Category: EMV EuroPay MasterCard Visa

December 2nd, 2013 by Elma Jane

Europay, Mastercard, and Visa (EMV) standards. Considered safer and widely used across Europe and other nations, the chip-based cards require insertion of the card into a terminal for the duration of a transaction, a break here from our traditional swipe-and-buy behavior. That’s just one way in which EMV changes things here… but it’s not the only way, nor is it the most important way. By way of reminder, October 2015 is the date by which all restaurants and other merchants are due to have implemented these standards, or potentially be liable for counterfeit fraud, which primarily reflects a shift from magnetic-stripe credit cards to chip cards.

The main driver in the EMV migration is card-related financial fraud.  As an example, and traditionally, card fraud in the United Kingdom has always been considerably higher than here in the States, primarily because the U.K. previously used offline card authorization as opposed to the online card methodology used here. As losses due to fraud rose steadily in Europe, despite the best efforts of global law enforcement agencies to reduce it, the pressure to find a solution built around some alternative authentication strategy mounted. From this concern, EMV was born.

Is it working? Recent statistics from the European Central Bank (ECB) revealed that, despite growing card usage, fraud in the Single Euro Payments Area (SEPA) – a mature EMV territory that includes all 28 members of the European Union,  Finland,  Iceland ,  Liechenstein,  Monaco and Norway,  – fell 7.6% between 2007 and 2011. This decline is underpinned by a slowdown in the growth of ATM fraud as well as a 24% drop in fraud carried out at point of sale terminals. The 2008 Canadian roll-out of Chip and PIN had a dramatic impact on fraud there. Card Skimming had accounted for losses totaling $142 million, but that figure dropped to $38.5 million in 2009, according to figures provided by the Interac Association. Some critics point to the fact that most of this decrease comes in the form of face-to-face card fraud, and that criminals merely shift their focus onto some other area that is less anti-fraud focused. Still, there are positive gains and as technologies improve, more successes are sure to follow.

Part of the reason why the U.S. not embraced  EMV sooner is because our  fraud problem, while significant, has typically been among the lowest rates in the world among highly developed economically mature countries. Much of that is due to the online authentication methods at work here. Here at home, our online authentication methodology permits authorizations to be done in real-time, thus thwarting a significant percentage of the fraudulent attempts at the point-of-sale, the best place to stop fraud. Our online authentication methods also incorporate multiple fraud and risk parameters as well as advanced neural networks that are ‘built-in’ to the approval process. It’s been a highly effective system that works well, when compared to most alternatives. The effectiveness of our authentication processes has helped fuel the resistance to full EMV adoption here. However, the EMV migration has gained momentum to the point where it is only a matter of time. The truth is that, despite the gains in preventing credit card fraud, and despite the best efforts of EMV’s backers to push acceptance through, global adoption of the EMV standard is still considerably less than 100%.

In England’s old offline authentication method, credit card transactions were gathered together at specific times- typically, at the end of the business day- and then batched over to the card issuers for authorization. It’s a method that gave those committing fraud a significant time lag between the transaction and the authorization, and this time lag contributed greatly to the higher levels of fraudulent activities in England. However, for Europe and for much of the rest of the world, adoption of the EMV technologies changes things dramatically, at least in terms of authentication protocols for both online and offline purchases. During an offline transaction using the EMV chip card, the payment terminal communicates with the integrated circuit chip (ICC), embedded in the payment card. This is a break from the old method which involved using telecommunications to connect with the issuing bank. The ICC / terminal connection enables real-time card authentication, cardholder verification, and payment authorization offline. Alternatively, in an online EMV transaction, the chip generates a cryptogram that is authenticated by the card issuer in real time.

Posted in Electronic Payments, EMV EuroPay MasterCard Visa, Financial Services, Near Field Communication, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 31st, 2013 by Elma Jane
Ingenico Biometric Credit Card Terminal with EMV Chip and PIN Processing NFC.

Ingenico Biometric Credit Card Terminal with EMV Chip and PIN Processing NFC.

Ingenico’s new biometric payment device (the iWB 220) is to be used in a pioneering project, to bring financial support to low-income families.

Payment solutions provider, Ingenico are to deploy Ingenico´s biometric solution in Colombia and the Dominican Republic, together with Carvajal Tecnología y Servicios, a player in the electronic payment industry in Latin America,

This biometric point of sale solution complies with the Image Quality Specifications for single finger capture device defined by the FBI, the United States Federal Bureau of Investigation.

In addition to high security standards, the solution is a mobile device with an embedded Magstripe, as well as Chip & PIN readers.

Upon government approval for each of the applications, funds will be sent to the banks and through the use of these unique devices, beneficiaries can withdraw their funds, with the use of a fingertip. Approved family members are the only ones able to withdraw the funds, and the government is assured that the benefit is being paid to the right person.

Posted in Credit Card Reader Terminal, Credit Card Security, Electronic Payments, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , ,

October 31st, 2013 by Elma Jane

While credit card processors and retailers have made strides to combat credit card fraud, it is still rampant across the U.S. In fact, credit card fraud jumped 17 percent between January, 2011, and September, 2012, according to the most recent data from the FICO Falcon Fraud Manager Consortium.

Debit cards obviously have better safeguard measures in place, since debit card fraud rose less than 1 percent between January, 2011, and September, 2012. Plus, the average fraud loss per compromised account fell by 3 percent.

Card-not-present (CNP) fraud is the biggest challenge by far, accounting for 47 percent of all credit card fraud. CNP fraud – which includes payments via the internet, mail and phone – grew 25 percent over the two-year period. So, where the problems with credit cards lie.

Unfortunately, CNP fraud may get worse before it gets better, in FICO’s Banking Analytics Blog. This problem may even intensify as the US moves away from magnetic stripe and toward EMV [chip] card technology. In other countries adopting chip-based authentication technology, we’ve seen counterfeit fraud decline, but as a counterbalance, fraudsters often ramp up efforts around CNP fraud.

However, there was a glimmer of light in the credit card fraud fiasco. While card fraud attempts rose, the average loss per compromised account dropped 10 percent. Plus, the ratio of fraud to non-fraud spending remained constant. “In other words, the volume of card fraud increased proportionally to the volume of consumer credit card spending.

Even though many retailers have implemented successful fraud prevention programs, Visa provides retailers with the warning signs for CNP fraud, including:

Multiple cards used from a single IP address. Orders made up of “big ticket” items. Orders that include several of the same item. Shipping to an international address. Transactions with similar account numbers.

Posted in Digital Wallet Privacy, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 28th, 2013 by Elma Jane

With banks and shops starting to let customers pay by tapping their smart phones on terminals in stores, the future of plastic credit cards is looking shaky.

MasterCard, which has teamed with Coles and CommBank on these ventures, yesterday said Australians were rapidly embracing contactless payments using PayPass and rival Visa’s payWave. At Coles, six out of 10 MasterCard and Visa payments were contactless.

MasterCard head of market development and innovation for Australasia said three out of 10 MasterCard terminal payments were contactless and there were now more than 175,000 terminals nationwide that could accept them. More than 10 million MasterCards in Australia could make contactless payments.

An EMV (Europay, MasterCard and Visa) standard meant all terminals were capable of handling different brands of contactless payments.

The first stage of the contactless payments or “tap and go” revolution began with Visa payWave and MasterCard PayPass in Australia and the first institution to make contactless payments available locally was the Commonwealth Bank in 2006.

The next stage is to use smartphones rather than just plastic cards for contactless payments. Customers still use their Visa and MasterCard accounts, but the transaction is effected using a Near Field Communication sticker placed on the back of the phone, or an embedded, secure NFC element inside modern Android smartphones.

In Europe, NFC-enabled watches, wristbands, key rings and fobs also were being used for contactless payments and there was no reason this couldn’t happen here.

Visa said it had made a “significant investment” in a mobile NFC ecosystem.

“Visa is working closely with partners like Samsung, Vodafone and Optus on a range of mobile payment solutions that use the secure element and prepaid SIM models.”

CommBank, which previously enabled contactless payments from an iPhone housed in a special case, last week said it would let customers pay directly from their Apple phone using an NFC sticker, and from newer Android phones with embedded secure NFC technology.

The new facility, to be rolled out in the current financial year, is part of a revamp of the bank’s smartphones apps.

Coles said contactless payments had increased in the past year by more than 70 per cent while CommBank’s volume of contactless payments had increased six fold in 12 months. Westpac said it was piloting an Android mobile contactless payment application and was also investigating smartwatch payments.

“We also believe that the next big trend after the rise of mobiles and NFC in Australia will be mobile checkouts, where shoppers purchase products and have them delivered within two or three clicks,” a spokeswoman said, and the moves were “as big a market shift as we’ve ever seen”.

Coles also announced a trial of its own contactless payments technology using NFC stickers. Funds would be drawn from Coles Rewards MasterCards. Some 5000 mobile phone tags would be issued in a trial.

ANZ said it was continuing its trial of a mobile wallet for Android phones begun last year, ahead of making the solution available to customers.

“Our NFC pilot with Samsung and Optus is tracking well and we’re also investigating other payment options such as QR codes,” an ANZ spokesman said.

“Given the fragmentation of the market, we will continue to monitor developments before finalising how we will bring a viable mobile wallet solution for our customers to market.”

St George Bank chief information officer said his bank planned to have a contactless phone payments solution in the market “sometime in 2014”.

The bank has previously been reported to be looking at payments via the Pebble and Samsung smart watches.

National Australia Bank, which unveiled its peer-to-peer payments app, NAB Flik, last month, said it was watching how the contactless payments market developed with “less focus on being first to market and more focus on being best in market.”

The Australian  reported last month that Apple and PayPal were exploring an alternative to NFC-enabled contactless payments called iBeacons. When you pass close to a store in a shopping centre, a beacon will detect your phone’s presence and automatically alert you to signature items for sale and specials, or offer other information to lure you inside, and process payments.

CommBank last week told The Australian it was looking at iBeacons technology.

Posted in Credit card Processing, Electronic Payments, EMV EuroPay MasterCard Visa, Near Field Communication, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 21st, 2013 by Elma Jane

Good time for merchants to start noting how their provider is handling card company fee changes as well as any future rate and fee changes, especially if your contract will expire in 2014.

October 2013 Rate and Fee Increase Notices

Visa, MasterCard, and Discover Credit card companies generally make rate and fee changes in the April and October time frame, although they have also made changes at other times of the year. Inevitably, some banks and merchant account providers seem to take advantage of the card company changes by increasing or adding their own mark-ups and by pointing too much of the blame at the card companies for the increases. This time around isn’t much different than others and merchants have sent me some rate and fee increase notices that go well beyond any card company changes.

In understanding how your provider is handling the latest card company changes, keep in mind that there are two important changes for October 2013:

Discover introduced a .25 cent increase to all transactions.

MasterCard introduced a .25 cent increase to certain transactions.

Below are two examples of recent notices on the October changes. Understanding the above .25 cent changes, how would you rate these providers?

Notice 1: 0.02 Percent + $0.02 Increase

“MasterCard, Visa and Discover typically evaluate the Interchange rates and fees twice per year most often in April and October. Based on recent changes as well as analysis from other network providers and vendors, the following changes to your merchant account are being implemented and will be reflected in your merchant statements for transactions processed beginning in October:

 Interchange Plus Merchants: Percentage charged in excess of Interchange will increase by 2/100ths of a percent; and

Transactions Fees for all authorized transactions will increase by $0.02/transaction.”

Tiered Pricing Merchants: Qualified Rate for Visa, MasterCard and Discover will increase 2/100th of a percent;

Notice 2: 0.40 Percent Increase

“Effective October 1, 2013, the discount rates charged for your Visa, MasterCard, and Discover (as applicable) credit card and non-PIN (signature) debit card transactions will increase by 0.400%. We have increased these charges based on a variety of factors, including recent Card Organization changes and our own pricing considerations. This change will appear beginning with your October month-end statement you will receive in November.”

Your Statements Now go back to the statements you received in August and September or any notices you received via mail and read the notice your provider posted for these changes. Did the provider announce the actual change or did it state something quite differently? If it’s the latter, make sure it adjusts pricing accordingly. Also, make sure you monitor your rates, fees, and notices going forward to determine the best long-term course of action. If the provider needs you to extend your contract to correct its overcharges, then there are probably bigger pricing issues and more assertive action required by you to investigate your overall processing cost.

EMV Capable Terminals

To reduce fraud in the U.S., the card companies are introducing cards that have a chip as well as the current magnetic strip. Chip cards are prevalent outside the U.S. and EMV — Europay, MasterCard, and Visa — established the technical standards for processing them.

Brick-and-mortar merchants should understand about EMV.

Brick-and-mortar merchants should have equipment capable of processing EMV chip card transactions by October 2015 as certain fraud liability will shift from the bank that issued the card to the merchant. The equipment may be a terminal or a chip card reader attached to the terminal or POS system.

Certain credit card transactions will require a PIN number instead of a signature similar to PIN debit transactions today. Also, like the current PIN debit devices, each chip reader will need to be encrypted and the encryption code is processor specific. Therefore, if a merchant has an encrypted device, changing processors may be more costly as the encryption cannot simply be downloaded over the phone or Internet as is done with terminal reprogramming now. Instead, the encrypted device will need to go back to the provider for encryption or swapped with an encrypted device or a new encrypted device may be needed.

“EMV capable” can mean very little. In fact, if you have purchased or leased an “EMV capable” terminal it may simply mean that it has the slot or contactless connection to place the chip card and the terminal may have the capability to eventually be encrypted to actually process chip cards. However, the cost and time required to do so could be prohibited.

However, merchants should be planning to have equipment capable of processing chip card by October 2015. In fact, they should be planning to have the equipment capable of processing chip cards well ahead of the October 2015 — perhaps as early as late 2014, to ensure receiving it in time.

If a merchant’s existing terminal fails or is no longer supported, the merchant should inquire about EMV terminals as a replacement. However, ask if it comes fully encrypted and capable of actually processing an EMV transaction or if it will need the encryption later. Right now, the answer is likely that the terminal will need encryption later. If so, the merchant should obtain the time frame, process, and cost for enabling the terminal to actually process chip cards. This should be in writing. Remember, new terminals cost the provider around $150 to $250 and the encryption may be an extra $25 to $50.

Make sure you are comfortable with your provider and have negotiated the best processing cost before changing to encrypted EMV equipment.

Merchants do not need EMV terminals today and very few providers actually have terminals that can process an EMV chip card transaction right now.

 

Posted in Credit card Processing, Electronic Payments, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 21st, 2013 by Elma Jane

UL’s (Underwriter Laboratories) latest contribution to the future of payments has been accomplished through its three years of work with National Security, a French biometrics company that has created a commercially viable biometric technology solution for the point of sale.

The move positions UL and National Security at the forefront of an industry that is expected to expand by 140 percent to reach $12 billion in revenue over the next five years, potentially transforming online, mobile and in-store commerce by increasing the speed of transactions in the process.

Still, arguments can be made that biometric use at the point of sale will remain limited. Why does UL believe the market is right for biometrics, and how did it successfully ensure biometric payments will be ready for all parts of the payment process?

Why The Time Is Now For Biometrics 
Consumer concerns regarding identity theft and violence are on the rise, and the solution according to many is a viable biometrics payment solution. Reports show that there is already strong demand in the U.S. and Asian markets for such products, and major research outlets have put their support behind the technology.

UL’s case study elaborates on the benefits illustrating how biometric data has been developed to be harder for hackers to infiltrate and compliant with EMV security standards.
Developing The Technology 
UL’s work to ensure biometrics will remove friction at the POS has been extensive. For example, its latest case study profiles how UL developed the underlying technology to overcome challenges and work in harmony with wireless technologies such as bluetooth and Wi-Fi. Further, it explains how UL assessed the human health impact of National Security’s biometric solutions.

Posted in Credit card Processing, Electronic Payments, EMV EuroPay MasterCard Visa, Mobile Point of Sale, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,