Category: Credit Card Security

Tokenization
May 5th, 2017 by Elma Jane

Tokenization is a powerful security feature that allows a merchant to support all of their existing business processes that require card data without the risk of holding card data and without any security implications, because tokens are useless to criminals, they can be saved by the merchant as they do not represent any threat.

The liability and costs associated with PCI compliance is substantially reduced and the risk of storing sensitive data is eliminated.

Tokenization applies to credit card and gift card.

Merchants set up for the tokenization service receive responses that include a token.

The token generated is not linked to a specific transaction but to a specific card number and the token generated for that transaction will be identical for every use of that card number and merchant.

Furthermore, you can generate a token and save the token with associated information in the Card Manager.

For Electronic Payments with Tokenization call now 888-996-2273

or click here NationalTransaction.Com

 

 

Posted in Best Practices for Merchants, Credit Card Security, Electronic Payments, Payment Card Industry PCI Security Tagged with: , , , , , , , , ,

Ecommerce and Electronic Payment Technology
May 1st, 2017 by Elma Jane

3D Secure Authentication

One of the biggest frustration for e-Commerce businesses has been the risk of chargebacks. If a shopper were to tell their issuers that they did not authorize an Internet purchase with their credit card, the merchant can lose the chargeback and the product.

By using 3D Secure capabilities, merchants get detailed evidence of authorized purchases “authentication data”.

The authentication data, together with an authorization approval gives you a transaction that is guaranteed against the most common types of chargebacks: Cardholder not authorized and cardholder not recognized chargebacks.

3D Secure is a security tool that enables cardholders to authenticate their identity to their card issuer through the use of Visa’s Verified by Visa and MasterCard’s SecureCode services.

3D Secure adds another layer of security to cardholders by preventing fraudulent purchases in an e-Commerce environment and reducing the number of unauthorized transactions.

NTC’s Virtual Merchant users processing transactions in an integrated e-Commerce environment are able to take advantage of this functionality.

3D Secure processing is supported with MasterCard and Visa transactions only. Other card types will process as normal and will not trigger 3D secure processing.

For e-Commerce Electronic Payments set up with 3D Secure

call now 888-996-2273! or click here NationalTransaction.Com 

 

Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce, Electronic Payments, Visa MasterCard American Express Tagged with: , , , , , , , , ,

Tokenization and Encryption
November 18th, 2016 by Elma Jane

Tokenization and Encryption are completely different technologies when it comes to securing ­sensitive data, such as credit cards.

Encryption tools and techniques is to mask original data, then allow it to be decrypted. It uses an algorithm to scramble credit card information that makes the data unreadable to anyone.

Encryption is most often “end-to-end.

Example:  When someone enters card data into a web browser to buy an item and decrypted when the purchaser’s authorized credit card information reaches its intended destination, which is the merchant’s e-commerce database.

Encrypted card data is unreadable while it’s “at rest” in a database or “in motion” during a purchase transaction; and inaccessible until a key decrypts it. The chances of a hacker stealing the data is minimal. But, if card data passes through multiple internal systems en route to an acquiring bank or payment gateway, the encrypt/decrypt/re-encrypt process could open a wide security hole, thus creating vulnerabilities to hackers.

Tokenization have found to be cheaper, easier to use and more secure than end-to-end encryption.

Tokenization completely removes credit card data from internal networks and replaces it with a generated, unique “token”. Tokens have no meaning and are worthless to criminals if a company’s system is breached.

Merchants use only the token to retrieve, access, or maintain their customers’ credit card information.

Example: Actual credit card number was 3234 4567 8789 78910, it might become FHIW145BVE65478 when a token is generated. The token is randomly generated and there is no algorithm to regain the original card number. hackers can’t reverse-engineer the actual credit card number, even if they were to grab the tokens off the servers.

Using tokens doesn’t change a merchant’s payment processing experience. Only they’re much safer for a merchant than actual credit cards.

Posted in Best Practices for Merchants, Credit Card Security Tagged with: , , , , , , , , , , ,

CODE 10
October 13th, 2016 by Elma Jane

Code 10 merchants first line of defense!

How to use “Code 10”

  • Call the voice authorization phone number provided by your Merchant Provider. This number can be found on the sticker on your terminal or call your Merchant Service provider and ask to be transferred to the Voice Authorization department.
  • Choose the prompt for “Code 10”. Never call a phone number for the card issuing bank provided by a customer; or let the customer call the card issuing bank for you to obtain an authorization code. Do not accept an authorization code given to you by a customer. Authorization code obtained from your Authorization Center can be verified; but not the one from other sources.
  • Provide the cardholder name, billing address and shipping address, if the order is a mail order, phone or Internet sale. The representative will attempt to verify the information you provide with the bank that issued the card to the customer.
  • The representative will attempt to verify the cardholder information during your call; the data will be forwarded to an investigator for further research and will attempt to contact you within 24 – 72 hours with the current status or results of the investigation.
  • Request another form of payment other than a credit card if an authorization request is declined. Do not split a declined transaction into smaller increments to obtain an authorization.
  • Obtain an authorization code for the full amount of the sale. Always obtain the authorization code before shipping the merchandise.

Whether you are in a face-to-face environment, or via mail, phone or Internet that sell goods and services you can employ a “Code 10” authorization to verify additional information on a suspicious transaction.

You may be prompted by your processing terminal to call for voice authorization of the charges (CALL AUTH), or you may simply not feel right about the transaction. In either case, you can use “Code 10” to gain additional information before you release your merchandise.

 

 

 

Posted in Best Practices for Merchants, Credit Card Security Tagged with: , , , , , , , , ,

Cybersecurity Via Converge
October 11th, 2016 by Elma Jane

Cybersecurity via Converge:

Converge uses a multi-layered approach to security which helps keep cardholder data safe throughout the entire payment process; from beginning to end.

  • EMV: All new Ingenico PIN pads and readers – iCMP and RP457c used with Converge Mobile offer EMV to help protect against counterfeit card use. The PIN pads go a step further in helping protect against lost; stolen and NRI (never received/issued) when a PIN-preferred card is accepted with PIN entry.
  • Encryption: All new Ingenico devices also include encryption as a standard security component in addition to protect card data in transit.
  • Tokenization: An enhanced security feature that is particularly valuable in card-not-present (CNP) environments when cards are stored on file for processing at a later time, or either for recurring/installment payments. 

Get the Ingenico iCMP EMV PIN Pad for only $130.00.

For all payment applications, either Debit or Credit PIN Transaction. Work with both Apple and Android Devices.

Ingenico EMV RP457c card reader for only $75.00.

For Merchants that do not need PIN Pad. Works with hundreds of mobile devices. 

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Mobile Payments, Smartphone Tagged with: , , , , , , , , ,

PCI COMPLIANCE
September 21st, 2016 by Elma Jane

PCI compliance applies to any company, organization or merchant of any size or transaction volume that either accepts, stores or transmits cardholder data.

Any merchant accepting payments directly from the customer via credit or debit card must be Compliant. The merchant themselves are therefore responsible for becoming Compliant, as the deadline for the merchant becomes overdue.

Understanding and knowing the details of Payment Card Industry Compliance can help you better prepare your business. Because failing and waiting to become compliant or ignoring them, could end up being an expensive mistake.

The VISA regulations have to adhere to the PCI standard forms as part of the operating regulations. The regulations signed when you open an account at the bank. The rules under which merchants are allowed to operate merchant accounts.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

 

 

 

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , ,

September 20th, 2016 by Elma Jane

Avoiding Chargeback!  

Always ask for the card security codes:

  • CVV2 for Visa
  • CVC2 for MasterCard
  • CID for Discover and American Express.

Always use the Address Verification Service (AVS) and only process sales after receiving a positive AVS response.

Avoid using voice authorizations, unless absolutely necessary.

Billing descriptor must set up properly and shows your phone number. Customer can contact you directly if there is an issue,

Consider using the associations’ 3-D secure services: 

  • Verified by Visa
  • SecureCode by MasterCard
  • A 3-D transaction confirmation proves card ownership and therefore protects you from certain types of chargeback. Another additional layer of security for online credit and debit card transactions.

Customers must be informed by email when a refund has been issued or a membership service has been cancelled. Notify them of the date the refund was processed and provide a reference number.

Make available customer support phone number and email address on your website so that customers can contact you directly. You need to meet this requirement before opening a merchant account.

Make it easy for your customers to discontinue a recurring plan, either membership or subscription. Finally, have a no-questions-asked policy.

Notify customers by email and indicate that their cards will be charge each transaction.

Obtain a confirmation of delivery for each shipment.

Process refunds as quickly as possible.

Secure an authorization approval for every transaction.

Secure customers’ written or electronic signatures, for recurring payments or monthly fees. Giving you express permission to charge their cards on a regular basis.

Terms and conditions must be clearly stated on your website. Customers must acknowledge acceptance by clicking on an Agree or a similar affirmative button.

Transaction amount must never exceed the authorized amount.

Reauthorize transaction before settling it if an authorization approval is more than seven days old.

Posted in Best Practices for Merchants, Credit Card Security

Accept Payments Your Way
September 16th, 2016 by Elma Jane

National Transaction offer valuable features and benefits, if you want to improve your business’s productivity, you should look for the following features below, that you need from your Electronic Payments provider.

Advanced Security Options – 6 out of 10 small businesses close within six months of a card data breach, it is important that Point-of-Sale devices should have appropriate security measures, particularly EMV, encryption and tokenization. NTC offer Safe-T for Small and Medium Businesses and Safe-T for Large Businesses. The Top-tier security is important on your business’s data especially customer information, consider adding additional authentication procedures.

Fast Payment Processing – first step is having up-to-date technology, because some customers might leave, the sooner you have the money processed by your provider, the bigger and stronger your business can become. NTC is adept at administering payments quickly and efficiently. We can provide regular funding or next day funding.

Feature Flexibility –  obtaining the features you need from your payment services provider is very important. Look for a provider that appropriately addresses your payment concerns.

Mobile Payment Processing – NTC offer Virtual Merchant/Converge Mobile that gives you the ability to accept payments using your smartphone or tablet anywhere you go. Furthermore, the app works with most Apple and Android mobile devices. Accept a key-entered transactions or swipe cards using an encryption reader. You can now take chip card payments using Ingenico iCMP PIN Pad or the new RP457c card reader.

Reliable Customer Support – NTC is available 24/7, the phones are answered by humans and not automated systems. You got support with your hardware, answer questions and guide you to better understand the process. Customer support is the most important feature of any business partnership you make.  At NTC we are very passionate about that.

Up-to-Date Tech – futuristic features, like mobile payment abilities, EMV/NFC, contactless payments are worth investing. Modern consumers are generally more familiar with up-to-date payment systems. Seeing a payment service provider offer a swipe-only terminal should be a red flag, because the recent regulations require merchants to have EMV to provide better data security.

 

Posted in Best Practices for Merchants, Credit Card Security, Electronic Payments, EMV EuroPay MasterCard Visa, Mobile Payments, Mobile Point of Sale, Near Field Communication, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

September 15th, 2016 by Elma Jane

 

Storing credit card data for recurring billing are discouraged.

But many feels storing is necessary in order to facilitate recurring payments.

Using a third party vault provider to store credit card data for recurring billing is the best way.

It helps reduce or eliminate the need for electronically stored cardholder data while still maintaining current business processes.

For recurring billing a token can be use, by utilizing a vault. The risk is removed from your possession.

Modern payment gateways allow card tokenization.

Any business that storing data needs to review and follow PCI DSS requirement in order for the electronic storage of cardholder data to be PCI compliant.

On the primary account number, an appropriate encryption will be applied. In this situation, the numbers in the electronic file should be encrypted either at the column level, file level or disk level.

 

Posted in Best Practices for Merchants, Credit Card Security Tagged with: , , , , , , , , ,

Mobile
July 26th, 2016 by Elma Jane

Mobile payment space is growing yet, many small businesses and retailers are choosing to overlook the idea of mobile payment acceptance.

Here are stats that prove the importance of mobile payments:

About 45% of consumers use mobile payments out of convenience.

1 billion users will use in-store mobile payments by 2019.

An increase from $3.2 billion in 2014 to $487 billion by 2020 in US in-store mobile payments is predicted.

Millenials use contactless payments on a regular basis.

Over the next five years, mobile payments will reach about $3 trillion in volume.

There are 16 million Starbucks mobile app active users that make 8 million mobile payments per week.

Transactions globally are on mobile devices.

It is a great investment for a merchant to upgrade your point-of-sale (POS) to have near field communication (NFC) capabilities. If you’re not currently accepting mobile payments, you should start now, your customers who are already using mobile payments will thank you and your business will be ahead of the game as more businesses onboard mobile payment acceptance.

 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, Mobile Payments, Near Field Communication, Point of Sale Tagged with: , , , , , , , ,