Sep
04
2014
September 4th, 2014 by Elma Jane

EMV, which stands for Europay, MasterCard and Visa, and is slated to be mandated across the United States starting in October 2015 and automated fuel dispensers have until October 2017 to comply. Unlike magnetic swipe cards, EMV chip cards encrypt data and authenticate communication between the card and card reader. Additionally, chip card user is prompted for a PIN for authentication.

Why are those dates important? Companies lose $5.33 billion to fraud today, with card issuers and merchants incurring 63 and 37 percent of these losses, respectively. Under the EMV mandate, merchants who do not process chip cards will bear the burden of the issuer loss. By accepting chip card transactions, merchants and issuers should see a reduction in fraud.

Overcoming Barriers to EMV Adoption

Given the significant barriers to EMV adoption, it may be tempting for merchants to meet minimum requirements for accepting EMV payments. However, medium to large retailers should also consider the bigger picture of customer security and peace of mind.

Some key critical success factors for a payment initiative of this size include:

Business Continuity Architecture: As with all payment systems, it is imperative to have the EMV system running at all times. The solution should preferably have Active-Active architecture across multiple data centers and have a low Recovery Point Objective (the point in time to which the systems and data must be recovered after an outage).

Cost Benefit Analysis: Take a top down approach and decide accordingly on the scope of the analysis. This will ensure that decisions on scope are made on basis of quantitative data and not just qualitative arguments.

Phased Approach: To overcome time or cost overage in a project of this scope and complexity, retailers should try using an iterative approach for development. The rollout can be divided into multiple releases of six to seven months, which will provide the opportunity to review, capture lessons learnt, and improve subsequent releases.

Proactive Monitoring Alerts: Considering the criticality of business function carried out by EMV, tokenization and payment gateway, a vigorous supervising environment must be defined to perform proactive and reactive monitoring. It should take into consideration the monitoring targets, tools, scope and methods. This will provide advance visibility to the failure points and better ensuring maximum system availability.

Resilience Testing: Typically in a software project, the testing is limited to the unit, integration, performance and user acceptance. However, due to the critical nature of the applications and systems involved, robust resiliency testing is vital. This will ensure that there are no single points of failure and the system remains available when running in error conditions.

Stakeholder Identification: This is a key step to ensure that you have varied perspectives from all departments and their support. It will keep your organization from being blindsided and reduce the risk of disagreements in later stages of the program. Key stakeholders should include Store Operations, Card Accounting, Loss Prevention, Contact Center and IT & Data Security.

Organizations should adopt a five step approach to implement a secure, robust and industry-leading payment solution:

Encryption – Point to point encryption will ensure card data is secure and encrypted from the point of capture to the processor. Usually, merchants use data encryption that is not point to point, rendering their organization vulnerable to data breaches. Software encryption is the most common form of encryption, as it is easily installed and quires little or no hardware upgrades; however, it is less secure, may expose encryption keys, and is prone to memory scanning attacks. Hardware encryption is considered more secure but requires more costly terminal upgrades. Hardware encryption is designed to self-destruct the keys if tampered, but is not well-defined as very limited headway has been made in this space. 

Tokenization – Build a Card Data Environment (CDE) that will host a centralized card data storage solution. Only limited applications with firewall access and capability to mutually authenticate via certificates can access CDE and receive card data. The rest of the applications will have tokens which are random numbers. This architecture will ease the merchant’s burden with existing and emerging PCI Data Security Standards.

Payment Gateway – Perform a risk assessment on the current payment gateway and identify gaps in functionality, manageability, compliance, scalability, speed to market and best practices. Determine the alternatives to mitigate the risks. Some of the important aspects of a leading payment gateway solution are support for all forms of credit, debit, gift cards and check transactions. Its ability to work with any acquirer, in-built encryption abilities, support for settlement and reconciliation must also be kept into consideration.

Settlement, Funding and Reconciliation – A workflow-based system to handle chargebacks and the automation of chargeback processing will greatly reduce labor-intensive work and enhance the quality of data used for settlement and reconciliation. Upgrades to the existing receipt retrieval system may be needed.

Card fraud is on the rise in the U.S., and merchants are the primary target for stealing information. With the EMV deadline just over a year away, the responsible retailer must take steps to prepare now. Although EMV implementation might seem overwhelming to merchants, they should start their journey to secure payments rather than wait for a looming deadline. Solutions such as data encryption and tokenization should be used in combination with EMV to implement a robust payment solution to better protect merchants against fraud. By proactively adopting EMV payment solutions, merchants can stay ahead of the regulatory curve and better protect their customers from fraud.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
27
2014
August 27th, 2014 by Elma Jane

Backoff malware that has attacked point of sale systems at hundreds of businesses may accelerate adoption of EMV chip and PIN cards and two-factor authentication as merchants look for ways to soften the next attack. Chip and PIN are a big thing, because it greatly diminishes the value of the information that can be trapped by this malware, said Trustwave, a security company that estimates about 600 businesses have been victims of the new malware. The malware uses infected websites to infiltrate the computing devices that host point of sale systems or are used to make payments, such as PCs, tablets and smartphones. Merchants can install software that monitors their payments systems for intrusions, but the thing is you can’t just have anti-virus programs and think you are safe. Credit card data is particularly vulnerable because the malware can steal data directly from the magnetic stripe or keystrokes used to make card payments.

The point of sale system is low-hanging fruit because a lot of businesses don’t own their own POS system. They rent them, or a small business may hire a third party to implement their own point of sale system. The Payment Card Industry Security Standards Council issued new guidance this month to address security for outsourced digital payments. EMV-chip cards, which are designed to deter counterfeiting, would gut the value of any stolen data. With this magnetic stripe data, the crooks can clone the card and sell it on the black market. With chip and PIN, the data changes for each transaction, so each transaction is unique. Even if the malware grabs the data, there not a lot the crooks can do with it. The EMV transition in the U.S. has recently accelerated, driven in part by recent highprofile data breaches. Even with that momentum, the U.S. may still take longer than the card networks’ October 2015 deadline to fully shift to chip-card acceptance.

EMV does not by itself mitigate the threat of breaches. Two-factor authentication, or the use of a second channel or computing device to authorize a transaction, will likely share in the boost in investment stemming from data security concerns. The continued compromise of point of sale merchants through a variety of vectors, including malware such as Backoff, will motivate the implementation among merchants of stronger authentication to prevent unauthorized access to card data.

Backoff has garnered a lot of attention, including a warning from the U.S. government, but it’s not the only malware targeting payment card data. It is not the types of threats which are new, but rather the frequency with which they are occurring which has put merchants on their heels. There is also an acute need to educate small merchants on both the threats and respective mitigation techniques.. The heightened alert over data vulnerability should boost the card networks’ plans to replace account numbers with substitute tokens to protect digital payments. Tokens would not necessarily stop crooks from infiltrating point of sale systems, but like EMV technology, they would limit the value of the stolen data. There are two sides to the equation, the issuers and the merchants. To the extent we see both sides adopt tokenization, you will see fewer breaches and they will be less severe because the crooks will be getting a token instead of card data.

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
23
2014
May 23rd, 2014 by Elma Jane

Before making a purchase, there are several devices that consumers may use to help them make a decision: Use a specific store’s mobile app on their smartphones. Visit the store’s website on a tablet or computer, or just pick up the phone and call customer service to ask a question. Whatever the case, omnichannel is an important buzzword for merchants.

Here are ways to ensure a seamless and secure retail experience to turn browsers into loyal buyers.

Ensure Channels Work Together

Even in historically single-channel retail sectors such as grocery, more than half of customers now use two or more channels before completing a purchase, shown in a recent study. Retailers must therefore offer both traditional and digital channels. However, before investing in the latest mobile-optimized website feature or app, retailers should learn how existing online and physical channels can together enhance the customer experience. What customers value most is not the number of channels offered, but how these channels support each other.

A merchant’s website might encourage visitors to take advantage of a special event in-store, while sales assistants on the floor can use Wi-Fi enabled tablets to access additional product information.

Help Customers Find What They Want

With Internet access ubiquitous, cost-conscious customers are just a click away from being able to compare prices and find special offers. Many take out their smartphone or tablet in stores to compare prices, a trend called Showrooming.

Online retailers can take advantage of this trend by encouraging shoppers to compare prices in-store using a mobile app. In-store retailers, on the other hand, could provide greater value through targeted offers, price match guarantees, expert advice, convenient delivery choices and personalized customer care.

Optimize The Checkout Experience

Businesses must be sure to have a quick, streamlined checkout process once they have converted an online browser into a customer or else they risk facing shopping cart abandonment. This can be done in a few steps:

1. Assess how the checkout experience can be customized for its customers. Keep the mandatory information required from new or first-time online or mobile shoppers to a minimum and shorten the process for returning customers by securely storing their payment details and other personal information.

2. Develop a dedicated mobile app or other innovative functions that can increase long-term satisfaction and loyalty.

3. Test different payment methods to find those that are most convenient for customers. These payment options may include paying with reward points, using a digital wallet or providing a digital offer or coupon at checkout. There is a balance to be found between having additional payment methods to meet customer expectations and choosing methods appropriate to a merchant’s business model.

4. Establish a one-click online checkout process. Chase for example, is currently developing a Chase Wallet and Quick Checkout solution. The Chase Wallet will allow customers to store and access their Chase cards and ultimately, any branded card for a quick checkout. It will also update Chase-branded cards when a customer replaces an existing card and use tokenization to securely process payments with select merchants.

Merchants also face the challenge of ensuring that the online and in-store checkout experience is secure, while at the same time eliminating as many false positives as possible. False positives are a hindrance to any business as they may reduce sales, increase chargebacks and frustrate customers. A quick-checkout solution may help reduce false positives because customer information is automatically populated rather than manually keyed into the checkout page.

Acquirers should also work with online retailers to provide a conditional approval code for a transaction. This code allows the fulfillment process to move forward while authentication is taking place. The additional time for a thorough authentication also helps reduce the number of false positives.

Use Data to Build Loyalty

Customers will likely return to a retailer if product marketing reflects their past purchases or interests. Therefore, taking advantage of data including a customer’s purchasing history, loyalty, behavior or social media interests may help retailers to better understand their customers as well as personalize their shopping experience.

According to a study released in March 2013, Chase Paymentech found that 32 percent of merchants use their payment data to help craft their multi-channel sales strategy and 42 percent use it to improve the online customer experience. In addition, further analysis of payment methods, chargeback rates, fraud rates and authorization rates may improve the customer shopping experience and  drive overall profitability.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
06
2014
May 6th, 2014 by Elma Jane

Bank of Lanzhou in China, has rolled out ATMs assimilating finger vein authentication technology from Japan’s OKI Vendor.

Bank of Lanzhou has deployed Recycler G7 machines – OKI’s ATM following a trial, which include a finger vein authentication module co-developed by Mofiria.

Japan’s OKI Vendor says that using vein patterns to identify customers is more secure than fingerprints and also minimises the calculations required for authentication.

The deal is OKI’s first for finger vein ATMs in China, but the technology is widespread in Japan, where tens of thousands of machines now require customers to scan their hands to access their cash.

 

Posted in Payment Card Industry PCI Security, Smartphone Tagged with: , , , , , ,

Apr
11
2014
April 11th, 2014 by Elma Jane

PCI DSS 3.0 standard, which took effect January 1st, introduces changes that extend across all 12 requirements, aimed to improve security of payment card data and reducing fraud. There will be some shakeups for many organizations when it comes to their day-to-day culture and operations. Transitioning to meet the new requirements will help e-business build a stronger, safer, lower-risk environment for their customers.

While the growing number of digital payment avenues offers convenience to customers, it also offers a larger attack surface for criminals.

As cloud technologies and e-commerce environments continue to grow, creating multiple points of access to cardholder data and online retailers will only become more appealing targets for hackers. Cybercriminals are cunning and determined. They understand payment card infrastructures as well as the engineers who designed them.

A scary proposition and it’s exactly why the payment card industry is so determined to help keep e-commerce organizations protected. Meeting the new standard, businesses will be better armed to fight evolving threats. Changes will also drive more consistency among assessors, help business reduce risk of compromise and create more transparent provider-customer relationships.

Transitioning to PCI DSS 3.0 will involve some work, but doing that work on the front end is going to save much work down the line. Adopting the new standard ultimately will drive your e-commerce business into a secure and efficient era.

Cultural Changes – One of the main themes of 3.0 is shifting from an annual compliance approach to embedding security in daily processes. Threats don’t change just once a year. They’re constantly evolving and that means e-commerce organizations must adopt a culture of vigilance. Only through a proactive business-as-usual approach to security can you achieve true DSS compliance. Realistically, this could mean the need to provide more education and build awareness with staff, partners and providers, so that everyone understands why and how new processes are in place.  

Operational Changes – The 3.0 standard addresses common vulnerabilities that probably will ring a bell with many of you. These include weak passwords and authentication procedures, as well as insufficient malware detection systems and vulnerability assessments, just to name a few. Depending on your current security controls program, this could mean you’ll need to step up in these areas by strengthening credential requirements, resolving self-detection challenges, testing and documenting your cardholder data environment and making other corrections.

Overview Changes – How much work lands on your plate will depend on your current security program. Examining your current security strategies and program is a good idea. Below are the areas requiring your attention, which this series will explore in more detail in future installments.

Service Provider Changes –  Some organizations made unsafe assumptions in the past when it comes to third-party providers. Some have paid the price, from failed audits to breaches. One reason that the new standard is designed to eliminate any confusion over compliance responsibilities. Responsibilities, specifically for management, operations, security and reporting all will need to be spelled out in detailed contracts. In addition to improved communication, an intensified focus on transparency means that you should have a clear view of your provider’s infrastructure, data storage and security controls, along with subcontractors that can impact your environment. So if your organization isn’t exactly clear on which PCI DSS requirements you manage and which ones your providers handle, prepare to get all of that hammered out.

The Compliance Rewards – The path to preparing for the 3.0 deadline in January 2015 sounds like it’s a lot of work. So to get started request your QSA’s opinion on how the changes will impact your organization, by doing the gap assessment and you’ll be able to address any shortcomings.    

Meeting the new 3.0 requirements isn’t just about passing audits. In fast paced payment IT landscape, staying smart and protected is part of our commitment to our customers. Beefing up security game not only reduce audit headaches, but also enjoy stronger brand reputation as a safe and reliable e-commerce business.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, e-commerce & m-commerce, Electronic Payments, Financial Services, Payment Card Industry PCI Security, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Dec
02
2013
December 2nd, 2013 by Elma Jane

Europay, Mastercard, and Visa (EMV) standards. Considered safer and widely used across Europe and other nations, the chip-based cards require insertion of the card into a terminal for the duration of a transaction, a break here from our traditional swipe-and-buy behavior. That’s just one way in which EMV changes things here… but it’s not the only way, nor is it the most important way. By way of reminder, October 2015 is the date by which all restaurants and other merchants are due to have implemented these standards, or potentially be liable for counterfeit fraud, which primarily reflects a shift from magnetic-stripe credit cards to chip cards.

The main driver in the EMV migration is card-related financial fraud.  As an example, and traditionally, card fraud in the United Kingdom has always been considerably higher than here in the States, primarily because the U.K. previously used offline card authorization as opposed to the online card methodology used here. As losses due to fraud rose steadily in Europe, despite the best efforts of global law enforcement agencies to reduce it, the pressure to find a solution built around some alternative authentication strategy mounted. From this concern, EMV was born.

Is it working? Recent statistics from the European Central Bank (ECB) revealed that, despite growing card usage, fraud in the Single Euro Payments Area (SEPA) – a mature EMV territory that includes all 28 members of the European Union,  Finland,  Iceland ,  Liechenstein,  Monaco and Norway,  – fell 7.6% between 2007 and 2011. This decline is underpinned by a slowdown in the growth of ATM fraud as well as a 24% drop in fraud carried out at point of sale terminals. The 2008 Canadian roll-out of Chip and PIN had a dramatic impact on fraud there. Card Skimming had accounted for losses totaling $142 million, but that figure dropped to $38.5 million in 2009, according to figures provided by the Interac Association. Some critics point to the fact that most of this decrease comes in the form of face-to-face card fraud, and that criminals merely shift their focus onto some other area that is less anti-fraud focused. Still, there are positive gains and as technologies improve, more successes are sure to follow.

Part of the reason why the U.S. not embraced  EMV sooner is because our  fraud problem, while significant, has typically been among the lowest rates in the world among highly developed economically mature countries. Much of that is due to the online authentication methods at work here. Here at home, our online authentication methodology permits authorizations to be done in real-time, thus thwarting a significant percentage of the fraudulent attempts at the point-of-sale, the best place to stop fraud. Our online authentication methods also incorporate multiple fraud and risk parameters as well as advanced neural networks that are ‘built-in’ to the approval process. It’s been a highly effective system that works well, when compared to most alternatives. The effectiveness of our authentication processes has helped fuel the resistance to full EMV adoption here. However, the EMV migration has gained momentum to the point where it is only a matter of time. The truth is that, despite the gains in preventing credit card fraud, and despite the best efforts of EMV’s backers to push acceptance through, global adoption of the EMV standard is still considerably less than 100%.

In England’s old offline authentication method, credit card transactions were gathered together at specific times- typically, at the end of the business day- and then batched over to the card issuers for authorization. It’s a method that gave those committing fraud a significant time lag between the transaction and the authorization, and this time lag contributed greatly to the higher levels of fraudulent activities in England. However, for Europe and for much of the rest of the world, adoption of the EMV technologies changes things dramatically, at least in terms of authentication protocols for both online and offline purchases. During an offline transaction using the EMV chip card, the payment terminal communicates with the integrated circuit chip (ICC), embedded in the payment card. This is a break from the old method which involved using telecommunications to connect with the issuing bank. The ICC / terminal connection enables real-time card authentication, cardholder verification, and payment authorization offline. Alternatively, in an online EMV transaction, the chip generates a cryptogram that is authenticated by the card issuer in real time.

Posted in Electronic Payments, EMV EuroPay MasterCard Visa, Financial Services, Near Field Communication, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Oct
31
2013
October 31st, 2013 by Elma Jane

While credit card processors and retailers have made strides to combat credit card fraud, it is still rampant across the U.S. In fact, credit card fraud jumped 17 percent between January, 2011, and September, 2012, according to the most recent data from the FICO Falcon Fraud Manager Consortium.

Debit cards obviously have better safeguard measures in place, since debit card fraud rose less than 1 percent between January, 2011, and September, 2012. Plus, the average fraud loss per compromised account fell by 3 percent.

Card-not-present (CNP) fraud is the biggest challenge by far, accounting for 47 percent of all credit card fraud. CNP fraud – which includes payments via the internet, mail and phone – grew 25 percent over the two-year period. So, where the problems with credit cards lie.

Unfortunately, CNP fraud may get worse before it gets better, in FICO’s Banking Analytics Blog. This problem may even intensify as the US moves away from magnetic stripe and toward EMV [chip] card technology. In other countries adopting chip-based authentication technology, we’ve seen counterfeit fraud decline, but as a counterbalance, fraudsters often ramp up efforts around CNP fraud.

However, there was a glimmer of light in the credit card fraud fiasco. While card fraud attempts rose, the average loss per compromised account dropped 10 percent. Plus, the ratio of fraud to non-fraud spending remained constant. “In other words, the volume of card fraud increased proportionally to the volume of consumer credit card spending.

Even though many retailers have implemented successful fraud prevention programs, Visa provides retailers with the warning signs for CNP fraud, including:

Multiple cards used from a single IP address. Orders made up of “big ticket” items. Orders that include several of the same item. Shipping to an international address. Transactions with similar account numbers.

Posted in Digital Wallet Privacy, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Oct
15
2013
October 15th, 2013 by Elma Jane

What is an electronic check?

Electronic Check also known as Echeck – is an electronic version of a Paper Check. Electronic Checks allow merchants to convert paper check payments made by customers to electronic payments that are processed through the (ACH) Automated Clearing House Network. It’s a fast, efficient, and secure way to process check payments.

Because of the many benefits and increased security methods that electronic checks offer, this method of payment is quickly growing in popularity. In 2007, electronic check conversion increased by 30%, with more than 3.1 billion paper checks converted to echecks through in-store transactions. Familiarizing yourself with how electronic checks work, the benefits and security features they offer, and how you can get started with electronic check conversion will save you time and money and help you provide greater protection for your business and your customers.

How it works:

Electronic check conversion is a simple method of processing payments, and the changes to how you do business are minimal. One of this method’s greatest advantages is that you can electronically submit checks instead of having to physically take them to the bank, saving you time and increasing employee efficiency.

When you receive a paper check payment from your customer, you will run the check through an electronic scanner system supplied by your merchant service provider like National Transaction Corporation (NTC). This virtual terminal captures the customer’s banking information and payment amount written on the check. The information is transferred electronically via the Federal Reserve Bank’s ACH Network, which takes the funds from your customer’s account and deposits them to yours.

Once the echeck has been processed and approved, the virtual terminal will instantly print a receipt for the customer to sign and keep. Employees should mark the paper check as “void” and return it to the customer. Your merchant transactions will be available online for viewing with customized detailed reporting, which may vary in features depending on the merchant service provider you choose.

Using electronic check conversion to process your customers’ payments holds many benefits over paper checks:

Benefits:

1. Received Funds Sooner. Businesses that use electronic check conversion have funds deposited almost twice as fast as those using the traditional check processing method, with billing companies often receiving payments within one day.

2. Reduced Fraud and Fewer Errors. Echecks are processed using an automated system, which cuts down the number of people who must handle the check, reducing the potential for error and fraud. Merchant service providers (NTC) also maintain, monitor, and check files against negative account databases that store information about individuals or companies that have past records of fraud to help decrease fraudulent activity.

3. Reduced Processing Costs. In general, the cost to process an echeck is substantially less than that of paper check processing or credit card transactions. Echecks require less manpower to process and eliminate incidental costs such as deposit and transaction fees that accompany paper checks. With Echecks, you can save up to 60% in processing fees.

4. Sales Increase. If your business didn’t accept paper checks in the past, you can expand the payment options available to your customers and increase sales by offering echecks. If you are converting from accepting paper checks to echecks, you can still expand your customer base by being able to accept international and

out-of-state checks without the worry of fraud. Echecks require account validation and customer authentication processes that identify bad checks within seconds.

5. Safe, Simple and Smart. Electronic check conversion is easy to set up and relies on the ACH Network for processing, the same reliable and trusted funds transfer system that handles Direct Deposit and Direct Payment. Plus, echecks are a smart choice for the environment, helping to reduce more than 67.4 million gallons of fuel used and 3.6 million tons of greenhouse gas emissions created by transporting paper checks.

Increase security with electronic checks – Electronic check conversion leverages the latest information protection features such as encryption and message authentication. Because of this, many retail merchants, merchant service providers, and financial institutions consider it to be one of the most secure payment methods in the electronic payment processing industry.

 Authentication – Merchants must verify that the person providing the checking account information has the authority to use that checking account. There are a number of authentication services and products available to merchants, including:

Digital Signatures or Digital Certificates are a way of Encrypting information that gives the receiver a more reliable indication that the information was sent by the claimed sender. They are used by programs on the Internet to confirm the identity of a customer to concerned third parties, serving a similar purpose as a handwritten signature. Digital Signatures cannot be easily tampered with or imitated and are easily transportable, thereby making them a reliable method for verifying identity when implemented correctly. Digital Signatures are often used to implement Electronic Signatures, a broader term that refers to any Electronic Data that carries the intent of a signature.

Duplicate Detection and prevention is another way to reduce fraudulent activities. Financial institutions have software and operational controls in place to prevent duplication of the scanned electronic representations of customer checks.

Encryption The ACH Network automatically encrypts messages using 128-bit encryption and a secure sockets layer (SSL).

 Public Key Cryptography is an Encryption/Decryption Security Method that uses one key to Encrypt a sent message and another to Decrypt it. With Electronic Check Conversion, the Private Key is a secret mathematical calculation used to create the digital signature on the Echeck, and the Public Key is the corresponding key given to anyone who needs to verify that the sender signed the echeck and that the electronic transfer has not been tampered with. Public Key Cryptography is another way to ensure authenticity of the Electronic Transfer of Funds.

 What is the (ACH) Automated Clearing House Network?

The Automated Clearing House (ACH) Network is a funds distribution system that moves funds electronically from one entity to another. This highly reliable and efficient nationwide electronic network is governed by the rules established by the National Automated Clearing House Association (NACHA) and the Federal Reserve (Fed). The ACH payment system also handles debit card transactions; direct deposits of payroll, Social Security, and other government benefits; direct debit payments; and business-to-business payments.

How to get started with Echeck:

Useful advice to help make the implementation of electronic check conversion at your business run smoothly:

Choose a processing company that is well established in the market. While a competitive pricing package may also be of importance, having a processor that is reliable with a good reputation is essential.

Look for a processor that enables you to easily align your current business processes with your new electronic processing system. Ensure that you can easily export customer data and smoothly integrate the electronic payment processing system with your business management software.

Notify your customers that your business will begin using electronic check conversion to process payments. Federal rules require you to post a notification about this change in practice as well as to give your customers a takeaway copy of the notification. You must also provide customers a telephone number to request more information about electronic check conversion.

 

 

Posted in Electronic Check Services, Electronic Payments, Financial Services Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,