Protecting yourself and your business online involves several areas, one of which is passwords. As the number of online accounts that we deal with grows, so do the number of passwords we need to have and remember. Follow these best practices to safeguard this information.
It is vitally important to never re-use passwords. I think we are all guilty of re-using passwords from time to time and for some of us, the same one all the time! But the reality is that sites and services are constantly being attacked and breeches are not uncommon. Which means it is vitally important to never re-use passwords – especially for e-mail accounts.
What’s the harm in re-using a password? Let’s say I signed up for a photo sharing site with my personal e-mail (firstname.lastname@example.org) and I used the same password that I use to access my Gmail. A few months later, the photo site experiences a cyber-attack, and my username and password are exposed. The first thing a bad actor will do with my username and password is try logging into my email. Since I used the same username and password, they now have easy access to my email and can see that I use this email for my bank, my credit card, Netflix, Dropbox, etc. If I also used the same credentials for those accounts, I have a real problem on my hands!
When businesses are attacked user information is often taken. Names, e-mails, passwords, addresses, phone numbers, etc. may be posted or sold on the ‘dark web’ for scammers to use. An e-mail disguised as a company you regularly do business with, may mention you by name, may even contain past e-mail content… “Hey, I’ve shared a document with you, you just need to log into Microsoft or Google to view it!” or “Hey click the attachment to see our latest newsletter!”. When email servers are hit, bad emails can come from a legitimate domain and not even need spoofing!
Another common reason for compromised accounts is users being tricked into GIVING their credentials to bad actors. If you’ve used your e-mail address for anything, fact is, it is out there in the world and bad actors are going to send you deceitful e-mails to either plant malware on your computer that can steal your credentials or trick you into handing it over to them directly. Depending on where your email is listed, bad actors may be able to figure out your employer, your co-workers, even industry partners or associates and you can be target phished. This is even more convincing than an e-mail imitating a legit entity like UPS, Microsoft, PayPal, Google, etc., as they can try to disguise the e-mail as coming from your dental practice, dental systems, co-workers, or even a partner business. Some of these fraudulent emails can be very clever so it is important to always have your guard up.
Always be on guard. Look for bad grammar, misspelled words, or other signs. An example is an e-mail that looks like it’s from Microsoft but the actual address it’s coming from is odd – ie. microsoftwebservices.com. HTML file attachments, an unexpected file share or file attachment, even from someone you know, can clue you to suspicious activity. Hover over hidden hyperlinks and if the website does not match the sender or if a link brings you to a login page not the URL in your browser, chances are it is a phishing e-mail.
Password Best Practice Tips
Strong. Make passwords no less than 20 characters AND do not use common words (hackers have sophisticated tools that can break passwords that use common words or word combinations).
Unique. Make every password unique so that if one account gets hacked you are not handing over the keys to your other accounts.
Management. Consider using a password management tool like LastPass, Bitwarden, 1Password, to name a few.
If you suspect an account has been compromised, it’s best to change the password immediately, monitor all accounts for any irregular activities, and stay alert to legitimate and counterfeit emails.
The act of paying for something with a credit card is seamless. First, swipe or insert a card into a machine. Then, wait for the authorization to happen. Lastly, sign off on the purchase, if needed. All of this happens in a few seconds.
However, a lot goes on behind the scenes while you’re waiting for that quick authorization! We’ll discuss what happens when you enter your card, in addition to the security measures that are in place to protect your data long after you make a purchase.
Who takes part in the credit card payment process?
Cardholder: This is the customer that presents their card for payment of goods or services.
Issuer: The issuer (or “issuing bank”) provides the cardholder with their credit and a physical card. They are responsible for approving and declining transactions, customer billing, and collections.
Merchant: This is the business that sells goods or services.
Merchant Account: This is a type of bank account that allows businesses to accept credit, debit, and mobile payments.
Acquirer: An acquirer (or “acquiring bank”) solicits, underwrites, and owns the accounts merchants need to accept credit cards. They can provide the technology permitting businesses to process transactions, take on chargeback risk, and deposit funds into a merchant’s bank account.
Payment Processor: Payment processors are organizations that partner with acquirers to open merchant accounts, handle support, manage payment processing, and build technology on behalf of acquirers.
Facilitating the payment process
Credit Card Machines
First, a credit card reader or terminal is needed. Today, there are various credit card machines available that can cater to any processing environment.
Popular devices include point-of-sale (POS) terminals, which support credit cards with magnetic stripes and chips. Some are magnetic stripe (“magstripe”) only, in addition to devices specially made for an unattended or kiosk type of environment.
The payment transaction starts when the cardholder presents one of the following:
EMV chip card: A payment card containing a computer chip that can validate personal identification numbers (PINs), authorize purchases, verify account balances, and store personal records. Chip cards facilitate EMV® payment processing throughout Europe and the US.
Contactless card: A credit or debit card that does not require physical contact between the card and the credit card machine.
Digital wallet: Digital wallets store a cardholder’s payment information on a mobile app or smartphone device, enabling payment to happen without a physical credit card. Examples include Samsung Pay®, Apple Pay®, Google PayTM, and Fitbit PayTM.
How does credit card processing work?
Once the card is entered into or “tapped” on the credit card machine, the authorization begins. Authorization is the process where the issuer approves or declines a transaction. Merchants use it to ensure customers have sufficient funds available when they purchase something.
The credit card information enters a payment gateway, which serves as a connector between the merchant and a payment processor (like Global Payments).
The payment processor will take this information and send it to the card brand (such as Visa or Mastercard).
The card brand sends this information to the issuer.
When the issuer receives the cardholder’s information, authentication begins.
The issuer will verify that the cardholder has sufficient funds in the credit line to approve the transaction.
They may also check the card verification value (CVV) and ensure the billing address matches what is on file to prevent fraud.
If the transaction is approved, the merchant receives authorization, and the issuer places a hold for the amount of the purchase on the customer’s account. The card reader or POS terminal should see a message that says, “Approved.”
The merchant gives the cardholder a receipt at the end of the sale.
At this point, the payment verification process is complete.
How long does a credit card payment take to process?
Payment verification only takes a few seconds at the point of sale. Then, the payment process continues behind the scenes with the settlement process.
Merchants send all approved transactions to the acquirer at the end of the day. This group of transactions is called a batch.
The payment processor routes the batch to the card branch for settlement.
The card brand forwards the transactions to the issuer.
The issuer transfers the funds to the acquirer, and in the process, takes an interchange. Card brands set the interchange fee, and the acquirer is responsible for paying this fee to the issuer.
The acquirer credits the merchant’s account with the approved transactions.
The issuer posts the transaction on the cardholder’s account. The cardholder will be responsible for settling their debt at the end of their billing cycle.
Payment processing times vary, but on average, it takes one to three days. Additionally, batches sent during the weekend or a bank holiday get processed on the next business day.
How does a refund on a credit card work?
Even if a transaction is approved, a cardholder can dispute it for a refund post-purchase. These disputes are called chargebacks. The main reasons for chargebacks include fraud, receiving faulty goods or services, and technical errors, such as double charges. A successful chargeback would mean the return of funds to the cardholder.
Encryption is one way to protect cardholder data. With laws becoming more stringent over time, in addition to increasing cybersecurity threats, encryption uses a numeric binary code to shield sensitive data such as the cardholder’s name, account number, expiration date, and service code. The more random the encryption code is, the more difficult it is for hackers to gain access.
Tokenization is another way of protecting cardholder data, particularly the cardholder’s account number. During an online transmission, a token replaces the account number with a unique string of characters. Tokenization differs from encryption in that each token is original and can apply only to a specific merchant and cardholder.
Finding the best payment processor
Now that you understand how complex the payment process can be, it’s essential to choose a processor that will enhance your business.
A reliable payment processor will integrate with your software to provide a seamless checkout and bookkeeping experience for your clients. Additionally, they will enhance cardholder data protection by helping you and your customers stay PCI compliant, ensuring secure payments every time.
Contact us to learn how our solution can benefit your business and add value to your software.
EMV® is a registered trademark or trademark of EMVCo LLC in the United States and other countries. www.emvco.com.
Apple Pay® is a trademark of Apple, Inc. All trademarks contained herein are the sole and exclusive property of their respective owners.
Google PayTM is a trademark of Google, Inc. All trademarks contained herein are the sole and exclusive property of their respective owners. Any such use of those marks without the express written permission of their owner is prohibited.
Samsung Pay® is a registered trademark of Samsung Electronics Co., Ltd.
FitBit PayTM is a registered trademark of Fitbit, Inc. and/or its affiliates in the United States and other countries.
Microsoft Windows 8.1 and Server 2012 Operating Systems
If you currently have computers running Windows 8.1 or if your server is running Windows Server 2012 it is time to start thinking about replacing or upgrading. Microsoft is ending extended support for Windows 8.1 in January 2023 and Windows Server 2012 in October 2023, bringing both to End-Of-Life status.
What does it mean when an operating system is End-of-Life?
End of Life status means Microsoft will no longer develop patches or fixes for any newly discovered bugs or security vulnerabilities within this version of the software nor will they provide technical support. When operating systems are no longer supported by Microsoft, other software developers, such as practice management developers, will stop building and testing in unsupported operating systems.
How does running an end-of-life operating system affect my business?
When an operating system is no longer receiving security updates, exploitable vulnerabilities will likely emerge and could create a security risk for your business. In addition, you may be unable to install newer versions of other software programs on computers running an unsupported operating system.
How long do business computers normally last?
Every single piece of hardware inside a PC will have its own average lifetime, but in general a PC will last anywhere from 5-7 years. As computers age, components will start to wear out and could leave you with unexpected down-time. Components can be replaced but keep in mind that as your computer ages, the more difficult it can become to find an available or compatible replacement part. We recommend practices begin planning for computer replacement when systems start to approach the 5-year mark. Some of our practices choose to stagger computer replacements to minimize the impact on their budget.
New computers are not in the budget this year, do I have any options?
Depending on your hardware compatibility, you may be able to upgrade Windows 8.1 to Windows 10. Keep in mind that some hardware is not compatible with Windows 10 and is unlikely to be compatible with Windows 11 (released October 2021). If your computer was manufactured in the last decade, it may be able to be upgraded to Windows 10. It is recommended, though, to check the manufacturers’ website(s) to verify the models of your system’s motherboard, CPU, and GPU are compatible with and supported on Windows 10.
I am interested in upgrading to Windows 11, is there anything I should know?
XLDent practice management software is compatible with Windows 11. However, there are some manufacturers, x-ray manufacturers in particular, that are still testing compatibility with Windows 11 and at the time of this post have not guaranteed full functionality of their devices with this operating system. We recommend purchasing computers based on Windows 11 specifications https://www.microsoft.com/en-us/windows/windows-11-specifications and installing Windows 10 on computers running software or hardware that is not yet cleared for use with Windows 11. Computers running Windows 10 can be upgraded to Windows 11 once connected devices are compatible with Windows 11. There is currently no charge to upgrade from Windows 10 to Windows 11.
All my computers are using Windows 10, is there anything I need to know?
I would like to start planning for a future upgrade, what are my next steps?
XLDent’s hardware team has over 50 combined years of experience and is happy to help provide you with a free assessment of your systems and make recommendations for future changes. Contact us today to get started.
Most of us have gone through losing some sort of data from a computer, mobile phone or tablet. Whether it’s personal, such as pictures, school assignments, or tax files, or business-related data like patient records, x-rays, or accounting files, losing important information unexpectedly can be a nightmare.
Data backup has your back!
The 31st of March is World Backup Day and serves as a reminder to take measures to prevent data loss. However, a data backup plan is not limited to one day of the year. It is vital to follow a backup strategy throughout the year as a continuous cyber hygiene process.
What is data backup?
Most everyone using a computer either in their practice or at home is likely aware of what a data backup is but it’s worthy of a quick review. A backup is a separate copy of all your important files. Data backup guides you to save a copy in another secure location rather than storing all your data in one device. In case anything happens to your device, your data will stay safe and can be restored easily.
Why should you backup your data?
Data loss is way more common than anyone would think. It usually happens in several forms, such as hard drive failures, cyber-attacks, human errors, or physical theft. The event of data loss urges the need to implement a data backup plan.
Facts and figures about data loss
30% of all computers are already infected with malware1
29% of data loss cases are caused by accident2
It is expected that ransomware attacks a business every 11 seconds by the end of 20213
How XLDent helps you protect your practice’s data
When backing up your data, consider the solution that best suits your data protection strategy. Not all solutions are equal! It’s important to consider the method (how and when the backup is done) and the service that accompanies it. XLBackup is a managed and fully automated, online, off-site service making it easy for your organization to restore lost files, images and critical data during a disaster recovery situation. Automated means it is scheduled to run at regular intervals (daily) so a current copy of data is available if needed. XLDent conducts routine audits of the backup with each client to ensure the service is best meeting their needs. The backup service is managed by XLDent’s team of experts who know your dental business. Whether you are using XLDent Practice Management Software or another practice or imaging software, this offsite backup solution is compatible with all.
The right software in a doctor’s practice can become a crucial partner in patient care and the business’s success. The XLDent Suite and accompanying electronic solutions offer a robust set of benefits to enhance both the patient and the doctor’s experience in an XLDent office. We’ve long understood from working with dental offices like yours that efficient service and open communication channels are essential to the doctor-patient experience. At XLDent, we design software around actual dental workflows so that the overall features of the products we deliver can enhance dental practices like your own. We’ve also taken care of the thoughtful details that make the patient’s experience better, such as designing our software to cut down on waiting time and use a patient’s preferred method of communication.
Experience an efficient, genuinely mobile solution
XLDent offers tablet-friendly, mobile solutions for those doctors, clinicians, and other busy staff who are always on the go. Dentists can access our software from any location in the office, and with XLDent Cloud, XLDent can even be accessed outside of the office, making it a truly mobile solution that doctors love.
Patients love mobile solutions, too. For example, our automated and paperless Patient Check-In allows you to facilitate patient check-in electronically. Patients can check-in to their appointments with tablet form completion and an intelligent patient document center that serves them the correct paperwork without the paper.
Realtime dental records for you and your patients
Live patient records on an accessible tablet are the most convenient way to communicate patient care to build relationships while improving the efficiency and productivity of your practice. XLDent’s Electronic Dental Records offer realistic tooth charts, built-in restorative and periodontal exams, and progress notes in one easy-to-use, mobile system. In addition, our digital image integration will enable you to manage digital x-rays with image storage that seamlessly integrates directly to the patients’ charts.
Details for lasting patient relationships
XLDent has taken great care to add those special touches that keep patients coming back to your office. For example, XLDent’s patient portal solution, XLPortal, is a dental web-based solution that allows you to offer convenience to your patients, build relationships, improve office efficiency and increase your productivity.
XLDent also provides an integrated eReminder Service solution that patients love. This comprehensive, automated patient communication solution works seamlessly with the XLDent software suite for your dental office.