PCITelecom: time to sort your PCI DSS compliance

Stop putting it off! Make 2017 the year you achieve PCI DSS compliance.

Ok, so we know it’s unlikely that you considered including PCI DSS compliance in your list of New Year resolutions this year. It’s probably not on your radar as much as it is ours and besides, it can appear even less appealing than eating healthy and avoiding chocolate, right?

But perhaps you should have a rethink. Cyber attacks are on the rise. In 2016, it is estimated that UK businesses were targeted 230,000 times each on average* with even more predicted for 2017. So why not make this the year that you get to grips with your card payment security and your PCI DSS compliance?

If you’re like the businesses we meet, then one of the following is probably putting you off:

1.You’re not sure if PCI DSS compliance applies to you

A common myth is that PCI DSS regulations are only for big companies and e-commerce businesses dealing with lots of card transactions. In actual fact any business that offers to take card payments needs to comply with PCI DSS even if they only process a handful each year.

2.You think the PCI DSS regulations are too difficult to implement

We know from our experience that the road to PCI DSS compliance, particularly for smaller businesses, is daunting. For starters, there are the 12 requirements you have to have in place (listed here) in order to comply with PCI regulations. Then you have to work out which merchant level and compliance validation requirements apply to your business and if you’re eligible for self-assessment then you’ll need to decide which self-assessment questionnaire (SAQ) you should complete. All of which can be tricky.

For larger businesses that process more transactions, the systems that need to be implemented can be complex and there is often the issue of who will take ownership of the project and oversee procedures as they develop.

There are organisations out there that can offer you the support and expertise you need to make your goal of being PCI DSS compliant in 2017 much easier to achieve. The PCI Security Standards Council provides in-depth information and advice in their document library here . As they say ‘The standard works for some of the world’s largest corporations. And it can work for you’. In addition to this, there is guidance on the process of becoming PCI DSS compliant here on the Visa Europe website.

3.You think that PCI DSS compliance will cost too much

We all know that nothing comes for free. Depending on the procedures that need to be implemented and the changes that need to be made, there may be costs associated with making sure that your business is complying with PCI DSS, be it investing in new software or staff training, through to expanding your staff resource to oversee the project. That said, these costs will be nothing in comparison to the hefty fine you’ll receive should your data be breached in addition to the damage to your business’s brand which may be irreversible.

Don’t despair!

There are companies, like us, that can help. We provide phone and online card payment platforms to de-scope you from your PCI DSS responsibilities so that you don’t have to worry about them. We are Level 1 compliant and can create solutions that fit seamlessly with your existing system. You can find out more about us and what we do here.

* http://smallbusiness.co.uk/smes-targeted-cyber-criminals-2536150/

PCI Telecom reasons to descope you business from PCI DSS

Three reasons why it makes sense to descope your business from PCI DSS

The management of your PCI DSS compliance can be daunting, especially if you don’t understand the regulations and how to implement them. Read on to discover three HUGE benefits to descoping your business and outsourcing PCI DSS compliance to a third party.

1. It removes the responsibility of nearly all PCI DSS requirements from your business onto someone else.

The level of PCI DSS requirements that you should meet will depend on the volume of card transactions your business processes each year but the regulations and their requirements are evolving all the time. For some small and medium size businesses this creates a huge challenge to stay on top of. The easiest way to do so is to pass the responsibility over to a third party provider or solution, making the responsibility of PCI DSS compliance a much smaller consideration, and in turn making it easier for you to re-focus on what really matters to your business and your customers.

2. Reduces the overheads associated with managing PCI DSS compliance

‘Many organizations treat compliance as a one-time, annual event. But only focusing on an annual compliance assessment can create a false sense of security.’ (PCI Security Standards Council, LLC, 2006-2016)

To be compliant, your business must demonstrate an ongoing level of security awareness. In other words, it isn’t a one-off task but a project that needs constant attention. Sounds like a job in itself, doesn’t it? Taking on a new member of staff to manage PCI DSS compliance can increase your overheads significantly and we know that finding an employee with spare time and/or an understanding of the PCI DSS often isn’t easy. Outsourcing the responsibility to a third party provider takes away the stress and doesn’t cost as much as you might think.

3. Your customers’ data is protected, along with your brand

Failing to comply with PCI DSS can result in a hefty fine but even worse, it can cause irreversible damage to your business’s reputation and brand. Your customers trust you to protect their payment details but once this trust has been damaged, it can be hard to get back. Here at PCI Telecom, our hosted telephone and online card processing platform has an accredited Level One certification for PCI DSS which means we comply with all the PCI DSS requirements at the highest standard. Customer payment details remain encrypted so neither us nor your staff ever see the card details being inputted.

About PCI Telecom

PCI Telecom provides an outsourced, fully accredited (Level 1) phone and online card processing platform to descope your business from its PCI DSS responsibilities leaving you to focus on delivering your product to your customer. Our PCI AGENT solution is hosted in the cloud, is easy to set up and fully integrates with your system so the customer experience is completely seamless. Plus, our 3D-secure online payment solution reduces the possibility of fraudulent card use by authenticating the cardholder at the actual time of the transaction and creates a liability shift from your business to the acquiring bank.

We pride ourselves on our knowledge and high quality customer service. If you have any queries about descoping your business of PCI DSS and outsourcing your card payment systems, please do get in touch.

PCI Telecom how to protect your online business

Five tips for protecting your business from cyber attack this Black Friday and Cyber Monday

We’re heading towards that time of year again when shoppers go crazy for a bargain. What security measures should your business have in place to protect customers’ payment details from those cyber attack criminals lurking out there?

Black Friday started in the US back in the 1930s before making its way across the Atlantic in recent years and is regarded as the beginning of the Christmas shopping season. Traditionally it takes place on the Friday after Thanksgiving and with the introduction of Cyber Monday, shoppers are treated to a long weekend of seriously discounted goodies.

In 2015, retailers in the UK saw sales of £3.3bn over the Black Friday/Cyber Monday weekend and this year looks set to be even bigger. But it’s not just shoppers and businesses getting excited. Black Friday and Cyber Monday offer cyber attack criminals a chance to cash in too, targeting consumers and businesses with the aim of getting their hands-on valuable credit and debit card details.

So what can businesses do to protect customers and themselves from cyber attacks? Here are PCI Telecom’s top tips:

Tip 1
Educate your employees. Ensure internal policies are in place for data protection, card handling and sensitive data and make sure that all staff know about them.

Tip 2
Back up your data. Make use of a secure replication server to ensure that all your data is protected in an environment external to your business.

Tip 3
Be careful of email and website downloads and warn employees of the risk too. Ensure you have sufficient firewalls in place to reduce the risk of harmful files making their way onto your system.

Tip 4
Make sure that your ecommerce website is secure. Look in to purchasing an EV SSL (Extended Validation SSL certificate) which encrypts and protects information that is being transferred online to prevent information being intercepted by hackers. It also demonstrates to the customer that you take the issue of protecting their data seriously.

Tip 5
Be sure that your business complies with PCI DSS regulations…which is where we come in…

What is PCI DSS and who does it apply to?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements relating to the security involved in the processing, storing or transmitting debit or credit card information. The standard and the management of it, by the Payment Card Industry Security Standards Council (PCI SSC), were created by the major payment card providers – Visa, MasterCard, American Express, Discover and JCB. PCI DSS compliance applies to ANY business taking credit and debit card payments over the phone or online – large or small. While PCI DSS isn’t a legal requirement, failure to comply can result in a substantial fine and more seriously, cause irreversible damage to your brand.

About PCI Telecom

PCI Telecom provides an outsourced, fully accredited (Level 1) phone and online card processing platform to descope your business from its PCI DSS responsibilities leaving you to focus on delivering your product to your customer. Our 3D-secure online payment solution reduces the possibility of fraudulent card use by authenticating the cardholder at the actual time of the transaction and creates a liability shift from your business to the acquiring bank. Our PCI Agent solution means that credit and debit card details can be taken over the phone securely while maintaining good customer experience. Find out more here.

Is it safe to give out your CVV security code?

If you regularly shop online, you will be familiar with your security code, or CVV (card verification value), a 3-4 digit code on the back of your card (or front with American Express), which is intended to provide added security when making purchases as the cardholder should be the only person who knows what it is.

So, is it safe to give it out?

In general, yes. Although the banks encourage retailers to ask for the code as part of the authorisation process in cardholder not present transactions, the details can still be stolen by an operator or employee of a company you are making payment to. This could especially be problematic when making payments over the phone, as this gives the operator the chance to access your data. The following tips can help you avoid issues with card fraud:

  • Only use reputable websites when buying products online
  • Keep a close eye on your bank statements to check that all transactions are authorised
  • Never give out the security code in person
  • Avoid making payments over the phone unless you called them directly and they have PCI compliant software in order to collect your card details securely

If you are a retailer or a business that processes payments on a regular basis and want to ensure your customers feel secure as well as safeguarding your own safety and compliance, then you can contact us on 0330 022 0660 or by visiting our contact page.

Card breach at Hilton Hotels chain should be treated as a wake-up call to the industry

Hilton Hotels have admitted that they are investigating claims hackers have compromised their point of sale systems at their flagship Hilton locations, as well as Embassy Suites, Doubletree, Hampton Inn and Waldorf Astoria Hotels & Resorts.

A number of financial institutions were warned of a breach in August by Visa, which was known to have happened between the 21st April and 27th July, however sources at five separate banks have now determined that the common point-of-sale used on all breached cards were at various restaurants, coffee bars and gift shops within Hilton properties.

The hotel industry was criticised back in March when security firm Cylance discovered that vulnerabilities within Wi-Fi routers used at hundreds of hotels around the world allowed hackers to distribute malware to guests and access the hotel’s reservation systems.

The chain admitted that “unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace”.

The use of PCI DSS compliance regulations should be preventing breaches such as this from happening. Don’t let your company get into the same position as the Hilton Hotels chain! Contact us today to find out about our descoping solutions.

Five top tips to prevent your card being hacked

Whilst almost half of Europeans worry about the safety of their data, and 59% experiencing data protection issues in the past, there are steps you can take to protect yourself from card fraud. Read below for our five top tips to protect yourself from credit or debit card hacks.

#1: Text message notifications for suspicious transactions

Enabling SMS notifications for unusual transactions means you will be notified the minute any suspicious activity takes place from your account, and gives you a better chance to contact the bank and prevent more damage from happening. These can be enabled in the settings on your online banking platform and can prevent you finding out if you have been hacked the hard way (for instance your card declining in a shop). If in doubt, have a Google and see if this is a service your bank offers.

#2: Don’t fall for phishing scams

Phishing emails from scammers pretending to be your bank (see below example) entice you to ‘login’ to a fake bank page, which then records all of your data. Don’t become a victim of these scams – if you are ever in doubt about whether an email is legitimate, always contact the company directly and ask.

Blog 14 image 1

#3: Make sure companies you make payments with are PCI DSS compliant

When making a payment over the telephone, make sure you are offered the chance to enter in your card details yourself and don’t give an operative the chance to write them down! You can check out our brochure here which explains what PCI DSS compliance is.

#4: Be careful with your choice of retailer when shopping online

Make sure to read customer reviews. If there are many reviews criticising the order process, then go with another retailer. Make sure the website is secure by looking for lock images in your browser’s status bar.

#5: Use your card provider’s online authentication service

One example (also used in our solution – check it out here) is 3D Secure, which is an additional layer of security by adding a password & secret phrase which can then be entered by the consumer when making an online payment – if the user does not know the password, then the transaction cannot continue. This service is also known as ‘Verified by Visa’ and ‘MasterCard Secure Code’.

As a small business, why should I comply with PCI DSS?

You may have heard of PCI compliance and you may be thinking, why do I have to comply?

For smaller businesses, PCI compliance may seem daunting, confusing and not something you know much about. This blog aims to give you the benefits of being compliant in comparison to non-compliance and the potential result of being non-compliant.

If you think of taking a single credit card transaction like someone handing you the keys to their safe and asking you to carefully take out just the amount you are owed, you will realise the importance of security surrounding your customers’ personal details. As a business, you must demonstrate that you care about your customer’s personal information. PCI DSS compliance shows that you are committed to the protection of this information, increasing trust amongst your customers, and encouraging repeat visits.

Even though there may be a cost/benefit ratio and the cost to comply outweighs the benefit to you or your customers, this can change instantly. You may think that as a small business, you would not be a viable hacking target. In fact, the recent threat report carried out by Symantec found that three in five cyber-attacks last year targeted small to medium sized businesses. It is often easier and quicker for a hacker to attack many small businesses, rather than one large business.

If this happens, the card issuing companies can fine your bank thousands of pounds. The bank, in turn, would pass these charges down to you. Your business would also be liable to pay for a full forensic investigation to find out how the cyber-attack happened, and how many customers’ details were stolen. Those customers, who now run the risk of having fraudulent charges being taken in their name, would then have to obtain a new card and would most probably take their business elsewhere.

As a small enterprise, you may rely on relationships with other businesses and also reputation, which could also be affected. You also may not have the necessary funds or expertise to recover from a data breach, especially if a large fine is involved. By becoming PCI compliant, you can benefit from peace of mind knowing that your customers’ data is secure, and better customer relationships through stronger perceived trust.

If you would like to ask us any questions about PCI compliance, please email us at info@pcitelecom.co.uk or give us a call on 0330 022 0660.

EU Data Protection Directive in the process of being updated – what does this mean for your business?

Over the last 20 years, technology has dramatically changed, particularly within the e-commerce sector. Proposals for new data protection legislation by the European Commission began in 2012, and the process should be completed by the end of 2015 ready to come into effect in 2017.

So, what has been changed so far?

The current legislation is a directive – meaning that certain guidelines are laid out however each individual state is free to decide how they include these in their own national law; however the new legislation is a regulation, a binding legal force throughout every state and will come into force on a set date.

The new regulations also contain major changes to the way in which companies should implement data security policies, stating that they should “implement technical and organisational measures to ensure a level of security appropriate to the risks” and that personal data should be encrypted, rendering it unintelligible to third parties in the event of a data breach. This raises issues when taking payments via the telephone as many organisations feel the need to record all calls for auditing and training purposes, as personal details like card numbers may be kept in these recordings.

Whilst the PCI Security Standards Council already monitors this, new EU legislation will further enforce this into UK law, and with expected introduction set for 2017, this is something which all businesses should be looking into carefully to check they are compliant.

Our ‘PCI Agent’ solution allows for your customers to benefit from a secure and unique transactional environment where they remain on the call, entering their own information, without being passed over to a separate payment IVR and (if required) recording the calls in a fully PCI DSS compliant environment. You can read more about it here.

To make an enquiry, or for more advice on compliance, please contact us today. Our experienced team are always on hand to help, whatever your question may be.

2015 Information security breaches survey from PwC highlights the importance of protecting your business from data breaches

This years’ survey undertaken by PwC has revealed that 90% of large organisations and 74% of small businesses have suffered a security breach; an increase compared with figures of 81% and 60% in 2014 respectively. The average cost of a security breach to a large organisation has almost tripled, costing between £1.46m – £3.14m on average, in comparison to £600k – £1.15m a year ago.

Alarmingly, three quarters of large organisations suffered a staff-related security breach in the last year, compared with 58% a year ago, highlighting that staff cannot always be relied upon for the protection of important data. When questioned further about this, half of all organisations admitted that these breaches were caused by human error.

One way in which staff-related security breaches can be reduced is to protect them from accessing company data in the first place. Our PCI compliant solutions allow for your employees to take payments from customers without the employees viewing or storing any of the card information. For more information on how this can help, call us on 0330 022 0660 or download our brochure here.

You can also download the full figures from PwC here.

A third of employees would sell your company data for the right price

A recent study undertaken by security company Clearswift has revealed that 35 percent of employees in the UK, Germany, US and Australia were open to selling company data including company patents, financial records and customer credit card details for bribes of upto £50,000 risking both their jobs and criminal convictions.

Alarmingly, 25 percent of the polled employees would consider selling company data for £5,000 and 18 percent for an offer of £1,000. 61 percent of employees stated that they had access to customer data, a dangerously high figure when 22 percent believe that they do not feel security of this data is their responsibility at all.

Even within the information security industry, 62 percent of professionals think employees do not care enough about security to change their behaviours. “While people are generally taking security more seriously there is still a significant group of people who are willing to profit from selling something that doesn’t belong to them” said Heath Davies, Chief Executive Officer at Clearswift. “It is not good business to live in fear of your employees, especially since most can be trusted,” said Davies. “Getting the balance right has always been hard. But truly understanding where the problems come from, combined with advances in technology which can adapt to respond differently to different threats, really changes the game here.”

There are steps you can take to stop your employees accessing private data. One way is to use an effective PCI DSS solution to shield your employees from viewing your consumers’ card details. To download our brochure click here or contact us today here.

Here is the full infographic with the survey results, courtesy of Clearswift:

Blog 10 infographic

PCI Compliance ‘merchant levels’ – where do you fit?

You may have heard of the four PCI compliance merchant levels and may be slightly confused as to which level your business fits into.

It really is quite simple, however, and the merchant levels are defined by Visa and are based on transaction volume over a 12 month period as per below:

Merchant LevelDescription
1Any merchant processing over 6 million Visa transactions per year. Visa also has sole discretion to determine which businesses should meet Level 1 requirement (in order to minimise risk to the Visa system).
2Any merchant processing between 1 million – 6 million Visa transactions per year.
3Any merchant processing between 20,000 – 1 million Visa e-commerce transactions per year.
4Any merchant processing less than 20,000 Visa e-commerce transactions per year. All other merchants processing up to 1 million Visa transactions per year.

Visa also advise that any merchant that has suffered a hack which has resulted in account data leaks can be escalated to a higher validation level at any time.

Whichever level your business may fall into, PCI Telecom can consult on the correct steps to take to ensure you are compliant.

Call us and discuss your requirements on 0330 022 0660 today or drop us an email to info@pcitelecom.co.uk to find out more.

You can also download our brochure here.

Carphone Warehouse hackers may have gained access to 2.4m customers’ data

Millions of Carphone Warehouse customers’ personal data may have been accessed by cyber attackers, and the data accessed is thought to have included names, addresses, dates of birth and bank details, with around 90,000 encrypted credit card numbers also stolen.

Security experts are urging customers affected by the breach to change passwords as soon as possible. Shares in Dixons Carphone, the parent company of Carphone Warehouse, fell 1.7% when the breach was announced, whilst a spokesman from the Information Commissioners Office (ICO) stated: “We have been made aware of an incident at Carphone Warehouse and are making enquiries”.

This spells out bad news for Dixons Carphone, formed by a merger of Dixons Retail and Carphone Warehouse a year ago. The ICO are known for giving large data fines to organisations affected by data breaches; fining Sony £250,000 after the PlayStation Network was hacked in 2013 and handing a £175,000 fine this February to holiday insurance company Staysure.co.uk after failed IT security systems allowed hackers to access company records.

As discussed previously in our ‘How a data breach can affect your business’ blog (available here) data breaches can put your business in a dangerous and volatile position. To find out how our solutions can help, download our brochure here or give us a call on 0330 022 0660.

Don’t let your company be at risk to credit card data breaches – contact us today to discuss a solution which can be suited to your needs.

Payment Industry Acronyms

There are many abbreviations in use within the payments industry and sometimes it can feel like it has its own language.

Here are five commonly used acronyms and their meanings explained:

  • PCI DSS – this stands for Payment Card Industry Data Security Standard which is a set of security requirements for ALL businesses that handle payment cards.
  • IVR – this stands for Interactive Voice Response and is a technology which allows a computer to interact with humans through the use of voice and DTMF tones input via a keypad
  • PCI SSC – the Payment Card Industry Security Standards Council who were created by the major payment card providers – Visa, MasterCard, American Express, Discover and JCB.
  • P2PE – this stands for point-to-point encryption which ensures sensitive cardholder data is protected from first entry, while in transit, and all the way through to the payment processor.
  • TLS (Transport Layer Security) & SSL (Secure Sockets Layer) were both protocols designed to provide secure communications over a computer network, however these have now been phased out with the introduction of PCI DSS 3.1

 

DTMF suppression explained

Traditionally the only way organisations have maintained PCI compliance is to keep call archives data-free. In the past, techniques such as switching off call recording altogether or pausing and resuming recording have been used. Whilst these can be considered PCI compliant, it is still allowing your employees access to the card details and it also raises an issue when you require a full untouched call recording.

DTMF (Dual Tone Multi Frequency) is a signalling system based on a set of standard tones which are created by pressing keys on the telephone keypad. This method of key entering is used with our ‘PCI Agent’ solution. Customers are advised to enter their card details into the keypad, in turn creating DTMF tones which are used to automatically detect the card data, and suppress it before it hits the recording system.

So what are the benefits?

  • The agent is in continual contact with a caller
  • No need for pausing and resuming recording
  • Full calls can be safely and easily recorded with no risk of non-compliance
  • Agents are presented with asterisks and cannot see the numbers which are being entered

Using DTMF suppression solutions in the past also used to be laborious, as an in-house solution was often required. With our solution, everything is cloud-based and there is no requirement to install any on-site systems. To find out more please drop us an email at info@pcitelecom.co.uk, or call us on 0330 022 0660.

World’s Biggest Data Breaches

Last week we discussed how a data breach could affect your business. This week we will be taking a look at some of the biggest data breaches to occur in the world.

Here are just three examples of the biggest data breaches to occur in the world so far:

Heartland Payment Systems

  • 2008-2009: 130 million records compromised
  • Malware on Heartland’s network recorded card details as it arrived from retailers
  • Albert Gonzalez who was behind the hack was sentenced to 20 years in prison which was the longest sentence ever handed down for computer crime in a U.S. court

Target Stores

  • 2013: 110 million records compromised
  • In December 2013 US retail giant Target’s payment card readers were hacked and around 40 million credit and debit card numbers were stolen
  • In January 2014, Target announced that the contact information of 70 million customers had also been compromised

Sony Online Entertainment Services

  • 2011: 102 million records compromised
  • Attackers exposed login credentials, names, addresses, phone numbers and email addresses of users.
  • The PlayStation Network remained offline for three weeks after the breach and costs were estimated at around $171 million

Recent research shows that fresh credit card data is worth around £20 on average on the black market, making a large breach very profitable for someone who is seeking to sell this sort of information on.

Take a look at this interesting visualisation of the world’s biggest data breaches

To completely secure your customers’ details when they are making payment, you can check out our solutions here, or email us on info@pcitelecom.co.uk

How a data breach could affect your business

According to a survey conducted by Experian, two in five British adults have been affected by data breaches and the City of London Police state that around one in four UK adults have been victims of identity crime, losing on average £1,200 each.

Around 7 in 10 people think that the responsibility of protecting their information is the sole responsibility of a service provider. It is imperative for your customers and clients to perceive your business as trusted and secure. A survey conducted in 2014 found that 65 percent of respondents would never, or were unlikely to, shop or do business again with a company that had experienced a data breach where financial data (such as credit card information or bank account number) was stolen.

A 65 percent loss of regular custom would result in a huge dip in revenue for any organisation, and the truth is that this could easily become a reality for any business that is not protecting and securing their customers’ financial data.

It may be the case that you feel you are being effective at managing these risks by ensuring employees are searched, have no access to pens or paper, and call recordings are being blanked out. This method, however, raises further difficulties in that it can lead to reduced staff morale, and is also an inefficient and time consuming way to remain compliant.

By using our PCI DSS solution, your employees will never have access to your customers’ financial data at any stage. A customer will be invited to dial in their card data and this will be hidden from an operator through the use of asterisks to mask the details.

Send us an e-mail today to find out how we can streamline this process and eliminate any risks or problems associated with financial data and compliance on: info@pcitelecom.co.uk.

What is PCI DSS Compliance? The Basics

Whilst it is obvious that PCI compliance is an important topic for businesses, it can also be incredibly complicated to understand. Before you can look into becoming compliant, it is essential that you have a basic understanding of what exactly PCI compliance is and also the requirements which has been set by the Payment Card Industry Data Security Standard (PCI DSS).

What is PCI compliance?

An easy-to-understand definition is a set of requirements that have been designed around protecting businesses that process, store, and transmit credit card information when customers make a purchase. These requirements were first set up by card provides Visa, MasterCard, Discover and American Express in 2004. They are now enforced by the PCI Security Standards Council.

Who exactly needs to be compliant?

It is the responsibility of any organisation that accepts credit or debit card payments to abide by the PCI DSS regulations.

Will this benefit the customers of a business?

By being PCI compliant, customers can be safe in the knowledge that their card details are being kept secure as your employees have no way of accessing or viewing their personal data. You can read more about the benefits to customers on our solutions page.

How do I go about ensuring my business is PCI DSS compliant?

You can contact us today, or download our free Compliance Guide to find out more about the solutions we can offer your business.

A big fine for sure!

A new era…