National Transaction is a registered MSP and payments provider of US Bank Minneapolis MN. NTC is a global Electronic Payments Provider for thousands of merchants in the USA and Canada and is among MasterCard’s leading partners for growing acceptance of EMV transactions.
The EMV liability shift is part of an overall industry transition in a face to face transaction at the point of sale to provide businesses with more security.
EMV (EuroPay, MasterCard and Visa) is a chip technology embedded microprocessor into credit and debit cards that integrates with payment terminals and provide strong transaction security features at the point of sale.
EMV is one of the security technologies the industry is bringing in, to combat fraud in a payment transaction, including tokenization and encryption.
NTC is committed to educating customers about the need to accept chip payments as well as deploying other security measures to protect against fraud.
NTC currently offers EMV technology through a variety of payments solutions.
E-Pay Security improves – but merchants remain cautious.
U.S. merchants are still reluctant to embrace 3D Secure technology in card-not-present transactions, even though it has vastly improved from the initial version.
3D secure technologies – namely Verified by Visa and SecureCode for MasterCard which offer an extra layer of protection for merchants and its customers. Merchant participation is mandatory to process certain cards in some countries.
The shift to EMV is helping to address vulnerabilities in the United States payments ecosystem. It has been shown that EMV can deliver benefits as a part of industry efforts to combat fraud.
EMV migration is a critical focus for enhancing payments security, which is why the current efforts around chip card deployment are greatly beneficial for consumers and merchants alike. EMV technology helps to reduce counterfeit card fraud, as it generates dynamic data with each payment to authenticate the card, after which the cardholder is prompted to sign or enter a PIN to confirm their identity.
The EMV rollout represents a dynamic time for card payments that promises great advances, among them is enhanced security for cardholders. It also presents an opportunity to consider other innovations such as mobile wallets and mobile POS to further engage your customers and drive customer loyalty. When merchants continue to invest in EMV and NFC (near field communications, used for tap-and-pay transactions), the purchases made at their EMV-enabled terminals are made more secure than magnetic stripe.
New mobile payment options such as mobile wallets support EMV and therefore offer this added layer of security. Ultimately, by enabling contactless payments, merchants can also enable more flexibility in addition to increasing security for their customers.
Additionally, industry players are backing major mobile wallets, such as Android Pay, Apple Pay, and Samsung Pay.
Can we securely store card data for recurring billing?
PCI DSS discourages businesses from storing credit card data, Merchants feel the practice is necessary in order to facilitate recurring payments.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
In order for the electronic storage of cardholder data to be PCI Compliant, appropriate encryption must be applied to the primary account number (PAN). In this situation, the numbers in the electronic file should be encrypted.
All PCI controls would apply to the environment in which the cardholder data is transmitted and stored. Tokenization can be implemented for recurring and/or delayed transactions. Travel Merchants and or Storage Facility could use this feature to help reduce the need for electronically stored cardholder data while still maintaining current business processes.
The best thing you can do for your business is to not store any cardholder data or personally identifiable information.
Tomorrow let’s tackle Encryption and Tokenization a strong combination to protect card data while reducing the cost of compliance!
Google’s contactless payment solution, Android Pay, will now be available through the mobile checkouts of several Android apps in the U.S.
With this addition, it avoids having to pull out your card everytime you make a purchase, meaning card data never makes it to the merchants. A good news for anyone who is concerned about privacy.
Android Pay is compatible with all Near Field Communication (NFC) or Host Card Emulation (HCE) enabled devices using any OS released since KitKat.
With Coca-Cola signing up as the first merchant in the Google program, a new loyalty program was recently released for the mobile wallet, by tapping your phone on an NFC-enabled Coke vending machine, you’ll get a Coke and get points added into your Android Pay Account for future purchases.
Encryption and Tokenization a strong combination to protect cardholder data at all points in the transaction cycle.
Encryption – the strongest protection for card data when it’s in transit. From the moment a payment card is swiped or dipped at a terminal featuring a hardware-based, tamper resistant security module. Encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center. Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment.
Tokenization – protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions. This eliminates the possibility of having card data stolen because it no longer exists within your environment. Tokens can be used in card not present environments such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments. Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use.
A layered approach can be the most effective way to combat fraud. Security solutions that provide layers of protection, when used in combination with EMV and PCI-DSS compliance; to ensure you’re doing all you can to protect cardholder data from increasingly complex and evolving security threats.
EMV-compliant POS systems are now being equipped with NFC technology to accept contactless payments. What does this mean for the future of payments?
EMV lays the foundation for increased card-present and contactless payments security, with EMV, magnetic stripe cards are soon to be a bygone technology. Plastic EMV cards will not have a long lifespan as payments move into a more digital space, security and NFC upgrades merchants and consumers now will carry over into the digital and mobile payments space.
Consumers are constantly looking for more convenient ways to transact, which is made possible by the simultaneous adoption of EMV and NFC. While EMV supports plastic chip cards, payments are going digital and POS systems equipped with NFC technology save consumers from digging through their wallets, making it easier for consumers to transact via mobile devices. Mobile payments should be simple, scalable and affordable in today’s payment landscape and consumers should have the option to securely store and use multiple cards within their digital wallets or applications they most often use.
EMV standards increase security for card-present payments, which are relevant to many consumers today, but the convenience of mobile and contactless payments is the future. In an era of EMV, NFC plays as critical a role in propelling both technologies forward. Retailers and card issuers alike must recognize the opportunity to take advantage of both.
If there’s an unauthorized charge made on your credit card account, no money is taken from you. There’s no immediate financial hit while you straighten things out. But if someone gets hold of your debit card information, your bank account will be drained depending on the nature of the transaction.
Differences between a credit card and a debit card:
Debit cards fall under a different federal law than credit cards. Regulation E, the Electronic Fund Transfer Act, says after two days, you could be liable for up to $50. After 2 days liability jumps to 500.00. Beyond 60 days, you could be liable for all unauthorized transactions. Otherwise, federal rules are on the bank’s side. Beyond 60 days, there’s likelihood you’ll never see your money again.
Federal law protects you from unauthorized charges made with your credit card number rather than with the actual card. In the event the credit card is in a thief’s hands, you’ll be liable, but only for a maximum of $50, provided you report the problem to the credit card company. However, in many cases a zero liability policy may kick in.
There are many things that can go wrong. Best solution is to pay close attention to your statements, online or via a mobile app, frequently. Report if there’s a malicious transaction.
Adoption of EMV technology in the U.S is important, because it provides protection against losses from counterfeit cards.
EMV, or chip cards, are the standard for secure point-of-sale (POS) transactions. Unlike magnetic stripe cards, chip cards are very difficult to counterfeit because of an embedded microchip that exchanges unique, dynamic data with a terminal each time it’s used.
To encourage the timely adoption of EMV, the leading payment networks have implemented an EMV Fraud Liability Shift that began in October 2015.
Both parties, card issuer and the merchant need to invest with EMV technology. If only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.
For the card issuer, they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.
For the merchant, an EMV capable terminals or POS hardware that can take advantage of the card’s security chip is needed.
With any new technology, there is a learning curve, and here are the things that you need to know.
For cardholders – with a chip card instead of swiping your card, you are going to do what is called card dipping; by inserting your card face-up and chip-first into the terminal slot. Wait and follow the terminal prompts, and only remove your card once the transaction is complete.
If you did a swipe on a chip card, an EMV-enabled terminal should prompt you to insert the card instead. If the terminal is not enabled for chip, you can still be able to swipe your card.
Employees will benefit from training – Once a merchant enables their EMV terminals, it is important to train your staff with talking points about why chip cards benefit consumers with greater security, and how they are used by helping customers with the new checkout process.
New mobile payment methods leverage both EMV and NFC, so the industry is now seeing greater interest in mobile payments among merchants and consumers.
There’s a lot of resources out there to help businesses make the transition with this EMV technology.
If you’re a merchant accepting credit cards, you’re probably aware that things are changing. As of October 1st, 2015, merchants are now liable for any fraudulent activity that occurs as a result of non-EMV-compliant. For those Merchants who haven’t yet updated their POS terminal, you need to talk with your processor to get a new equipment.
Things Merchant should know to be EMV ready:
What is EMV Chip Cards? Chip Cards are standard bank cards that are embedded with a micro-computer chip. Some may require a PIN instead of a signature to complete the transaction process. The new cards will still have magnetic stripes, at least for the time being, so you technically can continue to process payments with the same old equipment you’ve been using for years. But by refusing to upgrade your hardware, you are taking on responsibility for any fraud that might have otherwise been prevented with the new technology.
How does EMV Chip Cards Work? Instead of swiping your card, you are going to do what is called card dipping, which means inserting your card into a terminal slot and waiting for it to process.
When a Chip Card or EMV Card is dipped, data flows between the card chip and the issuing financial institution to verify the card’s legitimacy and create the unique transaction data.
This process isn’t as quick as a magnetic-stripe swipe. It will take a little longer for that transmission of data.
What Must a Merchant Do? For merchants and financial institutions, the switch to EMV chip cards means adding new in-store technology and internal processing systems, and complying with new liability rules. Merchants who have not yet purchased new POS Terminal may be held liable for fraud as of October 1st, 2015. Implementing EMV technology isn’t an option, it’s a necessity. If you are one of those in the retail business or retailers using mobile payment devices who missed the Oct. 1st deadline, you are already at risk. Upgrading should be a top priority.
