Category: Credit Card Security

July 10th, 2015 by Elma Jane

unnamed

 

Every Merchant in the country needs to upgrade their terminal. Are you ready for the October 1, 2015 Liability Shift?

Beginning October 1, 2015, all businesses that accept in-person payments must be able to take cards embedded with chips to avoid liability for fraud. The chips are more secure than magnetic stripes.

National Transaction brings the latest EMV and NFC technologies to Merchants.

NTC Clients will be able to accept contactless payment with the same NFC technology used by Apple Pay, Google Wallet and SoftCard. Additionally, the Ingenico terminals are EMV Enabled, delivering the latest in fraud prevention technology.

The new EMV enabled terminals are designed to accept EMV chip cards and magnetic stripe cards.

EMV (an acronym for Europay, MasterCard® and Visa®) is a global technology standard for payment cards.

What are the benefits of having an EMV terminal?

These next generation terminals can reduce your risk of accepting counterfeit cards, as chip and PIN transactions verify both the card and the cardholder.

Eliminate your card present fraud liability exposure associated with the October 1st, 2015* liability shift imposed by the card brands.

Improve customer service for your international cardholder customer. EMV cards are already the standard in over 80 countries.

Be on the lookout for more information about how to be chip card ready before OCTOBER.

*Businesses with Automated Fuel Dispensers (also called “Pay at the Pump”) acceptance methods have until October 2017 to comply with the new standard.

 

Untitled

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mobile Payments, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , ,

June 25th, 2015 by Elma Jane

A product or service using a credit card or debit card should be efficient, fast and most importantly safe. There are a lot of regulations in place to make sure that the processing of payments using a card is safe and secure. One of the way is the EMV (Europay, MasterCard and Visa) technology, where payment cards used in an ATM and POS Terminals have been embedded with microchips. This form of payment technology has long been in use and is widely accepted in many regions such as Europe, Canada and Asia Pacific. The US, which is considered to be the largest number of plastic card users is one of the countries that have not yet fully optimized this otherwise global standard.

Advantages Of EMV  – EMV embedded chip is a lot more secure than the traditional magnetic stripe, especially when it comes to face-to-face credit/debit card transactions. Credit card fraud is rampant, but using this embedded chip has added another layer of protection against consumer fraud. Once the card has been inserted into a terminal, the payment will then be authenticated and processed using the EMV network. The chip within the card is hard to duplicate.

What Does This Mean For Your Business? – You will create more credibility and garner more customers in the market place by utilizing this more safe and secure payment method. There will be increased in consumer confidence.

What Happens When You Don’t Upgrade? – There is a Liability Shift. Currently, If a payment processing transaction has been approved and it turns out to be fraud, it’s the card issuer loss. With the new rule, liability shifts to merchants who has not implemented the EMV technology. When fraud happens, the responsibility falls on the business owner who makes the transaction.

How To Prepare Your Business For EMV? – Upgrade your terminal. Contact National transaction and we’ll help you prepare your business for the EMV migration.

Upgrading your current payment processing system is easy with NTC.

Give Us A Call Now! 888-996-2273

Check our website http://nationaltransaction.com click Demos and Videos to learn more!

          

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , ,

June 18th, 2015 by Elma Jane

Untitled

Every Merchant in the country needs to upgrade their terminal.

Are you ready for the October 1, 2015 Liability Shift?

Beginning October 1, 2015, all businesses that accept in-person payments must be able to take cards embedded with chips to avoid liability for fraud. The chips are more secure than magnetic stripes.

National Transaction brings the latest EMV and NFC technologies to Merchants.

NTC Clients will be able to accept contactless payment with the same NFC technology used by Apple Pay, Google Wallet and SoftCard. Additionally, the Ingenico terminals are EMV Enabled, delivering the latest in fraud prevention technology.

The new EMV enabled terminals are designed to accept EMV chip cards and magnetic stripe cards.

EMV (an acronym for Europay, MasterCard® and Visa®) is a global technology standard for payment cards.

By accepting chip cards EMV terminal, you help protect your business from card present fraud liability and prepare your business for the future of payment application technology. If your business accepts and processes a counterfeit card transaction on a non-EMV terminal, the liability for that fraudulent transaction is yours, not incurred by the card issuers.

How do you process an EMV chip card transaction?

  1. Insert Card. Instead of swiping, the customer will insert the card into the terminal, chip first, face up.
  2. Leave the Card in the Terminal. The card must remain in the terminal during the entire transaction.
  3. The Receipt or Enter a PIN. As prompted, the customer will sign the receipt or enter their PIN to complete the transaction.
  4. Remove Your Card. When the purchase is complete, remind the customer to take the card with them.

What are the benefits of having an EMV terminal?

These next generation terminals can reduce your risk of accepting counterfeit cards, as chip and PIN transactions verify both the card and the cardholder.

Eliminate your card present fraud liability exposure associated with the October 1st, 2015* liability shift imposed by the card brands.

Improve customer service for your international cardholder customer. EMV cards are already the standard in over 80 countries.

Be on the lookout for more information about how to be chip card ready before OCTOBER.

*Businesses with Automated Fuel Dispensers (also called “Pay at the Pump”) acceptance methods have until October 2017 to comply with the new standard.

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication Tagged with: , , , , , , , , , , , , , ,

May 19th, 2015 by Elma Jane

We’re now nearly midway through 2015, and payment security still remains a topic that stirs up great concern and confusion. While there is seemingly unanimous agreement on the need for heightened security, there’s uncertainty about those who are tasked with actually implementing it. Let’s dig deeper into EMV, P2PE and tokenization. How each will play a part in the next generation of securing payments, and how without properly working together they might just fall short.

 

 

Europay, MasterCard, and Visa (EMV) – A powerful guard against credit card skimming. EMV also uses cryptography to create dynamic data for every transaction and relies on an integrated chip embedded into the card.

Downside: For Independent Software Vendor (ISVs), the biggest downside of EMV is the complexity of creating an EMV solution. ISVs interested in certifying PINpads with a few processors face up to 22 months of costly work, and because there are a large number of pending certifications, processors will be backed up over the next few years.

It’s not impossible for an ISV to build EMV solutions in-house, but it’s difficult and unnecessary when there are plug-and-play EMV solutions available. These solutions include pre-packaged and pre-certified APIs that remove most of the need for research, the complexity and the burden of time and cost.

Point to Point Encryption (P2PE) – Secures devices, apps and processes using encrypted data with cryptographic keys only known to the payment company or gateway from the earliest point of the transaction, from tech-savvy criminals, jumping at their chance to intercept POS systems and scrape the memory from Windows machines.

How does a key get into card reader? Through an algorithm called derived unique key per transaction (DUKPT), or “duck putt.” DUKPT generates a base key that’s shared with device manufacturers securely, where output cardholder data is rendered differently each time a card is swiped, making it impossible to reverse engineer the card data. P2PE not only benefits the cardholders, but also the ISVs and merchants. PA-DSS certification was designed to address the problems created with cardholder data which is not encrypted.

Downside: P2PE isn’t cheap if an organization wants to do it in-house. The secure cryptographic device needed to manage the keys, Hardware Security Module (HSM), can cost $30-40,000 but when it’s built out, that total cost can jump to $100,000.

TOKENIZATION – The best way to protect cardholder data when it’s stored is using tokenization, a process which the PCI Security Standards Council describes as one where the primary account number is replaced with a surrogate value a token. For merchants dealing with recurring billing, future payments, loyalty programs and more, tokenization is critical.

Downside: Tokenization doesn’t prevent malware that’s remotely installed on POS devices. It’s possible, as seen with recent retail card breaches, for data to be stolen before it is tokenized. That’s why it’s essential to group tokenization together with P2PE and EMV to offer optimal security.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May 14th, 2015 by Elma Jane

The way customers Pay In Stores Is Changing.

Chip cards are here to provide advanced security with every transaction. Accepting chip cards could be as simple as changing your payment terminal.

What do you need to know about Chip Card and EMV? Chip cards are payment cards that have an embedded chip, which offers advanced security when you use the card to pay in store. Chip cards are based on a global card payment standard called EMV (Europay, MasterCard and VISA) currently used in more than 80 countries.

Why Is it More Secured? Chip card transactions offer you advanced security for in store payments by making every transaction unique,  and, more difficult to counterfeit or copy. If the card data and the one-time code are stolen, the information cannot be used to create counterfeit cards and commit fraud.

How do you know if a customer has a Chip Card? The customer’s card will have chip on the front of it, magnetic stripe remains on the back.

How to use Chip Card at the POS? Swipe the card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. The customer should insert their card with chip toward terminal, facing up. The chip card should not be removed until the customer is prompted.

Customer will provide their signature or PIN as prompted by the terminal.

Some transactions may not require either.

When the terminal says the transaction is complete, the customer can remove their card.

Chip-enabled terminals will still accept magnetic stripe card payments for customers who do not have a chip card.

What does a chip-enabled terminal look  like? They have all of the features you are used to with a payment terminal, with the addition of a slot for the customer to insert their card. The slot is typically located at the bottom or the top of the payment terminal.

How will you know if a terminal accepts chip card? During the transition to chip, customers are being told to swipe their card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. If you have chip-enabled terminals, you can tell your customer to insert their card for a chip transaction, if a customer has a chip card.

How can you get a chip-enabled terminal? Contact your acquirer or merchant service provider.

Show your customers that you care about their information security by making the move to chip. This will ensure that your business and your customers are protected from fraud. Start accepting chip cards!

You may be liable for fraud if you don’t make the change from chip terminal. Starting October 2015, rules are changing. Merchants that accept chip will be protected from fraud losses resulting from in store counterfeit magnetic stripe card transactions just as you are today. However, liability will shift from issuers to merchants if their payment terminals are not chip-enabled for in store transactions. Fraud liability for lost or stolen cards varies by payment network. Contact your acquirer or payment services providers for more information.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , ,

May 8th, 2015 by Admin

 

 

 

 

 

 

 

 

 

All merchants that accepts, transmit or stores cardholder data are required to be PCI (Payment Card Industry) Compliant. Most believe that because they do not charge the credit cards themselves, they are exempt. Why all agencies are required to be complaint even when they don’t charge credit cards themselves, and some steps to ensure your agency is PCI compliant.

What is PCI compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI applies to all organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Travel agents accepting, storing and transmitting credit card information to suppliers, are required to be compliant too. Suppliers reinforce this through their travel agent guidelines/contracts. Travel Agency must adhere to the applicable credit card company’s procedures for credit card transactions.

Consequences of Not Being PCI Compliant

If an agency is not PCI compliant, the agency can lose the ability to process credit card payments with that supplier. Not being able to pay with client credit cards can be a serious roadblock for agencies, and an inconvenience for clients.

If you have a merchant account and are found to be out of compliance, you can be fined.

How to be PCI Compliant

Don’t store the CCV security code from the client’s credit card. The client does not have the authority to grant you permission to store their CCV code. The credit card company explicitly forbid storage of the CCV code.

Make sure you securely store any client information, including their credit card number and expiration date. If you use a CRM, ensure that you have a strong password. If your CRM database is stored on your computer hard drive, encrypt it (there is a great encryption software that is free of charge). If you have an IT resource, talk to them about installing a firewall on your network, installing anti-virus and anti-malware protection, and any other steps that you can take to secure your client data even further.

If you keep paper copies of client information, keep it in a locked filing cabinet or desk drawer. When you no longer need their credit card information, cross shred it.

Home based businesses are arguably the most vulnerable simply because they are usually not well protected, according to the PCI Compliance Guide. Having strong passwords, encryption, a firewall, anti-virus and anti-malware protection are all inexpensive steps that you can take to protect your business and your clients’ sensitive data.

If you receive a courtesy call reminding you about PCI Compliance, don’t ignore it.

 

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

May 5th, 2015 by Admin

With the EMV migration just a few months away, Visa is stepping up its merchant education efforts, by launching an online portal for merchants featuring a background on chip cards, demonstrations on proper usage, and tips for implementation.

Visa also kicked off its 20-City Small Business Chip Education Tour expounding on the benefits and necessity of chip cards to local small businesses.

 

 

Visa is bringing payment industry experts to connect directly with merchants to answer their questions on the transition across the United States.

Merchant education will be a herculean task, but payments industry stakeholders should make every effort to make sure chip cards are adopted and used effectively by both merchants and consumers.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , ,

May 4th, 2015 by Elma Jane

The rate of payments fraud is steadily decreasing, the current frequency stands at 0.06 percent or six basis points. 

The perception of risks associated with card payments are much larger than the actual threat or reported losses. But the lack of trust that comes from such perception could impact the growth of the payments industry.

Recent advancements in payments security, such as tokenization and multiple tier authentication protocols, have contributed to the manageable number of fraudulent transactions. The EMV migration is expected to push the figure even lower, as chip-enabled technology spreads to over 50 percent of the US by the end of 2015.

For criminals, breaking into robust financial systems is becoming more costly and time consuming, which has discouraged many from attempting such unlawful acts.

Fraud is something that we can’t say will be eliminated completely. But efforts by all stakeholders in the industry can contain it to the minimum.

Counterfeit cards and payments data falling into the wrong hands are the two most common types of fraud that consumers are facing today. The surge in e-commerce has been linked to greater risks of fraud in the online channel, and while counterfeiting cards may be more difficult with EMV in place, online fraud has historically increased in its place.  

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , ,

April 27th, 2015 by Elma Jane

I was shopping in Kmart and didn’t understand why my Credit Card transaction was declined. My card is EMV and Kmart is EMV, but the Kmart system did not forced the transaction to run as EMV so, Citibank declined it. Kmart can loose a $600 sale can your small business afford it? If you think hiring a professional is expensive try an amatuer…

A lot of stores, specially big chain stores, have EMV capable terminals, but they haven’t turned them on yet and still force you to swipe. Some think, migration is just getting a new terminal and asking their acquirer to enable EMV on their account. Its not only about the liability shift, and the EMV equipment, It’s the lack of information for the Merchants.

There has to be training and orientation that merchants will need to invest into for their employees. As well as changing our mentality that we all need to be prepared for this upcoming transition….as both consumers and business owners.

The issuing banks can, and are starting to decline transactions when a merchant CAN use EMV but do not. EMV is coming October 2015 and if you are not ready you may loose sales, and will loose when a fraudulent card walks in your business.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , ,

April 21st, 2015 by Elma Jane

An advanced strain of malware called “Punkey,” is capable of attacking Windows point of sale terminals, stealing cardholder data and upgrading itself while hiding in plain sight.

Researchers from Security vendor Trustwave discovered the new strain. The investigation found compromised payment card information and more than 75 infected, and active, Internet Protocol addresses for Windows POS terminals.

 

 

Punkey poses a unique threat to payment networks, particularly because it also can download updates for itself.

If the malware author has a new feature it wants to add or updates to get rid of bugs, it actually pushes the malware down from the command and control server, revealed by Trustwave’s SpiderLabs research center. Punkey operates like a typical Botnet.

The malware hides inside of the Explorer process, which exists on every Windows device and manages the opening of individual program windows. Punkey scans other processes on the terminal to find cardholder data, which it sends to the control server.

The malware performs key logging, capturing 200 keystrokes at a time. It sends the information back to its server to store passwords and other private information.

A year ago, security vendors warned retailers against using Windows XP at the point of sale, since Microsoft stopped supporting Windows XP security patches. However, even Punkey is not attacking Windows due to any vulnerability in the systems, so even merchants with newer versions of Windows are at risk.

Punkey just runs like any Windows binary would. Even if the system is upgraded or a new system is put in place, criminals are still getting malware on the POS in other ways.

Many retailers use remote desktop support software, which fraudsters take advantage of, they steal a password and install malware like a technician would install any software.

While Punkey represents a more sophisticated POS malware than Trustwave has seen previously, merchants can still protect themselves through attention to basic security best practices.

Merchants should update antivirus and firewall protections, monitor the remote access software, establish two-factor authentication and check network activity daily for anything out of the ordinary. Unfortunately, many organizations have neither the expertise nor the manpower to perform these tasks.

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , ,