Category: Credit card Processing
April 21st, 2015 by Elma Jane
An advanced strain of malware called “Punkey,” is capable of attacking Windows point of sale terminals, stealing cardholder data and upgrading itself while hiding in plain sight.
Researchers from Security vendor Trustwave discovered the new strain. The investigation found compromised payment card information and more than 75 infected, and active, Internet Protocol addresses for Windows POS terminals.
Punkey poses a unique threat to payment networks, particularly because it also can download updates for itself.
If the malware author has a new feature it wants to add or updates to get rid of bugs, it actually pushes the malware down from the command and control server, revealed by Trustwave’s SpiderLabs research center. Punkey operates like a typical Botnet.
The malware hides inside of the Explorer process, which exists on every Windows device and manages the opening of individual program windows. Punkey scans other processes on the terminal to find cardholder data, which it sends to the control server.
The malware performs key logging, capturing 200 keystrokes at a time. It sends the information back to its server to store passwords and other private information.
A year ago, security vendors warned retailers against using Windows XP at the point of sale, since Microsoft stopped supporting Windows XP security patches. However, even Punkey is not attacking Windows due to any vulnerability in the systems, so even merchants with newer versions of Windows are at risk.
Punkey just runs like any Windows binary would. Even if the system is upgraded or a new system is put in place, criminals are still getting malware on the POS in other ways.
Many retailers use remote desktop support software, which fraudsters take advantage of, they steal a password and install malware like a technician would install any software.
While Punkey represents a more sophisticated POS malware than Trustwave has seen previously, merchants can still protect themselves through attention to basic security best practices.
Merchants should update antivirus and firewall protections, monitor the remote access software, establish two-factor authentication and check network activity daily for anything out of the ordinary. Unfortunately, many organizations have neither the expertise nor the manpower to perform these tasks.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: card, cardholder, cardholder data, data, Malware, Merchant's, payment, payment networks, point of sale, POS terminals, retailers, terminals
January 21st, 2015 by Elma Jane
With a crucial deadline, the payments industry is starting to look at just what kind of fraud liability and how much fraud merchant acquirers will have to assume if their merchants aren’t ready to accept Europay-MasterCard-Visa (EMV) chip cards by October.
While issuers currently absorb losses under card-network rules, that burden will shift to acquirers this fall in cases where the fraud occurs at merchants unprepared for EMV.
As a result, acquirers will have to reckon with a whole new category of risk exposure.
In card-not-present transactions, acquirers have faced this, but in the overwhelming majority of cases they’ll be confronting it for the first time.
Surprisingly, for all the talk in the industry about the imminent arrival of EMV, it appears few acquiring executives have fully accounted for what the shift really means for them.
Some 24% of U.S. point-of-sale terminals are “EMV-capable,” while 9% of debit/prepaid cards issued, and 2% of credit cards have EMV chips so far. But while terminals may be technically capable, it isn’t known just how many of these merchants have the software and trained personnel to accept EMV.
Foreign issuers, especially, may be licking their chops at the prospect of offloading their consumer-fraud risk onto U.S. acquirers. For years and years, these non-U.S. issuers have invested in EMV, but the U.S. is still using the mag stripe. So non-U.S. issuers appear to be very aware of the liability shift.
To be sure, acquirers’ increased risk exposure may be relatively short-lived. Under the network rules, liability rests with the issuer in cases where both the merchant and the issuer are EMV-compliant. That could be nearly universally the case within a few years. By 2018, nearly all cards and terminals will be compliant.
But that still leaves open the question of how many of these terminals will really be running chip card transactions.
The issue isn’t so much about terminals as about software. Many mid-size merchants are using so-called integrated solutions that run payments as part of a larger business-management system. That means acquirers must work with a number of other parties to reconfigure software, and that presents a challenge when it comes to getting masses of merchants EMV-compliant.
The bigger problem is the integrated point-of-sale market.
While the liability shift may impact acquirers, not all them are convinced their exposure will rise all that much. Some argue the risk of loss from lost/stolen/counterfeit cards at the point of sale is low and not likely to rise, especially for small-ticket merchants.
Fraudsters, are much more inclined to practice their trade online, where the risk of being caught is lower, compared to face-to-face transactions.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: card network, card-not-present, chip cards, credit cards, debit/prepaid cards, EMV, EuroPay, fraud, integrated solutions, mag stripe, MasterCard, merchant acquirers, Merchant's, payments, payments industry, point of sale, terminals, transactions, visa
September 16th, 2014 by Elma Jane
When plastic cards become digital tokens, they become virtual. So how do you say that the Card is Present or Not Present. The legendary regulatory difference that the cards industry has relied on to differentiate between interchange fees for Card Present and Card Not Present transactions.
Apple secured Card Present preferential rates for transactions acquired by iTunes on the basis that the card’s legitimacy is verified with the issuer at the time of registration and the token minimizes probability of fraud. If an API call to the issuing bank is sufficient to say that the Card is Present, who is to say that the same logic can’t apply to online merchants who also verify the authenticity of Cards on File when they tokenize them? How can one arbitrarily say that the transaction processed with token from an online merchant is Card Not Present, but the one processed with Apple Pay is Card Present even though both might have made the same API call to the bank to verify the card’s validity?
In the Apple case, a physical picture of the card is taken and used to verify that the person registering the card has it. It is not that hard for an online merchant to verify that the Card on File converted as a token does belong to the person performing an online transaction.
As we move towards chip and pin the card present merchants will spend substantial money upgrading their hardware and POS systems. That expense will be offset by that savings in losses due to fraud. MOTO and e-commerce transactions ( card NOT present ) will always have a higher cost because the nature of processing is NON face to face transactions. Of course the fraud and losses are higher when the card is manually entered or given to someone over the phone……Face to face will always have the lowest cost per transaction because it is usually the final step in the sale. Restaurants are low risk because you had the transaction AFTER you eat. If there is a dispute it happens before the merchant even sees the credit card.
In the long run, as cards become digital and virtual through tokens, we are all going to wonder if card is present or not present. May be some will say. Card is a ghost.
Posted in Best Practices for Merchants, Credit card Processing, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: (POS) systems, API call, Apple secured Card Present, bank, Card Not Present transactions, card present, card present merchants, cards, cards industry, chip, credit-card, digital and virtual, digital tokens, e-commerce transactions, fees, fraud, hardware, industry, interchange, interchange fees, issuer, issuing bank, low risk, Merchant's, moto, NON face to face transactions, online, online merchants, online transaction, PIN, Processing, Rates, token, transactions
June 9th, 2014 by Elma Jane
Some American banks and financial institutions, like JPMorgan Chase, American Express and Citi, have already issued credit cards with new security technology. Other banks will do so by the end of the year. Often referred to as E.M.V. (short for Europay, MasterCard and Visa) or chip-and-PIN, these new cards use a combination of an embedded microchip and a personal numeric code to authorize payment transactions. Depending on the card issuer, some cards may have the chip but require just the old-fashioned signature instead of a PIN.
Most traditional credit cards in the United States today use a magnetic strip and a customer signature to seal a deal. The information embedded in the stripe can be easily cloned, however, and signatures can be forged. The chips in the newer E.M.V. cards which encode account information when transferring it to the merchant are harder to duplicate. The PIN must be entered for each charge, which helps make the cards more secure for in-person purchases. The cards are not infallible, though, criminals have still found ways to steal PINs and make fraudulent online purchases.
With new types of credit cards come new payment terminals, and many retailers must upgrade their equipment to make it compatible with E.M.V. cards. Instead of a slot to swipe the strip, the new credit card terminals typically need a chip reader. Most merchants will probably have the new equipment in place by October 2015, when new rules about fraud liability kick in. Under these rules, the bank or the merchant could be held accountable for any fraudulent charges if one of them has not upgraded to the new system. The party with the weaker security measures must pay.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: account information, American banks, American Express, card issuer, cards, chip, Chip and PIN, chip reader, Citi, credit card terminals, credit cards, E.M.V., embedded microchip, EuroPay, financial institutions, fraud liability, JPMorgan Chase, magnetic strip, MasterCard, merchant, numeric code, payment terminals, payment transactions, PIN, Security, visa
May 29th, 2014 by Elma Jane
New enhancements intended to provide its U.S. cardholders with greater protection from fraud and identity theft has been announced by MasterCard.
All MasterCard credit, debit, prepaid and small business cards issued in the U.S. will now carry Identity Theft Resolution assistance. MasterCard new program will provide help in canceling missing cards and alerting credit reporting agencies, as well as targeting searches to detect if stolen personal and confidential data appears online. The new Identity Theft coverage extension begins in July 2014.
MasterCard is also extending its zero liability policy in the U.S. to include all MasterCard PIN-based and ATM transactions. This is in addition to coverage already provided on signature debit and credit transactions. The Zero Liability coverage extension takes effect in October 2014.
Fraud prevention and detection is a 24/7 job at MasterCard. The changes in cardholder protection is a combined efforts to move the U.S. payments industry to EMV chip technology will help deliver safer shopping experiences to consumers. MasterCard noted that tanks and financial institutions issuing MasterCard-branded cards provide financial indemnity against fraud.
Posted in Credit card Processing, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: ATM transactions, business cards, cardholders, credit, credit reporting agencies, credit transactions, data, debit, EMV, EMV chip technology, financial institutions, fraud, Fraud prevention, identity theft, Identity Theft Resolution assistance, MasterCard, payments industry, PIN, prepaid, zero liability policy
May 23rd, 2014 by Elma Jane
State senate in California is advancing a bill SB 1351, mandates April 1, 2016, that would require California-based bankcard issuers and retailers to adopt Europay/MasterCard/Visa (EMV) chip card technology. SB 1351 bill is introduced March of 2014, passed out of committee on May 6 and may be voted on by the full senate as early as tomorrow, May 22nd.
Additionally, the bill specifies that any contracts entered into by financial institutions and card brands on or after Jan. 1, 2015, would have to include the provision that any new or replacement cards issued after April 1, 2016, be EMV compliant. The rationale for the bill comes from oft-cited evidence that EMV cards substantially reduce fraud.
In April 2014, Sen. Hill stated, My legislation holds all stakeholders accountable to protect consumers from scam artists who use fake cards to game the system.
The Electronic Transactions Association, however, does not see the issue the same way. Passing a single state technology standard will open the floodgate to additional state responses and create an expensive, unsafe and inefficient myriad of technology standards, the ETA said. The ETA is urging payment professionals in California to contact their legislators and let their opinions be heard.
The bill initially mandated Oct. 1, 2015, as the deadline for EMV implementation, which is the date set by Visa Inc. and MasterCard Worldwide for retailers to be EMV complaint or face potential fines in case of fraud. The bill also makes exceptions for small retailers and convenience stores/gas stations; they have until Oct. 1, 2017, to transition to EMV.
Posted in Best Practices for Merchants, Credit card Processing, EMV EuroPay MasterCard Visa Tagged with: bankcard, card brands, card technology, cards, chip, consumers, Electronic Transactions Association, EMV, EMV compliant, EMV implementation, ETA, Europay/MasterCard/Visa, fake cards, financial institutions, fraud, MasterCard, payment professionals, retailers, scam, small retailers, technology standards, Visa Inc.
May 21st, 2014 by Elma Jane
There are no enforced standards in the card processing industry regarding rates, fees, and contractual terms. It is possible for two providers to offer seemingly the same rates and fees that result in different processing costs.
Excessive Monthly, Annual, or Quarterly Fees
There are numerous monthly, annual, or quarterly fees merchants may see on their statements each month. Many merchants pay far more than they should for these fees. The fees may have names like statement fee, service fee, membership fee, regulatory fee, PCI fee, and host of other names. The fair amount each merchant should pay for these fees varies by sales volume and merchant type. Also, the amount a merchant pays for any given fee isn’t as important as the overall processing cost. These are general guidelines; some merchants should pay far less. If you are currently paying more, it may be a good time to review your overall processing cost including your pricing plan, rates, and fees.
Excessive Payment Gateway Fees
A payment gateway route transactions from the merchant’s website to the provider. Some retail point-of-sales devices require a gateway to route the transactions. Merchants generally pay a per-month and a per-transaction fee for use of the gateway. As a rule, the direct cost to process through the gateway is a few cents per transaction.
PCI Non-compliance or Non-validation Fee
Many providers now charge a monthly non-compliance or non-validation fee if the merchant is not PCI compliant. This fee may be in addition to a monthly, quarterly, or annual PCI fee. Supposedly, providers charge the non-compliant or non-validation fee as an incentive for merchants to become compliant. Nonetheless, some providers use this fee more for revenue generation, than as an incentive. Some providers do not charge this fee at all.
Merchants should not change providers because of this fee. Instead, the merchants should become PCI compliant to eliminate the fee and reduce the probability of being breached, which could easily result in huge monetary penalties – tens of thousands of dollars. To become compliant, merchants should complete the PCI Self-Assessment Questionnaire and adhere to the PCI requirements, which may require quarterly scans. In short, if a merchant is being charged a non-compliance or non-validation fee, it is as much the merchant’s fault as anyone else.
Visa FANF Fee
In 2012, Visa started charging providers a Fixed Acquirer Network Fee (FANF). The actual fee charged by Visa is dependent on the merchant type. The fee for customer-present retail merchants is based on the number of locations. The cost for ecommerce and fast food merchants is based on the volume of business. Customer-present retail merchants that have non-swiped transactions can also pay an additional customer-not-present FANF fee.
Most aggregators – i.e., merchant account providers that group multiple merchants into a single merchant account, such as Square, PayPal – integrate the FANF cost into their rates and fees versus itemizing them out separately. Most traditional providers properly pass through the actual Visa FANF fee to their merchants. However, there are a few that treat this fee as another hidden revenue stream. I’ve seen providers charge a flat monthly fee for customer-present merchants and I’ve seen the FANF fee inflated by as much as 50 percent for ecommerce merchants. Keep in mind when reviewing that the fee is generally based on the volume of the prior month. In order words, the fee you see on your statement for April activity is likely based on the March volume, as providers need to know the monthly Visa volume before they can assess the fee.
Unusual Discover Card Fees
For Discover transactions, some providers charge a higher percentage, or higher per-item fee, or monthly access fee.
Posted in Best Practices for Merchants, Credit card Processing Tagged with: (FANF), access fee, aggregators, breached, card processing industry, compliant, contractual terms, customer-not-present, customer-present retail merchants, devices, Discover transactions, ecommerce, ecommerce merchants, fast food merchants, fees, Fixed Acquirer Network Fee, flat monthly fee, gateway, integrate, membership fee, merchant account, merchant account providers, merchant type, Merchant's, merchant’s website, monetary penalties, non-compliance, non-swiped transactions, non-validation fee, payment gateway, PayPal, PCI fee, PCI non-compliance, PCI requirements, PCI Self-Assessment Questionnaire, pci-compliant, point-of-sales, pricing plan, processing cost, processing costs, provider, provider's, quarterly fees, Rates, regulatory fee, retail, retail point-of-sales devices, revenue, route transactions, sales volume, service fee, Square, statement, statement fee, statements, transactions, visa, Visa volume, website
May 16th, 2014 by Elma Jane
National Transaction discussed about credit card underwriting today, a training twice a week given to our Sales Representatives together with our partner Elavon. Training outlined the following why Elavon needs guidelines, credit decision factors as well as which merchants are restricted vs. which merchants are prohibited. For company understanding, facts about fulfillment will be outlined allowing for a better understanding of the department that receives and processes new merchant applications. Application requirements will be identified and then why applications pend.
Fulfillment Services – The department who manages merchant applications through the process of: Data Entry, Underwriting, Deployment and Merchant Activation.
Best way to get an application to boarding – Email and Fax.
The key to success is gathering the right information, such as data from a myriad of sources, including bank statements, credit reporting agencies, utility assessments, tax assessments and additional financial documentation. These are just some chunk of what we have discussed today. With the right tool and support from National Transaction Team closing a deal is feasible.
Posted in Best Practices for Merchants, Credit card Processing, nationaltransaction.com Tagged with: bank statements, credit, credit card underwriting, credit-card, data, Data Entry, Elavon, Merchant Activation, merchant applications, Merchant's, National Transaction, tax, underwriting
May 8th, 2014 by Elma Jane
National Transaction Corporation Receives 2014 Best of Coral Springs Award
CORAL SPRINGS April 23, 2014 — National Transaction Corporation has been selected for the 2014 Best of Coral Springs Award in the Credit Card Service category by the Coral Springs Award Program.
Each year, the Coral Springs Award Program identifies companies that have achieved exceptional marketing success in their local community and business category. These are local companies that enhance the positive image of small business through service to their customers and the community. These exceptional companies help make the Coral Springs area a great place to live, work and play.
Various sources of information were gathered and analyzed to choose the winners in each category. The 2014 Coral Springs Award Program focuses on quality, not quantity. Winners are determined based on the information gathered both internally by the Coral Springs Award Program and data provided by third parties.
The Coral Springs Award Program is an annual awards program honoring the achievements and accomplishments of local businesses throughout the Coral Springs area. Recognition is given to those companies that have shown the ability to use their best practices and implemented programs to generate competitive advantages and long-term value.
The Coral Springs Award Program was established to recognize the best of local businesses in the community. The organization works exclusively with local business owners, trade groups, professional associations and other business advertising and marketing groups. Their mission is to recognize the small business community’s contributions to the U.S. economy.
Posted in Credit card Processing, Merchant Account Services News Articles, nationaltransaction.com Tagged with: Credit Card Service, credit-card, customer, data, marketing, National Transaction Corporation, ntc, program
May 7th, 2014 by Elma Jane
NTC’s New Approach On Payment Processing brings Client Satisfaction
About NTC (National Transaction Corporation)
NTC is a credit card processing company that was built uniquely. Combining leading edge technology with passion for customer service, as well as service to help customers maximize the value of their merchant service program. NTC provides sales agents, financial institutions and merchants with benefits not available from other providers, such as next day funding with a late cut-off time and unparallel graphical and web-based reporting.
To learn more visit http://www.nationaltransaction.com or call 888-996-2273.
Marking a 65% increase over 2012 NTC now serves approximately 15,000 businesses.
This rapid growth was driven by the many unique benefits that NTC offers its merchants and sales partners, ranging from best technology to superior customer service.
The major differentiators made possible by NTC’s proprietary back-end processing system is the Next Day Funding Service. Because NTC connects directly to the following: Amex, Discover, MasterCard and VISA. This way sales partners and merchants are able to avoid the middleman and go straight to the source of all their processing needs. This also means that the merchants can batch out their terminal POS with one of the latest cut-off times in the industry by as late as 11:00 pm Eastern.
NTC’s another appealing factor to new sales partners and merchants is its merchant connect online reporting system. It provides 24/7 access to graphical account information through a system that is fast easy and secure. Merchants are now able to clearly see and understand their payment processing costs. ISO’s have access to sugar CRM to make notes and see Merchant Marketing Data. Card Numbers are secure on the banks server so our faculty has credentials to access the bank servers.
Independent sales organizations (ISOs) and Merchant sales professionals continue to choose NTC as their payment processing partner to obtain these unique benefits. In addition to industry-leading technology, NTC offers its merchants and sales partners a level of personalized support that is not easily found among other credit card processing companies. They get round the clock account and terminal support. Collective hard work and determination helped NTC grow faster in the industry, resulted in more loyal ISO sales partners who are submitting more applications. Looking forward for continued success for NTC, its sales partners and merchants.
Posted in Credit card Processing, EMV EuroPay MasterCard Visa, Financial Services, Merchant Account Services News Articles, nationaltransaction.com, Point of Sale, Visa MasterCard American Express Tagged with: amex, back-end processing, bank, bank servers, card, card numbers, credit card processing, credit-card, customer service, Discover, financial institutions, marketing data, MasterCard, merchant, merchant connect, merchant service, next day funding, payment processing, POS, provider's, sales agents, sales partners, sugar CRM, terminal, visa, web-based