Best Practices for Merchants Archives - Page 46 of 50 - Payment Processing News

Category: Best Practices for Merchants

Apr
17
2014
April 17th, 2014 by Elma Jane

Issuers participating in the MasterCard Rewards Platform can pursue greater engagement and value in their programs through a partnership MasterCard is announcing today with Points International Ltd. The companies say they struck the deal to take advantage of the popularity of travel and related experiences. Under the agreement, participating issuers can let their cardholders to exchange and trade earned airline miles, hotel points and loyalty currencies.

Travel happens to be one of the most popular redemption options for points on most programs today. So this is really about enabling consumers to get even more choice with regard to getting some redemption options.

Issuers individually will roll out the program later this year based on their own schedules. Any of the hundreds of banks that use the MasterCard Rewards Platform are eligible to participate. Participation is voluntary.

Enhanced flexibility in cardholder reward redemptions was a key driver behind the initiative, what this partnership allows to do is enable all customers that have points that they’ve gained from spending on their credit cards or debit cards to then exchange those points into a miles program or a hotel program that they tend to always have a lot of other points accumulated already.

Variable Exchange Rates

Cardholders will be provided with a conversation ratio applicable to the pair of rewards being exchanged. Ratios will differ by redemption transaction. Consumers also may choose to transfer small buckets of rewards points into one program and the rest in other programs. They can do transfers multiple times and across multiple rewards providers.

Posted in Best Practices for Merchants, Credit card Processing, Gift & Loyalty Card Processing, Travel Agency Agents Tagged with: , , , , , , , , , , , , , , , ,

Apr
11
2014
April 11th, 2014 by Elma Jane

Of the 17 percent of consumers who reported having had their credit card declined during a card-not-present (CNP) transactions. As many as one-third of those declines were unnecessary. The result is consumer aggravation, increased operational costs for banks and credit card companies and as much as $40 billion in lost revenue for online retailers.

TrustInsight which helps establish trusted relationships between financial institutions, merchants and online consumers conducted study. A report and infographic detailing the findings of the study found that avoidable online credit card declines lead to loss of trust for consumers, sales for merchants and increased operational costs for credit card companies and issuing banks.

Study also revealed that consumers handle credit card declines in a variety of ways all of which carried negative economic impact to at least one party in the transaction, resulting in unnecessary operating costs for banks, decreased loyalty for the credit card company and lost revenue for all. Almost half call their issuer immediately when their card is unexpectedly declined. This is a natural response. 34 percent of consumers try again another credit card, other use a different payment method and 24 percent will skip the purchase altogether or shop at a different online retailer.

No one wants to turn away business, and no one wants their business declined. The frustration and impact of wrongful declines is a real problem especially as more and more transactions occur in non-face-to-face situations.

Impact of consumer action in the face of a decline can have real and measurable effects on all parties, including credit card companies, banks and merchants manifesting itself in lost customer loyalty, lost fees and lost revenues. Creating a standard for online trust that enables credit card companies, merchants and issuing banks to better recognize trusted digital consumers and reduce the number of wrongly declined consumers avoiding unnecessary losses.

In a world where people are increasingly reliant on a variety of Internet-connected devices for everything from banking to shopping to entertainment and media, creating friction-free customer experiences and preventing online fraud are constant business challenges.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Financial Services, Gift & Loyalty Card Processing, Merchant Services Account, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , ,

Apr
11
2014
April 11th, 2014 by Elma Jane

A new standard that uses Host Card Emulation (HCE) was introduced by VISA to enable financial institutions to securely host Visa accounts in the cloud. Visa’s move to support HCE includes tools and services as well as the standard. It is available now and will include support for QR codes and in-app payments in the future.

With this new service and platform that Visa is developing, it will enable clients and partners to issue Visa accounts digitally in the cloud, on secure elements in smartphones, or linked to a digital wallet. The solution will also enable the issuance of payment tokens that will replace the 16-digit payment account number and can be limited for use with a specific device, merchant or payment channel.

Layers of security will deploy by Visa to protect payment accounts in the cloud, including at the Visa network, application and hardware levels. Device fingerprinting technology, one-time use data, payment tokens and real-time transaction analysis will make up a multi-layered defense against unauthorized account access for their services.

Visa has intensified its Visa PayWave contactless payment application and is introducing a new implementation guidelines, program approval process standard and requirements for their standards.

Visa is also developing a tool, its software development kit (SDK) to support clients who wish to develop their own cloud-based payment applications or want to enhance their existing mobile banking applications with Visa PayWave functionality.

HCE is introduced to make it easier for developers to create NFC applications like mobile payments, loyalty programs, transit passes, and other custom services. Visa’s move to enable NFC payments with Android devices is welcome news and will guide the way for the payments industry.

Clients and partners around the globe are continuously looking for cost efficient, flexible and secure ways to enable mobile payments. The Android HCE feature provides with a platform to evolve the Visa PayWave standard, support the development of secure, cloud-based mobile applications, while at the same time offer greater choice.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Financial Services, Merchant Services Account, Mobile Payments, Mobile Point of Sale, Near Field Communication, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Apr
11
2014
April 11th, 2014 by Elma Jane

PCI DSS 3.0 standard, which took effect January 1st, introduces changes that extend across all 12 requirements, aimed to improve security of payment card data and reducing fraud. There will be some shakeups for many organizations when it comes to their day-to-day culture and operations. Transitioning to meet the new requirements will help e-business build a stronger, safer, lower-risk environment for their customers.

While the growing number of digital payment avenues offers convenience to customers, it also offers a larger attack surface for criminals.

As cloud technologies and e-commerce environments continue to grow, creating multiple points of access to cardholder data and online retailers will only become more appealing targets for hackers. Cybercriminals are cunning and determined. They understand payment card infrastructures as well as the engineers who designed them.

A scary proposition and it’s exactly why the payment card industry is so determined to help keep e-commerce organizations protected. Meeting the new standard, businesses will be better armed to fight evolving threats. Changes will also drive more consistency among assessors, help business reduce risk of compromise and create more transparent provider-customer relationships.

Transitioning to PCI DSS 3.0 will involve some work, but doing that work on the front end is going to save much work down the line. Adopting the new standard ultimately will drive your e-commerce business into a secure and efficient era.

Cultural Changes – One of the main themes of 3.0 is shifting from an annual compliance approach to embedding security in daily processes. Threats don’t change just once a year. They’re constantly evolving and that means e-commerce organizations must adopt a culture of vigilance. Only through a proactive business-as-usual approach to security can you achieve true DSS compliance. Realistically, this could mean the need to provide more education and build awareness with staff, partners and providers, so that everyone understands why and how new processes are in place.  

Operational Changes – The 3.0 standard addresses common vulnerabilities that probably will ring a bell with many of you. These include weak passwords and authentication procedures, as well as insufficient malware detection systems and vulnerability assessments, just to name a few. Depending on your current security controls program, this could mean you’ll need to step up in these areas by strengthening credential requirements, resolving self-detection challenges, testing and documenting your cardholder data environment and making other corrections.

Overview Changes – How much work lands on your plate will depend on your current security program. Examining your current security strategies and program is a good idea. Below are the areas requiring your attention, which this series will explore in more detail in future installments.

Service Provider Changes –  Some organizations made unsafe assumptions in the past when it comes to third-party providers. Some have paid the price, from failed audits to breaches. One reason that the new standard is designed to eliminate any confusion over compliance responsibilities. Responsibilities, specifically for management, operations, security and reporting all will need to be spelled out in detailed contracts. In addition to improved communication, an intensified focus on transparency means that you should have a clear view of your provider’s infrastructure, data storage and security controls, along with subcontractors that can impact your environment. So if your organization isn’t exactly clear on which PCI DSS requirements you manage and which ones your providers handle, prepare to get all of that hammered out.

The Compliance Rewards – The path to preparing for the 3.0 deadline in January 2015 sounds like it’s a lot of work. So to get started request your QSA’s opinion on how the changes will impact your organization, by doing the gap assessment and you’ll be able to address any shortcomings.    

Meeting the new 3.0 requirements isn’t just about passing audits. In fast paced payment IT landscape, staying smart and protected is part of our commitment to our customers. Beefing up security game not only reduce audit headaches, but also enjoy stronger brand reputation as a safe and reliable e-commerce business.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, e-commerce & m-commerce, Electronic Payments, Financial Services, Payment Card Industry PCI Security, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Apr
08
2014
April 8th, 2014 by Elma Jane

Today’s consumers are defining themselves by their mobile devices, their social presences and how they interact with brands, both offline and online. The digital evolution of the average consumer is alive and kicking.

Today’s consumer is more connected than ever, with more access to and deeper engagement with content and brands. Thanks to the proliferation of digital devices and platforms. Content that was once only available to consumers via specific methods of delivery such as via print, radio and broadcast television can now be sourced and delivered to consumers through their multiple connected devices. This is driving the media revolution and blurring traditional media definitions.

What are the specific characteristics or dynamics shaping today’s consumer behavior? Digital consumers are social-savvy and more connected to their friends, family and favorite brands than ever before.
Focused On The Gadgetry

Consumers love gadgets.

One out of four Americans plan to buy a smartphone in the near future. Thirty percent intend to upgrade from a regular mobile phone to a smartphone once able. For those ages 18 to 24, 49 percent they want to upgrade to a smartphone.

How frequently consumers use their mobile devices in a given month? Consumers spent an average of 34 hours and 17 minutes per month using apps on their devices, an increase of 9 hours and 52 minutes from 2012.

Interestingly, the amount of time consumers spend surfing the Web fell 1 hour and 54 minutes to a total of 27 hours and 3 minutes. The amount of time used to watch videos online increased by 43 minutes, to 6 hours and 41 minutes.

Social Media & Everyday Life

Digital consumers, by and large love their social media.

Sixty-four percent said that they use social media at least once per day. For mobile however, the growth figures reported suggest a broad shift is happening, pushing more people to access social networks via mobile platforms.

Forty-seven percent of smartphone owners log onto a social network each day. Additionally, the number of people who use social-media apps on their smartphones rose by 37 percent from 2012.

Digital consumers are also diversifying their choice of social networks, opting to use LinkedIn and Pinterest in addition to so-called traditional social media platforms like Facebook and Twitter.

As digital consumers find their own mix of devices and platforms to access and engage with social media, they are building profiles and connections on multiple social networks as well.
Two Screens Is A King

Digital consumers also rely on their mobile devices as a second type of television screen.

In a survey, eighty-four percent said they use their smartphone or tablet to surf the Web or to use apps while watching television. Of those, 44 percent of tablet owners shopped while watching TV, and 24 percent used their smartphones to make purchases.

Fourteen percent of tablet owners used their device to buy a product or service as it was being advertised on TV. Just 7 percent of smartphone owners said they would do the same.

Posted in Best Practices for Merchants, Credit card Processing, Financial Services, Merchant Services Account, Mobile Payments, Small Business Improvement, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Apr
07
2014
April 7th, 2014 by Elma Jane

Integrate Cloud-Based Platforms

E-commerce businesses increasingly rely on cloud-based applications, such as hosted shopping carts, analytics platforms, cloud-based accounting, customer service tools, and more.

To operating smoothly, a merchant’s cloud-based apps should integrate with each other, to save time and to otherwise prevent data loss and ensure accurate reporting.

It’s important, therefore, to have an integration mindset when choosing and using software-as-a-service solutions.

Some tips:

Ask Around

As with evaluating any vendor for your company, go beyond the company’s website. Ask the vendor about other customers. Get references. Contact those companies and ask how the platform is working. Is it easy to set-up? Does it integrate seamlessly with other apps? How long does it take to transfer data from one app to the other? These are just some of the questions you need to ask when evaluating an app. Also check social media sites for any discussions pertaining to the program. Read what people are tweeting. Check relevant LinkedIn groups.

Check the Company’s Integrations Page or API

When evaluating a software-as-a-service (SaaS) solution, first determine if it integrates with the platforms that you’re already using. Pre-built integrations will save much time. Alternatively, if a company has an application programming interface (API), use it to integrate the app with your existing systems.

If you can’t find the integration you need or if you want to avoid the API option, contact the vendor directly and ask if it can make its platform sync with your existing solutions. Don’t underestimate the power of reaching out to your vendors.

Use Cloud App Integration Services

Another option is to use SaaS integration services. You have plenty of choices, depending on what you need to connect. If you just need to integrate two apps, like Dropbox to Gmail, for instance, you can use (IFTTT) If This Then That –  a service that lets you assign triggers and actions to each app through a drag-and-drop interface. When one program does something, it will automatically trigger another app to perform an action. For example, you can create a recipe wherein all your Gmail attachments are automatically saved to your Dropbox folder. IFTTT is free to use, to integrate up to 80 apps.

A similar service, Zapier, lets you do the same thing, but on a larger scale. It supports more than 250 applications, including Salesforce, Zoho CRM, Xero accounting, Campaign Monitor email, and more. Zapier is free for five integrations. It also offers Basic, Business, and Business Plus plans that cost $15, $49, and $99 per month, respectively.

IFTTT and Zapier work well to integrate two cloud applications. However, if you’re running a combination of cloud and on-premise applications, or if you have an ecosystem of apps and data sources that have to connect and exchange data, you need more sophisticated options.

That’s where services such as Dell Boomi and SnapLogic come in. Like IFTTT and Zapier, these solutions use a drag-and-drop interface, but at a larger scale. They connect multiple combinations of cloud and on-premise applications.

Use Free Trials

Always test-drive your apps or integration services. Most SaaS platforms offer free trials. Take note of user-friendliness, functionality, and observe how they function with programs you already have.

Posted in Best Practices for Merchants, Credit card Processing, e-commerce & m-commerce, Financial Services, Internet Payment Gateway, Payment Card Industry PCI Security, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , ,

Apr
07
2014
April 7th, 2014 by Elma Jane

Payment Processing Security

Payment processors share an inherent responsibility to keep their systems secure. It requires a system of governance that includes a broad array of policies, procedures, planning activities, responsibilities, practices and resources for implementing and maintaining a secure system and network operating environment.

To help organizations identify the best payment processors, a recent white paper from i2c outlines the various governance and security best practices processors should use. And it all starts from the top.

Good governance calls for establishing internal audit, compliance, and information security groups within the organization that have separate reporting channels to upper management and/or a board-level audit committee,  the report notes. This organizational structure ensures that all security and operational-related risks are appropriately addressed and that all internal processes and practices remain in compliance with the organization’s defined policies and procedures, which in turn should align with applicable external security standards, regulatory laws and payment systems operating rules.

Resource Dedication

Payment processors also need to dedicate proper resources to the task of understanding, and complying with all applicable government, industry, association, legal and regulatory requirements that are relevant to each of their operating regions, according to the paper. Such applicable requirements need to be carefully identified, documented, applied, and updated on a regular basis.

Payment processors’ compliance activities need to cover not only the applicable government, industry, association operating rules and legal/regulatory requirements pertaining to their operations, but they also need to understand and comply with the applicable rules and regulatory requirements pertaining to their client partners. Let say you process customer data on behalf of a partner whose data is governed by a given regulatory rule, then you as their third-party provider must also apply those regulatory rules when handling their data.

Policies and procedures should be developed and put into practice that ensure the payment processor remains in compliance with these various requirements.

Risk Management

Risk management should be incorporated into every payment processors’ system of governance. It provides a framework for identifying and addressing risks within the organization and provides a process for regular operational review and improvement, according to the report. An effective risk management process should adopt an appropriate risk management methodology to identify, evaluate, mitigate and monitor risks pertaining to critical business assets and operations.

Security best practices also call for a defense-in-depth strategy to ensure the protection of information assets and overall risk reduction. A defense-in-depth approach ensures that the failure of any one control does not lead to successful penetration. By providing multiple layers of protection, the controls collectively ensure the confidentiality, integrity, and availability of critical system assets and data.

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , ,

Apr
01
2014
April 1st, 2014 by Elma Jane

One piece of advice that many entrepreneurs receive is to keep their business simple. Expanding too quickly or jumping around from idea to idea without a clear direction can certainly prevent a startup from getting off the ground – but simplicity in the wrong area may be just as detrimental.

It’s great to do something simple, provided customers want what you have to sell. There’s a survivor bias in small business – you read about one success story that started with a simple idea. There are 15 other companies that did equally simple things that nobody wanted. Only the few that really focused on getting that first sale succeeded.

Experimenting with different tactics and learning to concentrate on what worked was the key to success. 

Accept that some ideas will fail. Not everything you try with your business is going to work. This can be a difficult reality to face when you and your team have become invested in a project, but the best course of action is to let it go and move on. Continue experimenting and finding out what fits, as long as it doesn’t become an excuse to avoid a difficult problem.

Clearly define your team’s roles. Everyone working with you should have a clearly defined path and know what they’re supposed to be doing at any given time. A good knowledge of your team and each team member’s strengths can help you decide the most effective way to divide up labor for new strategies.

Don’t overload. Trying new ideas for your business can help you find out what works, but it’s important to avoid taking on too many tasks and overwhelming yourself and your team.

Push and contract.  It’s tempting to want to keep trying one new strategy after another, especially when you have the resources to do so. But it is  recommended going through a push and contract cycle with your business activities.

Push for a couple of months with new ideas, but then have a period of pullback and reflection to see if they’re making money.

Posted in Best Practices for Merchants, Financial Services, Small Business Improvement Tagged with: , ,

Mar
31
2014
March 31st, 2014 by Elma Jane

Money remittance companies can achieve real benefits by embracing a mobile-first strategy. In fact, when it comes to financial institutions, I can definitely say this is a perfect match! Specially for us who are transferring money to our home country for our loved ones.

Here are some factors why.

It decentralizes transaction points, making it inherently safer for customers.

People carrying cash in and out of remittance centers are prime targets for criminals. In some countries, it’s not rare to have people mugged just outside of banks and remittance centers.

By allowing people to transact wherever they are, mobile remittance decentralizes the transaction points, making it harder for thieves to find unsuspecting prey.

It has the potential to reduce bottlenecks in branches.

Mobile remittance can reduce the number of people who would visit a remittance branch to complete transactions. It alleviates traffic inside the branch, reducing lines and wait times and making visits by other customers more hassle-free.

Makes remittances more accessible.

The reduction in costs of running a remittance operation means these companies can actually lower the costs of sending money for the end-customer. This makes remittances more accessible to the areas that most need it, such as developing nations and remote rural areas. Lower costs also make it more attractive for people to use formal remittance solutions to send over money. For the poor, every cent counts, so lower costs can make the added security only a financial institution can provide more attractive for them.

Mobile makes money transfers faster and more convenient.

While today’s contactless mobile payments solutions are still not as simple as handing over a wad of cash or swiping a card for over-the-counter payments, in the world of money remittances, mobile can actually smooth out friction points.

Through mobile, senders can send funds wherever they are. They won’t have to drive or commute to a local remittance center, they don’t have to fill out forms and they don’t have to fall in line to complete the transaction. It’s all seamless and convenient.

For the recipients, mobile remittance can save them the trouble of having to go to a remittance center, fill out a form and fall in line to receive their money. All they’ll need is a simple SMS code that they can use to withdraw funds from a nearby ATM through cardless transactions.

Money can stay within the remittance company’s network longer.

One of the side effects of successful mobile money campaigns is that users are also using these mobile money solutions as storage mediums for their money. They don’t withdraw the funds all in one go. Instead, they only take out what they need and withdraw funds later.

Having the ability to withdraw small sums at a time has multiple benefits. For one, carrying less cash makes it safer for the customer. For the remittance company, the money stays in its network longer.

Opens up doors for financial inclusion

This is particularly true for developing countries where a vast majority of the population are un-banked or under-banked. The costs of building and maintaining a physical presence in poor countries has made traditional financial services difficult to access for their citizens. Even in poor countries, a large number of the population has access to a mobile device, giving them an opportunity to receive financial services.

Opens up other opportunities for remittance companies

Having a mobile service can help remittance companies expand to other services. They can add bill payments into the app, for example, allowing their customers to pay for utility bills using funds sent to them through their mobile devices.

Paves the way forward to progress

Mobile use is so widespread that it is no longer wise for remittance companies to turn a blind eye to it. If they won’t embrace it, you can bet their competitors will. Whoever gains traction in the mobile channel will have a huge advantage in the market. It’s now a case of move now or be left behind.

Reduces costs for remittance companies

Mobile remittance can cut costs for remittance companies by reducing the need for physical branches and personnel to accommodate walk-in clients. Mobile can scale without incurring significant costs making a mobile investment much better in the long-term for remittance companies that want to expand their operations.

Posted in Best Practices for Merchants, Financial Services, Mobile Payments, Small Business Improvement, Smartphone Tagged with: , , , , , , , , , , , , , , , , , ,

Mar
31
2014
March 31st, 2014 by Elma Jane

A payment processor is a company often a third party appointed by a merchant to handle credit card transactions for merchant acquiring banks. They are usually broken down into two types: Back and Front-End.

Back-End Processors accept settlements from Front-End Processors and, via The Federal Reserve Bank, move the money from the issuing bank to the merchant bank.

Front-End Processors have connections to various card associations and supply authorization and settlement services to the merchant banks’ merchants. In an operation that will usually take a few seconds, the payment processor will both check the details received by forwarding them to the respective card’s issuing bank or card association for verification, and also carry out a series of anti-fraud measures against the transaction.

Additional parameters, including the card’s country of issue and its previous payment history, are also used to gauge the probability of the transaction being approved.

Once the payment processor has received confirmation that the credit card details have been verified, the information will be relayed back via the payment gateway to the merchant, who will then complete the payment transaction. If verification is denied by the card association, the payment processor will relay the information to the merchant, who will then decline the transaction.

Modern Payment Processing

Due to the many regulatory requirements levied on businesses, the modern payment processor is usually partnered with merchants through a concept known as software-as-a-service (SaaS). SaaS payment processors offer a single, regulatory-compliant electronic portal that enables a merchant to scan checks “often called remote deposit capture or RDC”, process single and recurring credit card payments (without the merchant storing the card data at the merchant site), process single and recurring ACH and cash transactions, process remittances and Web payments. These cloud-based features occur regardless of origination through the payment processor’s integrated receivables management platform. This results in cost reductions, accelerated time-to-market, and improved transaction processing quality.

Payment Processing Network Architecture

Typical network architecture for modern online payment systems is a chain of service providers, each providing unique value to the payment transaction, and each adding cost to the transaction. Merchant>Point-of-sale SaaS> Aggregator >Credit Card Network> Bank. The merchant can be a brick-and-mortar outlet or an online outlet. The Point-of-sale (POS) SaaS provider is usually a smaller company that provides customer support to the merchant and is the receiver of the merchant’s transactions. The POS provider represents the Aggregator to merchants. The POS provider transaction volumes are small compared to the Aggregator transaction volumes. The POS provider does not handle enough traffic to warrant a direct connection to the major credit card networks. The merchant also does not handle enough traffic to warrant a direct connection to the Aggregator. In this way, scope and responsibilities are divided among the various business partners to easily manage the technical issues that arise.

Transaction Processing Quality

Electronic payments are highly susceptible to fraud and abuse. Liability to merchants for misuse of credit card data creates a huge expense on merchants, if the business were to attempt mitigation on their own. One way to lower this cost and liability exposure is to segment the transaction of the sale from the payment of the amount due. Some merchants have a requirement to collect money from a customer every month. SaaS Payment Processors relieve the responsibility of the management of recurring payments from the merchant and maintain safe and secure the payment information, passing back to the merchant a payment token. Merchants use this token to actually process a charge which makes the merchant system fully PCI-compliant. Some payment processors also specialize in high-risk processing for industries that are subject to frequent chargebacks, such as adult video distribution.

 

Posted in Best Practices for Merchants, Credit card Processing, Electronic Check Services, Electronic Payments, Internet Payment Gateway, Merchant Services Account, Payment Card Industry PCI Security, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

← Previous Article
Next Articles »