Category: Credit Card Security
October 19th, 2015 by Elma Jane
Small merchants don’t consider themselves at risk for a cyberattack. But Cybercriminals thrive on data about employees, customers, bank accounts and many other types of information any small business would carry, with fewer resources than large firms, small businesses are especially at risk for attacks.
Here are Steps to find out to make your business more cybersecure:
Employ best practices on payment cards – Credit card companies are now shifting from magnetic-strip payment cards to safer, more secure chip card EMV Technology. Are you ready for the shift? Now is the time, you should work with your banks and processors to ensure you’re using the most trusted and validated anti-fraud services. You may also have additional security obligations pursuant to agreements with your bank or processor. You should isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
Educate employees about cyberthreats – Educate your employers about online threats and how to protect your organization’s data, including safe use of social networking sites.
Protect against viruses, spyware, and other malicious code – Make sure all of your organization’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.
Require employees to use strong passwords and to change them often – Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
Secure your networks – Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
No one can guarantee your safety from a cyberattack, appropriate planning makes a big difference. By using these tips and resources, you can help promote the safety of your employees, customers, and the future success of your small business.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: bank accounts, banks, chip card, credit card, data, EMV, magnetic strip, merchants, payment cards, payment systems, processors
October 16th, 2015 by Elma Jane
With the EMV liability shift that takes effect in October 2015, how much you’ll be affected depends on how you process credit card payments.
For Card Present Transactions
If you use POS hardware or terminal that you need to swipe the credit card, then you’ll be facing the same EMV environment as retailers. October 1st is the start of the liability shift for fraudulent charges made with the card present transactions. The party who hasn’t made an investment in EMV security features will be liable.
For the card issuer, they need to invest in EMV security features, that’s why they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.
For the merchant, they need to invest in EMV capable terminals or POS hardware that can take advantage of the card’s security chip.
If both parties have made the investment, then liability will be resolved in a similar manner to how it was before the shift. However, if only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.
For Card Not Present Transaction (CNP)
If you process credit cards online, over the phone, or through an online payment gateway integrated, the new EMV standards won’t directly change the way you do business. You’ll still be processing EMV cards based on the customer’s credit card number.
Chances are Card-Not-Present transactions will experience an increase in fraud. Because of the EMV-technology in the Card Present Transaction, fraudster will likely turn their attention to the next target which is CNP,
but payment gateways and banks concerned about the vulnerabilities, will begin to adopt new standards to minimize their exposure.
If you’re processing CNP transactions stay up-to-date on the newest security developments, online security standards find more effective ways to navigate the new credit card security frontier.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Point of Sale Tagged with: banks, Card Not Present Transaction, card-present transactions, chip cards, cnp, credit card, debit cards, EMV, merchant, payment gateway, payments, POS, terminal
October 15th, 2015 by Elma Jane
There are numbers of guidelines issued for accepting card payments, and merchants are expected to understand them all. To avoid issues down the road know a few basic rules in order to keep your business going without being penalized.
There’s a lot of ways to process a credit card: In-store, online, and by phone. There’s also different ways to pay and different brands of cards.
In-store and Card-not-present policies.
In-Store Policies:
- Always verify that the person presenting the card is the cardholder
- Ask for a 2nd ID for comparison
- Cards are non-transferable, cardholder MUST be present for purchase
- Compare the signature on the back of the card with that of the person who presents the card
- Inspect the card to confirm that it’s not visibly altered or mutilated
- Validate the card’s expiration date
Online/Phone Payment Policies: Card-not-present transactions
- Card account number
- Card billing address
- CID (3 digits on back of card OR 4 on the front)
- Card expiration date
- Card member’s home or billing telephone number
- Card member name (as it appears on the Card)
Rules for Visa, MasterCard and Amex that merchants need to know:
- Never store cardholder data on any systems to help minimize the risk of fraud and protect your business from potential chargebacks.
Complying with Federal Laws, State Laws and PCI
- A merchant should be familiar with and abide by Federal Laws regarding accepting credit cards. The Fair Credit Reporting Act is the federal law that establishes the foundation of consumer credit rights. This law regulates the collection and use of consumer credit information by merchants.
- Check state laws on the use of consumer credit information and accepting credit cards. Not all states have additional laws that regulate credit card practices, but some (such as California) prohibit merchants from requesting/requiring a customer to provide any personal information (like their address or telephone number) on any form involved with their credit card transaction. So, it is advised that merchants inquire about further information in their particular state.
- The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies processing, storing, or transmitting credit card information uphold a secure environment. These rules essentially apply to any merchant that has a Merchant ID (MID). If you are a merchant that accepts credit card payments, you are required to comply with the PCI Data Security Standard, large or small businesses.
EMV Liability Shift Set By Visa and MasterCard as of October 1st
U.S. banks and credit card companies are now using the EMV (Europay, MasterCard, and Visa) technology. The EMV liability shift for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. While issuers absorb losses under card-network rules, that burden will shift to acquirers in cases where the fraud occurs at merchants unprepared for EMV.
It’s good to know every aspect of your business. The above guidelines are part of a business that every merchants should be familiar with. The main reason for these rules is to protect your business and keep your customer’s payment card data safe and secure.
To start accepting more credit cards give us a call now at 888-996-2273. We have the latest terminals that’s EMV/NFC capable.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: amex, card network, card payments, card-not-present, chargebacks, chip cards, credit card, credit card companies, Data Security Standard, EMV, EuroPay, MasterCard, merchants, MID, Payment Card Industry, PCI-DSS, POS system, U.S. banks, visa
October 9th, 2015 by Elma Jane
In order to maintain some sort of order within PCI Compliance, VISA and MasterCard have created 4 risk levels that will apply to any particular business, for determining the risk level of a merchant.
Merchant Level |
Description |
Validation Requirements |
Level 1 |
Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region. |
Annual Report on Compliance (ROC) by Qualified Security Assessor (QSA) or internal auditor if signed by officer of the company.
Quarterly network scan by Approved Scan Vendor (ASV).
Attestation of Compliance Form. |
Level 2 |
Merchants processing 1 million to 6 million Visa transactions annually (all channels). |
Annual Self-Assessment Questionnaire (SAQ).
Quarterly network scan by ASV.Attestation of Compliance Form. |
Level 3 |
Merchants processing 20,000 to 1 million Visa e-commerce transactions annually. |
Annual Self-Assessment Questionnaire (SAQ).
Quarterly network scan by ASV.
Attestation of Compliance Form. |
Level 4 |
Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually. |
Annual SAQ recommended.
Quarterly network scan by ASV if applicable.
Compliance validation requirements set by acquirer. |
Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce, Payment Card Industry PCI Security Tagged with: MasterCard, merchant, PCI Compliance, visa
October 8th, 2015 by Elma Jane
Rules have changed in regards to swiping credit cards October 1st, 2015 with the EMV Liability Shift; which may not cause much concern for most consumers, but for merchants.
EMV compliance isn’t a legal requirement. However, if you’re a merchant that accepts credit cards in-person, then you need to find out whether you’re meeting the EMV Standard. The new rule for the liability shift applies October 1st, regardless of the size or type of business.
What Is EMV Standard?
EMV stands for EuroPay, MasterCard, and Visa, the three companies that originally created the standard.
The EMV Shift is to provide enhanced security and prevent fraudulent activity with credit cards. Updated equipment is also necessary for processing the new computerized cards, and unfortunately, the responsibility of securing up-to-date hardware falls on the merchant.
Since card evolves more instead of cash in our society, fraud and data breaches is on the increase, and now a common occurrence. Adapting new technology is therefore necessary. A hassle for many merchants, but there are actually benefits from all parties involved in a credit card transaction.
Data shows that fraud decreases dramatically when EMV Standards are implemented In Europe. The region has experienced an 80% reduction in credit card fraud, while the USA has seen a 47% increase by NOT implementing EMV standards.
The new liability rules took effect on October 1st in the US, and any party that has not yet implemented EMV-compliant machines might now be liable for fraud committed with counterfeit chip cards. Note that this liability shift only applies to in-person transactions. Phone order and web order transactions will be dealt with as they always were.
For Merchants, it means you’ll eventually need to get new equipment for processing credit cards payments in-person (unless you’ve already done so not too long ago, as nearly all POS terminals sold in the USA nowadays are EMV compliant). For most business owners, it’s a good idea to implement the new system sooner rather than later.
Step to take as a Merchant Until you get your EMV equipment
- Ask for an official ID from customers whose credit card you process.
- Conduct some research to see which EMV system would be best for your business.
- Start shopping around for new payment processing options that are EMV compliant.
If you already have a machine that can process chip cards, you’re fully EMV-compliant.
If you don’t accept any in-person payments, then you’re all set.
If you do accept in-person payments and you do not have a chip card machine, chances are you’ll be fine for a little while. But those of you with a high risk of encountering a fake card (if you are a high-volume business with a large average ticket, for instance) should probably upgrade soon.
Fraudsters are going to be taking advantage of businesses that haven’t upgraded so it’s a great time to switch!
Check out NTC’s EMV/NFC Capable Terminal!
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: chip cards, credit card transaction, credit cards, credit cards payments, EMV, EMV equipment, EuroPay, high risk, MasterCard, merchants, nfc, payment processing, POS terminals, visa
October 6th, 2015 by Elma Jane
If you accept credit cards and don’t know what EMV is here is what you need to know.
EMV stands for Europay, MasterCard and Visa. A credit card that had a chip embedded in it is an EMV. EMV Cards have been standard in Europe for more than 10 years because they’re more secure than magnetic stripe cards. Magnetic stripe cards doesn’t change, it has static data, which makes them easy to clone. The chip embedded card makes it more difficult and costly to counterfeit because the data that is transmitted changes each time the card is read. This means less fraud.
Liability Shift rules set by Visa and MasterCard as of October 1st. The liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards.
- Calculate your risk – Consider the cost of replacing your point-of-sale (POS) terminal vs. potential risk. Whether you replace it now or at a later time, eventually all businesses will have to replace their POS terminals.
- Educate your staff – Educated employees translate to better-educated customers. Merchants can help customers better understand this change and what it means for them.
- Upgrade your POS system – Consider using an EMV compliant credit-card reader on a wireless device for an ultra-secure mobile solution. This is also a chance to upgrade other options, such as near field communication NFC technology, which lets consumers use their mobile devices to make payments at the point of sale.
National Transaction Terminals with EMV and NFC (near field communication) Capability To accept Apple Pay, Android Pay and other NFC Transactions at your business. You will need to adopt point-of-sale devices with NFC/contactless readers.
National Transaction offer a range of options to suite your specific needs.
If you’re using Virtual Merchant Mobile now called Converge please contact our office at 888-996-2273 to know your options.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: Android Pay, Apple Pay, chip cards, contactless readers, Converge, credit cards, EMV, EuroPay, magnetic stripe, MasterCard, merchants, Near Field Communication, nfc, payments, POS, terminal, Virtual Merchant Mobile, visa
September 25th, 2015 by Elma Jane
National Transaction Terminals with NFC (near field communication) Capability to accept Apple Pay, Android Pay and other NFC payment transactions at your business. You will need to adopt point-of-sale devices with NFC/Contactless readers.
National Transaction offer a range of options to suite your specific needs.
Give us a call now! 1-888-996-2273 or go to www.nationaltransaction.com
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, Mobile Point of Sale, Near Field Communication, Point of Sale, Smartphone Tagged with: Android Pay, Apple Pay, contactless readers, Near Field Communication, nfc, payment, point of sale
September 24th, 2015 by Elma Jane
If you accept credit cards and don’t know what EMV is here is what you need to know.
EMV stands for Europay, MasterCard and Visa. A credit card that had a chip embedded in it is an EMV. EMV Cards have been standard in Europe for more than 10 years because they’re more secure than magnetic stripe cards. Magnetic stripe cards doesn’t change, it has static data, which makes them easy to clone. The chip embedded card makes it more difficult and costly to counterfeit because the data that is transmitted changes each time the card is read. This means less fraud.
Questions to ask to help you decide about terminal upgrade.
- Calculate your risk – Consider the cost of replacing your point-of-sale (POS) terminal vs. potential risk. Whether you replace it now or at a later time, eventually all businesses will have to replace their POS terminals.
- Educate your staff – Educated employees translate to better-educated customers. Merchants can help customers better understand this change and what it means for them.
- Upgrade your POS system – Consider using an EMV compliant credit-card reader on a wireless device for an ultra-secure mobile solution. This is also a chance to upgrade other options, such as near field communication NFC technology, which lets consumers use their mobile devices to make payments at the point of sale.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mobile Point of Sale, Near Field Communication, Point of Sale Tagged with: chip, credit card reader, credit cards, data, EMV, emv cards, EuroPay, magnetic stripe cards, MasterCard, merchants, Mobile Devices, Near Field Communication, nfc, payments, point of sale, POS terminal, visa
September 14th, 2015 by Elma Jane
The security rules for fraud liability of credit and debit cards will change in the United States, starting October 1, 2015.
The new security rules would prompt major plastic card brands like MasterCard and Visa to upgrade their magnetic stripe based cards to more modern and secure chip technology based cards.
Credit and debit card fraud amount in the U.S. reached around $11.27 billion, in 2012.
With the new rules, any financial institution and payment processing merchant who would not upgrade their cards to chip technology would be held responsible for any committed fraud with their cards instead of their customers. This new rule would effectively transfer the liability in case of a fraud from the consumer to the least secure card provider. The rule specifically says that liability will fall on the bank or retailer with the least secure technology.
If the bank has not given you a new chip card, and you use your magnetic swipe card and there’s resulting fraud, the bank will be responsible for that.
All merchants who do not offer payment terminals that support chip based cards would be held liable for any fraud committed on their premises as well, from October 1. The new rules say that if the card is chip based and the merchants fail to offer a chip based terminal, and a fraud is committed, they would be held liable instead of the card holder.
With chip based cards, the customer would need to insert their card inside a chip enabled payment terminal while making a purchase. Then, they need to confirm the amount and enter a private pin to verify their identity. The customer would also sign for the purchase like using a regular magnetic card.
Besides MasterCard, Visa has already rolled out the new chip based terminals in the U.S. under its Zero Liability Policy.
The chip based cards are more secure compared to the old magnetic technology. That is one of the reasons why the new rules are promoting the chip based technology over the 55 years old magnetic cards.
Not all merchants have to replace their old magnetic terminals and it is still an optional decision, but industry analysts think that the shift of liability in case of fraud from consumers to financial institutions and merchants would likely prompt them to start using chip based technology.
Posted in Best Practices for Merchants, Credit Card Security Tagged with: bank, card holder, card provider, chip card, debit cards, magnetic swipe, magnetic terminals, merchants, payment processing, payment terminals
August 13th, 2015 by Elma Jane
The credit card processing industry, have been working towards including EMV technology in all of the point of sale systems.
Many processors have sent out EMV capable devices that will need to be adjusted before they can start accepting EMV card transactions.
See which category you fall into so you are prepared when October 1 rolls around.
First, check and see if your credit card machine has the slot to accept EMV cards (it’s either a slot in front, or on the top of, the unit). If you don’t, you need to contact your processors or sales agent to update your equipment .
If you do have the slot for EMV cards, you’ll need to contact National Transaction to see if your EMV capable machine has been enabled to accept EMV cards.
What is the difference between EMV capable and EMV enabled?
- EMV Capable – EMV capable means that your credit card machine is equipped with the hardware (i.e. the slot) and has the capability to do a transaction, but first you’ll have to update the application to enable you to process the cards. At National Transaction, we have a support specialist to assist you with step-by-step instructions to switch your credit card Point-of-Sale System, from EMV capable to EMV enabled.
- EMV Enabled – When your machine is EMV enabled, your terminal is ready to accept EMV transactions. According to MasterCard, 73 percent of consumers say owning a chip card would encourage them to use their card more often. In addition, 75 percent of consumers expect to use their chip card at the merchants where they shop today. Keeping these numbers in mind, it only makes sense to equip your business with an EMV enabled credit card POS system.
What makes EMV technology so important?
EMV is a global payment system that adds a microprocessor chip into credit cards and debit cards, and reduces the chance a transaction is being made with a stolen or copied credit card. Unlike traditional magnetic-stripe cards, anytime you use an EMV card, the chip in the card creates a unique transaction sequence that can’t be replicated. Because the number will never be valid again, it makes it hard for hackers to fake these cards. If they attempt to use the copied EMV card, the transaction would be denied.
The rollout of EMV technology is ongoing, but even with the October 1 deadline, it’s estimated that only 70 percent of credit cards and 40 percent of debit cards in the U.S. will support EMV. Despite these numbers, that doesn’t mean you shouldn’t update your equipment.
Following the deadline, card present fraud liability will shift to whoever is the least EMV compliant party in a fraudulent transaction.
Make sure that’s not you!
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: card present, card transactions, chip, chip card, credit card, credit card processing, debit cards, EMV, EMV capable, EMV enabled, emv technology, magnetic stripe cards, merchants, payment system, point of sale, POS, processors, terminal