Category: Credit Card Security
July 21st, 2016 by Elma Jane
Always ask for the card security codes:
CVV2 for Visa
CVC2 for MasterCard
CID for Discover and American Express.
Always use the Address Verification Service (AVS) and only process sales after receiving a positive AVS response.
Avoid using voice authorizations, unless absolutely necessary.
Billing descriptor must set up properly and shows your phone number. Customer can contact you directly if there is an issue,
Consider using the associations’ 3-D secure services:
Verified By Visa
SecureCode by MasterCard
A 3-D transaction confirmation proves card ownership and protects you from certain types of chargeback. An additional layer of security for online credit and debit card transactions.
Inform your customers by email when a refund has been issued or a membership service cancelled. Notify them of the date the refund was processed and provide a reference number.
Make available customer support phone number and email address on your website so that customers can contact you directly. You need to meet this requirement before opening a merchant account.
Make it easy for your customers to discontinue a recurring plan, membership or subscription. Have a no-questions-asked policy.
Notify your customers by email of each transaction and indicate that their cards will be charged.
Obtain a confirmation of delivery for each shipment.
Process refunds as quickly as possible.
Secure an authorization approval for every transaction.
Secure customers’ written or electronic signatures, for recurring payments or monthly fees. Giving you express permission to charge their cards on a regular basis.
Terms and conditions must be clearly stated on your website. Customers must acknowledge acceptance by clicking on an Agree or a similar affirmative button.
Transaction amount must never exceed the authorized amount.
You are required to reauthorize the transaction before settling it if an authorization approval is more than seven days old.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Merchant Services Account Tagged with: card, chargeback, credit, customer, debit, merchant, merchant account, online, sales, Security, service, transaction
May 26th, 2016 by Elma Jane
NFC stands for Near Field Communication. It is a technology that allows contactless data exchange between two electronic devices
Contactless Payment is a description for the ability to pay without touching anything.
How do mobile wallets fit into NFC?
Mobile wallets like Apple and Android Pay use NFC technology. NFC technology allows the data to securely pass back and forth between each device to make a contactless payment.
How secure are NFC Payments?
Tokenization converts or replaces cardholder data with a unique token ID. This eliminates the possibility of having card data stolen. These tokens help heighten protection and security for the consumer.
As a merchant, preparing to accept payments that meet customers satisfaction is needed. With the mobile wallet transaction process, it makes the traditional transaction quick and efficient.
NTC terminals allow merchants to accept NFC Payments, allowing you to process more transactions. For more information give us a call at 888-996-2273.
Posted in Best Practices for Merchants, Credit Card Security, Mobile Point of Sale, Near Field Communication, Smartphone Tagged with: cardholder, consumer, contactless, customers, data, merchant, mobile wallets, Near Field Communication, nfc, payment, Security, terminals, tokenization, transaction
May 6th, 2016 by Elma Jane
A data breach is any instance in which secure data information has been released or stolen intentionally or unintentionally. The organization that exposed or lost your information will notify you. The steps you should take depend on the type of information that was lost or stolen. In general, you may choose to do one or more of the following:
- Monitor all bank and other accounts for suspicious activity.
- Change all passwords, PINs, or user names associated with compromised accounts.
- Order a copy of your credit report.
- Place a fraud alert or credit freeze on your credit file.
Posted in Best Practices for Merchants, Credit Card Security, Travel Agency Agents Tagged with: accounts, bank, credit, data, data breach, fraud
May 5th, 2016 by Elma Jane
Businesses or merchants accepting payments online needs an up-to-date and active security software that includes:
- FIREWALL PROTECTION – a software program that helps to screen out malware and hackers that try to reach you through the internet.
- ANTI-VIRUS PROGRAMS – Not all anti-virus program offers protection against all kinds of malware. Viruses are one type of malware. Spyware is another type of malware that can steal credit card information or your bank account.
Update:
- Keeping your operating systems, security software programs, and browser current can help secure your data information.
- Evaluate browser’s privacy settings, limit or disable cookies. Other cookies can be used maliciously and collect data information.
- Back up your data regularly. If your computer or device got compromised, you still have access to important files.
Need to set up an account give us a call at 888-996-2273
Posted in Best Practices for Merchants, Credit Card Security Tagged with: bank account, credit card, data, merchants, online, payments, Security
April 26th, 2016 by Elma Jane
The PCI-DSS is a security standard for organizations that handle branded credit cards from the major card including Visa, MasterCard, Amex, Discover, and JCB. It is designed to ensure that ALL companies that process credit card information maintain a secure environment.
PCI applies to organization or merchant, that has a Merchant ID (MID), regardless of size or number of transactions, that accepts credit card.
Merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period.
| Merchant Level |
Description |
| 1 |
Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. |
| 2 |
Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year. |
| 3 |
Any merchant processing 20,000 to 1M Visa e-commerce transactions per year. |
| 4 |
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year. |
Does is each location required to validate PCI Compliance for multiple business locations?
If a business locations process under the same Tax ID, then you are only required to validate once annually for all locations.
Penalties for non-compliance
The payment brands may fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will pass this fine along until it eventually hits the merchant. The bank will also terminate your relationship or increase transaction fees.
PCI Compliance Manager
To help you achieve and report compliance, we have Trustwave PCI Compliance Manager. It’s an online portal that enables you to understand requirements that apply to your business, and guides you through your self-assessment, step by step.
If you have any questions regarding your PCI Compliance please call our office at 888-996-2273. We would be more than happy to help.
Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security Tagged with: banks, credit cards, merchant, PCI-DSS, Security, transactions
April 11th, 2016 by Elma Jane
Card-not-present fraud is projected to worsen. However, 3D secure technology has made progress and is gaining more and more adoption.
How can e-Commerce merchants avoid CNP fraud?
Here are other ways to make card-not-present transaction safe:
Biometrics – Using Fingerprint Scans and Facial Recognition or Selfie. To validate the identity of the consumer.
Challenge Questions – Such as listing your father’s middle name or a fact known only to the consumer is an effectively added layer of security.
Location Data – Another way to fight against fraud is location data and the use of IP addresses to certify the location and identity of the consumer making the transaction.
Outsource Your Payment Platform – Payments pages hosted by a reputable payment service provider are much more secure.
One-time Passwords – During the checkout process, there will be a window to enter a one-time password which the consumer receives a text message on his/her mobile phone. The consumer enters the password within a short time frame to authenticate the transaction. This solution is especially effective against cyber criminals who steal credentials.
For your payment services needs, give us a call at 888-996-2273
Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce Tagged with: 3D Secure, biometrics, card-not-present, cnp, consumer, data, e-commerce, fraud, merchants, payment, Security, service provider, technology, transaction
April 7th, 2016 by Elma Jane
The EMV technology does improve security because EMV cards are more difficult to counterfeit. Since U.S. is using chip-and-signature cards not the one requiring a PIN, anybody can use an EMV chip card whether it might be a lost or a stolen card. EMV chips will not prevent the data breach from occurring, but it will make it harder for criminals to successfully profit from what they steal.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: cards, chip card, data, EMV, PIN, Security
March 23rd, 2016 by Elma Jane
A data breach can occur from inside a business just as much as it can externally. The one common element between both is “Opportunity.” It doesn’t matter whether a business is a multi-national corporation or a small single-location.
Attacks from criminals can range in sophistication. While the sophistication of some attacks may be low, experts note that criminals continue to evolve their techniques and now they are becoming more sophisticated than ever.
While large corporations may have millions of customer records, they also maintain the resources to protect their sensitive information from the average criminal. It may take weeks, months, or even years for a criminal to penetrate the defenses of one large corporation. This is why attacks on small business are becoming so attractive to criminals.
It all goes back to the “Opportunity.” The average small business lacks the resources to properly protect their business from the variety of attacks at the disposal of criminals. Or worse, they may believe their business is of no interest to criminals. The fact is, they are less secure than larger businesses. These are all issues for the average small business owner, and more importantly, their customers.
So what can a small business do to protect themselves from the growing threat of a data compromise?
- Background checks on employees.
- Have someone monitor the network activity.
- Protect business with proper network security protocols.
- Protect your payment’s environment by using a layered approach that includes EMV, encryption and tokenization to help prevent sensitive payment card data from being stolen.
These are all fairly simple and inexpensive ways for businesses to help protect themselves and their customers from being a victim of a costly data compromise.
Posted in Best Practices for Merchants, Credit Card Security, Travel Agency Agents Tagged with: card, customer, data, data breach, EMV, encryption, payment, Security, tokenization
March 17th, 2016 by Elma Jane
A bank in Mexico is the first in the world to publicly experiment with this technology. With their mobile wallet application, cardholders are able to use dynamic CVC/CVV codes, which are generated every twenty minutes.
If somebody is using credit card information stolen from a data intrusion and the merchant accepting payment online asks for the CVV, it likely would have changed by that time, they would enter the wrong CVV and the transaction would be declined.
Cards with CVV code display that randomly changes will ensure that users making orders online are who they say they are. Many e-Commerce sites already ask shoppers for the CVV code during online transactions or over the phone.
The technology is an intuitive solution, but costly to issuers. Cards with displays that enable a dynamic CVV code are 10 times more expensive than chip cards.
As mobile banking, e-commerce, and m-commerce is growing, something had to change sooner or later in the online payment industry.
Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce Tagged with: bank, cardholders, cards, credit card, data, e-commerce, m-commerce, merchant, mobile, online, payment, payment industry, transaction, wallet
February 17th, 2016 by Elma Jane
Helping customers protect and safeguard their payment data is one of NTC’s top priorities. Experts agree that a layered approach is the most effective way to combat evolving security threats and unauthorized access to payment data.
Implementation of best practices and the latest protection technology is needed to ensure of cardholder data protection from increasingly complex and evolving security threats.
EMV is a good start to enhance data security with card authentication, cardholder verification, and transaction authorization. But a multi-layered security approach that includes encryption and tokenization provides complete data protection to both merchants and their customers.
EMV alone is not enough because EMV authenticates the validity of the card and the cardholder, but it does not secure the data. With encryption and tokenization without EMV, as a merchant, you are liable for fraudulent transactions. Encryption and tokenization are a process or system to protect sensitive cardholder data but do not authenticate the data.
EMV is a key component to a multi-layered security approach. It secures the payment transaction with enhanced functionality, by combining EMV, encryption and tokenization merchants can have a complete data protection that they need.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: card, cardholder, customers, data, data protection, data security, EMV, encryption, merchants, payment, payment transaction, Security, tokenization, transaction