Category: Credit card Processing

May 6th, 2014 by Elma Jane

Boston-based Loop has released its LoopWallet app for storing magnetic-stripe cards on smartphones and using them in contactless payments at regular POS terminals.

Loop is a Level One PCI certified payment provider. Its technology has applications for turning loyalty cards into contactless cards and can also be used to generate dynamic card data every time a payment is made, preventing the creation of cloned cards.

The Loop Fob contains a microprocessor and magnetic induction loop and can be used without a phone, in which case payment would be taken from a designated card.

Mag-stripe cards for payment, gift, loyalty, ID or membership are read by the Loop Fob, a small audio jack magnetic-stripe reader, and then card data is encrypted and stored on the user’s smartphone. The LoopWallet app allows users to view their cards and select the one they wish to use.

To make a payment at the point of sale, the phone sends a signal, using Loop’s Magnetic Secure Transmission technology. MST emulates the signal generated when a mag-stripe card is swiped across a POS terminal’s read head. The signal is received by any mag-stripe card reader without requiring modifications to the POS terminal or processing system.

The free LoopWallet App for iOS 7 is available in the Apple App Store, with an Android version planned for release in April 2014. The app is only available to U.S. consumers.

.

 

Posted in Best Practices for Merchants, Credit card Processing, Digital Wallet Privacy, Electronic Payments, EMV EuroPay MasterCard Visa Tagged with: , , , ,

May 5th, 2014 by Elma Jane

The Payment Card Industry (PCI) Data Security Standard (DSS) has come under criticism as high profile data breaches continue to expose flaws in retailers’ data security systems. But telecommunications firm Verizon Wireless concluded that the PCI DSS is working.

Some Responses to Criticisms  

Nilson Report research from August 2013 that said card fraud cost the global payments market over $11 billion in 2012. Verizon added that the frequency of fraud schemes that the PCI DSS was designed to avoid is in fact growing. And yet most businesses are not fully compliant at the time of assessment. Only 51.1 percent of the companies it had audited had passed seven of the 12 requirements of the PCI DSS and only 11.1 percent of said companies had passed all 12.

Verizon addressed some of the criticisms leveled at the PCI DSS. One concern is that the standard promotes compliance as a test to be passed and forgotten, which distracts companies from focusing on improving security. Verizon responded by stating that breached businesses were less likely to be PCI DSS compliant than unaffected companies. It also said businesses improve their chances of not being breached by having the standard in place, and of minimizing the damage of a breach should one occur.

Another common complaint leveled at the standard is that it is too cumbersome and slow moving in relation to the quickly evolving threat landscape and nimble fraudsters ready to try new tactics. Verizon countered that the PCI DSS is meant to be a set of baseline security protocols. Achieving compliance with any standard is simply not enough, organizations must take responsibility for protecting both their reputation and their customers. Most attacks on networks are of the simple variety, with 78 percent of hacking techniques considered low or very low in sophistication. Data Breach Investigations Report (DBIR)  research shows that while perpetrators are upping the ante, trying new techniques and leveraging far greater resources, less than 1 percent of the breaches use tactics rated as high on the VERIS (Verizon’s Data breach Analysis Database) difficulty scale for initial compromise.

Recommendations

There’s an initial dip in compliance whenever a major update to the standard is released, so organizations will have to put in additional effort to prepare for achieving compliance with DSS 3.0.

The newest version of the standard, PCI DSS 3.0, went into effect Jan. 1, 2014. Businesses have until Jan. 1, 2015, to implement it. The updated standard has new requirements and clarifications to version 2.0 that will take time for businesses to understand and implement, and this will result in more organizations being out of compliance.

To help businesses deal with their PCI DSS compliance obligations the firm offered five approaches:

Don’t leave compliance to information technology security teams, but enlist application developers, system administrators, executives and other staff in helping further along the process.

Embed compliance in everyday business practices so that it is sustainable.

Integrate compliance programs into enterprise-wide governance, risk and compliance strategies.

Learn how to reduce the scope of organizations’ compliance responsibilities, chiefly by figuring out how to store less data on fewer systems.

Think of compliance as an opportunity to improve overall business processes, rather than as a burden.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

April 18th, 2014 by Elma Jane

Capital One joins existing stakeholders equally owned by Bank of America, JPMorgan Chase, and Wells Fargo. Member-owner of the ClearXchange network.

Capital One has taken a stake in ClearXchange, the US bank-backed clearing house for person-to-person online payments transfer.

ClearXchange is the first network in the U.S. created by banks that lets customers send and receive (P2P) person-to-person payments easily and securely using an email address or mobile number.

With only the recipient’s mobile number or email address, the ClearXchange network enables customers to send funds directly from their bank account to the recipient’s bank account without the need to pass on more sensitive account information.

EVP of digital at Capital One, says partnering with clearXchange is another way of bringing safe and secure payments through convenient, digital channels to their customers.

With membership open to banks and credit unions of all sizes, ClearXchange has so far signed up only FirstBank as its sole non-owner participant, although it nonetheless claims to represent more than 50 percent of the consumer online banking market.

Posted in Credit card Processing, Electronic Payments, Merchant Services Account, Mobile Payments, Payment Card Industry PCI Security, Small Business Improvement, Smartphone, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , ,

April 17th, 2014 by Elma Jane

Issuers participating in the MasterCard Rewards Platform can pursue greater engagement and value in their programs through a partnership MasterCard is announcing today with Points International Ltd. The companies say they struck the deal to take advantage of the popularity of travel and related experiences. Under the agreement, participating issuers can let their cardholders to exchange and trade earned airline miles, hotel points and loyalty currencies.

Travel happens to be one of the most popular redemption options for points on most programs today. So this is really about enabling consumers to get even more choice with regard to getting some redemption options.

Issuers individually will roll out the program later this year based on their own schedules. Any of the hundreds of banks that use the MasterCard Rewards Platform are eligible to participate. Participation is voluntary.

Enhanced flexibility in cardholder reward redemptions was a key driver behind the initiative, what this partnership allows to do is enable all customers that have points that they’ve gained from spending on their credit cards or debit cards to then exchange those points into a miles program or a hotel program that they tend to always have a lot of other points accumulated already.

Variable Exchange Rates

Cardholders will be provided with a conversation ratio applicable to the pair of rewards being exchanged. Ratios will differ by redemption transaction. Consumers also may choose to transfer small buckets of rewards points into one program and the rest in other programs. They can do transfers multiple times and across multiple rewards providers.

Posted in Best Practices for Merchants, Credit card Processing, Gift & Loyalty Card Processing, Travel Agency Agents Tagged with: , , , , , , , , , , , , , , , ,

April 15th, 2014 by Elma Jane

Amsterdam, Netherlands-based Cardis has been piloting its technology in Europe with Raiffeisen Bank in Austria and Sberbank in Russia. They are now focused on the U.S., as this is the fastest growing mobile payments market in the world, where there’s a huge opportunity. Integration of technology with a large U.S. processor and with a major U.S. retail brand, which will be launching a mobile site and mobile app using Cardis solution.

Cardis International is planning an April launch in the U.S. for its technology, which enables merchants to accept low-value contactless or mobile payments without incurring high processing charges. Cardis is able to bring down the processing cost of low-value payments, the company said, by aggregating multiple transactions into a single payment.

The problem

Contactless card and NFC-based mobile payments are typically for low amounts, and yet still use a card processing infrastructure that was designed 40 years ago when the average credit card transaction was $100.

Traditional card processing systems require each transaction to be individually processed through the payment system, including authorization, clearing and settlement. The resulting variable costs of processing each transaction are independent of the transaction amount and too high for low-value payments, particularly in low-margin industries such as quick-service restaurants. QSR restaurants often have a 3 percent profit margin, yet, for low-value contactless payments, the processing cost could be as high as 6-7 percent of the transaction value.

Mobile and contactless cards offer consumers a convenient form factor. But they don’t solve the problem that low-value card payments are very expensive for merchants.

As an ever-increasing percentage of transactions have become cashless, card processing fees have become a significant cost. Costs that are based on the number of transactions, rather than their value. With average per person expenditures of $5 or under, feels each swipe fee much more than a business where customers spend $50 or more. But not accepting credit/debit cards for low-value transactions isn’t an option as many of customers don’t carry cash anymore.

Aggregation

Cardis’ solution is to act as an aggregator of low-value payments, sending a single batched transaction through to a processor instead of multiple low-value transactions. As there is no per transaction processing of individual low-value purchases, the cost-per-transaction is significantly reduced.

Cardis provides its technology as a software plug-in to payment service providers for contact-based and contactless card payments, mobile wallet transactions and NFC payments.

There are two models. For card payments, it will aggregate multiple purchases by an individual cardholder at a single merchant on a post-paid basis up to a specific amount, for example $20. To guarantee payment to the merchant, since the aggregated transaction is processed at a later date, it will pre-authorize an amount, for example $15, the first time the customer makes a purchase at that merchant.

Alternatively, merchants can opt for Cardis’ prepaid system. This involves the consumer setting up a prepaid account hosted by Cardis’ sponsoring bank that is topped up via ACH (automated clearing house) transfers. Using the Cardis prepaid account on a smartphone provides the digital equivalent to cash.

With its post-paid solution, merchants will save 30-50 percent per transaction compared to conventional card processing fees, while its prepaid solution saves merchants 80 percent per transaction. With the post-paid solution, it will only aggregate a customer’s purchases at a single specific merchant. But, as the prepaid solution aggregates the customer’s purchases across multiple merchants, this enables to offer a much lower processing fee to the merchant.

Cardis provides an audit trail enabling consumers to track individual transactions that are aggregated using its technology. Consumers don’t lose any of their card protection rights and guarantees by agreeing to let a merchant aggregate their payments through Cardis. They can always charge back any disputed transactions.

Cardis sees opportunities for digital content providers such as online music stores and games providers to use its aggregation technology. It can integrate solution with existing digital wallets.

Raiffeisen

In 2012, Austria’s Raiffeisen Bank launched a pilot of Cardis technology for NFC-based Visa V Pay debit card payments in partnership with Visa Europe. Raiffeisen’s MobileCard mobile payment product uses a secure element stored on an NFC-enabled MicroSD card inserted in a mobile phone. Although Cardis supports secure elements stored on SIM cards as well as on MicroSD cards and on the cloud, Raiffeisen opted for MicroSD cards, as this is an easier solution to implement.

Raiffeisen cardholders participating in the pilot use MobileCard on average three times a week, with an average transaction value of ($5.70). Merchants accepting MobileCard are seeing 40 percent to 70 percent lower merchant processing fees for an average transaction value of  ($5.43) to ($13.60).

Spindle

In October 2013, Spindle, a U.S. mobile commerce company, signed an agreement with Multi-max, a manufacturer of vending machines for mid-size and small offices throughout North America, Europe and Asia. Spindle will integrate its MeNetwork mobile commerce technology into Multi-max’s line of K-Cup vending machines for rollout across the U.S.

The MeNetwork solution will incorporate all card-based payment acceptance services, as well as mobile marketing services. Spindle’s partner Cardis will provide low-value payment processing services for purchases at K-Cup vending machines.

Posted in Credit card Processing, Credit Card Security, Digital Wallet Privacy, e-commerce & m-commerce, Electronic Payments, Gift & Loyalty Card Processing, Internet Payment Gateway, Mobile Payments, Mobile Point of Sale, Near Field Communication, Payment Card Industry PCI Security, Smartphone, smartSD Cards, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

April 11th, 2014 by Elma Jane

Of the 17 percent of consumers who reported having had their credit card declined during a card-not-present (CNP) transactions. As many as one-third of those declines were unnecessary. The result is consumer aggravation, increased operational costs for banks and credit card companies and as much as $40 billion in lost revenue for online retailers.

TrustInsight which helps establish trusted relationships between financial institutions, merchants and online consumers conducted study. A report and infographic detailing the findings of the study found that avoidable online credit card declines lead to loss of trust for consumers, sales for merchants and increased operational costs for credit card companies and issuing banks.

Study also revealed that consumers handle credit card declines in a variety of ways all of which carried negative economic impact to at least one party in the transaction, resulting in unnecessary operating costs for banks, decreased loyalty for the credit card company and lost revenue for all. Almost half call their issuer immediately when their card is unexpectedly declined. This is a natural response. 34 percent of consumers try again another credit card, other use a different payment method and 24 percent will skip the purchase altogether or shop at a different online retailer.

No one wants to turn away business, and no one wants their business declined. The frustration and impact of wrongful declines is a real problem especially as more and more transactions occur in non-face-to-face situations.

Impact of consumer action in the face of a decline can have real and measurable effects on all parties, including credit card companies, banks and merchants manifesting itself in lost customer loyalty, lost fees and lost revenues. Creating a standard for online trust that enables credit card companies, merchants and issuing banks to better recognize trusted digital consumers and reduce the number of wrongly declined consumers avoiding unnecessary losses.

In a world where people are increasingly reliant on a variety of Internet-connected devices for everything from banking to shopping to entertainment and media, creating friction-free customer experiences and preventing online fraud are constant business challenges.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Financial Services, Gift & Loyalty Card Processing, Merchant Services Account, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , ,

April 11th, 2014 by Elma Jane

A new standard that uses Host Card Emulation (HCE) was introduced by VISA to enable financial institutions to securely host Visa accounts in the cloud. Visa’s move to support HCE includes tools and services as well as the standard. It is available now and will include support for QR codes and in-app payments in the future.

With this new service and platform that Visa is developing, it will enable clients and partners to issue Visa accounts digitally in the cloud, on secure elements in smartphones, or linked to a digital wallet. The solution will also enable the issuance of payment tokens that will replace the 16-digit payment account number and can be limited for use with a specific device, merchant or payment channel.

Layers of security will deploy by Visa to protect payment accounts in the cloud, including at the Visa network, application and hardware levels. Device fingerprinting technology, one-time use data, payment tokens and real-time transaction analysis will make up a multi-layered defense against unauthorized account access for their services.

Visa has intensified its Visa PayWave contactless payment application and is introducing a new implementation guidelines, program approval process standard and requirements for their standards.

Visa is also developing a tool, its software development kit (SDK) to support clients who wish to develop their own cloud-based payment applications or want to enhance their existing mobile banking applications with Visa PayWave functionality.

HCE is introduced to make it easier for developers to create NFC applications like mobile payments, loyalty programs, transit passes, and other custom services. Visa’s move to enable NFC payments with Android devices is welcome news and will guide the way for the payments industry.

Clients and partners around the globe are continuously looking for cost efficient, flexible and secure ways to enable mobile payments. The Android HCE feature provides with a platform to evolve the Visa PayWave standard, support the development of secure, cloud-based mobile applications, while at the same time offer greater choice.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Financial Services, Merchant Services Account, Mobile Payments, Mobile Point of Sale, Near Field Communication, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

April 11th, 2014 by Elma Jane

PCI DSS 3.0 standard, which took effect January 1st, introduces changes that extend across all 12 requirements, aimed to improve security of payment card data and reducing fraud. There will be some shakeups for many organizations when it comes to their day-to-day culture and operations. Transitioning to meet the new requirements will help e-business build a stronger, safer, lower-risk environment for their customers.

While the growing number of digital payment avenues offers convenience to customers, it also offers a larger attack surface for criminals.

As cloud technologies and e-commerce environments continue to grow, creating multiple points of access to cardholder data and online retailers will only become more appealing targets for hackers. Cybercriminals are cunning and determined. They understand payment card infrastructures as well as the engineers who designed them.

A scary proposition and it’s exactly why the payment card industry is so determined to help keep e-commerce organizations protected. Meeting the new standard, businesses will be better armed to fight evolving threats. Changes will also drive more consistency among assessors, help business reduce risk of compromise and create more transparent provider-customer relationships.

Transitioning to PCI DSS 3.0 will involve some work, but doing that work on the front end is going to save much work down the line. Adopting the new standard ultimately will drive your e-commerce business into a secure and efficient era.

Cultural Changes – One of the main themes of 3.0 is shifting from an annual compliance approach to embedding security in daily processes. Threats don’t change just once a year. They’re constantly evolving and that means e-commerce organizations must adopt a culture of vigilance. Only through a proactive business-as-usual approach to security can you achieve true DSS compliance. Realistically, this could mean the need to provide more education and build awareness with staff, partners and providers, so that everyone understands why and how new processes are in place.  

Operational Changes – The 3.0 standard addresses common vulnerabilities that probably will ring a bell with many of you. These include weak passwords and authentication procedures, as well as insufficient malware detection systems and vulnerability assessments, just to name a few. Depending on your current security controls program, this could mean you’ll need to step up in these areas by strengthening credential requirements, resolving self-detection challenges, testing and documenting your cardholder data environment and making other corrections.

Overview Changes – How much work lands on your plate will depend on your current security program. Examining your current security strategies and program is a good idea. Below are the areas requiring your attention, which this series will explore in more detail in future installments.

Service Provider Changes –  Some organizations made unsafe assumptions in the past when it comes to third-party providers. Some have paid the price, from failed audits to breaches. One reason that the new standard is designed to eliminate any confusion over compliance responsibilities. Responsibilities, specifically for management, operations, security and reporting all will need to be spelled out in detailed contracts. In addition to improved communication, an intensified focus on transparency means that you should have a clear view of your provider’s infrastructure, data storage and security controls, along with subcontractors that can impact your environment. So if your organization isn’t exactly clear on which PCI DSS requirements you manage and which ones your providers handle, prepare to get all of that hammered out.

The Compliance Rewards – The path to preparing for the 3.0 deadline in January 2015 sounds like it’s a lot of work. So to get started request your QSA’s opinion on how the changes will impact your organization, by doing the gap assessment and you’ll be able to address any shortcomings.    

Meeting the new 3.0 requirements isn’t just about passing audits. In fast paced payment IT landscape, staying smart and protected is part of our commitment to our customers. Beefing up security game not only reduce audit headaches, but also enjoy stronger brand reputation as a safe and reliable e-commerce business.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, e-commerce & m-commerce, Electronic Payments, Financial Services, Payment Card Industry PCI Security, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

April 8th, 2014 by Elma Jane

Today’s consumers are defining themselves by their mobile devices, their social presences and how they interact with brands, both offline and online. The digital evolution of the average consumer is alive and kicking.

Today’s consumer is more connected than ever, with more access to and deeper engagement with content and brands. Thanks to the proliferation of digital devices and platforms. Content that was once only available to consumers via specific methods of delivery such as via print, radio and broadcast television can now be sourced and delivered to consumers through their multiple connected devices. This is driving the media revolution and blurring traditional media definitions.

What are the specific characteristics or dynamics shaping today’s consumer behavior? Digital consumers are social-savvy and more connected to their friends, family and favorite brands than ever before.
Focused On The Gadgetry

Consumers love gadgets.

One out of four Americans plan to buy a smartphone in the near future. Thirty percent intend to upgrade from a regular mobile phone to a smartphone once able. For those ages 18 to 24, 49 percent they want to upgrade to a smartphone.

How frequently consumers use their mobile devices in a given month? Consumers spent an average of 34 hours and 17 minutes per month using apps on their devices, an increase of 9 hours and 52 minutes from 2012.

Interestingly, the amount of time consumers spend surfing the Web fell 1 hour and 54 minutes to a total of 27 hours and 3 minutes. The amount of time used to watch videos online increased by 43 minutes, to 6 hours and 41 minutes.

Social Media & Everyday Life

Digital consumers, by and large love their social media.

Sixty-four percent said that they use social media at least once per day. For mobile however, the growth figures reported suggest a broad shift is happening, pushing more people to access social networks via mobile platforms.

Forty-seven percent of smartphone owners log onto a social network each day. Additionally, the number of people who use social-media apps on their smartphones rose by 37 percent from 2012.

Digital consumers are also diversifying their choice of social networks, opting to use LinkedIn and Pinterest in addition to so-called traditional social media platforms like Facebook and Twitter.

As digital consumers find their own mix of devices and platforms to access and engage with social media, they are building profiles and connections on multiple social networks as well.
Two Screens Is A King

Digital consumers also rely on their mobile devices as a second type of television screen.

In a survey, eighty-four percent said they use their smartphone or tablet to surf the Web or to use apps while watching television. Of those, 44 percent of tablet owners shopped while watching TV, and 24 percent used their smartphones to make purchases.

Fourteen percent of tablet owners used their device to buy a product or service as it was being advertised on TV. Just 7 percent of smartphone owners said they would do the same.

Posted in Best Practices for Merchants, Credit card Processing, Financial Services, Merchant Services Account, Mobile Payments, Small Business Improvement, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

April 7th, 2014 by Elma Jane

Integrate Cloud-Based Platforms

E-commerce businesses increasingly rely on cloud-based applications, such as hosted shopping carts, analytics platforms, cloud-based accounting, customer service tools, and more.

To operating smoothly, a merchant’s cloud-based apps should integrate with each other, to save time and to otherwise prevent data loss and ensure accurate reporting.

It’s important, therefore, to have an integration mindset when choosing and using software-as-a-service solutions.

Some tips:

Ask Around

As with evaluating any vendor for your company, go beyond the company’s website. Ask the vendor about other customers. Get references. Contact those companies and ask how the platform is working. Is it easy to set-up? Does it integrate seamlessly with other apps? How long does it take to transfer data from one app to the other? These are just some of the questions you need to ask when evaluating an app. Also check social media sites for any discussions pertaining to the program. Read what people are tweeting. Check relevant LinkedIn groups.

Check the Company’s Integrations Page or API

When evaluating a software-as-a-service (SaaS) solution, first determine if it integrates with the platforms that you’re already using. Pre-built integrations will save much time. Alternatively, if a company has an application programming interface (API), use it to integrate the app with your existing systems.

If you can’t find the integration you need or if you want to avoid the API option, contact the vendor directly and ask if it can make its platform sync with your existing solutions. Don’t underestimate the power of reaching out to your vendors.

Use Cloud App Integration Services

Another option is to use SaaS integration services. You have plenty of choices, depending on what you need to connect. If you just need to integrate two apps, like Dropbox to Gmail, for instance, you can use (IFTTT) If This Then That –  a service that lets you assign triggers and actions to each app through a drag-and-drop interface. When one program does something, it will automatically trigger another app to perform an action. For example, you can create a recipe wherein all your Gmail attachments are automatically saved to your Dropbox folder. IFTTT is free to use, to integrate up to 80 apps.

A similar service, Zapier, lets you do the same thing, but on a larger scale. It supports more than 250 applications, including Salesforce, Zoho CRM, Xero accounting, Campaign Monitor email, and more. Zapier is free for five integrations. It also offers Basic, Business, and Business Plus plans that cost $15, $49, and $99 per month, respectively.

IFTTT and Zapier work well to integrate two cloud applications. However, if you’re running a combination of cloud and on-premise applications, or if you have an ecosystem of apps and data sources that have to connect and exchange data, you need more sophisticated options.

That’s where services such as Dell Boomi and SnapLogic come in. Like IFTTT and Zapier, these solutions use a drag-and-drop interface, but at a larger scale. They connect multiple combinations of cloud and on-premise applications.

Use Free Trials

Always test-drive your apps or integration services. Most SaaS platforms offer free trials. Take note of user-friendliness, functionality, and observe how they function with programs you already have.

Posted in Best Practices for Merchants, Credit card Processing, e-commerce & m-commerce, Financial Services, Internet Payment Gateway, Payment Card Industry PCI Security, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , ,