Objective
CardConnect Company faces challenges in international management. In the recent past, the company has failed to formulate an effective strategy, structuring an appropriate organizational design and managing people in an international surrounding. The CardConnect firm is forced to handle technical, economic and social differences in the business environment. Although CardConnect has reached the global market scene, it still faces international challenges while competing with other credit card companies. CardConnect firm should take precaution to protect the Clover (POS company) because it is depicted as one of the commonly applied computing systems around the world. The hackers have targeted the main elements of a modern point-of-sale systems. These elements encompass the cash register, bar code scanner, wireless access, IP network and the store inventory management system. The paper will addresses that CardConnect Company faces in the international management.
Background.
CardConnect is recognized as one of the fastest developing providers of payment processing services around the global front. The online payment services provider has liaised with programmers to develop CardConnect mobile app that allows the business people to allow payments, edit the receipts and manage the inventory with the use of a cell phone gadget. The CardConnect mobile is supported by CardConnect Gateway to ensure that each business transaction is secured by patented encryption and tokenization. Moreover, the integration offers profile customer backup and transaction management advantages. On the other hand, POS defines the in-store systems where the clients pay the retailers for goods and services.
Most of the POS transactions are conducted by customers where they swipe their credit cards using card readers. The credit and debit card data theft is perceived as one of the initial types of cyber crimes and still it is on the rise today. Cybercrime gangs orchestrate sophisticated practices to rob massive amounts of data before sending the confidential information to other groups. There are several modes to obtain this information. For instance, the information can be taken from the database where the card data is stored. Another choice encompasses the credit data known as Point of Sale (POS) system.
On the security perspective, these POS systems handle numerous payments types. The transactions are encoded at swipe via First Data’s TransArmor technology, taking Clover from PCI scope. Additionally, the overall Clover station is PA-DSS evaluated for Android via a trusted and proven QSA. Nonetheless, nearly all the Clover’s apps pass through a thorough test to become Clover-certified, and independent code examinations and qualifications tests are done after three months.
The stock is an excellent inventory application that creates solutions for many of the deficiencies traced in the built-in software. Merchants can develop extra functions programmed by first and third party developers. These apps require a license purchase or an extra added subscription expenses. Retailers are left to consider whether the added value proofs the costs.
Executive Summary
The case study will useful demonstrate the challenges that the Clover (POS company) faces in its transactional management issues and the effect it has on CardConnect Company. The firm launched application store to allow consumers download application to each POS system. Furthermore, the owners can consider purchasing the program the owner wants to use from the application marketplace that the CardConnect offers. It is appropriate to develop the POS system that can be a smart device at the store (Ando 2013).
Problem (Clover POS Security)
CardConnect faces the slow adoption of Europay, MasterCard, and Visa (EMV). EMV cards comprise of embedded microprocessors that offer strong transactions security issues. For example, EMV never conveys the credit card data in a precise way. EMV cards are less wooing to investors as they are difficult to clone.
The working system of attacks against the POS systems is multi-staged. For example, the hacker access the victim’s network via the associated network rather than the CDE. In the period that the hackers transverse the associated network, they can access the POS systems. The preceding procedure will encompass installing the malware to be able to rob the data from the compromised systems. Furthermore, the insufficient external network access of the POS system will enable the stolen data to be sent to the internal staging server and therefore infiltrated from the retailer’s network to the hacker.
POS security issues
Clover Point of Sales System is exposed to security issues, and this affects its operations. Since this firm uses Windows Embedded XP, the operating system is susceptible to a wide range of attack scenarios which even reaches to an extent of breaching their database.
Accessibility
As an organization that deals with payment card data, Clover POS has derailed in the implementation set down in the PCI DSS. Even though they are in the process of implementing the outlined standards, they are yet to guarantee their clients that the systems and procedures of the system are properly secured. The current standards suggest that cardholder data environment (CDE) should be specifically reserved for POS systems but does not rule out another system from applying the concept (Kumar & Kumar 2016). The POS system network cannot be isolated even though this improves the security because it should be accessible for updates and maintenance of the software, allow business data and other security logs to be exported. In addition, the POS systems must be accessed by support systems like Network Time Protocol (NTP) servers, because they should be connected to external payment processors. The CDE should have been segmented like in other mature environments to lower the risks involved. The Clover POS system is vulnerable to attack routes especially the corporate network. In a scenario where the attacker has access to the corporate network, for instance through a vulnerable public-facing server, it is possible for the attacker to navigate the network and end up gaining accessibility to an entry point of the POS system (Zimmerman 2011).
There are various hubs in which the hacker can access the corporate network. For example, the attacker can analyze the weaknesses in the external-facing systems. The hacker can attack the POS system by sending a phishing email that comprises of a malicious attachment to an individual in the Clover (POS) organization.
The attacker may gain access inside the potential targets if he or she has already accessed the network. Attackers apply a variety of tools to assess the network and locate the systems within the CDE. The attackers find it easy to penetrate inside the systems with the user credentials. In addition, the user credentials can be accessed by either cracking the source code, key logging Trojans or applying brute force. Sometimes, the attackers may access the entire computers in the network if they manage the domain controller. The access to the CDE allows the attacker to install the malware which makes it easy to steal card data from the POS systems.
Technological firms challenge in international management (Walters 2014)
Lack of point to point encryption
The POS system is exposed to vulnerability because point to point encryption is not ensured on the network level. During the swapping of the credit card, the data captured in the magnetic stripe is exposed to unauthorized parties. The hackers who have skills can interrupt with the data and cause fraudulent activities that may interfere with the transactions in Clover POS system.
The weakness in the credit data has led to the resurgence of RAM-scraping malware and this allows the attackers to extract data from the memory during the processing of the data at the terminal. The RAM-scraping attacks operate by probing the POS system memory of digits that bout those of payment card numbers.
Conclusion
As explicated above, CardConnect faces numerous challenges in transaction management. The firm faces economic, social and political differences. The online payment service provider has liaised with Clover (POS) Company to although it has faced challenges in order to sustain itself in the global business environment. Cybercrime orchestrates sophisticated practices that steal the credit data from the database. The security issues that the Cardconnect faces are the slow adoption of the EMV (Europay, MasterCard and VISA). These POS systems are more prone to attack from the software vulnerabilities. Moreover, the POS systems are more prone to attack from the malicious code because attackers do not need specialized systems to access the software. Nonetheless, the POS systems have an insufficient point to point encryption. There are various hubs in which the hacker can access the corporate network. Network transversal, infiltration, exfiltration are three forms that define the anatomy of attacks against POS systems.
References
Ando, T. (2013). Site-Driven Service Innovation of POS Systems. FUJITSU Sci. Tech. J, 49(4), 416-7.
CardConnect. (2016, March 23). CardConnect | Payment Processing and Credit Card Security. Retrieved March 23, 2016, from http://www.cardconnect.com/ - Google Search. Retrieved from https://www.google.com/search?q=CardConnect+|+Payment+Processing+and+Credit+Card+Security.+Retrieved+March+23%2C+2016%2C+from+http%3A%2F%2Fwww.cardconnect.com%2F&ie=utf-8&oe=utf-8
Clover. (2016, March 23). Clover. Retrieved March 23, 2016, from https://www.clover.com/ - Google Search. Retrieved from https://www.google.com/search?q=Clover.+Retrieved+March+23%2C+2016%2C+from+https%3A%2F%2Fwww.clover.com%2F&ie=utf-8&oe=utf-8
Global 1 Wholesale Merchant Services, Inc. (2015). Global 1 Wholesale Merchant Services, Inc. Retrieved from www.global1wms.com/clover-point-of-sale-system/
Kumar, P., & Kumar, R. (2016). Cyber Security's Significance in Health Information Technology (HIT). International Journal of Advanced Studies in Computers, Science and Engineering, 5(2), 8.
Walters, R. (2014). Cyber attacks on us companies in 2014. Heritage Foundation Issue Brief, (4289).
Zimmerman, J. (2011). Web marketing for dummies. John Wiley & Sons.
