Jul
12
2017
NTC GIVES.Com
July 12th, 2017 by Elma Jane

NTC Gives™ is an Electronic Payment Organization that allows congregations to accept payments on multiple platforms and supports non-profit organizations in our communities utilizing the award-winning customer service and industry leading technology of National Transaction Corporation™.

Keep Giving – allows recurring donations regardless of your worshipers attendance.

Mobile Giving – accept donations on a multitude of devices.

Secure Donations – Offload your protection mechanism to the banks payment gateway to ensure security breach while protecting your members.

For church congregations, start accepting donations online as well as recurring donations. Call now 888-996-2273 or go to NTC GIVES.Com 

Posted in Best Practices for Merchants Tagged with: , , ,

Nov
18
2016
Tokenization and Encryption
November 18th, 2016 by Elma Jane

Tokenization and Encryption are completely different technologies when it comes to securing ­sensitive data, such as credit cards.

Encryption tools and techniques is to mask original data, then allow it to be decrypted. It uses an algorithm to scramble credit card information that makes the data unreadable to anyone.

Encryption is most often “end-to-end.

Example:  When someone enters card data into a web browser to buy an item and decrypted when the purchaser’s authorized credit card information reaches its intended destination, which is the merchant’s e-commerce database.

Encrypted card data is unreadable while it’s “at rest” in a database or “in motion” during a purchase transaction; and inaccessible until a key decrypts it. The chances of a hacker stealing the data is minimal. But, if card data passes through multiple internal systems en route to an acquiring bank or payment gateway, the encrypt/decrypt/re-encrypt process could open a wide security hole, thus creating vulnerabilities to hackers.

Tokenization have found to be cheaper, easier to use and more secure than end-to-end encryption.

Tokenization completely removes credit card data from internal networks and replaces it with a generated, unique “token”. Tokens have no meaning and are worthless to criminals if a company’s system is breached.

Merchants use only the token to retrieve, access, or maintain their customers’ credit card information.

Example: Actual credit card number was 3234 4567 8789 78910, it might become FHIW145BVE65478 when a token is generated. The token is randomly generated and there is no algorithm to regain the original card number. hackers can’t reverse-engineer the actual credit card number, even if they were to grab the tokens off the servers.

Using tokens doesn’t change a merchant’s payment processing experience. Only they’re much safer for a merchant than actual credit cards.

Posted in Best Practices for Merchants, Credit Card Security Tagged with: , , , , , , , , , , ,

May
12
2016
e-Pay
May 12th, 2016 by Elma Jane

Electronic commerce (eCommerce) is a type of business transaction, that involves the transfer of information on the Internet. This allows consumers to exchange goods and services with no barriers of time or distance electronically.
Business-to-Business (B2B) this refers to electronic commerce, between businesses rather than between a business and a consumer. These transactions electronically provide competitive advantages over traditional methods. It’s faster, cheaper and more convenient.
Creating a successful online store can be difficult if you don’t have knowledge of e-commerce and what it is supposed to do for your online business.

What do you need to have an online store?

  • Shopping cart – an operating system that allows consumers to buy goods and or services. Track customers, and tie together all aspects of e-commerce into one.
  • Or you can check out our NTC e-Pay no shopping cart Solution.
  • Taking online payment by getting a merchant account and accept credit cards through an online payment gateway.

You just need to make a better decision in choosing the right shopping cart and a merchant account for your eCommerce shop.

 

Posted in Best Practices for Merchants, e-commerce & m-commerce Tagged with: , , , , , , , , , , , , , ,

Oct
01
2015
EMV
October 1st, 2015 by Elma Jane

The day the payments industry has pointed to for several years arrives today, a turning point in the U.S.‘s migration to EMV chip-and-PIN cards.

Rules set by Visa and MasterCard as of today, the liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. Banks will be issuing EMV Chip Cards.

An enormous change, as everyone learns to deal with the new technology that requires consumers to insert their cards and leave them in the store machines throughout a payment transaction, rather than swipe.

In a recent survey, less than a third of merchants overall have invested in EMV-compliant technology, and one study said 80 percent of small and midsize merchants have not upgraded their systems as of today’s liability shift.

Issuers are claiming to be more prepared than merchants, but according to the Smart Card Alliance, around 200 million chip cards have been issued to U.S. cardholders. That, however, is less than 17 percent of the approximately 1.2 billion payment cards in circulation.

What is clear is that today does not represent the end of the journey. The lack of preparedness at the physical point of sale, however, may be beneficial for card-not-present merchants.

Over the past few months, the mainstream media has awoken to the fact that implementing EMV does not mean fraud will disappear. Fraudsters quickly adapted to the difficulty of counterfeiting cards by attacking Card-Not-Present channels, where a chip has no effect.

In other markets, fraud migrated quite rapidly to card-not-present channels. It is necessary on e-commerce merchants to protect themselves with an array of tools, like device authentication, one-time passwords, randomized PIN pad and biometrics. Fraud mitigation tools like data analytics, address and CVV verification, 3D secure and tokenization. These services should be available from their merchant acquirer processor or gateway.

There should be a gradual reduction in card fraud over the next 12-18 months in spite of the delays in this country’s EMV migration. It’s going to take time for the technology to be adopted.

U.S. Merchants’ overall relative lack of preparedness for EMV may give e-commerce and mobile merchants time they didn’t think they would have to explore the options.

Sophisticated authentication technologies such as biometrics will help increase the security of card transactions. Device-based verification could be easily incorporated in an EMV transaction.

Banks have expressed interest more in using the phone as a biometrics. It’s all going to depend on what is the most convenient way to access your funds. The nice thing about biometrics is it’s meant to enable more convenience and stronger security.

 

Posted in Best Practices for Merchants, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mobile Payments, Mobile Point of Sale, Point of Sale Tagged with: , , , , , , , , , , , , , , , , ,

May
19
2015
May 19th, 2015 by Elma Jane

We’re now nearly midway through 2015, and payment security still remains a topic that stirs up great concern and confusion. While there is seemingly unanimous agreement on the need for heightened security, there’s uncertainty about those who are tasked with actually implementing it. Let’s dig deeper into EMV, P2PE and tokenization. How each will play a part in the next generation of securing payments, and how without properly working together they might just fall short.

 

 

Europay, MasterCard, and Visa (EMV) – A powerful guard against credit card skimming. EMV also uses cryptography to create dynamic data for every transaction and relies on an integrated chip embedded into the card.

Downside: For Independent Software Vendor (ISVs), the biggest downside of EMV is the complexity of creating an EMV solution. ISVs interested in certifying PINpads with a few processors face up to 22 months of costly work, and because there are a large number of pending certifications, processors will be backed up over the next few years.

It’s not impossible for an ISV to build EMV solutions in-house, but it’s difficult and unnecessary when there are plug-and-play EMV solutions available. These solutions include pre-packaged and pre-certified APIs that remove most of the need for research, the complexity and the burden of time and cost.

Point to Point Encryption (P2PE) – Secures devices, apps and processes using encrypted data with cryptographic keys only known to the payment company or gateway from the earliest point of the transaction, from tech-savvy criminals, jumping at their chance to intercept POS systems and scrape the memory from Windows machines.

How does a key get into card reader? Through an algorithm called derived unique key per transaction (DUKPT), or “duck putt.” DUKPT generates a base key that’s shared with device manufacturers securely, where output cardholder data is rendered differently each time a card is swiped, making it impossible to reverse engineer the card data. P2PE not only benefits the cardholders, but also the ISVs and merchants. PA-DSS certification was designed to address the problems created with cardholder data which is not encrypted.

Downside: P2PE isn’t cheap if an organization wants to do it in-house. The secure cryptographic device needed to manage the keys, Hardware Security Module (HSM), can cost $30-40,000 but when it’s built out, that total cost can jump to $100,000.

TOKENIZATION – The best way to protect cardholder data when it’s stored is using tokenization, a process which the PCI Security Standards Council describes as one where the primary account number is replaced with a surrogate value a token. For merchants dealing with recurring billing, future payments, loyalty programs and more, tokenization is critical.

Downside: Tokenization doesn’t prevent malware that’s remotely installed on POS devices. It’s possible, as seen with recent retail card breaches, for data to be stolen before it is tokenized. That’s why it’s essential to group tokenization together with P2PE and EMV to offer optimal security.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
04
2014
September 4th, 2014 by Elma Jane

EMV, which stands for Europay, MasterCard and Visa, and is slated to be mandated across the United States starting in October 2015 and automated fuel dispensers have until October 2017 to comply. Unlike magnetic swipe cards, EMV chip cards encrypt data and authenticate communication between the card and card reader. Additionally, chip card user is prompted for a PIN for authentication.

Why are those dates important? Companies lose $5.33 billion to fraud today, with card issuers and merchants incurring 63 and 37 percent of these losses, respectively. Under the EMV mandate, merchants who do not process chip cards will bear the burden of the issuer loss. By accepting chip card transactions, merchants and issuers should see a reduction in fraud.

Overcoming Barriers to EMV Adoption

Given the significant barriers to EMV adoption, it may be tempting for merchants to meet minimum requirements for accepting EMV payments. However, medium to large retailers should also consider the bigger picture of customer security and peace of mind.

Some key critical success factors for a payment initiative of this size include:

Business Continuity Architecture: As with all payment systems, it is imperative to have the EMV system running at all times. The solution should preferably have Active-Active architecture across multiple data centers and have a low Recovery Point Objective (the point in time to which the systems and data must be recovered after an outage).

Cost Benefit Analysis: Take a top down approach and decide accordingly on the scope of the analysis. This will ensure that decisions on scope are made on basis of quantitative data and not just qualitative arguments.

Phased Approach: To overcome time or cost overage in a project of this scope and complexity, retailers should try using an iterative approach for development. The rollout can be divided into multiple releases of six to seven months, which will provide the opportunity to review, capture lessons learnt, and improve subsequent releases.

Proactive Monitoring Alerts: Considering the criticality of business function carried out by EMV, tokenization and payment gateway, a vigorous supervising environment must be defined to perform proactive and reactive monitoring. It should take into consideration the monitoring targets, tools, scope and methods. This will provide advance visibility to the failure points and better ensuring maximum system availability.

Resilience Testing: Typically in a software project, the testing is limited to the unit, integration, performance and user acceptance. However, due to the critical nature of the applications and systems involved, robust resiliency testing is vital. This will ensure that there are no single points of failure and the system remains available when running in error conditions.

Stakeholder Identification: This is a key step to ensure that you have varied perspectives from all departments and their support. It will keep your organization from being blindsided and reduce the risk of disagreements in later stages of the program. Key stakeholders should include Store Operations, Card Accounting, Loss Prevention, Contact Center and IT & Data Security.

Organizations should adopt a five step approach to implement a secure, robust and industry-leading payment solution:

Encryption – Point to point encryption will ensure card data is secure and encrypted from the point of capture to the processor. Usually, merchants use data encryption that is not point to point, rendering their organization vulnerable to data breaches. Software encryption is the most common form of encryption, as it is easily installed and quires little or no hardware upgrades; however, it is less secure, may expose encryption keys, and is prone to memory scanning attacks. Hardware encryption is considered more secure but requires more costly terminal upgrades. Hardware encryption is designed to self-destruct the keys if tampered, but is not well-defined as very limited headway has been made in this space. 

Tokenization – Build a Card Data Environment (CDE) that will host a centralized card data storage solution. Only limited applications with firewall access and capability to mutually authenticate via certificates can access CDE and receive card data. The rest of the applications will have tokens which are random numbers. This architecture will ease the merchant’s burden with existing and emerging PCI Data Security Standards.

Payment Gateway – Perform a risk assessment on the current payment gateway and identify gaps in functionality, manageability, compliance, scalability, speed to market and best practices. Determine the alternatives to mitigate the risks. Some of the important aspects of a leading payment gateway solution are support for all forms of credit, debit, gift cards and check transactions. Its ability to work with any acquirer, in-built encryption abilities, support for settlement and reconciliation must also be kept into consideration.

Settlement, Funding and Reconciliation – A workflow-based system to handle chargebacks and the automation of chargeback processing will greatly reduce labor-intensive work and enhance the quality of data used for settlement and reconciliation. Upgrades to the existing receipt retrieval system may be needed.

Card fraud is on the rise in the U.S., and merchants are the primary target for stealing information. With the EMV deadline just over a year away, the responsible retailer must take steps to prepare now. Although EMV implementation might seem overwhelming to merchants, they should start their journey to secure payments rather than wait for a looming deadline. Solutions such as data encryption and tokenization should be used in combination with EMV to implement a robust payment solution to better protect merchants against fraud. By proactively adopting EMV payment solutions, merchants can stay ahead of the regulatory curve and better protect their customers from fraud.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
29
2014
August 29th, 2014 by Elma Jane

Merchant_Account_Type

High risk credit card processing is electronic payment processing for businesses deemed as HIGH RISK by the MERCHANT SERVICES INDUSTRY

The high risk segment of payment processing has become more important as banks and ISO’s have begun to tighten up their credit restrictions and underwriting policies. Businesses are classified as high risk primarily because of their product or service and the way they go to market. In merchant services, risk is related to CHARGEBACKS or customer disputes.

The more likely a business to have chargebacks, the higher risk the business. For instance, online businesses selling a weight loss product through a free trial offer, is more likely to have chargebacks than a retail store selling the same weight loss product.

Merchants are often unaware their business falls into the high risk category when they first start shopping for a merchant account. Getting a high risk merchant account can be difficult.

These providers have more stringent requirements and the application process is longer compared to traditional merchant account providers.

High risk businesses should expect to pay higher rates and fees for payment processing services. As a general rule of thumb, merchants should count on paying at least more than a traditional merchant account. Most high risk merchant accounts also require a contract of at least 18 months, whereas low risk providers offer accounts without cancellation fees or contracts.

ROLLING RESERVES are also a big part of high risk credit card processing. Most high risk merchants have some sort of rolling reserve placed on the account, especially new accounts without any processing history. A Reserve refers to an account where a percentage of the funds from transactions are held in reserve to cover against any chargebacks or fees that the processor may not be able to collect from the merchant. This is similar to a security deposit, but merchants don’t have to pay it up front. Reserves are a pain point for many small high risk merchants, but they are definitely necessary and without them, processors would not accept any high risk merchants at all.

What Businesses Are High Risk?

As mentioned earlier, businesses are usually classified as high risk due to the product or service they offer, however merchants with severely damaged credit or a recent bankruptcy can also be considered high risk. Below are just of the few common high risk merchant categories:

Adult Websites

Cigars & Pipe Tobacco Online

Collection Agencies

Credit Repair

Debt Consolidation

E-Books & Software

Electronic Cigarettes

Firearms – Online

High Ticket & High Volume

Medical Marijuana Dispensaries

Multi Level Marketing & Business Opportunities

Nutraceuticals like weight loss supplements, cleansers etc.

Penny Auctions

Sports Betting Advice

Ticket Brokers – Online Tickets

TMF Merchants

Travel & Timeshare

Unfortunately this list is growing and some credit card processing companies even classify any start up Internet business, that doesn’t have extensive financials to be high risk. With the recent economic recession in the United States, there has been an increase in these start up Internet ventures. People are either looking to supplement their income or start their own business instead of looking for work.

How To Protect Your Business

Accepting credit cards is the single most important part of most online businesses. Unfortunately, many successful businesses go under after having their merchant account shut down. High risk merchants should always be cognizant of their merchant account and pay attention to chargeback percentages. Below are some tips for high risk merchants looking for payment processing solutions.

Be Upfront: Make sure your processor knows exactly what you sell and how you market the product/service. If they don’t accept your business type, keep shopping for a new merchant account provider. Many merchants will try to fly under the radar by not revealing all their products or fully disclose their marketing methods to the processor. This is a bad move, the processor will eventually find out the details about your business. This is usually from doing an audit on your transactions and contacting your customers.

Negotiate Every 3 Months: Credit card processing companies underwrite applications based on previous processing history. If there is no previous history, the account is riskier and the terms offered are usually more expensive and restrictive. You can always re-negotiate your rates, reserves and other contract terms with your current processor. Once they have 3 months of history to evaluate, they may be able to offer you a better deal. Three months of history is the magic number for most processors. If you applied without the previous history and were declined, there is a chance the same processor will approve your application if you provide 3 months of previous statements.

Prepare For The Worst: All high risk merchants should keep at least 2 active merchant accounts, from different providers. You never know when underwriting guidelines might change, or you may have an influx of chargebacks. Having a backup account or even multiple back up accounts is a good idea. Many high risk providers offer a load balancing gateway, which allows for multiple merchant accounts to be integrated into one payment gateway. This way you can spread transactions across multiple accounts, through one shopping cart/gateway.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
21
2014
May 21st, 2014 by Elma Jane

There are no enforced standards in the card processing industry regarding rates, fees, and contractual terms. It is possible for two providers to offer seemingly the same rates and fees that result in different processing costs.

Excessive Monthly, Annual, or Quarterly Fees

There are numerous monthly, annual, or quarterly fees merchants may see on their statements each month. Many merchants pay far more than they should for these fees. The fees may have names like statement fee, service fee, membership fee, regulatory fee, PCI fee, and host of other names. The fair amount each merchant should pay for these fees varies by sales volume and merchant type. Also, the amount a merchant pays for any given fee isn’t as important as the overall processing cost. These are general guidelines; some merchants should pay far less. If you are currently paying more, it may be a good time to review your overall processing cost including your pricing plan, rates, and fees.

Excessive Payment Gateway Fees

A payment gateway route transactions from the merchant’s website to the provider. Some retail point-of-sales devices require a gateway to route the transactions. Merchants generally pay a per-month and a per-transaction fee for use of the gateway. As a rule, the direct cost to process through the gateway is a few cents per transaction.

PCI Non-compliance or Non-validation Fee

Many providers now charge a monthly non-compliance or non-validation fee if the merchant is not PCI compliant. This fee may be in addition to a monthly, quarterly, or annual PCI fee. Supposedly, providers charge the non-compliant or non-validation fee as an incentive for merchants to become compliant. Nonetheless, some providers use this fee more for revenue generation, than as an incentive. Some providers do not charge this fee at all.

Merchants should not change providers because of this fee. Instead, the merchants should become PCI compliant to eliminate the fee and reduce the probability of being breached, which could easily result in huge monetary penalties – tens of thousands of dollars. To become compliant, merchants should complete the PCI Self-Assessment Questionnaire and adhere to the PCI requirements, which may require quarterly scans. In short, if a merchant is being charged a non-compliance or non-validation fee, it is as much the merchant’s fault as anyone else.

Visa FANF Fee

In 2012, Visa started charging providers a Fixed Acquirer Network Fee (FANF). The actual fee charged by Visa is dependent on the merchant type. The fee for customer-present retail merchants is based on the number of locations. The cost for ecommerce and fast food merchants is based on the volume of business. Customer-present retail merchants that have non-swiped transactions can also pay an additional customer-not-present FANF fee.

Most aggregators – i.e., merchant account providers that group multiple merchants into a single merchant account, such as Square, PayPal – integrate the FANF cost into their rates and fees versus itemizing them out separately. Most traditional providers properly pass through the actual Visa FANF fee to their merchants. However, there are a few that treat this fee as another hidden revenue stream. I’ve seen providers charge a flat monthly fee for customer-present merchants and I’ve seen the FANF fee inflated by as much as 50 percent for ecommerce merchants. Keep in mind when reviewing that the fee is generally based on the volume of the prior month. In order words, the fee you see on your statement for April activity is likely based on the March volume, as providers need to know the monthly Visa volume before they can assess the fee.

Unusual Discover Card Fees

For Discover transactions, some providers charge a higher percentage, or higher per-item fee, or monthly access fee.

 

Posted in Best Practices for Merchants, Credit card Processing Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Oct
21
2013
October 21st, 2013 by Admin

Online Credit Card Processing

Posted in Online Links Tagged with: , , , , , , ,

Oct
11
2013
October 11th, 2013 by Elma Jane

(Moto) Mail Order/Telephone Order Merchant – In the realm of credit card processing is defined as a merchant who manually keys in over 50% of their transactions and an Internet Merchant is one who accepts transactions over the Internet via an E-Commerce store with an online gateway or who submits transactions manually through a Virtual Terminal.

Qualified Transaction Conditions (For MOTO/Internet merchants the Mid-Qualified Rate is essentially the Qualified rate as these merchants never swipe a credit card through a terminal.)

One electronic authorization request is made per transaction and the transaction date is equal to the shipping date. The authorization response data must also be included in the settled transaction.

Additional data (sales tax and customer code) is required in the settled transaction on all commercial (business) cards at non-Travel & Entertainment (T&E) locations.
The authorization request message must include Address Verification Service (AVS), which verifies the street address and the zip code of the card holder. NOTE: The only way this happens is if your software is set up to do this, or, if you are using a terminal, then if you capture the AVS information at the time of keying in your transaction.
The settled transaction amount must equal the authorized amount.
The settled transaction must include the business’s customer service telephone number, order number, and total authorized amount.
The transaction is electronically deposited (batch transmitted) on or 1 day after authorization date.
The transaction/shipping date must be within 7 calendar days of authorization date.

Non-Qualified Transaction Conditions
One or more of the Qualified or Partially Qualified conditions were not met.
Commercial Card without the additional data.
The transaction was not electronically authorized or the authorization response data was not included in the settled transaction.
The transaction was electronically deposited (batch transmitted) greater than 1 day from transaction/shipping/authorization date, or:
The VISA Infinite card was accepted.
Commercial Card Additional Data

MasterCard

Corporate Data Rate II (Purchasing cards): Sales Tax and customer Code (supplied by cardholder at point of sale) Corporate Data Rate II (Business and Corporate cards): Sales Tax International Corporate Purchasing Data Rate II: Sales Tax and Customer Code (supplied by cardholder at point of sale)

The following information must also be provided: Merchant’s Federal Tax ID; Merchant Incorporation Status; and Owner’s full name if the merchant is a sole proprietor.

Visa

Purchasing cards: Sales Tax and Customer Code (supplied by cardholder at point of sale) Corporate and Business cards: Sales Tax

Posted in Credit card Processing, e-commerce & m-commerce, Electronic Payments, Internet Payment Gateway, Mail Order Telephone Order Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Next Articles »