Nov
05
2015
Contacless
November 5th, 2015 by Elma Jane

EMV-compliant POS systems are now being equipped with NFC technology to accept contactless payments. What does this mean for the future of payments?

EMV lays the foundation for increased card-present and contactless payments security, with EMV, magnetic stripe cards are soon to be a bygone technology. Plastic EMV cards will not have a long lifespan as payments move into a more digital space, security and NFC upgrades merchants and consumers now will carry over into the digital and mobile payments space.

Consumers are constantly looking for more convenient ways to transact, which is made possible by the simultaneous adoption of EMV and NFC. While EMV supports plastic chip cards, payments are going digital and POS systems equipped with NFC technology save consumers from digging through their wallets, making it easier for consumers to transact via mobile devices. Mobile payments should be simple, scalable and affordable in today’s payment landscape and consumers should have the option to securely store and use multiple cards within their digital wallets or applications they most often use.

EMV standards increase security for card-present payments, which are relevant to many consumers today, but the convenience of mobile and contactless payments is the future. In an era of EMV, NFC plays as critical a role in propelling both technologies forward. Retailers and card issuers alike must recognize the opportunity to take advantage of both.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Smartphone Tagged with: , , , , , , , , , ,

Oct
13
2015
October 13th, 2015 by Elma Jane

It is difficult to believe that many businesses still do not accept credit or debit cards for payments, while most customers preferred using cards for the following reasons.

  • Doesn’t want to carry cash.
  • Security and Protection offered by card issuers.
  • Desire to earn reward points.

Some of the many advantages for businesses that accept credit card payments include:

Easy and cost efficient – credit card processing has become a highly competitive industry. NTC offers the latest in EMV and NFC technologies that allows businesses to accept contactless payment like Apple and Android Pay. NTC integrates with most POS systems.

Essential for online sales – internet selling is growing. The Internet makes it possible for a small business in a remote location to offer its products to potential customers throughout the nation and even across the world, almost all of those transactions require a credit or debit card.

Increases revenue – people like the convenience and security of paying with a credit or debit card. In fact, 66 percent of point-of-sale transactions use credit, debit or gift cards.

Merchant services accelerate cash flow – credit card transactions process quickly, with proceeds generally available in a bank account within two days or less. That eliminates the time it normally takes checks to clear. It also reduces or eliminates billing and the time spent waiting to receive payment checks from customers.

Reduce transaction risks – Check fraud remains a major problem for U.S. businesses, 77% of businesses were victims of check fraud, only 34% experienced credit card fraud and 92% said they believe new EMV chip and pin, credit cards will significantly reduce fraud at the point of sale.

Setting up a merchant account for your business is as simple as contacting a merchant service provider. A merchant service provider process payments and make sure the money is appropriately withdrawn from a credit card account and placed into the business’s merchant account.

For more details about setting up an account give us a call now! at 888-996-2273.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , ,

May
19
2015
May 19th, 2015 by Elma Jane

We’re now nearly midway through 2015, and payment security still remains a topic that stirs up great concern and confusion. While there is seemingly unanimous agreement on the need for heightened security, there’s uncertainty about those who are tasked with actually implementing it. Let’s dig deeper into EMV, P2PE and tokenization. How each will play a part in the next generation of securing payments, and how without properly working together they might just fall short.

 

 

Europay, MasterCard, and Visa (EMV) – A powerful guard against credit card skimming. EMV also uses cryptography to create dynamic data for every transaction and relies on an integrated chip embedded into the card.

Downside: For Independent Software Vendor (ISVs), the biggest downside of EMV is the complexity of creating an EMV solution. ISVs interested in certifying PINpads with a few processors face up to 22 months of costly work, and because there are a large number of pending certifications, processors will be backed up over the next few years.

It’s not impossible for an ISV to build EMV solutions in-house, but it’s difficult and unnecessary when there are plug-and-play EMV solutions available. These solutions include pre-packaged and pre-certified APIs that remove most of the need for research, the complexity and the burden of time and cost.

Point to Point Encryption (P2PE) – Secures devices, apps and processes using encrypted data with cryptographic keys only known to the payment company or gateway from the earliest point of the transaction, from tech-savvy criminals, jumping at their chance to intercept POS systems and scrape the memory from Windows machines.

How does a key get into card reader? Through an algorithm called derived unique key per transaction (DUKPT), or “duck putt.” DUKPT generates a base key that’s shared with device manufacturers securely, where output cardholder data is rendered differently each time a card is swiped, making it impossible to reverse engineer the card data. P2PE not only benefits the cardholders, but also the ISVs and merchants. PA-DSS certification was designed to address the problems created with cardholder data which is not encrypted.

Downside: P2PE isn’t cheap if an organization wants to do it in-house. The secure cryptographic device needed to manage the keys, Hardware Security Module (HSM), can cost $30-40,000 but when it’s built out, that total cost can jump to $100,000.

TOKENIZATION – The best way to protect cardholder data when it’s stored is using tokenization, a process which the PCI Security Standards Council describes as one where the primary account number is replaced with a surrogate value a token. For merchants dealing with recurring billing, future payments, loyalty programs and more, tokenization is critical.

Downside: Tokenization doesn’t prevent malware that’s remotely installed on POS devices. It’s possible, as seen with recent retail card breaches, for data to be stolen before it is tokenized. That’s why it’s essential to group tokenization together with P2PE and EMV to offer optimal security.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Mar
10
2015
March 10th, 2015 by Elma Jane

If you can’t accept credit cards for your business, you are losing out on potential revenue. Most people don’t carry more than $20 in cash with them at a time, and people who use credit cards tend to spend more than their cash-carrying counterparts.

These days you can turn your smartphone or tablet into a credit card reader, but which service should you choose? What do you need to consider when deciding?

NTC is here to help you understand all the intricacies of taking credit card payments with your smartphone or credit card.

Credit card reader or Wedge are useful in a variety of industries and for businesses of all sizes. Arts and crafts business accepting credit card payments at conventions and other events. A pub that gives its servers credit card readers rather than having to pay for everything at the bar. POS systems with a mobile integration can swipe your card on the spot rather than taking credit cards over the phone when ordering delivery.

If you work in one of these fields it might be time to think about getting a wedge:

Arts and crafts vendors: Do you sell your wares at conventions, art shows, and other big events? You could be a book reseller, an artist, a jewelry maker, a clothing retailer, or even a makeup seller.

Food Service: Food trucks were among the earliest adopters of mobile card readers, but there is no shortage of restaurants that are using them now. There are companies both offer POS systems in addition to their mobile card readers, which is perfect for delivery services.

Service providers: If you don’t have a brick-and-mortar office or base of operation where customers visit you, or if you conduct your business in your customers’ homes (carpet cleaners, plumbers, lawn care, mobile dog groomers, exterminators, etc.), a credit card reader/wedge gives you flexibility as well as credibility, as well as added security.

 

Understanding the Costs of Accepting Credit Card Payments

In the traditional business model, to accept credit card payments you would have to set up a merchant account. A merchant account typically entails a detailed look at your credit history and business.

Credit card companies assess a small fee to merchants for processing payments. With merchant accounts and card readers, the cost is built in and deducted automatically, so you don’t have to worry about paying it yourself. With a merchant account, you typically get lower rates because of the decreased risk.

It’s not just the standard fees that you need to worry about when you want to accept credit card payments. There are costs hidden everywhere, so let’s address some of these issues:

Internet Availability                                                                                                                            Typically, smartphone and tablet card readers need some sort of Internet connectivity, via a cellular signal or Wi-Fi. Most smartphones these days are capable of becoming Wi-Fi hotspots, so you can create your own Wi-Fi. However, this option relies on your phone’s data plan. The more transactions you make, the more data you use.

Compatibility                                                                                                                                    You also need to make sure that your devices are compatible with the card reader. Check the list of compatible devices before you commit to one service over another.

Also note that you’re going to usually have to enable location services on your phone.

Card Compatibility, Manual Entry Fees, Location                                                                           There are card readers that seems to work best with a specific device. You’re typically going to pay more    for manually entering credit card numbers because of the greater risk – the card doesn’t have to physically    be present to complete the transaction.

Likewise, you’re usually going to pay more for accepting international cards, and you’re not always going to be able to accept payments outside the U.S.

Taxes and Tips                                                                                                                               Several mobile credit card readers will let you add sales tax to the base purchase without requiring you to calculate it, which is handy if you’re not fond of math or just want the transaction to go more quickly.

As an alternative, you can build the sales tax into the listed prices, which some of your customers might appreciate.

Finally, depending on your industry, you may want to check that the credit card reader you use allows your customers to add a tip.

Time to Get Your Money                                                                                                                   The final cost to consider for credit card readers is more of a convenience fee than anything — it’s the time before you can access your money.

If you’re in a high-risk industry or have a high volume of business, you are probably better off obtaining a merchant account and using one of their mobile solutions.

You’re also going to want to worry about refunds and chargebacks. If, for whatever reason, a consumer complains to his or her credit card company and there’s a chargeback.

 

Features to look For in Your Credit Card Reader                                                                      Features-wise, you can at least expect the basics to remain consistent across smartphone credit card readers: you can swipe cards, manually key them in, and issue receipts. It’s the little things that will ultimately set one service provider apart from the rest. Some of the things you may want to look out for include:

Record-Keeping for Cash and Checks                                                                                             Sure, you can manage your cash intake the old fashioned way and let your bank deal with checks. But some credit card readers, (which doesn’t actually require you to swipe cards, but more on that later) will let you create digital receipts for cash and check transactions as well.

POS Integration                                                                                                                              Depending on your needs, you might want to look for a service that has easy POS integration.

E-Commerce Integration                                                                                                                Likewise, look for easy integration with an online store, if you have one. Easy integration is ideal for centralizing your accounts.

 

Accounting Integration & More                                                                                                           Do you use an accounting service? If so, you might prefer the ability to transfer your data directly from your card swiping service to your accounting software. 

Invoicing                                                                                                                                              If you do custom orders, offer services, or provide goods to a business, you’re all too familiar with invoices. With some services, you can generate invoices through them and send them to clients via email. The biggest advantage to this is simply that you get your money quicker because there’s no need to cut a check and send it through snail mail.

Voids and Refunds                                                                                                                                It’s unfortunate, but you do need to make accommodations to process refunds and void transactions. Sometimes your finger slips on a key and you don’t notice until afterward, and sometimes the customer just changes their mind. Make sure that you understand how to use these features in whichever service you choose.

Card Reader Design                                                                                                                      Needless to say there is more than a bit of awkwardness trying to balance a phone with a 5.1-inch screen in your hand while also stabilizing the card reader while swiping the card. Especially when you’re working with limited table space. It’s worth looking at the card reader and the device it’s attached to and making sure that the design works for you.

Permissions for Multiple Users                                                                                                          Do you have several employees? The ability to give permissions to multiple users comes in handy here. With it, you can enable employees (or your friends) to accept payments without giving them full access to your account. This is great if you happen to have multiple booths at events, or if you send multiple employees out on location and each one needs to be able to accept payments.

Accepting credit card payments doesn’t have to be a terrifying prospect, even if you’re running just a small-time business. You can get a mobile credit card reader for free in many cases, and while you won’t pay the lower fees associated with traditional merchant accounts, the costs are still readily manageable. What you need to consider are the hidden costs — not necessarily in the service providers, but the ones that come from using a data connection, or requiring Wi-Fi. How soon you get your money should also be a top priority.

 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Mobile Payments, Mobile Point of Sale, Smartphone, smartSD Cards Tagged with: , , , , , , , , , , , , , ,

Dec
01
2014
December 1st, 2014 by Elma Jane

Few Americans will likely remember the life and work of Martin Cooper, largely because most Americans have no idea who Martin Cooper is. Without Martin Cooper much of what we identify as normal life for the last two decades would not have been possible, as without his invention we would still be looking for pay phones, dropping off film to be developed, printing out boarding passes and contemplating a future where a plastic rectangle was the height of payments technology.

Anyone reading this has a phone with internet access which means no one has to guess, with a few taps on a smartphone most readers who didn’t already know were able to find out that Martin Cooper invented the handheld mobile phone and by so doing changed the lives of not just Americans, but people all over the world.

Mobile has integrated so seamlessly into our life that we didn’t realize it was changing everything we do.

Here are the list of all of the ways that mobile has improved life for us all.

We All Get To Know Everything All The Time, with just a smartphone.                                                       Impulse buy is a thing of the past because consumers just don’t buy on impulse as much anymore.                 A new intentionality has taken hold of shopping. Many Americans have the money and the will to spend. But they are time-pressed and deal savvy, visiting stores only when they run out of items like cereal or toilet paper and after doing extensive research on purchases online and with friends. They buy what they came for and then leave. Plus consumers are harder to fool, they know if they are being overcharged because they can look it up in real time while they are in the showroom.

Full Price Is A Notion Utterly Without Meaning.                                                                                             There are sites like Groupon, LivingSocial and a thousand imitators offer coupons pretty much across every retailer that mean no matter where one is shopping or eating they’re probably a few button taps away from paying less for the type of service they are out for.  And then there are the retailer rewards programs all bent on giving consumers more stuff for free as long as they use their mobile coupons.

We All Think Way More About Privacy And Digital Security Than We Used To.                                         Twenty years ago one’s largest security concern was probably that their home or car would be broken into, followed closely by their wallet being stolen.  Now we wait for Russian cybercriminals to steal our cards by hacking into POS systems and lifting the data. Or for cybercriminals to hack our phones and upload naked pictures of us to the internet (celebrity readers only). Or for Nigerian princes to trick our grandparents into wiring them money.  In short, while we still fear for our physical possessions as much as we ever did, the mobile world gave us something entirely new to worry about, the integrity of our data and who could use our phones, cards and email accounts as a backdoor into our entire personal and financial lives. 

We Want It All, And We Want It Now.                                                                                                    Anyone with a phone in their pocket can, in one way or another, buy it on the spot.  Which has given rise to the push for same-day delivery, consumers who can buy it now, also want to be able to get it now, or as close to now as possible.

We Also Want It Later.                                                                                                                             Maybe the consumer likes going to the store, enjoys the Christmas lights, wants to eat at a mall food court, they just don’t want to stand inline. And now, through the magic of omnichannel commerce, they may not have to do. Through the magic of multi-device shopping an instore pick-up, consumers are increasingly getting used to finding something on their mobile, paying on their computer and picking up in store. Or some combination thereof.

Mobile has made commerce less a race between the e-markets and the brick-and-mortars, and more a race to offer the most seamless commerce experience. Mobile has taught ever one to care less about where they buy, and more about what the total buying experience is.

We Pay For Access Instead Of Objects.                                                                                                         Ten years ago when your family set about its early experiments in binge watching television with the first season of Lost, odds are everyone gathered round and watched a DVD set or maybe a Blue Ray, if your family happened to be full of early adopters.

This weekend, when entire families are sitting down to watch How To Get Away With Murder, more likely than not they are streaming it through Hulu. Unless they don’t want to watch that, in which case, they are watching something else on  Netflix on their phone while sitting in the same room with their family. Unless of course this is a football family, in which case you are paying the NFL for access to every football game played everywhere in America tomorrow and a cable company to watch in HD.

We Want To Use A Phone To Access Everything.                                                                                      It’s almost now quaint to refer to a time when phones were used primarily to talk.  With the rapidly emerging internet of things, it will soon be quaint to talk about a phone as a tool used primarily for communicating and shopping.

The smartphone is already heading toward being the key interface between connected devices and products (The Internet of Things) and their users. Among other things, people will use the device to remotely control household appliances, interact with screens and automatically adjust car settings to their preferences.

We Kinda Hope The Phone Might Keep Us Alive.                                                                                    With the release of Apple Pay, also came the release of Apple Health that has widely been reported as ushering in the age of mobile device as wellness guru. Smartphones can already help people lead healthier lives by providing information, recommendations and reminders based on data gathered through sensors embedded in users’ clothing (shoes, wristbands, etc.) or through other phone capabilities (motion detectors, cameras, etc.).

And, even if you don’t listen to your phone and put your health at risk, it will still probably save you.  Internet-enabled mobile devices are becoming important tools in broadening access to health care, diagnosing diseases and saving lives in crisis situations.

Making Life A Lot Better For Everyone.                                                                                                          Small merchants can do something now that they couldn’t do en masse twenty years ago. Take credit card payments and use a tablet to do that and run their business. With the emergence of mobile, came thousands of the other mPOS solutions and platforms exploding all over the world. This has not only changed the way these small businesses operate, it has changed their entire pitch to their customers.

Mobile has made life easier for many consumers, but for some businesses and many people mobile has made mainstream financial participation possible.

Posted in Best Practices for Merchants, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , ,

Sep
16
2014
September 16th, 2014 by Elma Jane

When plastic cards become digital tokens, they become virtual. So how do you say that the Card is Present or Not Present.  The legendary regulatory difference that the cards industry has relied on to differentiate between interchange fees for Card Present and Card Not Present transactions.

Apple secured Card Present preferential rates for transactions acquired by iTunes on the basis that the card’s legitimacy is verified with the issuer at the time of registration and the token minimizes probability of fraud. If an API call to the issuing bank is sufficient to say that the Card is Present, who is to say that the same logic can’t apply to online merchants who also verify the authenticity of Cards on File when they tokenize them? How can one arbitrarily say that the transaction processed with token from an online merchant is Card Not Present, but the one processed with Apple Pay is Card Present even though both might have made the same API call to the bank to verify the card’s validity?

In the Apple case, a physical picture of the card is taken and used to verify that the person registering the card has it. It is not that hard for an online merchant to verify that the Card on File converted as a token does belong to the person performing an online transaction.

As we move towards chip and pin the card present merchants will spend substantial money upgrading their hardware and POS systems. That expense will be offset by that savings in losses due to fraud. MOTO and e-commerce transactions ( card NOT present ) will always have a higher cost because the nature of processing is NON face to face transactions. Of course the fraud and losses are higher when the card is manually entered or given to someone over the phone……Face to face will always have the lowest cost per transaction because it is usually the final step in the sale. Restaurants are low risk because you had the transaction AFTER you eat. If there is a dispute it happens before the merchant even sees the credit card.

In the long run, as cards become digital and virtual through tokens, we are all going to wonder if card is present or not present. May be some will say. Card is a ghost.

Posted in Best Practices for Merchants, Credit card Processing, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
10
2014
September 10th, 2014 by Elma Jane

If your businesses considering an iPad point-of-sale (POS) system, you may be up for a challenge. Not only can the plethora of providers be overwhelming, but you must also remember that not all iPad POS systems are created equal. iPad POS systems do more than process payments and complete transactions. They also offer advanced capabilities that streamline operations. For instance, they can eliminate manual data entry by integrating accounting software, customer databases and inventory counts in real time, as each transaction occurs. With these systems, you get 24/7 access to sales data without having to be in the store. The challenge, however, is knowing which provider and set of features offer the best iPad POS solution for your business. iPad POS systems vary in functionality far more than the traditional POS solutions and are often targeted at specific verticals rather than the entire market. For that reason, it’s especially important to compare features between systems to ultimately select the right system for your business.

To help you choose a provider, here are things to look for in an iPad POS system.

Backend capabilities

One of the biggest benefits of an iPad POS system is that it offers advanced features that can streamline your entire operations. These include backend processes, such as inventory tracking, data analysis and reporting, and social media integration. As a small business, two of the most important time saving and productivity-boosting features to look for are customer relationship management (CRM) capabilities and connectivity to other sales channels. You’ll want an iPad POS that has robust CRM and a customizable customer loyalty program. It should tell you which products are most and least frequently purchased by specific customers at various store locations. It should also be able to identify the frequent VIP shoppers from the less frequent ones at any one of your store locations, creating the ultimate customer loyalty program for the small business owner. If you own an online store or use a mobile app to sell your products and services, your iPad POS software should also be able to integrate those online platforms with in-store sales. Not only will this provide an automated, centralized sales database, but it can also help increase total sales. You should be able to sell effortlessly through online, mobile and in-store channels. Why should your customers be limited to the people who walk by your store? Your iPad POS should be able to help you sell your products through more channels, online and on mobile. E-commerce and mobile commerce (mCommerce) aren’t just for big box retailers.

Cloud-based

The functions of an iPad POS solution don’t necessarily have to stop in-store. If you want to have anytime, anywhere access to your POS system, you can use one of the many providers with advanced features that give business owners visibility over their stores, its records and backend processes using the cloud. The best tablet-based POS systems operate on a cloud and allow you to operate it from any location you want. An iPad POS provider, with a cloud-based iPad POS system, businesses can keep tabs on stores in real time using any device, as well as automatically back up data. This gives business owners access to the system on their desktops, tablets or smartphones, even when not inside their stores. Using a cloud-based system also protects all the data that’s stored in your point of sale so you don’t have to worry about losing your data or, even worse, getting it stolen. Because the cloud plays such a significant role, businesses should also look into the kind of cloud service an iPad POS provider uses. In other words, is the system a cloud solution capable of expanding, or is it an app on the iPad that is not dependent on the Internet? Who is the cloud vendor? Is it a premium vendor? The type of cloud a provider uses can give you an idea about its reliability and the functions the provider will offer.

Downtime and technical support

As a small business, you need an iPad POS provider that has your back when something goes wrong. There are two types of customer support to look for: Downtime support and technical support.

iPad POS systems are often cheaper and simpler than traditional systems, but that doesn’t mean you can ignore the product support needs. The POS is a key element of your business and any downtime will likely result in significant revenue loss. You could, for instance, experience costly downtime when you lose Internet connectivity. iPad POS systems primarily rely on the Web to perform their core functions, but this doesn’t mean that when the Internet goes down, your business has to go down, too. Many providers offer offline support to keep your business going, such as Always on Mode. The Always on Mode setting enables your business to continue running even in the event of an Internet outage. Otherwise, your business will lose money during a loss of connectivity. Downtime can also happen due to technical problems within the hardware or software. Most iPad POS providers boast of providing excellent tech support, but you never really know what type of customer service you’ll actually receive until a problem occurs.

Test the friendliness of customer service reps by calling or emailing the provider with questions and concerns before signing any contracts. This way, you can see how helpful their responses are before you purchase their solution. Your POS is the most important device in your store. It’s essentially the gateway to all your transactions, customer data and inventory. If anything happens to it, you’ll need to be comfortable knowing that someone is there to answer your questions and guide you through everything.

Grows with your business

All growing businesses need tech solutions that can grow right along with them. Not all iPad POS systems are scalable, so look for a provider that makes it easy to add on more terminals and employees as your business expands. Pay attention to how the software handles growth in sales and in personnel. As a business grows, so does it sales volume and the required software capabilities. Some iPad POS solutions are designed for very small businesses, offering very limited features and transactions. If you have plans for growth, look for a provider that can handle the changes in transactions your business will be going through. Find out about features and customization. Does the system do what you want it to do? Can it handle large volume? How much volume? What modules can you add, and how do you interface to third parties? You should also consider the impacts of physical expansion and adding on new equipment and employees. If there are plans in the future for you to open another store location, you’ll need to make sure that your point of sale has the capabilities of actually handling another store location without adding more work for you. If you plan on hiring more employees for your store, you’ll also want to know that the solution you choose can easily be learned, so onboarding new staff won’t take up too much of your time.

Security

POS cyber attacks have risen dramatically over the past couple of years, making it more critical than ever to protect your business. Otherwise, it’s not just your business information at risk, but also your reputation and entire operations. iPad POS system security is a bit tricky, however. Unlike credit card swipers and mobile credit card readers that have long-established security standards namely, Payment Card Industry (PCI) compliance — the criteria for the iPad hardware itself as a POS terminal aren’t quite so clear-cut. Since iPads cannot be certified as PCI compliant, merchants must utilize a point-to-point encryption system that leaves the iPad out of scope. This means treating the iPad as its own system, which includes making sure it doesn’t save credit-card information or sensitive data on the iPad itself. To stay protected, look for PCI-certified, encrypted card swipers.

 

 

Posted in Best Practices for Merchants, Mobile Point of Sale, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
07
2014
August 7th, 2014 by Elma Jane

8706521946_cfbc9e0e6f_o

Recent high-profile cyberattacks at retail giants like Target and Neiman Marcus have highlighted the importance of protecting your business against point-of-sale (POS) security breaches. Often, the smallest merchants are the most vulnerable to these types of cyberthreats. The latest of these POS attacks is known as Backoff, a malware with such brute force that the U.S. Department of Homeland Security (DHS) has gotten involved. The DHS recently released a 10-page advisory that warns retailers about the dangers of Backoff and tells them how they can protect their systems. Backoff and its variants are virtually undetectable low to zero percent by most antivirus software, thus making it more critical for retailers to make sure their networks and POS systems are secure.

How Backoff works

Backoff infiltrates merchant computer systems by exploiting remote desktop applications, such as Microsoft’s Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2 and LogMeIn, among others. Attackers then use these vulnerabilities to gain administrator and privileged access to retailer networks. Using these compromised accounts, attackers are able to launch and execute the Backoff malware on POS systems. The malware then makes its way into computer and network systems, gathers information and then sends the stolen data to cybercriminals. The advisory warns that Backoff has four capabilities that enable it to steal consumer credit card information and other sensitive data: scraping POS and computer memory, logging keystrokes, Command & Control (C2) communication, and injecting the malware into explorer.exe. Although Backoff is a newly detected malware, forensic investigations show that Backoff and its variants have already struck retailers three times since 2013, the advisory revealed. Its known variants include goo, MAY, net  and LAST.

Prevent a Backoff attack

To mitigate and prevent Backoff malware attacks, the DHS’ recommendations include the following:

Configure network security. Reevaluate IP restrictions and allowances, isolate payment networks from other networks, use data leakage and compromised account detection tools, and review unauthorized traffic rules.

Control remote desktop access. Limit the number of users and administrative privileges, require complex passwords and two-factor authentication, and automatically lock out users after inactivity and failed login attempts.

Implement an incident response system. Use a Security Information and Event Management (SIEM) system to aggregate and analyze events and have an established incident response team. All logged events should also be stored in a secure, dedicated server that cannot be accessed or altered by unauthorized users.

Manage cash register and POS security. Use hardware-based point-to-point encryption, use only compliant applications and systems, stay up-to-date with the latest security patches, log all events and require two-factor authentication.

 

Posted in Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Jun
04
2014
June 4th, 2014 by Elma Jane

Zavers, the online coupon program that was launched through Google 17 months ago, is just going to be one of those things that didn’t work out. Google announced yesterday that it is pulling the program, due to lack of interest. Zavers allowed users to clip coupons online and use them in-store. It was intended to help merchants’ build more targeted and effective loyalty and reward programs.

Zavers was basically a coupon program tied with the merchant point-of-sale system. The integration process with the POS systems were proving to be challenging and retailers were not too keen on sharing their data with Google.

Google has said it will continue to work closely with users through the transition away from Zavers and that it continues to move forward with greater focused on more successful areas of their initial entrance into payments such as product listing ads, Google Shopping Express and Google Wallet.

Posted in Uncategorized Tagged with: , , , , , , , , , , , , , ,

May
21
2014
May 21st, 2014 by Elma Jane

Mobile credit card processing is way cheaper than traditional point-of-sale (POS) systems. Accepting credit cards using mobile devices is stressful, not to mention a hassle to set up  and customers would never dare compromise security by saving or swiping their credit cards on a mobile device. Some of the many myths surrounding mobile payments, which allow merchants to process credit card payments using smartphones and tablets. Merchants process payments using a physical credit card reader attached to a mobile device or by scanning previously stored credit card information from a mobile app, as is the case with mobile wallets. Benefits include convenience, a streamlined POS system and access to a breadth of business opportunities based on collected consumer data. Nevertheless, mobile payments as a whole remains a hotly debated topic among retailers, customers and industry experts alike.

Although mobile payment adoption has been slow, consumers are steadily shifting their preferences as an increasing number of merchants implement mobile payment technologies (made easier and more accessible by major mobile payment players such as Square and PayPal). To stay competitive, it’s more important than ever for small businesses to stay current and understand where mobile payment technology is heading.

If you’re considering adopting mobile payments or are simply curious about the technology, here are mobile payment myths that you may have heard, but are completely untrue. 

All rates are conveniently the same. Thanks to the marketing of big players like Square and PayPal – which are not actually credit card processors, but aggregators rates can vary widely and significantly. For instance, consider that the average debit rate is 1.35 percent. Square’s is 2.75 percent and PayPal Here’s is 2.7 percent, so customers will have to pay an additional 1.41 percent and 1.35 percent, respectively, using these two services. Some cards also get charged well over 4 percent, such as foreign rewards cards. These companies profit & mobile customers lose. Always read the fine print.

Credit card information is stored on my mobile device after a transaction. Good mobile developers do not store any critical information on the device. That information should only be transferred through an encrypted, secure handshake between the application and the processor. No information should be stored or left hanging around following the transaction.

I already have a POS system – the hassle isn’t worth it. Mobile payments offer more flexibility to reach the customer than ever before. No longer are sales people tied to a cash register and counters to finish the sale. That flexibility can mean the difference between revenue and a lost sale. Mobile payments also have the latest technology to track sales, log revenue, fight chargebacks, and analyze performance quickly and easily.

If we build it, they will come. Many wallet providers believe that if you simply build a new mobile payment method into the phones, consumers will adopt it as their new wallet.   This includes proponents of NFC technology, QR codes, Bluetooth and other technologies, but given very few merchants have the POS systems to accept these new types of technologies, consumers have not adopted. Currently, only 6.6 percent of merchants can accept NFC, and even less for QR codes or BLE technology, hence the extremely slow adoption rate.  Simply put, the new solutions are NOT convenient, and do not replace consumers’ existing wallets, not even close.

It raises the risk of fraud. Fraud’s always a concern. However, since data isn’t stored on the device for Square and others, the data is stored on their servers, the risk is lessened. For example, there’s no need for you to fear one of your employees walking out with your tablet and downloading all of your customers’ info from the tablet. There’s also no heightened fraud risk for data loss if a tablet or mobile device is ever sold.

Mobile processing apps are error-free. Data corruption glitches do happen on wireless mobile devices. A merchant using mobile credit card processing apps needs to be more diligent to review their mobile processing transactions. Mobile technology is fantastic when it works.

Mobile wallets are about to happen. They aren’t about to happen, especially in developed markets like the U.S. It took 60 years to put in the banking infrastructure we have today and it will take years for mobile wallets to achieve critical mass here.

Setup is difficult and complicated. Setting up usually just involves downloading the vendor’s app and following the necessary steps to get the hardware and software up and running. The beauty of modern payment solutions is that like most mobile apps, they are built to be user-friendly and intuitive so merchants would have little trouble setting them up. Most mobile payment providers offer customer support as well, so you can always give them a call in the unlikely event that you have trouble setting up the system.

The biggest business opportunity in the mobile payments space is in developed markets. While most investments and activity in the Mobile Point of Sale space take place today in developed markets (North America and Western Europe), the largest opportunity is actually in emerging markets where most merchants are informal and by definition can’t get a merchant account to accept card payments. Credit and debit card penetration is higher in developed markets, but informal merchants account for the majority of payments volume in emerging markets and all those transactions are conducted in cash today.

Wireless devices are unreliable. Reliability is very often brought up as I think many businesses are wary of fully wireless setups. I think this is partly justified, but very easily mitigated, for example with a separate Wi-Fi network solely for point of sale and payments. With the right device, network equipment, software and card processor, reliability shouldn’t be an issue.

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,