May
04
2015
May 4th, 2015 by Elma Jane

The rate of payments fraud is steadily decreasing, the current frequency stands at 0.06 percent or six basis points. 

The perception of risks associated with card payments are much larger than the actual threat or reported losses. But the lack of trust that comes from such perception could impact the growth of the payments industry.

Recent advancements in payments security, such as tokenization and multiple tier authentication protocols, have contributed to the manageable number of fraudulent transactions. The EMV migration is expected to push the figure even lower, as chip-enabled technology spreads to over 50 percent of the US by the end of 2015.

For criminals, breaking into robust financial systems is becoming more costly and time consuming, which has discouraged many from attempting such unlawful acts.

Fraud is something that we can’t say will be eliminated completely. But efforts by all stakeholders in the industry can contain it to the minimum.

Counterfeit cards and payments data falling into the wrong hands are the two most common types of fraud that consumers are facing today. The surge in e-commerce has been linked to greater risks of fraud in the online channel, and while counterfeiting cards may be more difficult with EMV in place, online fraud has historically increased in its place.  

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , ,

Apr
27
2015
April 27th, 2015 by Elma Jane

I was shopping in Kmart and didn’t understand why my Credit Card transaction was declined. My card is EMV and Kmart is EMV, but the Kmart system did not forced the transaction to run as EMV so, Citibank declined it. Kmart can loose a $600 sale can your small business afford it? If you think hiring a professional is expensive try an amatuer…

A lot of stores, specially big chain stores, have EMV capable terminals, but they haven’t turned them on yet and still force you to swipe. Some think, migration is just getting a new terminal and asking their acquirer to enable EMV on their account. Its not only about the liability shift, and the EMV equipment, It’s the lack of information for the Merchants.

There has to be training and orientation that merchants will need to invest into for their employees. As well as changing our mentality that we all need to be prepared for this upcoming transition….as both consumers and business owners.

The issuing banks can, and are starting to decline transactions when a merchant CAN use EMV but do not. EMV is coming October 2015 and if you are not ready you may loose sales, and will loose when a fraudulent card walks in your business.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , ,

Jan
15
2015
January 15th, 2015 by Elma Jane

The fact that your business needs a mobile presence is by no means news. Brands today know that being accessible to the increasing number of smartphones and tablet users is a must NOW, the goal is to provide a top-notch user experience.

Mobile is opening the door for designing new experiences that complement a brand’s physical presence. The context of WHEN, WHERE and WHAT a customer is doing during their day allows companies to enhance a person’s interaction and customize device-specific experiences.

Brands will need to meet the following mobile experience expectations in 2015:

Combating fraud through mobile. Mobile users want to safeguard themselves against fraud, and 56 percent are willing to deal with a slightly more complex user experience if it means greater protection. Businesses can provide an intuitive, high-quality mobile experience that also protects against fraud by offering to validate transactions, set fraud controls and generate unique payment IDs through the user’s mobile device.

Complement, not copy: E-commerce providers must leverage mobile to complement the user experience, rather than provide a replica of what users get through a Web browser. Nearly 4 in 10 mobile users are most likely to use their mobile phone for shopping, so businesses need to ensure that those customers are getting something unique from their mobile interaction.

CRM through mobile marketing: Mobile marketing isn’t just for acquisition anymore. Today, it’s about boosting loyalty by using mobile for customer, consumers always have their mobile device on them and check it more than 150 times a day. Businesses can communicate with their existing customers through alert notifications, in-app, email and mobile Web. But don’t overdo it. The key to maintaining an effective relationship is doing so in a complementary way, giving users what they need when they need it.

Mobile apps and mobile Web: Got a mobile app but not a mobile-friendly website, or vice versa? You might want to put your energy into leveling out your mobile presence. Consumers are about equally split when it comes to their preference of app versus browser: The percentage of users who prefer their mobile browser when completing a task 28 percent is only slightly higher than the 23 percent that prefer to use an app. Both app and Web designs are critical for businesses in the mobile space, so it pays to do them right.

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Smartphone Tagged with: , , , , , , , , ,

Dec
15
2014
December 15th, 2014 by Elma Jane

Every business knows how crucial sales are to keeping a company going. Without paying customers, there’s no money coming in, which means no profits to help the business grow. But convincing people to buy something isn’t always an easy task for a sales person, and many entrepreneurs still struggle with selling.

It’s not about giving a rundown of the facts and features of a product, it’s about communicating the ways in which it can help the buyer. Stop thinking from the sales perspective. Think about what it will do for others. Take your elevator pitch and transcend it to other people’s perspective and solve their problems.

Five key components to a successful sales presentation.

A call to action. Ask someone to take action at the end of a sales presentation. If you don’t ask for the sale, they probably won’t go through with it. Always approach sales from a helping perspective. Instead of putting pressure on sales reps to make the sale, focus on what the product means to the buyer.

If your sales team focus on how to communicate effectively and help the person, it takes pressure off and puts the focus and energy where it needs to be. A superior salesperson inspires the buyer to feel the benefits of what they have.

 A grabber. This is a mutual point of agreement where sales person connect with the buyer. This is usually established in a face-to-face conversation (the person nods in agreement when sales reps speak to them), but if you’re not able to see the person, you need to start off with the mind-set that he or she agrees with what you’re saying.

A point of difference. Explain to the buyer what’s different about your product, and why it occupies a unique space in the market.

A solution to a problem. Consumers purchase products that they believe will solve a problem they have. Your product may be the perfect solution, but they won’t know that unless sales reps explain the problem and how they can solve it. Stating the problem you solve and talking about it as much as if not more than the solution.

WSGAT. (What’s So Great About That?) is all about demonstrating the benefits of using your product. When discussing your product’s features, a sales person can’t just spout facts. You need to understand why a buyer should care about that feature, and how it contributes to solving the problem you outlined.

Posted in Best Practices for Merchants Tagged with: , , ,

Dec
15
2014
December 15th, 2014 by Elma Jane

Every business knows how crucial sales are to keeping a company going. Without paying customers, there’s no money coming in, which means no profits to help the business grow. But convincing people to buy something isn’t always an easy task for a sales person, and many entrepreneurs still struggle with selling.

It’s not about giving a rundown of the facts and features of a product, it’s about communicating the ways in which it can help the buyer. Stop thinking from the sales perspective. Think about what it will do for others. Take your elevator pitch and transcend it to other people’s perspective and solve their problems.

Five key components to a successful sales presentation.

A call to action. Ask someone to take action at the end of a sales presentation. If you don’t ask for the sale, they probably won’t go through with it. Always approach sales from a helping perspective. Instead of putting pressure on sales reps to make the sale, focus on what the product means to the buyer.

If your sales team focus on how to communicate effectively and help the person, it takes pressure off and puts the focus and energy where it needs to be. A superior salesperson inspires the buyer to feel the benefits of what they have.

 A grabber. This is a mutual point of agreement where sales person connect with the buyer. This is usually established in a face-to-face conversation (the person nods in agreement when sales reps speak to them), but if you’re not able to see the person, you need to start off with the mind-set that he or she agrees with what you’re saying.

A point of difference. Explain to the buyer what’s different about your product, and why it occupies a unique space in the market.

A solution to a problem. Consumers purchase products that they believe will solve a problem they have. Your product may be the perfect solution, but they won’t know that unless sales reps explain the problem and how they can solve it. Stating the problem you solve and talking about it as much as if not more than the solution.

WSGAT. (What’s So Great About That?) is all about demonstrating the benefits of using your product. When discussing your product’s features, a sales person can’t just spout facts. You need to understand why a buyer should care about that feature, and how it contributes to solving the problem you outlined.

 

Posted in Best Practices for Merchants Tagged with: , , ,

Dec
01
2014
December 1st, 2014 by Elma Jane

Few Americans will likely remember the life and work of Martin Cooper, largely because most Americans have no idea who Martin Cooper is. Without Martin Cooper much of what we identify as normal life for the last two decades would not have been possible, as without his invention we would still be looking for pay phones, dropping off film to be developed, printing out boarding passes and contemplating a future where a plastic rectangle was the height of payments technology.

Anyone reading this has a phone with internet access which means no one has to guess, with a few taps on a smartphone most readers who didn’t already know were able to find out that Martin Cooper invented the handheld mobile phone and by so doing changed the lives of not just Americans, but people all over the world.

Mobile has integrated so seamlessly into our life that we didn’t realize it was changing everything we do.

Here are the list of all of the ways that mobile has improved life for us all.

We All Get To Know Everything All The Time, with just a smartphone.                                                       Impulse buy is a thing of the past because consumers just don’t buy on impulse as much anymore.                 A new intentionality has taken hold of shopping. Many Americans have the money and the will to spend. But they are time-pressed and deal savvy, visiting stores only when they run out of items like cereal or toilet paper and after doing extensive research on purchases online and with friends. They buy what they came for and then leave. Plus consumers are harder to fool, they know if they are being overcharged because they can look it up in real time while they are in the showroom.

Full Price Is A Notion Utterly Without Meaning.                                                                                             There are sites like Groupon, LivingSocial and a thousand imitators offer coupons pretty much across every retailer that mean no matter where one is shopping or eating they’re probably a few button taps away from paying less for the type of service they are out for.  And then there are the retailer rewards programs all bent on giving consumers more stuff for free as long as they use their mobile coupons.

We All Think Way More About Privacy And Digital Security Than We Used To.                                         Twenty years ago one’s largest security concern was probably that their home or car would be broken into, followed closely by their wallet being stolen.  Now we wait for Russian cybercriminals to steal our cards by hacking into POS systems and lifting the data. Or for cybercriminals to hack our phones and upload naked pictures of us to the internet (celebrity readers only). Or for Nigerian princes to trick our grandparents into wiring them money.  In short, while we still fear for our physical possessions as much as we ever did, the mobile world gave us something entirely new to worry about, the integrity of our data and who could use our phones, cards and email accounts as a backdoor into our entire personal and financial lives. 

We Want It All, And We Want It Now.                                                                                                    Anyone with a phone in their pocket can, in one way or another, buy it on the spot.  Which has given rise to the push for same-day delivery, consumers who can buy it now, also want to be able to get it now, or as close to now as possible.

We Also Want It Later.                                                                                                                             Maybe the consumer likes going to the store, enjoys the Christmas lights, wants to eat at a mall food court, they just don’t want to stand inline. And now, through the magic of omnichannel commerce, they may not have to do. Through the magic of multi-device shopping an instore pick-up, consumers are increasingly getting used to finding something on their mobile, paying on their computer and picking up in store. Or some combination thereof.

Mobile has made commerce less a race between the e-markets and the brick-and-mortars, and more a race to offer the most seamless commerce experience. Mobile has taught ever one to care less about where they buy, and more about what the total buying experience is.

We Pay For Access Instead Of Objects.                                                                                                         Ten years ago when your family set about its early experiments in binge watching television with the first season of Lost, odds are everyone gathered round and watched a DVD set or maybe a Blue Ray, if your family happened to be full of early adopters.

This weekend, when entire families are sitting down to watch How To Get Away With Murder, more likely than not they are streaming it through Hulu. Unless they don’t want to watch that, in which case, they are watching something else on  Netflix on their phone while sitting in the same room with their family. Unless of course this is a football family, in which case you are paying the NFL for access to every football game played everywhere in America tomorrow and a cable company to watch in HD.

We Want To Use A Phone To Access Everything.                                                                                      It’s almost now quaint to refer to a time when phones were used primarily to talk.  With the rapidly emerging internet of things, it will soon be quaint to talk about a phone as a tool used primarily for communicating and shopping.

The smartphone is already heading toward being the key interface between connected devices and products (The Internet of Things) and their users. Among other things, people will use the device to remotely control household appliances, interact with screens and automatically adjust car settings to their preferences.

We Kinda Hope The Phone Might Keep Us Alive.                                                                                    With the release of Apple Pay, also came the release of Apple Health that has widely been reported as ushering in the age of mobile device as wellness guru. Smartphones can already help people lead healthier lives by providing information, recommendations and reminders based on data gathered through sensors embedded in users’ clothing (shoes, wristbands, etc.) or through other phone capabilities (motion detectors, cameras, etc.).

And, even if you don’t listen to your phone and put your health at risk, it will still probably save you.  Internet-enabled mobile devices are becoming important tools in broadening access to health care, diagnosing diseases and saving lives in crisis situations.

Making Life A Lot Better For Everyone.                                                                                                          Small merchants can do something now that they couldn’t do en masse twenty years ago. Take credit card payments and use a tablet to do that and run their business. With the emergence of mobile, came thousands of the other mPOS solutions and platforms exploding all over the world. This has not only changed the way these small businesses operate, it has changed their entire pitch to their customers.

Mobile has made life easier for many consumers, but for some businesses and many people mobile has made mainstream financial participation possible.

Posted in Best Practices for Merchants, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , ,

Oct
31
2014
October 31st, 2014 by Elma Jane

It  is a given that damage to a retailer’s reputation is one of the biggest negative outcomes from a big data breach. However, research said that customer service or the lack thereof, is a bigger turn-off for consumers than a data breach, and by a wide margin.

In April 2014 research, 75 percent of almost 800 survey respondents said poor customer service would have the greatest impact on a company’s reputation. Some type of environmental incident was the second most determining factor in reputational damage, at 33 percent, with a data breach coming in third at 30 percent.

Data breach management

According to the 2014 survey, businesses can do themselves the most good in the wake of breaches by explaining the potential risks or harms of the compromises, disclose the facts of the incidents and tell the unvarnished truth. Sixty-seven percent of respondents believe explaining the risks/harms to them of data breaches is the best way companies can improve communications, followed by fact disclosures and not sugar coating the message.

When asked what businesses could do to prevent customers from ending relationships with them following breaches, 41 percent said offering free identity theft protection and credit monitoring services would help out.

Consumer attitudes contradictions

When consumers are victimized by data breaches, their fears of also becoming victims of identity theft increase. Following a data breach, that fear nearly doubles. Furthermore, following breaches, victimized consumers in the survey said that their identities were at risk for years or forever.

But curiously enough, when consumers received data breach notifications that they may have been victimized, 32 percent of respondents ignored the notifications and took no action and only 18 percent followed the advice provided in the notifications.

Nevertheless, most consumers seem to recognize what types of data are the most sensitive and would cause the most stress and financial damage if compromised. Respondents said the compromise of Social Security numbers would lead to the most potential damage, followed by password/PIN and bankcard account information.

If you are out of business because of financial impact the data breached cost you. How good is your service? Losing even a single customer can be very costly. It’s critical for companies to turn a complaint into a positive for the customer and for the company moving forward.

Posted in Best Practices for Merchants Tagged with: , , , , ,

Oct
15
2014
October 15th, 2014 by Elma Jane

Another day, another corporate data breach. Business owners are now aware that cyber criminals are becoming increasingly smart and sophisticated in their hacking methods, and they can target just about anyone. But smaller companies that think, It can’t happen, or they are too small for hackers to notice, may be setting themselves up for a devastating data breach.

Large corporations typically have a lot more money and resources to invest in IT security, whereas small to medium businesses do not have the IT staffing, resources, money or know-how to put effective security measures into place to combat security vulnerabilities.

If a small business owner is responsible for security practices, it’s going to fall to the lower end of the priority list. The business will have less protections in place and hackers recognize that. Criminals are looking for unlocked doors.

Recent research found that more than half of all small and midsize businesses have been hacked at some point, and nearly three-quarters weren’t able to restore all the lost data. The two most common methods of attack are phishing, gathering sensitive information by masquerading as a trusted website and watering holes. Installing malware on commonly used websites of a target group. These tactics, grant cyber criminals access to the information that leads to identity theft and stolen credit card information.

A credit card breach is fairly easy to recognize once customers of a certain company all begin reporting fraudulent charges. But by that point, a breach has already done a significant amount of damage, not just to the consumers but to the company they trusted to protect their data.

A computer that appears to have been tampered with.If you turned off your computer when you left work and it’s on or has windows and programs running when you return, someone may have been trying to steal important information. This is an especially likely scenario with internal data theft, such as the AT&T breach. Keeping your machines password-protected and encrypting any sensitive data can prevent unauthorized individuals from accessing the information.

Locked-out accounts. If you’ve ever been locked out of your email or social media accounts, you know it’s usually because you typed the wrong login credentials one too many times. If you receive a lock-out message the first time you try to access an account (and you know you’ve typed your password correctly), you might have been hacked. This can mean that someone is attempting to brute force an account, or that an account has already been compromised and the password changed.

Unusually slow Internet or computers. This could be a sign of a compromised machine that is sending out lots of traffic, or that malware or a virus is on the machine. You should also look for pop-up ads (especially if you have an activated blocker) or websites that don’t load properly.

In all of these instances, minor inconveniences that most people might ignore if the problem seems to resolve itself could be signs of a much more serious problem. Both experts advised keeping your antivirus software, firewalls and device operating systems up-to-date, and always remaining alert for any suspicious activity.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , ,

Oct
08
2014
October 8th, 2014 by Elma Jane

When the PCI Security Standards Council (PCI SSC) launched PCI DSS v3.0 in January 2014, businesses were given one year to implement the updated global standard. Now that the deadline is fast approaching, interest is picking up in what v3.0 entails. On Jan. 1, 2015, version 3.0 of the Payment Card Industry (PCI) Data Security Standard (DSS) will reach year one of its three-year lifecycle.

Trustwave, a global data security firm, is on the frontlines of helping secure the networks of merchants and other businesses on the electronic payments value chain against data breaches. As an approved scanning vendor, Trustwave is used by businesses to achieve and validate PCI DSS compliance.

PCI DSS v3.0 is business as usual for the most part, except for a few changes from v2.0 that considers impactful for large swaths of merchants. The top three changes involve e-commerce businesses that redirect consumers to third-party payment providers. The expansion of penetration testing requirements and the data security responsibilities of third-party service providers.

Penetration testing

Penetration testing is the way in which merchants can assess the security of their networks by pretending to be hackers and probing networks for weaknesses. V3.0 of the PCI DSS mandates that merchants follow a formal methodology in conducting penetration tests, and that the methodology goes well beyond what merchants can accomplish using off-the-shelf penetration testing software solutions.

Merchants that are self assessing and using such software are going to be surprised by the rigorous new methodology they are now expected to follow.

Additionally, penetration testing requirements in v3.0 raises the compliance bar for small merchants who self assess. Those merchants could lower the scope of their compliance responsibilities by segmenting their networks, which essentially walls off data-sensitive areas of networks from the larger network. In this way merchants could reduce their compliance burdens and not have to undergo penetration testing.

Not so in v3.0. If you do something to try to reduce the scope of the PCI DSS to your systems, you now need to perform a penetration test to prove that those boundaries are in fact rigid.

Redirecting merchants

The new redirect mandate as affecting some, but not all, e-commerce merchants that redirect customers, typically when they are ready to pay for online purchases to a third party to collect payment details. If you are a customer and you are going to a website and you add something to your shopping cart, when it comes time to enter in your credit card, this redirect says I’m going to send you off to this third party.

The redirect can come in several forms. It can be a direct link from the e-commerce merchant’s website to another website, such as in a PayPal Inc. scenario, or it can be done more silently.

An example of the silent method is the use of an iframe, HTML code used to display one website within another website. Real Estate on the merchant’s website is used by the third-party in such a way that consumers don’t even know that the payment details they input are being collected and processed, not by the e-commerce site, but by the third party.

Another redirect strategy is accomplished via pop-up windows for the collection of payments in such environments as online or mobile games. In-game pop-up windows are typically used to get gamers to pay a little money to purchase an enhancement to their gaming avatars or advance to the next level of game activity.

For merchants that employ these types of redirect strategies, PCI DSS v3.0 makes compliance much more complicated. In v2.0, such merchants that opted to take Self Assessment Questionnaires (SAQs), in lieu of undergoing on-site data security assessments, had to fill out the shortest of the eight SAQs. But in v3.0, such redirect merchants have to take the second longest SAQ, which entails over 100 security controls.

The PCI SSC made this change because of the steady uptick in the number and severity of e-commerce breaches, with hackers zeroing in on exploiting weaknesses in redirect strategies to steal cardholder data. Also, redirecting merchants may be putting themselves into greater data breach jeopardy when they believe that third-party payment providers on the receiving end of redirects are reducing merchants’ compliance responsibilities, when that may not, in fact, be the case.

Service providers

Service provider is any entity that stores, processes or transmits payment card data. Examples include gateways, web hosting companies, back-up facilities and call centers. The update to the standard directs service providers to clearly articulate in writing which PCI requirements they are addressing and what areas of the PCI DSS is the responsibility of merchants.

A web hosting company may tell a merchant that the hosting company is PCI compliant. The merchant thought, they have nothing left to do. The reality is there is still always something a merchant needs to do, they just didn’t always recognize what that was.

In v3.0, service providers, specifically value-added resellers (VARs), also need to assign unique passwords, as well as employ two-factor authentication, to each of their merchants in order to remotely access the networks of those merchants. VARs often employ weak passwords or use one password to access multiple networks, which makes it easier for fraudsters to breach multiple systems.

The PCI SSC is trying to at least make it more difficult for the bad guys to break into one site and then move to the hub, so to speak, and then go to all the other different spokes with the same attack.

Overall, v3.0 is more granular by more accurately matching appropriate security controls to specific types of merchants, even though the approach may add complexity to merchants’ compliance obligations. On the whole a lot of these changes are very positive.

 

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
29
2014
September 29th, 2014 by Elma Jane

If  your retail business products sells only in-store, then you’re falling behind. Consumers in the digital age expect options when they shop, and if you’re not offering those choices, your customers may pass you by for a more tech-savvy competitor. Consumers go into stores, evaluate products and buy online, or research online and go into the store for purchase. The two worlds have merged, if you’re not covering both spectrums, you’re missing out.

Recent research by UPS showing 40 percent of today’s shoppers use a combination of online and in-store interactions to complete their purchases. The days of physical stores being separated from online shopping are over. They’re no longer channels that are happening on their own. The UPS survey found that a large chunk of online shoppers cross channels during their shopping path. Be present on both channels and take advantage of that.

It’s not always possible or economic for an online-only retailer to open up a physical storefront, but existing brick-and-mortar stores or wholesalers can easily introduce an e-commerce component to their sales to expand their customer reach. Online sales help reach consumers that may not otherwise be able to purchase your products. Even if your company’s main focus is creating a personalized in-store experience, there are still ways to capture the online shopper market. In addition to giving consumers a way to research your products before coming in-store to purchase your offerings, you can offer people a way to conveniently buy items they already know they want.

For all the advantages a multi-channel sales strategy can give a retailer, there are still some challenges to this approach. Managing inventory versus cash flow and ensuring even demand on both channels have been company’s two greatest challenges in balancing in-store and online sales. Creating demand is how companies set themselves apart from competition. The secret sauce. The challenge is making sure that retail operations have a turnover ratio that works for the shipping schedules from the main warehouse. This isn’t a problem for e-commerce businesses, because product can be packaged and shipped as fast as it gets produced. But an omnichannel company has to take retail and e-commerce into account when stocking a warehouse.

There are a few different strategies retailers can use to help keep their sales operations well-balanced. Offering different items online versus in-store, to avoid inventory competition (i.e., selling seasonal or discontinued items online and current items in-store). Requiring a minimum order for online purchases or grouping products together rather than selling them individually to make e-commerce more worth your while.

The best way to balance a multi-channel sales strategy is to take a unified view of consumers online and offline by connecting their on- and offline behaviors via technology. Some of the retailers questions have is how to connect a person offline with what they buy online, how to recognize who they are in the store and know what they look at on your website, because people are switching back and forth. Link behaviors online with a unique ID through email or a mobile app, since 66% of customers use smartphones in-store.

Even if your business can’t actually sell and ship products via e-commerce,it’s still important to be in tune and up-to-date with the way customers want to interact with you on the Web. People are on the go, researching on phones and tablets. If you’re not savvy to what’s happening out there and don’t have the best-in-class SEO, you’ll miss out. You still need to engage in the digital world, even if it’s not always obvious.

 

Posted in Best Practices for Merchants, e-commerce & m-commerce Tagged with: , , , , , , , , , , , , , , , , , , ,

← Previous Article
Next Articles »