Best Practices for Merchants Archives - Page 45 of 50 - Payment Processing News

Category: Best Practices for Merchants

May
13
2014
May 13th, 2014 by Elma Jane

Keeping track of invoices and shipping data and making the information easily accessible, traditionally has not been so easy, even though PayPal has made it simpler for businesses to buy and sell goods and services online.

To address the issue, Microsoft has created a PayPal invoicingtemplate, which ExcelTemplates.net also has begun offering for free as part of its new line of templates and spreadsheets. With the new template, companies of any size may keep an exact digital record of their business transactions.

The PayPal invoice template from Microsoft is the all-in-one solution for companies looking for ways to streamline their invoicing process. The PayPal invoice template comes ready to use immediately after downloading. You can type, print or ship with just a few clicks and get back to business in no time.

When using the template, businesses type in the item name, a description of the item, item quantity, unit price, total amount and tax. The PayPal template also serves as a time-saving calculator that will calculate tax, totals and shipping charges for order of any size.

Companies also can add any applicable discounts or sales tax rates to come up with a final total. They also can add any special terms and conditions for the transaction, any special notes for the recipient and add a special memo for the company if necessary that won’t seen by the recipient.

Posted in Best Practices for Merchants, Financial Services Tagged with: , , , , , , , , , ,

May
12
2014
May 12th, 2014 by Elma Jane

New iPhone and VeriFone-made shell combination that can accept chip and PIN card payments. Apple’s revamp in its in-store mPOS system

In 2009, Apple introduced its EasyPay mPOS technology. It consists of an iPod Touch and a shell made by Infinite Peripherals that includes a card swiper and a barcode scanner.

As first reported by 9to5mac,the iPod is now being replaced by an iPhone while VeriFone is being brought in to provide a new shell which will cater for chip and PIN payments as the US finally gets ready for the switch to EMV. The shell also has a spot above the PIN pad that opens the way for NFC contactless payments, according to Forbes. Apple has long been expected to equip the iPhone with NFC but has so far ignored the technology.

Separately, mPOS giant Square has ditched its Wallet app, pulling it from the Google and Apple stores. The app has failed to take off since its launch in 2011, despite the support of Starbucks. It has been replaced by Square Orders, which lets users order and pay ahead at participating merchants and then pick up their goods when they are ready.

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
09
2014
May 9th, 2014 by Elma Jane

Email is an indispensable part of running any business, it is so important. It’s often the best  and least intrusive way to communicate with employees, colleagues and collaborators. Not all email platforms are equal, it’s important to choose one with the right email service and  features your business need, also to avoid overpaying for features that you don’t need.

Factors to consider before settling on an email platform for your business.

Bonus Features

Once you’ve found an email service that covers all the basics, check for additional features that can boost your productivity. Some platforms such as Gmail and Outlook includes integrated video chat. That means you can use a single service for both exchanging messages and meeting remotely, making your day-to-day operations simpler and more efficient. Some email platforms also include instant messaging functionality. Instant messaging is better than email for real-time discussions, since you can exchange numerous short messages in rapid succession. Sending an instant message may be preferable to sending an email if the content of your message is not that important

Collaboration Tools

Good business email platform makes it easier for you to work together with your employees or colleagues. The best platforms include tools to help you collaborate. Services such as Gmail and Outlook include a built-in-calendar as part of your email inbox, in a few simple steps you can share your calendar with others so they can view and edit it on the fly. That can really help with planning and collaboration. Email threading is another feature that can help you work together with colleagues. Threaded emails make it easier to follow long exchanges because replies appear one after another in a single thread, instead of being spread throughout your inbox in the order they were received.

 Free or Paid??

One thing you can’t get with a free Web mail service is the ability to use your brand’s name as part of your email address. Registering for a free Gmail account gives you an email address like [username]@gmail.com; but by subscribing to Google Apps for Business, you can secure an email address that reads [username]@[yourbusiness].com. In most cases, you’ll need to already own your own Web domain in order to use it as part of your email address, but registering a domain can cost as little as $10 per year. Services such as Microsoft Office 365, give you your own domain name without the need to pay additional hosting fees.

Security

Whether you pay for email or use a free service, you’ll want tight security for your business inbox especially if running your business involves the exchange of private client data and other sensitive data can be attached to your email account, such as bank account numbers and tax returns. Even more than with your personal email, it’s important to keep cyber criminals out of your business account. Before settling on an email service, check for common-sense security measures such as spam and phishing filters. Support for two-factor authentication is also important. The feature helps keep outsiders out of your inbox by requiring users to have two pieces of information to sign in. The first is your regular password and the second is a freshly generated code sent to either your mobile phone or a second email address. Other security features to check for include built-in antivirus measures to keep malware off your computer, which is especially important if you download a lot of attachments. Whether or not it’s important for you (and any employees) to have a branded email address is ultimately up to you. An email address that includes your own domain name can potentially boost the perceived credibility of your business. On the other hand, a generic email address might be fine for the smallest businesses, especially if you are a sole proprietor.

Storage Space

A branded email address isn’t the only advantage of a paid email service. Paid platforms offer plenty of other perks, such as expanded cloud storage for email and other files. Many free email services offer limited storagespace, forcing you to delete messages when your inbox gets full. If you run a small business that relies heavily on email and you prefer to archive messages rather than delete them, your inbox can fill up in a hurry. By subscribing to a paid service, you can gain access to a much bigger inbox. There are a few other related concerns to consider. The maximum size of an email attachment varies widely between different services, with some services capping attachments at 10GB and others letting you send huge files up to 300GB or more, as long as the file is already uploaded to the cloud.

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
08
2014
May 8th, 2014 by Elma Jane

The complexity derives from PCI’s Data Security Standards (DSS), which include up to 13 requirements that specify the framework for a secure payment environment for companies that process, store or transmit credit card transactions.

Make PCI DSS Assessment Easier  

Training and educating employees. Technical employees should obtain any certifications or training classes necessary so that they can operate and monitor the security control set in place. Non-technical employees must be trained on general security awareness practices such as password protection, spotting phishing attacks and recognizing social engineering. All the security controls and policies in the world will provide no protection if employees do not know how to operate the tools in a secure manner. Likewise, the strongest 42-character password with special characters, numbers, mixed case, etc. is utterly broken if an employee writes it on a sticky note attached to their monitor.

For an organization to effectively manage its own risk, it must complete a detailed risk analysis on its own environment. Risk analysis goal is to determine the threats and vulnerabilities to services performed and assets for the organization. As part of a risk assessment, organization should define critical assets including hardware, software, and sensitive information and then determine risk levels for those components. This in turn allows the organization to determine priorities for reducing risk. It is important to note that risks should be prioritized for systems that will be in-scope for PCI DSS and then other company systems and networks.

Once the risk assessment has been completed the organization should have a much clearer view of its security threats and risks and can begin determining the security posture of the organization. Policies and procedures form the foundation of any security program and comprise a large percentage of the PCI DSS requirements. Business leaders and department heads should be armed with the PCI DSS requirements and the results of the risk analysis to establish detailed security policies and procedures that address the requirements but are tailored to business processes and security controls within the organization.

Building upon the foundation of security policies, the committee of business leaders and department heads should now review the PCI DSS requirements in detail and discuss any potential compliance gaps and establish a remediation plan for closing those gaps. This is where it is important to have the full support of business leaders who can authorize necessary funds and manpower to implement any remediation activities.

This is also the time to schedule the required annual penetration testing. These are typically performed by third parties, but is not required to be performed by third parties, and can take some time to schedule, perform, and remediate (if necessary). The results of a PCI DSS assessment will be delayed until the penetration test is completed so now is the time to schedule the test.

At this point the organization is ready for a full-scale PCI DSS assessment and can now enter a maintenance mode where periodic internal audits occur and regular committee meetings are held to perform risk assessments and update policies, procedures, and security controls as necessary to respond to an ever changing threat landscape. PCI DSS must become integrated into the everyday operation of the organization so that the organization remains secure and to ease the burden of the annual assessments.

Payment Card Industry (PCI) compliance assessment is a major task for any size organization, but you can make it easier.

 

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

May
06
2014
May 6th, 2014 by Elma Jane

Which fee structure works best remains unclear despite the recent high-profile data security breaches that are emphasizing the need for security measures. Acquirers charge fees – or not – based on what’s best for their business model and their security objectives

Some charge merchants that comply, others charge merchants that fail to comply and a few charge both. Some Independent Sales Organizations (ISOs) don’t charge merchants a fee for helping them comply with the Payment Card Industry data security standards (PCIS DSS).

If there is any trend, it’s that more banks are finding that some sort of funding is necessary to run a program that gets any results. That funding covers costs for security assessments and compliance assistance as well as internal resources for acquirers. When it comes to covering those costs and creating incentives for compliance, no one fee structure is ideal.

Non-compliance fees encourage merchants to comply so they can save money, but the fees may not accomplish that. Unless you charge exorbitantly, it’s not going to have the effect you want it to have, and by the time you charge that much, the merchant’s just going to move to a different ISO.

ISOs charging non-compliance fees often claim the fee revenue goes into an account designated for use in case of a breach. Non-compliance fees can also reward acquirers for doing nothing to increase compliance. You get this situation where a bank has a revenue stream. Their objective is not to increase the revenue stream but to increase compliance, when they increase compliance, the revenue stream goes down.

It is recommended to some acquirers that they consider charging merchants fees for doing things like storing card data, which could be checked with a scanning tool. Merchants that do store data or fail to run the scan would be charged a fee. That is something that could really decrease risk, because if you’re not storing card data, even if you are breached, there’s nothing to get.

Simplifying the compliance verification process, by making assessment questionnaires available on its merchant portal and by teaching merchants about PCI, will minimize the potential impact of fraud by increasing compliance, which saves the company money in the long run versus a more laissez-faire approach of fees without education and compliance tools.

It’s more important to educate the merchant, it’s the spirit and intent of PCI-DSS supported by the card associations. Visa and MasterCard support it because of the severe impact of a breach or other data compromise, not as a revenue source.

ISOs and other players in the payments chain that do not work to help merchants comply are also putting themselves at risk. Breached merchants may be unable to pay fines that come with a data compromise, potentially leaving ISOs responsible for paying them. Merchants that go out of business because of a data breach also stop providing the ISO with revenue.

Plus, when merchants ask why they’re being charged a non-compliance fee, point them to the questionnaire and explain that they’ll stop being charged as soon as they demonstrate they comply with PCI.

Posted in Best Practices for Merchants, Credit Card Security, Merchant Account Services News Articles, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , ,

May
06
2014
May 6th, 2014 by Elma Jane

Mobile commerce platform provider ROAM, an Ingenico company has expanded its mPOS solutions to include chip-and-PIN acceptance with the RP750x mobile card reader. The reader allows mPOS players to get to market quickly with their own custom-branded solution, providing merchants with a powerful set of features that include device and fraud management, remote application configuration, and an mPOS application that can be localized for any language and currency in any country. Features include: Backlit display, EMV PIN pad, magnetic stripe reader, NFC reader and smart card reader. Configurable through the cloud, enabling direct shipment from factory to any country. Connects with smartphones, tablets and feature phones via Bluetooth or audio jack. Customizable for branding and form factor. Just Slightly larger than a credit card, a compact form factor. PCI PTS 3.1 with SRED, EMV Level 1 and 2, Visa-ready (Compliant with the latest industry standards).

Posted in Best Practices for Merchants, Credit Card Reader Terminal, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Financial Services, Mobile Payments, Mobile Point of Sale, Near Field Communication, Payment Card Industry PCI Security, Point of Sale, Smartphone, smartSD Cards, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , ,

May
06
2014
May 6th, 2014 by Elma Jane

MasterPass in-app payments is this latest offering from MasterCard to address the specific needs of the digital ecosystem. With MasterPass in-app payments, MasterCard is creating great experiences for consumers across all channels and all devices, and enabling merchants to reach new consumers in ways not possible in the pre-digital world.

MasterPass an in-app payments enabling consumers to make secure purchases within a mobile app has been announced by Mastercard. MasterPass in-app payments eliminate the need to store payment card credentials across numerous mobile apps, providing consumers with a fast and simple payment experience.

MasterCard is also developing a framework to make all payments using MasterPass as or more secure than anything, ensuring that consumers can benefit from the highest possible levels of security.

MasterPass in-app payments extend the capabilities of the current browser-based MasterPass digital service into the mobile app environment, and provide consumers with one secure direct relationship with their bank. Apps with MasterPass embedded in them enable consumers to complete a purchase with as few as one click or touch on their favorite connected device without leaving the app environment. MasterPass in-app payments will be made available to developers and merchants beginning in Q2 of this year.

Posted in Best Practices for Merchants, Digital Wallet Privacy, EMV EuroPay MasterCard Visa, Financial Services, Mobile Payments, Payment Card Industry PCI Security, Smartphone, Visa MasterCard American Express Tagged with: , , , , , , , , , ,

May
06
2014
May 6th, 2014 by Elma Jane

Boston-based Loop has released its LoopWallet app for storing magnetic-stripe cards on smartphones and using them in contactless payments at regular POS terminals.

Loop is a Level One PCI certified payment provider. Its technology has applications for turning loyalty cards into contactless cards and can also be used to generate dynamic card data every time a payment is made, preventing the creation of cloned cards.

The Loop Fob contains a microprocessor and magnetic induction loop and can be used without a phone, in which case payment would be taken from a designated card.

Mag-stripe cards for payment, gift, loyalty, ID or membership are read by the Loop Fob, a small audio jack magnetic-stripe reader, and then card data is encrypted and stored on the user’s smartphone. The LoopWallet app allows users to view their cards and select the one they wish to use.

To make a payment at the point of sale, the phone sends a signal, using Loop’s Magnetic Secure Transmission technology. MST emulates the signal generated when a mag-stripe card is swiped across a POS terminal’s read head. The signal is received by any mag-stripe card reader without requiring modifications to the POS terminal or processing system.

The free LoopWallet App for iOS 7 is available in the Apple App Store, with an Android version planned for release in April 2014. The app is only available to U.S. consumers.

.

 

Posted in Best Practices for Merchants, Credit card Processing, Digital Wallet Privacy, Electronic Payments, EMV EuroPay MasterCard Visa Tagged with: , , , ,

May
05
2014
May 5th, 2014 by Elma Jane

The Payment Card Industry (PCI) Data Security Standard (DSS) has come under criticism as high profile data breaches continue to expose flaws in retailers’ data security systems. But telecommunications firm Verizon Wireless concluded that the PCI DSS is working.

Some Responses to Criticisms  

Nilson Report research from August 2013 that said card fraud cost the global payments market over $11 billion in 2012. Verizon added that the frequency of fraud schemes that the PCI DSS was designed to avoid is in fact growing. And yet most businesses are not fully compliant at the time of assessment. Only 51.1 percent of the companies it had audited had passed seven of the 12 requirements of the PCI DSS and only 11.1 percent of said companies had passed all 12.

Verizon addressed some of the criticisms leveled at the PCI DSS. One concern is that the standard promotes compliance as a test to be passed and forgotten, which distracts companies from focusing on improving security. Verizon responded by stating that breached businesses were less likely to be PCI DSS compliant than unaffected companies. It also said businesses improve their chances of not being breached by having the standard in place, and of minimizing the damage of a breach should one occur.

Another common complaint leveled at the standard is that it is too cumbersome and slow moving in relation to the quickly evolving threat landscape and nimble fraudsters ready to try new tactics. Verizon countered that the PCI DSS is meant to be a set of baseline security protocols. Achieving compliance with any standard is simply not enough, organizations must take responsibility for protecting both their reputation and their customers. Most attacks on networks are of the simple variety, with 78 percent of hacking techniques considered low or very low in sophistication. Data Breach Investigations Report (DBIR)  research shows that while perpetrators are upping the ante, trying new techniques and leveraging far greater resources, less than 1 percent of the breaches use tactics rated as high on the VERIS (Verizon’s Data breach Analysis Database) difficulty scale for initial compromise.

Recommendations

There’s an initial dip in compliance whenever a major update to the standard is released, so organizations will have to put in additional effort to prepare for achieving compliance with DSS 3.0.

The newest version of the standard, PCI DSS 3.0, went into effect Jan. 1, 2014. Businesses have until Jan. 1, 2015, to implement it. The updated standard has new requirements and clarifications to version 2.0 that will take time for businesses to understand and implement, and this will result in more organizations being out of compliance.

To help businesses deal with their PCI DSS compliance obligations the firm offered five approaches:

Don’t leave compliance to information technology security teams, but enlist application developers, system administrators, executives and other staff in helping further along the process.

Embed compliance in everyday business practices so that it is sustainable.

Integrate compliance programs into enterprise-wide governance, risk and compliance strategies.

Learn how to reduce the scope of organizations’ compliance responsibilities, chiefly by figuring out how to store less data on fewer systems.

Think of compliance as an opportunity to improve overall business processes, rather than as a burden.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Apr
22
2014
April 22nd, 2014 by Elma Jane

Mobile Business App.

Customers should be able to easily find you wherever they are, from any device. Mobile presence is more or less essential for business success in today’s world, whether you just have a mobile-optimized website, or a full-scale dedicated mobile application for your business.

With smartphones and tablets, people have a computer in their pockets when they’re out and about are where people are engaging with content, so business want a mobile strategy.

The problem many businesses have with mobile strategy development is determining what is most effective, both in terms of reach and cost. Creating a mobile app isn’t the right path for every company, but if it’s something you’re considering, check the following questions before you invest.

Android, HTML5 or iOS?

No matter what platform you choose, it’s important not to take on too much too soon, regardless of your technical skill level. There are a lot of different solutions for app development. Keep it simple and work on it. Once you’ve made the decision to develop an app and figured out your end-goal for it, determine what platform you want to use. When businesses choose to create an app for only Android or iOS, they end up missing half the market, but building an app on both major platforms requires two different sets of technical skills. While an app creator can make it much easier to develop an app on multiple platforms, including Windows Phone and Blackberry, maintaining a multiplatform presence will end up costing you more. HTML5 Web-based apps may not be as visible as those in major platform app stores, but they are compatible on mobile browsers of any operating system, as well as desktop browsers.

Make an own app, or become part of an existing?

If you want to create your own native app, make sure you have a plan to continually update and work on it. Don’t underestimate the ongoing maintenance. Constantly engage with the app, and as you’re planning it in the first place, think about what you want to add over time.

Many businesses begin the app development process without considering the amount of time and money they will need to invest in the process. Becoming part of an existing app for example, a directory-type app that lists businesses in your industry  can be an easier, less expensive way to claim your segment of the mobile market. The app creator can do the heavy technical work while also providing you with the opportunity to connect with its larger network of users.

What do you want to gain from your business app?

Is it to bring people into your store or to get them to visit your website?  Many businesses waste a lot of resources because they think people will just come to their app. It’s trendy to say that you have a mobile app, but if your goal is just to have that mobile presence, you’ll create something that no one will ever see. Small businesses should set a clear goal to focus on before beginning app development. Having a mobile presence is more or less essential for business success in today’s world. Whether you just have a mobile-optimized website, or a full-scale dedicated mobile application for your business, your customers should be able to easily find you wherever they are, from any device.

Posted in Best Practices for Merchants, e-commerce & m-commerce, Financial Services, Mobile Payments, Mobile Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , ,

← Previous Article
Next Articles »