May 12th, 2014 by Elma Jane
New iPhone and VeriFone-made shell combination that can accept chip and PIN card payments. Apple’s revamp in its in-store mPOS system
In 2009, Apple introduced its EasyPay mPOS technology. It consists of an iPod Touch and a shell made by Infinite Peripherals that includes a card swiper and a barcode scanner.
As first reported by 9to5mac,the iPod is now being replaced by an iPhone while VeriFone is being brought in to provide a new shell which will cater for chip and PIN payments as the US finally gets ready for the switch to EMV. The shell also has a spot above the PIN pad that opens the way for NFC contactless payments, according to Forbes. Apple has long been expected to equip the iPhone with NFC but has so far ignored the technology.
Separately, mPOS giant Square has ditched its Wallet app, pulling it from the Google and Apple stores. The app has failed to take off since its launch in 2011, despite the support of Starbucks. It has been replaced by Square Orders, which lets users order and pay ahead at participating merchants and then pick up their goods when they are ready.
Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone Tagged with: app, Apple stores, Apple's, barcode, barcode scanner, card, card swiper, chip, contactless payments, EasyPay, EMV, Forbes, google, in-store mPOS, Infinite Peripherals, Iphone, iPod, iPod Touch, Merchant's, MPOS, mPOS giant, mPOS system, mPOS technology, nfc, NFC contactless payments, PIN, PIN card, PIN card payments, PIN pad, Square, Starbucks, swiper, verifone, Wallet app
March 14th, 2014 by Elma Jane
Merchant and Consumer Groups Seek Senate Support To Forego EMV Chip and Signature As Breach Concerns Rise
There’s no shortage of answers in trying to put a stop to hackers set on throwing chaos into the way consumers transact at the point of sale, or online for that matter. Yesterday, the Banking, Housing and Urban Affairs subcommittee on national security and international trade and finance got its chance to hear some of them.
During the hearing, William Noonan, deputy special agent in charge, U.S. Secret Service, noted the advances in computer technology and greater access to personally identifiable information online, which have created a virtual marketplace for transnational cyber criminals to share stolen information and criminal methodologies. As a result, the Secret Service has observed a marked increase in the quality, quantity, and complexity of cyber crimes targeting private industry and critical infrastructure. These crimes include network intrusions, hacking attacks, malicious software, and account takeovers leading to significant data breaches affecting every sector of the world economy.
The recently reported data breaches of Target and Neiman Marcus represent only the most recent, well-publicized examples of this decade-long trend of major data breaches perpetrated by cyber criminals intent on targeting the nation’s retailers and financial payment systems. The increasing level of collaboration among cyber-criminals allows them to compartmentalize their operations, greatly increasing the sophistication of their criminal endeavors and allowing for development of expert specialization. These specialties raise both the complexity of investigating these cases, as well as the level of potential harm to companies and individuals.
So how should the industry react to prevent further breaches? Those opinions provided during testimony at the hearing varied widely, though both consumer and merchant groups would like the card networks to give up requiring only signatures for smart card purchases at the point of sale.
Consumer program director at the U.S. Public Interest Research Group, called for myriad of changes, citing that the greater risk from the recent breaches is less related to identity theft than it is to fraud on existing accounts, and he said it’s time for players on both sides of the transaction to focus more on protecting consumers than on managing their own risk.
Until now, both banks and merchants have looked at fraud and identity theft as a modest cost of doing business and have not protected the payment system well enough. They have failed to look seriously at harms to their customers from fraud and identity theft -including not just monetary losses and the hassles of restoring their good names, but also the emotional harm that they must face as they wonder whether future credit applications will be rejected due to the fraudulent accounts.
As a first step, Congress should institute the same fraud cap, $50, on debit/ATM cards that exists on credit cards, or eliminate the $50 cap entirely, since it is never imposed because of the zero-liability policies issuers have voluntarily have imposed. Congress also should provide debit and prepaid card customers with the stronger billing-dispute rights and rights to dispute payment for products that do not arrive or do not work as promised, just as many credit card users enjoy.
Congress should endorse a specific technology, such as EMV smart cards and if it does, require the use of PINs when initiating smart card transactions. The current pending U.S. rollout of chip cards will allow use of the less-secure chip-and-signature cards rather than the more-secure chip-and-PIN cards. Why not go to the higher-and-PIN authentication standard immediately and skip past chip and signature? There is still time to make this improvement.”
Retailers have spent billions of dollars on card-security measures and upgrades to comply with PCI card security requirements, but it hasn’t made them immune to data breaches and fraud. The card networks have made those decisions for merchants, and the increases in fraud demonstrate that their decisions have not been as effective as they should have been.
The card networks should forego chip and signature and go straight to chip and PIN. To do otherwise would mean that merchants would spend billions to install new card readers without they or their customers obtaining PINs’ fraud-reducing benefits. We would essentially be spending billions to combine a 1990’s technology chips with a 1960’s relic signature in the face of 21st century threats.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, Digital Wallet Privacy, Electronic Payments, EMV EuroPay MasterCard Visa, Financial Services, Merchant Services Account, Payment Card Industry PCI Security, Point of Sale, Small Business Improvement, Visa MasterCard American Express Tagged with: banking, Breach, card networks, card-security, chip and signature, chip cards, chip-and-PIN cards, computer technology, credit applications, credit cards, critical infrastructure, cyber crimes, cyber-criminals, data breaches, debit atm cards, EMV, hackers, hacking attacks, international trade and finance, malicious software, managing risk, merchant, national security, netwrok intrusions, new card readers, online, payment system, pci card security requirements, PIN, point of sale, prepaid card customers, smart card transactions, technology chips, the secret service, transnational cyber criminals, virtual marketplace, world economy
January 9th, 2014 by Elma Jane
Notably after the Japanese tsunami…the Hungarian Red Cross has used mobile technology to raise funds for disaster relief, but for the first time has enlisted social media in the process. The organization is running a Facebook campaign that lets smartphone users make instant donations to aid victims of Typhoon Haiyan in the Philippines.
The donations will pass through the MasterCard Mobile app that was developed by the Hungarian m-payments firm Cellum. The solution relies on QR codes. The method is available only in Hungary.
Process works like this:
Download the MasterCard Mobile app to your smartphone and register your bank card, then follow the steps to secure your personal data.
To donate, scan the QR code shared on Facebook with the built-in scanner of MasterCard Mobile. Transaction data are displayed on the screen to ensure the donation goes to the chosen cause.
The QR code contains a minimum sum, which can be increased.
Then press the send button to review and confirm transaction data.
The app then initiates the transaction, which you need to authorize by entering your mPIN.
You will receive feedback on the successful transaction, which can later be viewed in the transactions menu.
The donations will pass through Cellum’s system and quickly go to the Hungarian Red Cross’ account, which is dedicated to typhoon relief efforts.
Donations are a matter of impulse and that people who decide to give want to act quickly, chances are they don’t carry around a pen to put down a 24-digit bank account number on a piece of paper. By the time they get home and visit their online bank where they could transfer the money, they have already been distracted by a hundred other stimuli, so they end up sending nothing. Cellum’s solution is simple; whenever the impulse hits people, they probably have their phone at hand said Cellum spokesman Balazs Inotay.
Posted in e-commerce & m-commerce, Internet Payment Gateway, Medical Healthcare, Smartphone Tagged with: account number, authorize, confirm transaction data, Facebook, m-payments, MasterCard, mobile app, mobile technology, personal data, phone, PIN, process, qr codes, Red Cross, scanner, secure, smartphone, social media, solution, successful transaction, transfer
October 21st, 2013 by Elma Jane
Good time for merchants to start noting how their provider is handling card company fee changes as well as any future rate and fee changes, especially if your contract will expire in 2014.
October 2013 Rate and Fee Increase Notices
Visa, MasterCard, and Discover Credit card companies generally make rate and fee changes in the April and October time frame, although they have also made changes at other times of the year. Inevitably, some banks and merchant account providers seem to take advantage of the card company changes by increasing or adding their own mark-ups and by pointing too much of the blame at the card companies for the increases. This time around isn’t much different than others and merchants have sent me some rate and fee increase notices that go well beyond any card company changes.
In understanding how your provider is handling the latest card company changes, keep in mind that there are two important changes for October 2013:
Discover introduced a .25 cent increase to all transactions.
MasterCard introduced a .25 cent increase to certain transactions.
Below are two examples of recent notices on the October changes. Understanding the above .25 cent changes, how would you rate these providers?
Notice 1: 0.02 Percent + $0.02 Increase
“MasterCard, Visa and Discover typically evaluate the Interchange rates and fees twice per year most often in April and October. Based on recent changes as well as analysis from other network providers and vendors, the following changes to your merchant account are being implemented and will be reflected in your merchant statements for transactions processed beginning in October:
Interchange Plus Merchants: Percentage charged in excess of Interchange will increase by 2/100ths of a percent; and
Transactions Fees for all authorized transactions will increase by $0.02/transaction.”
Tiered Pricing Merchants: Qualified Rate for Visa, MasterCard and Discover will increase 2/100th of a percent;
Notice 2: 0.40 Percent Increase
“Effective October 1, 2013, the discount rates charged for your Visa, MasterCard, and Discover (as applicable) credit card and non-PIN (signature) debit card transactions will increase by 0.400%. We have increased these charges based on a variety of factors, including recent Card Organization changes and our own pricing considerations. This change will appear beginning with your October month-end statement you will receive in November.”
Your Statements Now go back to the statements you received in August and September or any notices you received via mail and read the notice your provider posted for these changes. Did the provider announce the actual change or did it state something quite differently? If it’s the latter, make sure it adjusts pricing accordingly. Also, make sure you monitor your rates, fees, and notices going forward to determine the best long-term course of action. If the provider needs you to extend your contract to correct its overcharges, then there are probably bigger pricing issues and more assertive action required by you to investigate your overall processing cost.
EMV Capable Terminals
To reduce fraud in the U.S., the card companies are introducing cards that have a chip as well as the current magnetic strip. Chip cards are prevalent outside the U.S. and EMV — Europay, MasterCard, and Visa — established the technical standards for processing them.
Brick-and-mortar merchants should understand about EMV.
Brick-and-mortar merchants should have equipment capable of processing EMV chip card transactions by October 2015 as certain fraud liability will shift from the bank that issued the card to the merchant. The equipment may be a terminal or a chip card reader attached to the terminal or POS system.
Certain credit card transactions will require a PIN number instead of a signature similar to PIN debit transactions today. Also, like the current PIN debit devices, each chip reader will need to be encrypted and the encryption code is processor specific. Therefore, if a merchant has an encrypted device, changing processors may be more costly as the encryption cannot simply be downloaded over the phone or Internet as is done with terminal reprogramming now. Instead, the encrypted device will need to go back to the provider for encryption or swapped with an encrypted device or a new encrypted device may be needed.
“EMV capable” can mean very little. In fact, if you have purchased or leased an “EMV capable” terminal it may simply mean that it has the slot or contactless connection to place the chip card and the terminal may have the capability to eventually be encrypted to actually process chip cards. However, the cost and time required to do so could be prohibited.
However, merchants should be planning to have equipment capable of processing chip card by October 2015. In fact, they should be planning to have the equipment capable of processing chip cards well ahead of the October 2015 — perhaps as early as late 2014, to ensure receiving it in time.
If a merchant’s existing terminal fails or is no longer supported, the merchant should inquire about EMV terminals as a replacement. However, ask if it comes fully encrypted and capable of actually processing an EMV transaction or if it will need the encryption later. Right now, the answer is likely that the terminal will need encryption later. If so, the merchant should obtain the time frame, process, and cost for enabling the terminal to actually process chip cards. This should be in writing. Remember, new terminals cost the provider around $150 to $250 and the encryption may be an extra $25 to $50.
Make sure you are comfortable with your provider and have negotiated the best processing cost before changing to encrypted EMV equipment.
Merchants do not need EMV terminals today and very few providers actually have terminals that can process an EMV chip card transaction right now.
Posted in Credit card Processing, Electronic Payments, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: authorized, banks, chip card, contactless, cost, credit-card, debit, devices, Discover, EMV, encrypted, fee, increase, interchange, MasterCard, merchant account providers, network, overcharges, percent, percentage, PIN, POS, pricing, processor, prohibited, rate, rate and fee, statements, terminal, transactions, visa
