s third party vendors, a refrigerator contractor, Fazio Mechanical. The vendor accessing Target’s systems was not using adequate anti-malware software, and their lack of segregation between networks led to the compromise of millions of customers’ information. We can conclude a few things from this: Target’s systems were not protected but vulnerable to phishing attacks, networks were not adequately segregated, and several previous warnings were overlooked. What’s interesting to consider about the Target breach is the fact that Target passed PCI compliance audits prior to the breach. Target had implemented security methods required by the PCI Security Council. As told by the SANS Institute Reading Room, “A comprehensive approach to security will consider all assets, not just those that fall under compliance regulations. Each asset has a specific set of threats and vulnerabilities that can be considered as part of a risk management program, rather than simply implementing what is mandated for a subset of assets. As demonstrated in this breach, many different assets were used to move throughout the network, so consideration of the POS systems alone would not address the root causes that led up to this attack.” What Target did wrong As malware attacks are often unpredictable and randomized, there are few things a company can do to prevent a hack. How a company responds to a malware infection makes a considerable difference in how an attack impact their customers and business. Initial response is crucial to the minimizing of a malware attack, and is also one of the areas where Target underperformed. Target missed several internal alerts, and only found out about their breach when contacted by the Department of Justice. Their monitoring software (FireEye) alerted Target staff in Bangalore, India, who in turn notified staff in Minneapolis: but no action was taken. Despite the fact that Target reportedly spent a large sum on security technology utilizing encryption, their data was accessed in memory where it was unencrypted. Damages to the company While Target remains affected by the results of the breach today, the company faced major losses at the time of occurrence, setting them back greatly during the holiday season. After profits dropped 46 percent during Q4 of 2013, customer visits plunged during the new year, prolonging Target’s losses. High ranking employees, including Target’s CEO, lost their jobs, and over 140 lawsuits were filed in three years. The Huffington Post estimates the breach has cost $252 million so far, including the costs for banks to reissue 21.8 million cards. How it could have been prevented A multi-layered security strategy would have prevented, if not at least mitigated the detrimental effects of this breach on Target and its customers. Target’s strategy focused mainly on PCI compliance, while there are sometimes risks which fall outside of the scope of PCI requirements. Standards may also inform adversaries which security measures a business has implemented, so the attacker will capitalize on vulnerabilities not on the PCI compliance checklist. As also stated by the SANS Reading Room, “For encryption to be effective, you must employ an in-depth defense strategy in which you also protect the key and protect access to systems where the data needs to be unencrypted in order to be processed.” In the instance of the Target breach, tokenization would have played a crucial role in protecting consumer’s information. Rather than relying on basic encryption methods, the customer information would have been replaced with unique, irreversible tokens – unable to be accessed and decoded by hackers. An EMV terminal accepting chip cards could have also prevented the theft of information via the magnetic strip on the back of cards. CardConnect’s CardPointe and Bolt Terminals protects in-store transactions as all sensitive data is instantly encrypted and tokenized upon entry. The terminal accepts both cards with magnetic strips and EMV chips, utilizing PCI-validated point-to-point encryption (P2PE) for each individual transaction. All transactions captured with the CardPointe and Bolt Terminals appear in the powerful transaction management portal, CardPointe, in real-time, making it easy to accept and manage payments while being away from the device. CardPointe also keeps its users apprised of the status of their business’s level of PCI compliance. It’s important for merchants to understand that the range of security threats can be wider than standard PCI compliance. Monitoring networks and being attentive to disruptive or unusual patterns in a system’s network is crucial to protecting their systems – and in turn customer data. Target is just one of many companies to have faced a major data breach. Make sure your company or business is protecting your customers the best they can. To learn more about the solutions you can use to protect your business and customer information, visit cardconnect.com/cardsecure.
Ellie Delany Data Security Jun 20 2017
As the availability and accessibility of various methods of credit card acceptance grows, so does the number of threats on security and consumer data. We’re halfway through 2017, and already we’ve seen several malware attacks on large corporations, leading to data breaches and the exposure of personal and sensitive information. Let’s take a closer look at a few malicious software attacks that have impacted companies including Chipotle, Kmart, and DocuSign just this year. MALWARE ATTACKS Chipotle This breach was a result of a malware searching for track data, which can hold cardholder name, number, expiration date and internal verification code. According to Chipotle, the data was collected and read from the magnetic strip of a card as it was routed through the point-of-sale device. The breach affected over 2,250 locations in 25 days, with 22 locations in Connecticut alone attacked. What was at risk for the customer? The data maliciously collected is often used to make fraudulent online purchases, or create “clone” cards to use in other places. Kmart For the second time in three years, Kmart stores were infected with malicious coding. Their in-store payment data systems were attacked by a virus undetectable by current software. Years before, their partner store Sears faced a similar breach, both involving malware designed to steal credit and debit card information from hacked point-of-sale devices. Similar to Chipotle, once hackers obtain this information, they can effectively clone cards and use them to purchase high-priced merchandise. Kmart has not disclosed how many stores they estimate to have been affected by the breach. DocuSign “As part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email,” DocuSign published in on their website last month. The company then said the breach only contained a list of email addresses, and all other data remained untouched. Data security is a primary component of DocuSign, and although no credit cards were compromised, the hack was highly risky for DocuSign users. Two-thirds of the attacks mentioned above have something in common: the hacking of a point-of-sale device. While malware attacks have become somewhat inevitable, the data being sought during these attacks can be protected with powerful security solutions, including point-to-point encryption (P2PE), tokenization, and EMV-ready terminals, all of which play an important role in protecting customer information. CardConnect is proud to offer its patented tokenization as part of its CardSecure solution, because it makes data stolen by hackers essentially useless. The tokens CardConnect uses to replace sensitive information are randomly generated, irreversible and unique. Although tokenization doesn’t prevent malware attacks, it can certainly mitigate the effects. The good news about this year is, what we’ve seen so far isn’t all bad. There’s also been an exciting increase in the use of mobile point-of-sale devices. MOBILE PAYMENTS Mobile payments have been exploding in Payment Card Industry – and with this comes an increased need for mobile Point-of-Sale devices. Business Insider Intelligence predicts that there will be 27.7 million mPOS devices in the U.S. by 2021, increasing from just 3.2 million in 2014. To support this trend, CardConnect offers products to make mobile payments easy, safe and reliable. The CardPointe mobile app is free to download and available for both iOS and Android devices. To compliment the app, the CardPointe mobile device is also available, which is a small, portable plug-in that easily plugs into the audio port on devices and is especially efficient for on-the-go transactions. Another area of growth this year has proven to be the adoption of EMV-enabled terminals, which play a major role in helping to protect consumer information. EMV TERMINALS + CHIP CARDS Credit card fraud has been a growing problem in the U.S. for years, costing U.S. consumers $16 billion in 2016, according to zdnet In response, card networks have made the switch to EMV security, otherwise known as: the chip card. The microchip in EMV cards serves as an extra layer of security, because each transaction is authenticated with a code that cannot be re-used. This makes the chips extremely difficult to duplicate, so a cardholder’s information is more safely stored. Although relatively new to the U.S., businesses are quickly catching up to the standard: in Q3 of 2016, more than half of all businesses had upgraded, increasing from just 31 percent the year before according to Business Insider. We’re happy to see this increase in adoption, because the combination of EMV with tokenization and P2PE is a very powerful solution for protecting data. CardConnect utilizes patented, unique technology to ensure the safest and most secure transactions. Our terminals, like the CardPointe retail terminal are EMV-enabled, and protected by CardSecure (tokenization plus P2PE). During a transaction, our terminal uses a one-time used tokenized code to validate the card and its user. This specific code changes with each transaction, so once it’s been used it is no longer valid. This prevents the theft of customer information for the the use of creating counterfeit credit cards. One thing is for sure when looking at this year’s trends: the payment card industry’s technology is ever-growing. Although this provides new and exciting opportunities for the industry, the growth also calls for advanced security measures, as customer information is more vulnerable than ever. To learn more about how CardConnect can protect your business and customer information, visit cardconnect.com/cardsecure.