Best Practices for Merchants Archives - Page 31 of 50 - Payment Processing News

Category: Best Practices for Merchants

PassWord
October 23rd, 2015 by Elma Jane

Every merchants, small, medium or large, should put in some effort to protect their sensitive data. Many breaches of data could have been prevented by implementing stronger security controls and employing safety best practices in the workplace.

Weak or stolen usernames and passwords are one of the top causes of data breaches, and more than 75 percent of attacks on corporate networks are due to weak passwords. Almost half of all instances of hacking is due to stolen passwords, which are obtained through the theft of password lists. This indicates that there is no organization in any industry that is not vulnerable to a breach of data.

Studies across the board indicate that weak usernames and passwords are one of the top causes of data breaches. A strong password is the first line of defense against scammers and hackers, and to help keep your data safer.

There are risks associated with relying on weak usernames and passwords to restrict the access of data. Data breaches could have been stopped if a stronger, better password was used. Experts, including the IT team of companies, can offer assistance to employees seeking to improve their passwords and reduce risk.

Weak password means data breaches! The best passwords are long and varied, with symbols, letters and numbers. These passwords should not be obvious, such as the name of a company, address or company motto. It is difficult to enact policies for improved passwords in the workplace because employees are not informed of the facts.

 

 

Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: , ,

Best Practices For Merchants
October 22nd, 2015 by Elma Jane

Adoption of EMV technology in the U.S is important, because it provides protection against losses from counterfeit cards.

EMV, or chip cards, are the standard for secure point-of-sale (POS) transactions. Unlike magnetic stripe cards, chip cards are very difficult to counterfeit because of an embedded microchip that exchanges unique, dynamic data with a terminal each time it’s used.

To encourage the timely adoption of EMV, the leading payment networks have implemented an EMV Fraud Liability Shift that began in October 2015.

Both parties, card issuer and the merchant need to invest with EMV technology. If only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.

For the card issuer, they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.

For the merchant, an EMV capable terminals or POS hardware that can take advantage of the card’s security chip is needed.

With any new technology, there is a learning curve, and here are the things that you need to know.

For cardholders – with a chip card instead of swiping your card, you are going to do what is called card dipping; by inserting your card face-up and chip-first into the terminal slot. Wait and follow the terminal prompts, and only remove your card once the transaction is complete.

If you did a swipe on a chip card, an EMV-enabled terminal should prompt you to insert the card instead. If the terminal is not enabled for chip, you can still be able to swipe your card.

Employees will benefit from training – Once a merchant enables their EMV terminals, it is important to train your staff with talking points about why chip cards benefit consumers with greater security, and how they are used by helping customers with the new checkout process.

New mobile payment methods leverage both EMV and NFC, so the industry is now seeing greater interest in mobile payments among merchants and consumers.

There’s a lot of resources out there to help businesses make the transition with this EMV technology.

 

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication Tagged with: , , , , , , , , , , , ,

E-Pay
October 20th, 2015 by Elma Jane

We’ve covered  a lot about EMV, but what about improving security for online and Card-Not-Present transactions? That’s where 3-D Secure comes in.

3-D Secure allows a card holder to authenticate himself while making an online payment.

In a traditional credit card transaction, a payment request is presented to the issuing bank for authorization. The Issuing bank authorizes the transaction based solely on the funds available to the card holder.

With card present, the magnetic strip on the card can be read and a signature collected. This process has now been largely superseded by Chip and PIN which gives the card holder the opportunity to identify himself via a secret PIN code.

An E-commerce transaction is conducted online, without the possibility to access the card physically. Un-authorized usage and fraud are therefore more likely.

3-D Secure allows transactions to be conducted in safety online, greatly reducing the risk of fraud and chargebacks.

How 3-D Secure Works?

When a payment request arrives at the merchant or payment gateway, the Merchant Plug In (MPI) component is activated. The MPI talks to Visa or MasterCard to check if the card is enrolled for 3-D Secure. If the card is not enrolled, this means that either the bank that issued the card is not yet supporting 3-D Secure or it means that the card holder has not yet been registered for the service. If the card is enrolled, the MPI will redirect the card holder to the 3-D Secure authentication web page for the issuing bank; the card holder will then identify himself. The MPI will evaluate the reply from the bank and, if successful, allow the transaction to proceed for authorization. The transaction could still fail for lack of funds or other reasons but is more likely to be approved because of the authentication.

3-D Secure allows 3 domains to work together.

Domain 1: The card holder has the peace of mind that his card is not used without his authorization.

Domain 2: Merchants are protected from fraud and can provide the product and service without delay or extra costs.

Domain 3: Banks see that the transaction has been authenticated and are more likely to approve the transaction, to the convenience of the card holder.

Implementation of 3-D Secure:

Visa is called Verified by Visa.

MasterCard is called Secure Code.

Amex is called SafeKey.

JCB is called J/Secure.

Posted in Best Practices for Merchants, e-commerce & m-commerce, Internet Payment Gateway Tagged with: , , , , , , , , , , , , , , , , , ,

CB
October 19th, 2015 by Elma Jane

If you’re a merchant accepting credit cards, you’re probably aware that things are changing. As of October 1st, 2015, merchants are now liable for any fraudulent activity that occurs as a result of non-EMV-compliant. For those Merchants who haven’t yet updated their POS terminal, you need to talk with your processor to get a new equipment.

Things Merchant should know to be EMV ready:

What is EMV Chip Cards? Chip Cards are standard bank cards that are embedded with a micro-computer chip. Some may require a PIN instead of a signature to complete the transaction process. The new cards will still have magnetic stripes, at least for the time being, so you technically can continue to process payments with the same old equipment you’ve been using for years. But by refusing to upgrade your hardware, you are taking on responsibility for any fraud that might have otherwise been prevented with the new technology.

How does EMV Chip Cards Work? Instead of swiping your card, you are going to do what is called card dipping, which means inserting your card into a terminal slot and waiting for it to process.

When a Chip Card or EMV Card is dipped, data flows between the card chip and the issuing financial institution to verify the card’s legitimacy and create the unique transaction data.

This process isn’t as quick as a magnetic-stripe swipe. It will take a little longer for that transmission of data.

What Must a Merchant Do? For merchants and financial institutions, the switch to EMV chip cards means adding new in-store technology and internal processing systems, and complying with new liability rules. Merchants who have not yet purchased new POS Terminal may be held liable for fraud as of October 1st, 2015. Implementing EMV technology isn’t an option, it’s a necessity. If you are one of those in the retail business or retailers using mobile payment devices who missed the Oct. 1st deadline, you are already at risk. Upgrading should be a top priority.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , , , , ,

Security
October 19th, 2015 by Elma Jane

Small merchants don’t consider themselves at risk for a cyberattack. But Cybercriminals thrive on data about employees, customers, bank accounts and many other types of information any small business would carry, with fewer resources than large firms, small businesses are especially at risk for attacks.

Here are Steps to find out to make your business more cybersecure:

Employ best practices on payment cards – Credit card companies are now shifting from magnetic-strip payment cards to safer, more secure chip card EMV Technology. Are you ready for the shift? Now is the time, you should work with your banks and processors to ensure you’re using the most trusted and validated anti-fraud services. You may also have additional security obligations pursuant to agreements with your bank or processor. You should isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

Educate employees about cyberthreats – Educate your employers about online threats and how to protect your organization’s data, including safe use of social networking sites.

Protect against viruses, spyware, and other malicious code – Make sure all of your organization’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.

Require employees to use strong passwords and to change them often – Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.

Secure your networks – Safeguard your Internet connection by using a firewall and encrypting information.  If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.

No one can guarantee your safety from a cyberattack, appropriate planning makes a big difference. By using these tips and resources, you can help promote the safety of your employees, customers, and the future success of your small business.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , ,

EMV
October 16th, 2015 by Elma Jane

With the EMV liability shift that takes effect in October 2015, how much you’ll be affected depends on how you process credit card payments.

For Card Present Transactions

If you use POS hardware or terminal that you need to swipe the credit card, then you’ll be facing the same EMV environment as retailers. October 1st is the start of the liability shift for fraudulent charges made with the card present transactions. The party who hasn’t made an investment in EMV security features will be liable.

For the card issuer, they need to invest in EMV security features, that’s why they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.

For the merchant, they need to invest in EMV capable terminals or POS hardware that can take advantage of the card’s security chip.

If both parties have made the investment, then liability will be resolved in a similar manner to how it was before the shift. However, if only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.

For Card Not Present Transaction (CNP)

If you process credit cards online, over the phone, or through an online payment gateway integrated, the new EMV standards won’t directly change the way you do business. You’ll still be processing EMV cards based on the customer’s credit card number.

Chances are Card-Not-Present transactions will experience an increase in fraud. Because of the EMV-technology in the Card Present Transaction, fraudster will likely turn their attention to the next target which is CNP,

but payment gateways and banks concerned about the vulnerabilities, will begin to adopt new standards to minimize their exposure.

If you’re processing CNP transactions stay up-to-date on the newest security developments, online security standards find more effective ways to navigate the new credit card security frontier.

 

 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Point of Sale Tagged with: , , , , , , , , , , , ,

October 16th, 2015 by Elma Jane

U.S. customers with the Ingenico iSC250 may now process EMV chip card transactions for Visa, MasterCard, American Express and Discover, (as well as mag stripe and contactless, including mobile wallet payments). For customers using the Ingenico iSC250, please make sure you have downloaded the latest version of ConvergeConnect and enabled EMV chip cards in Converge. Go to the Converge login page to download the software update or start the update process from their Windows system tray. If you do not have the Ingenico iSC250 but want to upgrade to process chip card transactions, give us a call at 888-996-2273 for more information.

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa Tagged with: , ,

NTC
October 15th, 2015 by Elma Jane

There are numbers of guidelines issued for accepting card payments, and merchants are expected to understand them all. To avoid issues down the road know a few basic rules in order to keep your business going without being penalized.

There’s a lot of ways to process a credit card: In-store, online, and by phone. There’s also different ways to pay and different brands of cards.

In-store and Card-not-present policies.

In-Store Policies:

  • Always verify that the person presenting the card is the cardholder
  • Ask for a 2nd ID for comparison
  • Cards are non-transferable, cardholder MUST be present for purchase
  • Compare the signature on the back of the card with that of the person who presents the card
  • Inspect the card to confirm that it’s not visibly altered or mutilated
  • Validate the card’s expiration date

Online/Phone Payment Policies: Card-not-present transactions

  • Card account number
  • Card billing address
  • CID (3 digits on back of card OR 4 on the front)
  • Card expiration date
  • Card member’s home or billing telephone number
  • Card member name (as it appears on the Card)

Rules for Visa, MasterCard and Amex that merchants need to know:

  • Never store cardholder data on any systems to help minimize the risk of fraud and protect your business from potential chargebacks.

Complying with Federal Laws, State Laws and PCI

  • A merchant should be familiar with and abide by Federal Laws regarding accepting credit cards. The Fair Credit Reporting Act is the federal law that establishes the foundation of consumer credit rights. This law regulates the collection and use of consumer credit information by merchants.
  • Check state laws on the use of consumer credit information and accepting credit cards. Not all states have additional laws that regulate credit card practices, but some (such as California) prohibit merchants from requesting/requiring a customer to provide any personal information (like their address or telephone number) on any form involved with their credit card transaction. So, it is advised that merchants inquire about further information in their particular state.
  • The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies processing, storing, or transmitting credit card information uphold a secure environment. These rules essentially apply to any merchant that has a Merchant ID (MID). If you are a merchant that accepts credit card payments, you are required to comply with the PCI Data Security Standard, large or small businesses.

EMV Liability Shift Set By Visa and MasterCard as of October 1st

U.S. banks and credit card companies are now using the EMV (Europay, MasterCard, and Visa) technology. The EMV liability shift for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. While issuers absorb losses under card-network rules, that burden will shift to acquirers in cases where the fraud occurs at merchants unprepared for EMV.

It’s good to know every aspect of your business. The above guidelines are part of a business that every merchants should be familiar with. The main reason for these rules is to protect your business and keep your customer’s payment card data safe and secure.

To start accepting more credit cards give us a call now at 888-996-2273. We have the latest terminals that’s EMV/NFC capable.

 

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , ,

October 13th, 2015 by Elma Jane

It is difficult to believe that many businesses still do not accept credit or debit cards for payments, while most customers preferred using cards for the following reasons.

  • Doesn’t want to carry cash.
  • Security and Protection offered by card issuers.
  • Desire to earn reward points.

Some of the many advantages for businesses that accept credit card payments include:

Easy and cost efficient – credit card processing has become a highly competitive industry. NTC offers the latest in EMV and NFC technologies that allows businesses to accept contactless payment like Apple and Android Pay. NTC integrates with most POS systems.

Essential for online sales – internet selling is growing. The Internet makes it possible for a small business in a remote location to offer its products to potential customers throughout the nation and even across the world, almost all of those transactions require a credit or debit card.

Increases revenue – people like the convenience and security of paying with a credit or debit card. In fact, 66 percent of point-of-sale transactions use credit, debit or gift cards.

Merchant services accelerate cash flow – credit card transactions process quickly, with proceeds generally available in a bank account within two days or less. That eliminates the time it normally takes checks to clear. It also reduces or eliminates billing and the time spent waiting to receive payment checks from customers.

Reduce transaction risks – Check fraud remains a major problem for U.S. businesses, 77% of businesses were victims of check fraud, only 34% experienced credit card fraud and 92% said they believe new EMV chip and pin, credit cards will significantly reduce fraud at the point of sale.

Setting up a merchant account for your business is as simple as contacting a merchant service provider. A merchant service provider process payments and make sure the money is appropriately withdrawn from a credit card account and placed into the business’s merchant account.

For more details about setting up an account give us a call now! at 888-996-2273.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , ,

Contacless
October 13th, 2015 by Elma Jane

 

What can near field communication do for individual and how can it make lives easier. Many uses of NFC technology offer benefits in a number of everyday tasks ranging from paying for groceries to receiving adequate health care treatments.

Check this out if the benefits are worth it:  

Contactless Payments – well-known use of NFC technology is for contactless payment. Customers can use their smartphone over a card reader to make a purchase without swiping or counting out cash. This saves time and also reduces the chances of losing a credit card that comes with carrying multiple cards around.

Health Care – With NFC technology, hospitals can better track patient information and doctors’ notes in real-time. This helps prevent the wrong medications from going to the wrong patient and creates a streamlined system focused on the best in patient care.

Information Sharing – NFC tags most common way NFC is currently used on Android and Windows phones. Using your Phone or Tablet, you can tap a strategically-placed NFC tag, which prompts your phone to take action on something, like automatically prompts your phone to enable Wi-Fi, disable sounds and decrease brightness. Exchange information between two Android phones.

Pairing with Devices – Smart household appliances are adopting NFC. LG’s smart washing machines let you pair your phone with the machine so that you can remotely monitor the washing cycle.

Social Networking Social networking is booming, and NFC tags are looking to get in on the action. NFC allows users to interact with each other and update their location and other info without any unnecessary log-ins or tapping through menu screens.

Transportation – Swiping a smartphone not only allows the passenger access to the subway but also keeps track of the number of trips he has left. Passengers can come and go much faster and easily pay for extra trips.

Posted in Best Practices for Merchants, Near Field Communication, Smartphone Tagged with: , , , , , , ,