Dec
11
2015
M-Payments
December 11th, 2015 by Elma Jane

The use of in-store mobile payments increased in the US this year, from 5% in 2014 to 18% in 2015, research reveals, with approximately one in five consumers using their phone to make a payment at the point of sale.

The most popular uses of mobile payments in the US:

Public Parking (19%)

Gas Station Purchases (18%)

Coffee Shops and Fast Food Dining (17%)

Paying for Groceries (16%)

Public Transportation (16%)

Paying for a Taxi (16%)

Paying for restaurant bills (15%)

Checking out of a Hotel and Paying the Bill (13%)

Shopping for Clothing (12%)

Shopping in General on the High Street or in the Mall (10%)

Other (7%)

US consumers aged between 25 – 34 were seen as driving the largest portion of mobile payment activity at 36%, with those aged from 45-74 accounting for less than 10% of activity.

Half of the survey’s 2,000 respondents in the US cited security concerns as the main reason for not using mobile devices for in-store payments, while consumers place the greatest trust in traditional financial institutions like banks (49%) for provision of payment services.

Mobile technology is now moving beyond simply being a mode of communication and advancing towards the era of the always-connected consumer, says US telecommunications sector leader at Deloitte.

http://www.nfcworld.com/2015/12/11/340588/store-mobile-payments-increase-four-fold-across-us/

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale Tagged with: , , , , ,

Oct
19
2015
Security
October 19th, 2015 by Elma Jane

Small merchants don’t consider themselves at risk for a cyberattack. But Cybercriminals thrive on data about employees, customers, bank accounts and many other types of information any small business would carry, with fewer resources than large firms, small businesses are especially at risk for attacks.

Here are Steps to find out to make your business more cybersecure:

Employ best practices on payment cards – Credit card companies are now shifting from magnetic-strip payment cards to safer, more secure chip card EMV Technology. Are you ready for the shift? Now is the time, you should work with your banks and processors to ensure you’re using the most trusted and validated anti-fraud services. You may also have additional security obligations pursuant to agreements with your bank or processor. You should isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

Educate employees about cyberthreats – Educate your employers about online threats and how to protect your organization’s data, including safe use of social networking sites.

Protect against viruses, spyware, and other malicious code – Make sure all of your organization’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.

Require employees to use strong passwords and to change them often – Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.

Secure your networks – Safeguard your Internet connection by using a firewall and encrypting information.  If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.

No one can guarantee your safety from a cyberattack, appropriate planning makes a big difference. By using these tips and resources, you can help promote the safety of your employees, customers, and the future success of your small business.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , ,

Oct
16
2015
EMV
October 16th, 2015 by Elma Jane

With the EMV liability shift that takes effect in October 2015, how much you’ll be affected depends on how you process credit card payments.

For Card Present Transactions

If you use POS hardware or terminal that you need to swipe the credit card, then you’ll be facing the same EMV environment as retailers. October 1st is the start of the liability shift for fraudulent charges made with the card present transactions. The party who hasn’t made an investment in EMV security features will be liable.

For the card issuer, they need to invest in EMV security features, that’s why they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.

For the merchant, they need to invest in EMV capable terminals or POS hardware that can take advantage of the card’s security chip.

If both parties have made the investment, then liability will be resolved in a similar manner to how it was before the shift. However, if only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.

For Card Not Present Transaction (CNP)

If you process credit cards online, over the phone, or through an online payment gateway integrated, the new EMV standards won’t directly change the way you do business. You’ll still be processing EMV cards based on the customer’s credit card number.

Chances are Card-Not-Present transactions will experience an increase in fraud. Because of the EMV-technology in the Card Present Transaction, fraudster will likely turn their attention to the next target which is CNP,

but payment gateways and banks concerned about the vulnerabilities, will begin to adopt new standards to minimize their exposure.

If you’re processing CNP transactions stay up-to-date on the newest security developments, online security standards find more effective ways to navigate the new credit card security frontier.

 

 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Point of Sale Tagged with: , , , , , , , , , , , ,

Oct
01
2015
EMV
October 1st, 2015 by Elma Jane

The day the payments industry has pointed to for several years arrives today, a turning point in the U.S.‘s migration to EMV chip-and-PIN cards.

Rules set by Visa and MasterCard as of today, the liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. Banks will be issuing EMV Chip Cards.

An enormous change, as everyone learns to deal with the new technology that requires consumers to insert their cards and leave them in the store machines throughout a payment transaction, rather than swipe.

In a recent survey, less than a third of merchants overall have invested in EMV-compliant technology, and one study said 80 percent of small and midsize merchants have not upgraded their systems as of today’s liability shift.

Issuers are claiming to be more prepared than merchants, but according to the Smart Card Alliance, around 200 million chip cards have been issued to U.S. cardholders. That, however, is less than 17 percent of the approximately 1.2 billion payment cards in circulation.

What is clear is that today does not represent the end of the journey. The lack of preparedness at the physical point of sale, however, may be beneficial for card-not-present merchants.

Over the past few months, the mainstream media has awoken to the fact that implementing EMV does not mean fraud will disappear. Fraudsters quickly adapted to the difficulty of counterfeiting cards by attacking Card-Not-Present channels, where a chip has no effect.

In other markets, fraud migrated quite rapidly to card-not-present channels. It is necessary on e-commerce merchants to protect themselves with an array of tools, like device authentication, one-time passwords, randomized PIN pad and biometrics. Fraud mitigation tools like data analytics, address and CVV verification, 3D secure and tokenization. These services should be available from their merchant acquirer processor or gateway.

There should be a gradual reduction in card fraud over the next 12-18 months in spite of the delays in this country’s EMV migration. It’s going to take time for the technology to be adopted.

U.S. Merchants’ overall relative lack of preparedness for EMV may give e-commerce and mobile merchants time they didn’t think they would have to explore the options.

Sophisticated authentication technologies such as biometrics will help increase the security of card transactions. Device-based verification could be easily incorporated in an EMV transaction.

Banks have expressed interest more in using the phone as a biometrics. It’s all going to depend on what is the most convenient way to access your funds. The nice thing about biometrics is it’s meant to enable more convenience and stronger security.

 

Posted in Best Practices for Merchants, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mobile Payments, Mobile Point of Sale, Point of Sale Tagged with: , , , , , , , , , , , , , , , , ,

Jun
26
2015
June 26th, 2015 by Elma Jane

As you can tell from the name, Android Pay playbook is remarkably similar to Apple Pay. Android Pay will use an on-board Near Field Communication (NFC) chip and tokenization services from the major networks to deliver a token from the phone to an NFC-enabled point of sale. Just like Apple Pay. Android Pay is supported by more than 700,000 merchant locations and Android Pay will provide APIs for app developers to take in-app payments from the on-board wallet. Both Apple Pay and Android Pay have fingerprint scanners on phones, you can enable payments with just a fingerprint scan.

While details are barely sufficient, rumor has it Google won’t charge banks a fee as Apple does on the transactions and that’s the difference. Additionally, technical differences in the operating systems underlying the payment system exist, but they won’t affect how every day users experience the system. Android Pay will suffer a slower upgrade path than Apple Pay, due to the lack of hardware support for the newer operating system (it can take Android twice as long to get users upgraded).

There is no war between Apple and google. NFC won the war! We are seeing all of the armies gather together under its flag. As consumers, we love to see better products. When it comes to payments, we need standards and reliability.

With the alignment of the two operating system platforms on NFC, on user experiences like fingerprint unlocking and on both in-app and retail payments, consumers, retailers, and app developers can build an ecosystem we can all understand. Credit cards work great because they are ubiquitous. Everyone can use them everywhere, and every retailer has incentives to be a part of the system.

An NFC-based mobile payments experience will have this same effect. Over the next five years more and more retailers will add NFC-capable terminals. More phones will be fully capable of NFC payments with fingerprint sensors. More consumers will carry those phones.

So if it’s not a war, are there any losers? Companies focused on plastic cards, but not NFC. Transitory technologies like Samsung Pay’s MST (magnetic secure transmission) also have a strong transition period as they enable payments at non-NFC enabled terminals. MST (magnetic secure transmission) is a strong player because the user experience is very similar (hold a phone to a reader), even if the technical method is not the same.

 

Posted in Best Practices for Merchants, Near Field Communication Tagged with: , , , , , , , , , , , , ,

Apr
27
2015
April 27th, 2015 by Elma Jane

I was shopping in Kmart and didn’t understand why my Credit Card transaction was declined. My card is EMV and Kmart is EMV, but the Kmart system did not forced the transaction to run as EMV so, Citibank declined it. Kmart can loose a $600 sale can your small business afford it? If you think hiring a professional is expensive try an amatuer…

A lot of stores, specially big chain stores, have EMV capable terminals, but they haven’t turned them on yet and still force you to swipe. Some think, migration is just getting a new terminal and asking their acquirer to enable EMV on their account. Its not only about the liability shift, and the EMV equipment, It’s the lack of information for the Merchants.

There has to be training and orientation that merchants will need to invest into for their employees. As well as changing our mentality that we all need to be prepared for this upcoming transition….as both consumers and business owners.

The issuing banks can, and are starting to decline transactions when a merchant CAN use EMV but do not. EMV is coming October 2015 and if you are not ready you may loose sales, and will loose when a fraudulent card walks in your business.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , ,

Oct
09
2014
October 9th, 2014 by Elma Jane

Coin

This 300-year-old coin around my neck. It was off of a Spanish Shipwreck known as the Shipwreck of 1715. When I first saw it, I noticed a little hole with a speck of a diamond. I questioned the jeweler about it, why would you drill a hole in a 300-year-old coin and damage this 300-year-old treasure? The jeweler preceded to tell me that it was a 300-year-old hole.

Think about how we used currency 300 years ago. There were no banks, no financial institutions to hold merchants money. So if I had a bunch of money, I had it on a wire or had it in a box. I may have kept my money in my mattress. People would keep their money on a wire, punch holes in the coins, string the money through the wire and then go back to business on their horse and buggy, or however they got from point-to-point 300 years ago. If you have ever heard a phrase that the business owner started his business on a shoe string, you now know where the phrase originated.

What I found amazing in this one coin that I wear is that, It has thousands of transactions in its history. Who knows what was bought and sold with this very coin? Whether it was goats or chickens, a piece of property somewhere, or a boat ride to the states, or whatever it might be. There is no documented history behind each one of those transactions.

Today, when National Transaction processes a transaction for a merchant, we know the date and time. We know the amount of sale, we probably know the email address and the owner zip code, we actually know quite about the information around that transaction.

Many articles are written that answer the who, what, when, where and why questions with today’s electronic transactions. We have four of the five answers. We know who, what, when and where. The only thing that we don’t know is why the customer bought the item.

If this coin had today’s technologies there would have been thousands of transactions that this coin could have shared. The story of those purchases would be fascinating.

All business owners wants to make a sale. Each time they do make a sale, we recommend capturing any and all contact information. This customer is a buyer! Today, most people have an email address or cell phone number. If we don’t capture the customer’s information we have just ignored the single most important thing in any business’s life cycle: the customer.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , ,

Sep
05
2014
September 5th, 2014 by Elma Jane

Businesses are rapidly adopting a third-party operations model that can put payment data at risk. Today, the PCI Security Standards Council, an open global forum for the development of payment card security standards, published guidance to help organizations and their business partners reduce this risk by better understanding their respective roles in securing card data. Developed by a PCI Special Interest Group (SIG) including merchants, banks and third-party service providers, the information supplement provides recommendations for meeting PCI Data Security Standard (PCI DSS) requirement 12.8 to ensure payment data and systems entrusted to third parties are maintained in a secure and compliant manner.

Breach reports continue to highlight security vulnerabilities introduced by third parties as a leading cause of data compromise. The leading mistake organizations make when entrusting sensitive and confidential consumer information to third-party vendors is not applying the same level of rigor to information security in vendor networks as they do in their own. Per PCI DSS Requirement 12.8, if a merchant or entity shares cardholder data with a third- party service provider, certain requirements apply to ensure continued protection of this data will be enforced by such providers. The Third-Party Security Assurance Information Supplement focuses on helping organizations and their business partners achieve this by implementing a robust third-party assurance program.

Produced with the expertise and real-world experience of more than 160 organizations involved in the Special Interest Group, the guidance includes practical recommendations on how to:

Conduct due diligence and risk assessment when engaging third party service providers to help organizations understand the services provided and how PCI DSS requirements will be met for those services.

Develop appropriate agreements, policies and procedures with third-party service providers that include considerations for the most common issues that arise in this type of relationship. 

Implement a consistent process for engaging third-parties that includes setting expectations, establishing a communication plan, and mapping third-party services and responsibilities to applicable PCI DSS requirements.

Implement an ongoing process for maintaining and managing third-party relationships throughout the lifetime of the engagement, including the development of a robust monitoring program. 

The guidance includes high-level suggestions and discussion points for clarifying how responsibilities for PCI DSS requirements may be shared between an entity and its third-party service provider, as well as a sample PCI DSS responsibility matrix that can assist in determining who will be responsible for each specific control area.

PCI Special Interest Groups are PCI community-selected and developed initiatives that provide additional guidance and clarifications or improvements to the PCI Standards and supporting programs. As part of its initial proposal, the group also made specific recommendations that were incorporated into PCI DSS requirements 12.8 and 12.9 in version 3.0 of the standard.One of the big focus areas in PCI DSS 3.0 is security as a shared responsibility. This guidance is an excellent companion document to the standard in helping merchants and their business partners work together to protect consumers’ valuable payment information.

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Aug
29
2014
August 29th, 2014 by Elma Jane

Merchant_Account_Type

High risk credit card processing is electronic payment processing for businesses deemed as HIGH RISK by the MERCHANT SERVICES INDUSTRY

The high risk segment of payment processing has become more important as banks and ISO’s have begun to tighten up their credit restrictions and underwriting policies. Businesses are classified as high risk primarily because of their product or service and the way they go to market. In merchant services, risk is related to CHARGEBACKS or customer disputes.

The more likely a business to have chargebacks, the higher risk the business. For instance, online businesses selling a weight loss product through a free trial offer, is more likely to have chargebacks than a retail store selling the same weight loss product.

Merchants are often unaware their business falls into the high risk category when they first start shopping for a merchant account. Getting a high risk merchant account can be difficult.

These providers have more stringent requirements and the application process is longer compared to traditional merchant account providers.

High risk businesses should expect to pay higher rates and fees for payment processing services. As a general rule of thumb, merchants should count on paying at least more than a traditional merchant account. Most high risk merchant accounts also require a contract of at least 18 months, whereas low risk providers offer accounts without cancellation fees or contracts.

ROLLING RESERVES are also a big part of high risk credit card processing. Most high risk merchants have some sort of rolling reserve placed on the account, especially new accounts without any processing history. A Reserve refers to an account where a percentage of the funds from transactions are held in reserve to cover against any chargebacks or fees that the processor may not be able to collect from the merchant. This is similar to a security deposit, but merchants don’t have to pay it up front. Reserves are a pain point for many small high risk merchants, but they are definitely necessary and without them, processors would not accept any high risk merchants at all.

What Businesses Are High Risk?

As mentioned earlier, businesses are usually classified as high risk due to the product or service they offer, however merchants with severely damaged credit or a recent bankruptcy can also be considered high risk. Below are just of the few common high risk merchant categories:

Adult Websites

Cigars & Pipe Tobacco Online

Collection Agencies

Credit Repair

Debt Consolidation

E-Books & Software

Electronic Cigarettes

Firearms – Online

High Ticket & High Volume

Medical Marijuana Dispensaries

Multi Level Marketing & Business Opportunities

Nutraceuticals like weight loss supplements, cleansers etc.

Penny Auctions

Sports Betting Advice

Ticket Brokers – Online Tickets

TMF Merchants

Travel & Timeshare

Unfortunately this list is growing and some credit card processing companies even classify any start up Internet business, that doesn’t have extensive financials to be high risk. With the recent economic recession in the United States, there has been an increase in these start up Internet ventures. People are either looking to supplement their income or start their own business instead of looking for work.

How To Protect Your Business

Accepting credit cards is the single most important part of most online businesses. Unfortunately, many successful businesses go under after having their merchant account shut down. High risk merchants should always be cognizant of their merchant account and pay attention to chargeback percentages. Below are some tips for high risk merchants looking for payment processing solutions.

Be Upfront: Make sure your processor knows exactly what you sell and how you market the product/service. If they don’t accept your business type, keep shopping for a new merchant account provider. Many merchants will try to fly under the radar by not revealing all their products or fully disclose their marketing methods to the processor. This is a bad move, the processor will eventually find out the details about your business. This is usually from doing an audit on your transactions and contacting your customers.

Negotiate Every 3 Months: Credit card processing companies underwrite applications based on previous processing history. If there is no previous history, the account is riskier and the terms offered are usually more expensive and restrictive. You can always re-negotiate your rates, reserves and other contract terms with your current processor. Once they have 3 months of history to evaluate, they may be able to offer you a better deal. Three months of history is the magic number for most processors. If you applied without the previous history and were declined, there is a chance the same processor will approve your application if you provide 3 months of previous statements.

Prepare For The Worst: All high risk merchants should keep at least 2 active merchant accounts, from different providers. You never know when underwriting guidelines might change, or you may have an influx of chargebacks. Having a backup account or even multiple back up accounts is a good idea. Many high risk providers offer a load balancing gateway, which allows for multiple merchant accounts to be integrated into one payment gateway. This way you can spread transactions across multiple accounts, through one shopping cart/gateway.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
29
2014
May 29th, 2014 by Elma Jane

A point-of-sale facial recognition system that uses NFC to help combat card fraud has been created during a recent company hack-a-thon, together with a group of engineers and designers from Logic PD. Hackathon was an opportunity for experts to explore the possibilities of useful solutions to today’s challenges, with the recent significant breaches in security at leading retailers, the need for this type of solution is particularly meaningful.

The solution, is a multi-modal security platform for card purchases, uses NFC authentication combined with camera imaging to protect users. When users make a mobile payment at the point of sale, the kiosk snaps a picture of the purchaser. This image can be incorporated via the cloud into the user’s digital transactional record, which was stored and distributed via SeeControl in this example, allowing users to identify who made each purchase, and easily identify those that are fraudulent even before banks and financial institutions.

Posted in Credit Card Security, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , ,

← Previous Article
Next Articles »