Your Firm in the Cloud..

Posted on May 14, 2012 | Posted under Cloud Solutions | Leave a Comment

  Hippo Charging is excited to announce its partnership with www.MyCaseInc.com a complete law practice management system.

With the advancement of technology and cloud based software there are many new and exciting tools that lawyers can maximize to help run a more efficient law practice.

www.MyCaseInc.com is such a platform that allows you to do the following:

-Organize cases & matters
-Document Management
-Time & Billing features
-Accept online payments
-Bank grade data security
Shared Calendars to your firm

We recently received a free demo of how MyCaseInc works and was able to see 1st hand what this system can do. MyCaseInc is a platform that any law practice can be built and managed from. Documents can be uploaded and shared with other employees in the firm as well as clients. Comments can be left opening discussions about a clients specific case.

Anytime a document is uploaded to a case, information updated or a comment made an email is sent as notification to all parties involved including anyone in the law firm working on the case. MyCaseInc creates a secure and safe environment where clients have access to their case matters online.

MyCaseInc allows a law firm to stay connected with its clients eliminating all the back and forth of missed calls and emails. Using a cloud based solution to manage your firm allows for greater flexibility and efficiency of time.

Once a client profile has been created an email invitation will be sent and the client can easily access any information uploaded by the firm. The interface is very easy to learn and navigate and allows for a more enhanced attorney/client relationship.

By utilizing the online billing and payment acceptance features lawyers can increase cash flow and eliminate outstanding invoices.

Hippo Charging will connect to MyCaseInc to process credit card payments via Authorize.net. As the world grows towards a cashless society and the advent of such technology as NFC (Near Field Communication), accepting payments online allows law firms to grow with their clients and offer new channels for payment acceptance.

Three out of four Americans (73%) say they use less cash today than 10 years ago, according to a MasterCard poll that asked more than 1,000 adults about their views and attitudes toward the increasing use of electronic payments.

With this changing mind set of consumers and the availability of new technology now is the time to look at how a law firm is managed and how the attorney/ client interaction can be improved.

To schedule a free demo on how MyCaseInc can work for you contact a Hippo Payment Solution specialist.

What are your questions about online case management and how you can accept payments online?

Zappos.com hit with breach, lawsuit

Posted on February 14, 2012 | Leave a Comment

Online fashion retailer and Amazon.com subsidiary Zappos.com revealed in on Jan. 15, 2012, that over 24 million of its customer accounts were breached. Zappos.com said a fraudster was able to obtain names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers listed with accounts, and encrypted passwords.

A class-action lawsuit on behalf of Zappos.com customers was subsequently filed Jan. 16, 2012, in the Western District of Kentucky in Louisville.

Tony Hsieh, Zappos.com Chief Executive Officer, emphasized that the database where credit card and other payment data is stored was not breached. "We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," he wrote to employees and customers following the breach. "We are cooperating with law enforcement to undergo exhaustive investigation." Zappos.com disconnected its customer service phone lines following the breach, electing to answer customer inquiries into the breach only by email. Hsieh explained, "We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren't capable of handling so much volume. (If 5 percent of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.)"

Zappos.com urged customers to change passwords on its site and on any other sites where they use the same passwords. "We've spent over 12 years building our reputation, brand and trust with our customers," Hsieh said. "It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."

Repercussions


The class-action lawsuit filed in Kentucky said the breach not only forced customers to take the time to reset passwords on Zappos.com and on other sites, but it also represented an invasion into customer privacy that may have future repercussions. "[P]laintiff and class members now face a greater risk of identity theft - including, but not limited to, identity theft from 'phishing' and 'pharming,'" according to the suit.

The complaint charges Zappos.com with willful and negligent violation of the Fair Credit Reporting Act, along with negligence and invasion of privacy by public disclosure of private facts. The class action seeks compensation for customers who, among other things, lost the use of passwords and must deal with credit monitoring and identity theft insurance issues, as well as damages for anxiety and emotional distress caused by the breach.

The complaint also asks for other damages to punish Zappos.com's alleged wrongful conduct and a requirement that Zappos.com submit to periodic compliance audits to ensure cardholder data security is maintained.

When reached for comment, Zappos.com Senior Public Relations Director Diane Coffey said, "We are aware of the lawsuit. Our company policy is not to comment on pending litigation. Every single department in our company is currently focused on assisting customers." At press time, plaintiff attorneys had not responded to requests for comment.*
 

  It could cost you your dream if you aren't protected from data breaches.  


Get with an agent so we can share how Hippo Charging can protect you.


*source: Green Sheet

Eliminate the "Check is in the mail"...

Posted on January 10, 2012 | Leave a Comment


Are you a slave to excel files? Do you live within the hellish gates of Quickbooks? Do you have outstanding receivables of 30, 60, 90 days?

Invoicing and billing clients is an integral step in running any business. Creating the invoice itself and delivering it to clients is a tedious and important task. The hardest and most important part is collecting on that invoice.

Hippo Charging is excited to offer a solution that enables a business to create and send invoices by email. Collecting payments online is an exciting way to increase cash flow and get paid.

Freshbooks makes it easy to handle billing electronically as well as accepting payments. A client can view and print a PDF of an invoice and make a credit card or check payment online.

This user-friendly software eliminates multiple steps in the billing process. The need to send an invoice through normal post is eliminated by sending an invoice electronically

Freshbooks allows you to track time, organize expenses, create customized reporting and invoice clients. All transaction records, reporting and invoice information can be downloaded via an Excel or CSV file.

Create a free account click here

The solution is 2 parts:

An invoice can be created using the Freshbooks gateway along with maximizing all other reporting features. HippoCharging will connect into Freshbooks using Authorize.net to capture both credit card & check payments. Freshbooks automates the billing and payment process thus increasing cash flow.

This is an epic solution that will help businesses save time and collect on receivables faster.

Contact a Hippo Charging payment solution specialist to speak further about connecting your business with Freshbooks.

What are your questions about Hippo Charging online solutions?

~ Hippo Campus

PCI DSS Compliance, What is That!?

Posted on December 30, 2011 | Posted under PCI DSS Compliance | Leave a Comment

 
Payment Card Information Data Security 
Standard or PCI-DSS is a U.S Federal Government requirement for all merchants who accept credit cards as a form of payment.
 
PCI-DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
 
The short and sweet of PCI compliance:

Are you as a business owner doing everything possible to protect your client’s credit card information from potential fraudulent activity?
 
At Hippo Charging we work with our clients to help them become PCI compliant. We partner with Security Metrics to ensure that our clients are processing payments in accordance with PCI-DSS standards.
 
Security Metrics assists merchants with the completion of an annual online PCI compliance certification. A quarterly security scan will be completed for all merchants accepting payments online using virtual terminals and/or websites.
 
Protecting clients personal information is paramount in the digital age.
 
In April of 2011 Sony, Inc. was the victim of a computer hacker organization known as “Anonymous.” This hacker group circumvented Sony’s network and brought down their popular “PlayStation” online gaming network for 30 days.  Not only was the “PlayStation” network shutdown, but a database of 2.5 million Sony customer credit cards were stolen and later offered for sale on an underground website.  It took Sony 30 days to get their system back online.  This is the largest security breach of customer information on record.
 
The big question in the payment card industry:
 
How a company as big as Sony, not have systems in place to encrypt their customers credit card information and not be in compliance with PCI-DSS Standards???
 

Regardless of size and scope of a business, when researching what payment solution is best it is important to ask the following questions:

 
1. How will the business be accepting credit card or ACH payments? In person, over the phone or online?
 
2. If it’s a face-to-face transaction, is a PCI-compliant terminal or POS system being used?  
 
3. For online payments, are PCI compliant shopping carts/gateways being used?
 
4. Does your merchant card processor practice quarterly security scans of all websites accepting online payments?
 
5. What policies and procedures are in place to comply with PCI-DSS standards?
 

Small business owners can learn from the security breach that was experienced by Sony.   By asking the right questions and speaking with a Hippo Specialist about payment solutions, accepting payments is an easy process.

When consulting with business owners, Hippo Charging always offers terminals and POS systems that are PCI-DSS compliant.  
 
For online merchants an Authorize.net account can be connected to a website’s shopping cart or can be used as a virtual terminal with the following options:

  • Fraud protection suite  
  • CIM 
  • eCheck
  • Recurring billing capabilities  

 

What are your questions about Hippo Merchant Solutions?

 
-Hippo Campus

What is the Durbin Amendment?

Posted on November 07, 2011 | Leave a Comment

The Durbin Amendment to the Dodd-Frank Wall Street Reform and Consumer Protection Act is the most consequential legislation to the acquiring sector, possibly since the industry's inception. The legislation directed the Federal Reserve Board to regulate debit cards by capping the amount of interchange card issuers can assess merchants for POS debit card transactions, and to do so at a rate it considered "reasonable and proportional" to issuer costs.

But not all debit cards are covered - just those issued by banks with assets over $10 billion. Prepaid debit cards also are exempt from price caps.

The Fed published its response as Regulation II. Here's what it says:

  • Debit card issuers are limited to collecting 21 cents per transaction, plus 0.05 percent of the ticket.

  • Issuers that undertake certain proscribed security measures can charge up to a penny more per transaction.

The Durbin Amendment also requires that debit card issuers support processing by merchants via two unaffiliated debit card networks (such as the Visa and Shazam networks), beginning in April 2012.

 

Speak with an Agent today... we can offer you a free analysis on your merchant services statements and cash flow process.

PCI DSS Compliance

Posted on July 04, 2011 | Posted under PCI DSS Compliance | Leave a Comment

By GEOFFREY A. FOWLER And BEN WORTHEN

Recent hacking attacks on Sony Corp. and Lockheed Martin Corp. grabbed headlines. What happened at City Newsstand Inc. last year did not.

Unbeknownst to owner Joe Angelastri, cyber thieves planted a software program on the cash registers at his two Chicago-area magazine shops that sent customer credit-card numbers to Russia. MasterCard Inc. demanded an investigation, at Mr. Angelastri's expense, and the whole ordeal left him out about $22,000.

Clayton Hauck for The Wall Street Journal

Joe Angelastri, owner of City Newsstand in the Chicago area, is out $22,000 because cyber hackers attacked his stores' payment system.

His experience highlights a growing threat to small businesses. Hackers are expanding their sights beyond multinationals to include any business that stores data in electronic form. Small companies, which are making the leap to computerized systems and digital records, have now become hackers' main target.

"Who would want to break into us?" asked Mr. Angelastri, who says the breach cut his annual profit in half. "We're not running a bank."

With limited budgets and few or no technical experts on staff, small businesses generally have weak security. Cyber criminals have taken notice. In 2010, the U.S. Secret Service and Verizon Communications Inc.'s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.

Hacking at small businesses "is a prolific problem," says Dean Kinsman, a special agent in the Federal Bureau of Investigation's cyber division, which has more than 400 active investigations into these crimes. "It's going to get much worse before it gets better."

Hackers are expanding their sites beyond big companies to include any business that stores data in electronic form. For small businesses, the impact could be crippling. Geoffrey Fowler reports for the Wall Street Journal.

In the time it takes to break into a major company like Citigroup Inc., a hacker could steal data from dozens of small businesses and not get detected, says Bryce Case Jr., a former hacker who broke into several government and corporate websites a decade ago and now runs an online message board for hackers called Digital Gangster. Now that small companies use computers, "the juice has become worth the squeeze," he says. "Even a pizza place has addresses, names and credit-card information."

Mr. Case, now a consultant in Colorado Springs, Colo., who helps small businesses identify security problems, has a trick for showing clients just how weak their systems are. He sometimes calls employees pretending to be a tech-department worker or consultant doing work for the boss and convinces them to tell him their passwords. "All you have to do is get a hold of one not-so-competent person and you're in," he says.

The fact that there are so many types of security threats makes it difficult for small firms to protect themselves. In April, the FBI issued an alert about a style of attack in which hackers steal a business's online banking login details and use them to transfer funds out of the business's account. That's what happened to Lease Duckwall just after 1 p.m. on Nov. 2, when someone logged into his company's bank account for Green Ford Sales Inc. in Abilene, Kan. The hacker added nine new employees to the car dealership's payroll and transferred $63,000 to them.

Mr. Duckwall learned about the transfers at 7:45 a.m. the next day. He called his bank, which froze the funds in six cases. But three payments had already been withdrawn by the recipients and the cash wired offshore.

"I don't have a clue" how or why his company was targeted, says Mr. Duckwall, who is still out about $22,000.

The costs of a breach can put a small company out of business. In 2006 and 2007, a Bellingham, Wash., restaurant called Burger Me LLC had its computerized cash register hacked. Criminals made untold numbers of fraudulent charges on customer credit cards.


After the incident, a credit-card company shut down Burger Me's account and put a hold on thousands of dollars in incoming payments, says Rich Griffith, its former owner. By late 2008, fees and lost business from not being able to accept credit cards put Mr. Griffith in so much debt—$12,000 for investigation and remediation costs alone—that he closed his formerly break-even burger joint.

The cyber attack "cost me my dream," says Mr. Griffith, 47 years old. The hacker who stole the data was never identified.

Financially motivated attacks typically rely on computer code that hackers plant on victims' computers, often as attachments or links in emails sent to employees. While these malicious programs are well known to security experts, hackers tweak them frequently enough to render them undetectable to antivirus software.

Bigger companies, while not immune, generally do a better job of protecting themselves. AT&T Inc., for example, has a command center with giant screens that track all the traffic on its network. Other large companies mine data for warning signs, taking note when an employee swipes an identity badge in New York only to log onto the network from California, for instance.

Smaller companies are less likely to grasp the security threat. A 2010 survey by the National Retail Federation and First Data Corp. of small- and medium-size retailers in the U.S. found that 64% believed their businesses weren't vulnerable to card data theft and only 49% had assessed their security safeguards.

One of the most common styles of attack on small businesses targets credit-card information that a hacker can sell or use to make fraudulent purchases. To gird against this, the major credit-card companies in 2006 formed an industry group called the Payment Card Industry Security Standards Council, which establishes minimum technical protections for businesses that accept credit cards.

While credit-card companies require all businesses that accept their cards to comply with those standards, known as PCI, they have few measures to enforce them for small businesses. Bob Russo, general manager of the PCI Council, says many small businesses neglect basic security measures such as changing default passwords.

Mr. Angelastri's case shows how even a business that tries to protect itself can fall victim to hackers.

A Chicago native, Mr. Angelastri, 52, started his company in 1978 when he bought out the small street corner newsstand he started working at after high school. Over the years, he grew his business to two 1,500-square-foot locations in Chicago and Evanston, Ill., carrying more than 5,000 different magazines.

City Newsstand didn't have a computer technician on staff. But Mr. Angelastri had decades of experience with computers after converting to a computer-based cash register in 1990. That first computerized register, known as a point-of-sale, or POS, system, wasn't hooked into the Internet. Every time it needed to process a credit card, it would use a telephone modem to log into the bank.

Four years ago, he upgraded to a now-standard Microsoft Corp. Windows PC that connected directly to the Internet. Mr. Angelastri didn't ignore security. He regularly updated the payment software on his computer to keep up with the latest standards. About two years ago, he got a local technology contractor to install a payment processing system called PC Charge, made by VeriFone Systems Inc.

On April 14, 2010, he received an email from Accelerated Payment Technologies Inc.'s X-Charge, a sales agent for his credit-card processor, saying MasterCard had identified "some sort of breach or compromise" within his system. It didn't specify what, and asked him to fill out a questionnaire and return it within two weeks.

Mr. Angelastri checked his systems and called in an outside technology consultant. That investigator found one problem on his computer—a piece of hacking software known as malware—which the investigator removed. Still, X-Charge kept forwarding him emails between MasterCard and a payment processor called Global Payments Inc. that suspected fraud.

After a sixth email warning in June 2010, Mr. Angelastri says MasterCard demanded he hire a forensic investigator to do a thorough review of his system, essentially a digital version of the investigations that police often conduct at crime scenes. Mr. Angelastri hired Chicago-based Trustwave Inc.

A Trustwave investigator worked at Mr. Angelastri's newsstand until 2 a.m. one morning looking for cyber clues as to how his system might be leaking credit cards to hackers.

The investigator discovered a program called Kameo was capturing everything that came into Mr. Angelastri's system before it even reached the PC Charge payment software. Kameo was exporting that information over the Internet, giving hackers credit-card numbers, customer names and other details.

It turned out the hackers had been lurking in his system since April 15, 2009. They had gained access to Mr. Angelastri's computer through a program he used to periodically access his technology system from outside the shop. The program could be used by anyone who knew the password, and he had picked an especially weak one: "pos," a common nickname for the cash-register software that was also the system's user name.

Bob Cortopassi, Accelerated Payment Technologies' compliance security officer, said the breach happened because of a "lack of basic security requirements" and isn't the fault of its payment system. MasterCard declined comment on Mr. Angelastri's case, and Global Payments declined to comment.

Security experts say hackers routinely scan the Internet for computers configured this way. Such searches are fast and easy, and often the computers they find have weak passwords.

The hack on Mr. Angelastri's newsstand highlights another murky area of cyber attacks. The people whose information is stolen often are never informed, despite varying state laws that require breached organizations to notify them.

Small businesses like City Newsstand don't typically record the names and contact information of their customers and payment-card companies discourage businesses from keeping credit-card data. Mr. Angelastri never learned exactly which of his customers were affected, or how many.

Many small businesses complain they get little support from law enforcement or the credit-card industry once they are hit. After the investigation, Mr. Angelastri sent the report back to his credit-card processing company. It demanded he improve his technology, including installing a new higher-grade firewall. He also cut off access to the open Internet for the computers with the cash register software. Now all they can do is pass information to the credit-card processor.

Mr. Angelastri says he is still paying off the $22,000 he spent on the investigations and security improvements. City Newsstand has thin margins, he says, on about $1 million in annual sales.

He reported the incident to the Chicago and Evanston police, but he never followed up. A spokesman for the Evanston Police Department said the department only has jurisdiction to look into crimes committed in the city, which it defines based on where the hacker is located. The Chicago Police Department didn't respond to a request for comment.

Mr. Angelastri also spoke a few times with the Secret Service, the federal entity charged with investigating hacking attacks, but he says that investigation didn't go anywhere. The Secret Service declined to comment.

Mr. Angelastri still doesn't know who attacked his system, but the hackers left some clues. Trustwave's investigation found that a Yahoo email address was receiving the data being collected by the hacker's malware. A message sent to that address by The Wall Street Journal wasn't returned. Yahoo said it doesn't comment on individual account holders.

The data also was being sent to an Internet server in Russia hosted by a Russian hosting company called FirstVDS, according to the investigation.

Aleksandr Belykh, the head of the abuse department of FirstVDS, said the user of the virtual server identified in the City Newsstand investigation is Russian, and his firm hadn't received any complaints about it. The company shut the account down in June after its owner failed to pay the bill. Mr. Belykh wouldn't disclose other details.

Mr. Angelastri still marvels that his business was attacked at all. "We thought there would be very little chance that somebody would come into a business of our size to pull off something like this," he says.

—Nonna Fomenko contributed to this article.

Newsletter Signup

* indicates required

Please click the 'X' in the upper-right corner of this popup window,
or click anywhere outside of the popup area, to close it.