Issue link: https://nebusinessmedia.uberflip.com/i/562733
www.wbjournal.com August 31, 2015 • Worcester Business Journal 35 T here's been much discussion surrounding the Payment Networks' Liability Shift associated with Europay, MasterCard and Visa, also known as EMV. Already a common technology across the world, EMV will become the new payment standard in the United States by October. If you're a merchant, there are a few things you need to know about becoming EMV compliant. First, merchants will be required to update their point-of-sale systems to accept smart cards with chip technology. Businesses that use non-EMV compliant terminals will assume liability for any fraudulent transactions that occur with smart cards. This has the potential to be detrimental to a business's finances and is a key reason to adopt the new payment standard. Here are four tips for small-business owners and merchants who are considering or making the switch to EMV payment terminals: 1. Investigate your technology options. When making a technology investment for your business, it's critical to research and explore the different options. It's worth your while to do the same when looking for new EMV-compatible payment terminals. Merchants should choose the most appropriate technology that meets their unique business needs and customer payment preferences. 2. Seek EMV training. To make the adoption a success, business owners should commit to training staff on the new features and functions of the EMV equipment. According to the federal government, Massachusetts employed more than 1 million small-business workers as of 2021. That's a great deal of workers who could benefit from learning the ins and outs of the new transaction process. Be sure to ask your financial institution if it offers EMV training and take advantage of their expertise. A training session can ensure that transactions will happen quickly and smoothly. 3. Invest the time. While the switch will indeed require a time commitment and up-front investment, adopting an EMV-compatible payment terminal is a smart business strategy. Not only is it a more secure transaction for consumers, but it decreases the burden on business owners in the event of a data breach. 4. Create a better customer experience. Keep in mind that consumers may be faced with different payment terminals when they visit local merchants. Create a better customer experience by practicing patience during the EMV transition. Consider it as another touchpoint and way to build trust with your customer by offering guidance through the new payment process. EMV provides peace of mind for consumers because it's a more secure payment process. Merchants with EMV terminals will require customers to insert the smart card, write their signature or enter a PIN, and not remove the card until the transaction is complete. The EMV payment process is a more secure transaction for consumers, and a smart strategy for businesses. n Julie Pukas is head of U.S. Bankcard and Merchant Services at TD Bank, which has 28 branches throughout Central Massachusetts. By Michelle Drolet Michelle Drolet is founder of Towerwall, a data security services provider in Framingham. Contact her at michelled@towerwall.com. 10 Things I Know About... Ready to make the EMV switch? KNOW HOW (NOTE: A Massachusetts regulation places responsibility on businesses for protecting consumers' personal information). 10. You need a WISP. A written information security policy, or WISP, is vital. Make sure there's a person in charge of enforcing it. 9. Always encrypt data. Sensitive data, especially personally identifiable information, must be encrypted at all times, from the server, to the cloud, to a laptop or USB drive. 8. Check your firewall Simply having a firewall isn't enough – it needs to be kept up-to-date, and you should consider unified threat management (UTM). 7. Update your security software. You need to have up-to-date protection against malware, and the latest patches and virus definitions to guard against intrusion. Implement an update schedule. 6. Employees must be aware. It's not enough to have systems and policies; you must also educate staff and boost user awareness. Employees should be trained and sign off on security awareness at least annually. 5. Vendors must meet standards. Make sure security expectations are clear in your contracts, and always perform due diligence. 4. Secure access control. Make sure employees only have access to data that's vital for them to perform their duties. 3. Review regularly. View this as a continuous process, not a finite task. You must review your security procedures at least once a year to ensure they're up to the task. 2. Compliance is cheaper. If you're resisting the allocation of proper security resources, you should be aware that the state will levy serious fines for compromising regulations. 1. Don't get complacent. Just because you have complied with the regulation doesn't guarantee your data is safe. It's a solid foundation for the information security program you should continue to build. n E mployee feedback is called feedback because it's more than a tool to make team members feel good. It's to help their performance and build a stronger team, ultimately coming back to you, the manager, as an investment that pays off in talent, performance and results. It is, of course, also a way of expressing appreciation, which breeds loyalty and camaraderie in the workplace. Here are three things to keep in mind when it's time to give feedback (which should be a constant practice, not just an annual review). Do some of their work for them. It seems counterintuitive. But Karl Moore at Forbes.com credits Gary Chapman and Paul White's "The 5 Languages of Appreciation in the Workplace" as bringing light to this concept. Moore says that if he sees his assistant is overloaded, he'll help her. "Physically taking on a task … shows you recognize the amount of work they do and that you value them," he writes. Set up a safety zone. Studies have shown that if the person receiving the feedback feels uncomfortable, he or she is much less likely to put the feedback to use, rendering the feedback ineffective, says Scott Halford at Entrepreneur.com. This doesn't mean you necessarily have to be buddies with a subordinate. But you must establish and maintain safety and civility. "Your feedback usually won't be productive if it's focused on making the other person feel bad or make them look foolish in front of peers," Halford writes. Timing matters. Productive feedback is timely, frequent and specific, according to Susan M. Heathfield at HumanResource.About. com. "Effective feedback is well timed so that the employee can easily connect the feedback with his actions," she writes. So, not getting around to delivering feedback — positive or constructive — too long after an event diminishes its effectiveness. n 101: GIVING FEEDBACK >> BY SUSAN SHALHOUB Special to the Worcester Business Journal BY JULIE PUKAS Special to the Worcester Business Journal Here are 4 tips for merchants in adopting the new payment standard Mass. data security rules