Page 1

Vanco on Security - July 2016 AI NL VS_I1 072016 v1

Vanco on Security - July 2016 Identity Theft, Fraud and Phishing When criminals get access to someone’s personal information such as Social Security numbers, birth dates, names and addresses through identity theft, they can use it for crimes like hacking into financial accounts, opening and using credit cards or stealing tax refunds. Around 10 million Americans have their personal information stolen every year. Many victims are unaware until they learn about it from a bank or retail store that has been compromised. By then, their information is in the wrong hands and the organizations that were compromised may be subject to severe fines and penalties for non-compliance with Payment Card Industry Data Security Standards (PCI-DSS). Identity fraud occurs after someone steals personal information to commit a crime, like using existing credit or debit cards to make fraudulent purchases. A criminal can’t commit fraud without first obtaining someone’s personal information, so identity theft and identity fraud go hand-in-hand. An example of fraud occurs when the fraudster enters a donation, then contacts the receiving organization to request a refund by check, or a credit to a different card.


Typically, fraudsters communicate that they have erroneously typed in the amount contributed, “I gave $10,000 but it should have been $1,000. Can you refund the difference to this account number instead?” Credits applied back to a different card than the original card used for the donations are known as “unreferenced credits.” To help protect our clients, Vanco’s systems do not allow “unreferenced credits.” However, receiving organizations should be careful not to offer a refund by sending the fraudster a check. Refunds must be made only to the same bank or credit card number used in the original transaction. Another way that criminals steal personal information is called “phishing.” This occurs when a fraudster pretends to be a bank or business and attempts to trick someone into giving out personal information. These “phishing” attempts can be over the phone, over email or even through text messages. The messages may appear to be from legitimate organizations and may threaten to close an account or take other action if the person doesn’t respond. | 800-675-7430 | © 2016 Vanco Payment Solutions

Phishing messages often include misspelled words or persuasive language like this: •

We suspect an unauthorized transaction to your account. To insure that your account is not compromised, please click the link below and confirm your identity. (note misuse of the words “to” and “insure”)

During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.

Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.

Here’s what to do when you receive a message you believe is a phishing attack: Never reply to email, text or pop-up messages that ask for personal or financial information, even if the message looks like it’s from a trusted organization. Legitimate businesses don’t ask for sensitive information to be sent through unsecure or unencrypted channels such as email. Delete immediately any email and text messages that ask for confirmation of personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Don’t click on links or call phone numbers provided in the message, either. These often take you to an imposter (“spoof”) site that look real, but are only a very good copy of a legitimate site. Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware. If you receive an email or text message from an organization you do business with, and they are asking for personal or financial information, call the organization directly using the number provided on your account statement or on the back of your credit card. If you have concerns about your Vanco account, call our Compliance and Risk Management Team at 800-675-7430, or email


Implementing Security Practices in Your Organization No matter what industry you’re in, whether your organization is a for-profit or nonprofit and no matter its size, protecting data from threats and breaches is important. But before you invest in expensive technology, you need a proper plan. Here are some tips to help you make the most of your budget without compromising protection of personal data, intellectual property and other valuable assets:

Develop awareness •

Implement and understand your organization’s policies and procedures

Know what to do and who to contact to report incidents

Communicate security importance to all employees

Follow best practices


Log off your computer and lock your workstation when you leave your desk

Protect your computer with up-to-date spam filters, anti-virus/anti-spyware software and a firewall

Store confidential documents in locked cabinets overnight

Lock cabinets that contain confidential documents and take the keys out of the lock

Revoke external/remote access for terminated employees or volunteers who no longer need access

Limit access to confidential information to only those employees or business functions required to do the job

Use secure document destruction practices (cross-cut shred) | 800-675-7430 | © 2016 Vanco Payment Solutions

Protect IDs and Passwords •

Never share or write down usernames and passwords

Do not create generic passwords — use a combination of uppercase and lowercase letters, numbers and special characters

Use different passwords on business and personally owned computers and mobile devices

Don’t use a password with obvious significance to you, or one that is easily guessed

If multiple passwords are required, use a password management application


Why is PCI Compliance Important for You? For any organization that accepts credit cards or bank drafts for donations or payments, it is important that they keep credit card, bank account and personal data secure. Compliance with standards for data security can help you reduce the possibility of fraud and save you from severe financial liabilities, including legal costs, settlements, fines, penalties,etc. The standards established by the Payment Card Industry Security Standards Council are known as the “Payment Card Industry Data Security Standards” (PCI-DSS). Organizations that process, store or transmit credit or debit card information must be validated against these standards annually, and some payment acceptance methods may even have quarterly compliance requirements.

Benefits of PCI-DSS Compliance


Helps your organization take a proactive approach to data security and staff awareness relating to the acceptance and safe handling of credit and debit card payments

Greatly reduces the potential of a data breach or compromise

Helps you avoid fees associated with PCI-DSS non-compliance

Safeguards the reputation of your organization | 800-675-7430 | © 2016 Vanco Payment Solutions

Becoming PCI-DSS Compliant Industry regulations require compliance for all organizations that accept card payments, and non-compliance penalties may be incurred by organizations that have not taken steps to become PCI certified. Vanco is committed to providing you with the tools and support needed to understand and comply with these regulations. Our PCI-DSS Compliance Management Service is a secure, web-based portal that offers step-by-step guidance to complete the validation process, including a Profile, Self-Assessment Questionnaire and Attestation of Compliance. Vanco offers this service to you free of charge, and we are happy to assist you with every aspect of the process.

Contact us If you have questions or need assistance with anything covered in this issue of Vanco on Security, we are available during normal business hours — Monday through Friday from 9:00 am to 5:30 pm Eastern Time. Compliance and Risk Management Team 800-675-7430


About Vanco Payment Solutions Vanco Payment Solutions focuses on meeting the unique needs of clients who count on predictable, recurring revenue. Faith-based, nonprofit and other relationship-oriented organizations — and the software providers and professional associations that serve them — rely on Vanco’s specialized approach to adding electronic payment options and enhancing current capabilities. The company’s experienced leadership team helps more than 30,000 clients across the U.S. conveniently, securely and efficiently accept a broad range of payments, including credit and debit cards, and more effectively manage their operations.


Vanco on Security July 2016  
Vanco on Security July 2016  

At Vanco Payment Solutions, we help clients implement best security practices for protecting data from threats and breaches. Compliance with...