June 18th, 2015 by Elma Jane
Every Merchant in the country needs to upgrade their terminal.
Are you ready for the October 1, 2015 Liability Shift?
Beginning October 1, 2015, all businesses that accept in-person payments must be able to take cards embedded with chips to avoid liability for fraud. The chips are more secure than magnetic stripes.
National Transaction brings the latest EMV and NFC technologies to Merchants.
NTC Clients will be able to accept contactless payment with the same NFC technology used by Apple Pay, Google Wallet and SoftCard. Additionally, the Ingenico terminals are EMV Enabled, delivering the latest in fraud prevention technology.
The new EMV enabled terminals are designed to accept EMV chip cards and magnetic stripe cards.
EMV (an acronym for Europay, MasterCard® and Visa®) is a global technology standard for payment cards.
By accepting chip cards EMV terminal, you help protect your business from card present fraud liability and prepare your business for the future of payment application technology. If your business accepts and processes a counterfeit card transaction on a non-EMV terminal, the liability for that fraudulent transaction is yours, not incurred by the card issuers.
How do you process an EMV chip card transaction?
- Insert Card. Instead of swiping, the customer will insert the card into the terminal, chip first, face up.
- Leave the Card in the Terminal. The card must remain in the terminal during the entire transaction.
- The Receipt or Enter a PIN. As prompted, the customer will sign the receipt or enter their PIN to complete the transaction.
- Remove Your Card. When the purchase is complete, remind the customer to take the card with them.
What are the benefits of having an EMV terminal?
These next generation terminals can reduce your risk of accepting counterfeit cards, as chip and PIN transactions verify both the card and the cardholder.
Eliminate your card present fraud liability exposure associated with the October 1st, 2015* liability shift imposed by the card brands.
Improve customer service for your international cardholder customer. EMV cards are already the standard in over 80 countries.
Be on the lookout for more information about how to be chip card ready before OCTOBER.
*Businesses with Automated Fuel Dispensers (also called “Pay at the Pump”) acceptance methods have until October 2017 to comply with the new standard.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication Tagged with: cardholder, cards, chips cards, contactless payment, EMV, emv chip cards, EMV terminal, EuroPay, magnetic stripe cards, MasterCard, merchant, nfc, payment cards, payments, visa
September 4th, 2014 by Elma Jane
EMV, which stands for Europay, MasterCard and Visa, and is slated to be mandated across the United States starting in October 2015 and automated fuel dispensers have until October 2017 to comply. Unlike magnetic swipe cards, EMV chip cards encrypt data and authenticate communication between the card and card reader. Additionally, chip card user is prompted for a PIN for authentication.
Why are those dates important? Companies lose $5.33 billion to fraud today, with card issuers and merchants incurring 63 and 37 percent of these losses, respectively. Under the EMV mandate, merchants who do not process chip cards will bear the burden of the issuer loss. By accepting chip card transactions, merchants and issuers should see a reduction in fraud.
Overcoming Barriers to EMV Adoption
Given the significant barriers to EMV adoption, it may be tempting for merchants to meet minimum requirements for accepting EMV payments. However, medium to large retailers should also consider the bigger picture of customer security and peace of mind.
Some key critical success factors for a payment initiative of this size include:
Business Continuity Architecture: As with all payment systems, it is imperative to have the EMV system running at all times. The solution should preferably have Active-Active architecture across multiple data centers and have a low Recovery Point Objective (the point in time to which the systems and data must be recovered after an outage).
Cost Benefit Analysis: Take a top down approach and decide accordingly on the scope of the analysis. This will ensure that decisions on scope are made on basis of quantitative data and not just qualitative arguments.
Phased Approach: To overcome time or cost overage in a project of this scope and complexity, retailers should try using an iterative approach for development. The rollout can be divided into multiple releases of six to seven months, which will provide the opportunity to review, capture lessons learnt, and improve subsequent releases.
Proactive Monitoring Alerts: Considering the criticality of business function carried out by EMV, tokenization and payment gateway, a vigorous supervising environment must be defined to perform proactive and reactive monitoring. It should take into consideration the monitoring targets, tools, scope and methods. This will provide advance visibility to the failure points and better ensuring maximum system availability.
Resilience Testing: Typically in a software project, the testing is limited to the unit, integration, performance and user acceptance. However, due to the critical nature of the applications and systems involved, robust resiliency testing is vital. This will ensure that there are no single points of failure and the system remains available when running in error conditions.
Stakeholder Identification: This is a key step to ensure that you have varied perspectives from all departments and their support. It will keep your organization from being blindsided and reduce the risk of disagreements in later stages of the program. Key stakeholders should include Store Operations, Card Accounting, Loss Prevention, Contact Center and IT & Data Security.
Organizations should adopt a five step approach to implement a secure, robust and industry-leading payment solution:
Encryption – Point to point encryption will ensure card data is secure and encrypted from the point of capture to the processor. Usually, merchants use data encryption that is not point to point, rendering their organization vulnerable to data breaches. Software encryption is the most common form of encryption, as it is easily installed and quires little or no hardware upgrades; however, it is less secure, may expose encryption keys, and is prone to memory scanning attacks. Hardware encryption is considered more secure but requires more costly terminal upgrades. Hardware encryption is designed to self-destruct the keys if tampered, but is not well-defined as very limited headway has been made in this space.
Tokenization – Build a Card Data Environment (CDE) that will host a centralized card data storage solution. Only limited applications with firewall access and capability to mutually authenticate via certificates can access CDE and receive card data. The rest of the applications will have tokens which are random numbers. This architecture will ease the merchant’s burden with existing and emerging PCI Data Security Standards.
Payment Gateway – Perform a risk assessment on the current payment gateway and identify gaps in functionality, manageability, compliance, scalability, speed to market and best practices. Determine the alternatives to mitigate the risks. Some of the important aspects of a leading payment gateway solution are support for all forms of credit, debit, gift cards and check transactions. Its ability to work with any acquirer, in-built encryption abilities, support for settlement and reconciliation must also be kept into consideration.
Settlement, Funding and Reconciliation – A workflow-based system to handle chargebacks and the automation of chargeback processing will greatly reduce labor-intensive work and enhance the quality of data used for settlement and reconciliation. Upgrades to the existing receipt retrieval system may be needed.
Card fraud is on the rise in the U.S., and merchants are the primary target for stealing information. With the EMV deadline just over a year away, the responsible retailer must take steps to prepare now. Although EMV implementation might seem overwhelming to merchants, they should start their journey to secure payments rather than wait for a looming deadline. Solutions such as data encryption and tokenization should be used in combination with EMV to implement a robust payment solution to better protect merchants against fraud. By proactively adopting EMV payment solutions, merchants can stay ahead of the regulatory curve and better protect their customers from fraud.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: authentication, automation, card, card data, Card Data Environment, card fraud, card issuers, card transactions, CDE, chargeback, chargeback processing, check, check transactions, chip, chip cards, credit, customer, customer security, data, data breaches, data encryption, data security, debit, EMV, emv chip cards, EuroPay, fraud, gateway, Gift Cards, host, integration, magnetic swipe cards, MasterCard, Merchant's, payment, payment gateway, payment solution, payment systems, PCI, PCI Data Security Standards, PIN, processor, retailers, Security, software, swipe, terminal, tokenization, tools, visa
February 3rd, 2014 by Elma Jane
The migration to cards that use chips instead of magnetic strips, known as EMV technology, is well underway in the U.S. No government regulation is needed to make it happen. But the EMV migration and the Target breach are different things. It’s true that EMV chip cards can prevent criminals from producing counterfeit cards using stolen account numbers. But EMV doesn’t stop criminals using stolen cards online. So innovators are deploying new technologies to deter other forms of fraud.
Headline-grabbing events inevitably lead to calls for new laws. But in the case of our nation’s electronic payments systems, new government mandates would stifle marketplace innovations that hold great promise for providing consumer benefits and reducing criminal activities.
Financial institutions compete for customers by providing consumer protections even beyond requirements of current law. Many retailers also offer customers speedy transactions, such as “sign and go” and “swipe and go” for small transactions, while the payments industry ensures consumers still have zero liability. These protections and flexibility are why U.S. consumers are going cashless and carry more than one billion debit and credit cards. More than 70% of retail purchases are made with electronic payments, and our member companies process more than $4 trillion in electronic payments each year.
Fraud accounts for fewer than six cents of every $100 spent on payments systems – a fraction of a tenth of a percent. U.S. companies have made significant financial and technological investments, building sophisticated fraud tools that insulate consumers from liability. To build on this, Congress should foster greater international law enforcement cooperation to fight cybercrime, particularly in countries that harbor crime rings, and replace 46 divergent state breach notification laws with a uniform national standard.
The private sector is best positioned to address the constantly shifting tactics of criminals, and it is doing so without government mandates. Do Americans really want the government in charge of the security and monitoring of our payments?
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, EMV EuroPay MasterCard Visa, Financial Services, Visa MasterCard American Express Tagged with: counterfeit cards, cybercrime, data breach, debit and credit cards, electronic payment systems, electronic payments, emv chip cards, emv technology, fraud, liability, magnetic strips, migration, online, security and monitoring of our payments, small transactions
