Nov
30
2015
EMV
November 30th, 2015 by Elma Jane

Cybercriminals will continue to look for opportunities to steal payment information. Despite the superior security features associated with EMV technology, chip cards may still be vulnerable to certain types of fraud.

An EMV chip does not stop lost or stolen cards from being used in card-not-present transactions. Merchants who deal in card-not-present transactions like sales over the telephone or via the Internet are encouraged to adopt additional security measures to ensure the authenticity of cards used for transactions. The strength of the U.S. e-commerce market makes card-not-present fraud an equally important security issue that card issuers and merchants need to consider in the shift to chip cards for point-of-sale transactions.

Retailers and service providers who deal in card-present transactions are reminded that upgrading to EMV terminal at the POS is the best way to protect their customers and their business from fraudulent transactions.

EMV cards are available as either chip-and-PIN (requiring the cardholder to enter their personal identification number to complete a transaction) or chip-and-signature (requiring the cardholder’s signature), U.S. banks have primarily chosen to issue chip-and-sign cards for now.

While 59 percent of US adults have already received a new chip card, only 41 percent of them know its benefits and only 37 percent say their card issuers explained how to use the chip cards.

 

 

Posted in Best Practices for Merchants, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , ,

Nov
17
2015
Payment
November 17th, 2015 by Elma Jane

Within the payment processing industry, Merchant accounts are categorized according to how they process their transactions.

There are two primary merchant account categories:

Swiped (Card Present) and Keyed (Card-Not-Present).

Swiped or Card-Present Transactions: Are those in which both the card and the cardholder are present at the time the payment is processed, they physically swipe their customers credit card through a terminal or point-of-sale system.

The sub-categories within this group include:

Retail Merchants – Normally conduct their business in an actual storefront or office space. They primarily use counter-top terminals or Point-of-Sale systems.                          Restaurant Merchants – Requires a special set-up that allows for tips to be added to the final sale amount by settling the transaction with an adjusted price that will include the tip amount.
Wireless / Mobile Merchants – They use wireless terminals or mobile phones to run these transactions in Real-Time. Have the ability to accept credit cards transactions wherever they are located out on the road.
Hotel / Lodging Merchant – Will authorize a customer’s credit card for a certain sale amount.

Card-Present Transactions also include grocery stores, department stores, movie theaters, etc. Card acceptance settings where cardholders use unattended point-of-sale (POS) terminals, such as gas stations, are also defined as card-present transactions. 

Keyed-In or Card-Not-Present Transactions: Whenever the transaction is completed and the cardholder (or his or her credit card) is not physically present to hand to the seller.

The sub-categories within this group include:
Mail Order / Telephone Order (MOTO) – The customers card information is gathered via over the phone, fax, email or internet and then manually key-entered into a terminal or payment gateway software. Once the transaction is approved and completed, the product is then shipped to the customer for delivery.
eCommerce / Internet – Conduct ALL of their business over the internet through a web site. So all credit card transactions are processed online via a payment gateway in real-time. The payment gateway is integrated into the web sites shopping cart. The cardholders card is charged instantly.

Travel Merchants is one example of Keyed or Card-Not-Present Transactions.

Start processing credit card payments today whether Swiped or Keyed.

Give us a call now at 888-996-2273 so more details!

Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone, Travel Agency Agents Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
24
2014
September 24th, 2014 by Elma Jane

The CVV Number (Card Verification Value) on your credit card or debit card is a 3 digit number on VISA, MasterCard and Discover branded credit and debit cards. On your American Express branded credit or debit card it is a 4 digit numeric code.

The codes have different names:

American Express – CID or unique card code.

Debit Card – CSC or card security code.

Discover  – card identification number (CID)

Master Card – card validation code (CVC2)

Visa  – card verification value (CVV2) 

CVV numbers are NOT your card’s secret PIN (Personal Identification Number).

You should never enter your PIN number when asked to provide your CVV. (PIN numbers allow you to use your credit or debit card at an ATM or when making an in-person purchase with your debit card or a cash advance with any credit card.)

Types of security codes:

CVC1 or CVV1, is encoded on track-2 of the magnetic stripe  of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.

The most cited, is CVV2 or CVC2. This code is often sought by merchants for card not present transactions occurring by mail or fax or over the telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.

Contactless card and chip cards may supply their own codes generated electronically, such as iCVV or Dynamic CVV.

Code Location:

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card. On American Express cards, the card security code is the four digits printed (not embossed) on the front towards the right. The card security code is not encoded on the magnetic stripe but is printed flat.

American Express cards have a four-digit code printed on the front side of the card above the number.

MasterCard, Visa, Diners Club,  Discover, and JCB credit and debit cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.

New North American MasterCard and Visa cards feature the code in a separate panel to the right of the signature strip. This has been done to prevent overwriting of the numbers by signing the card.

Benefits when it comes to security:

As a security measure, merchants who require the CVV2 for card not present payment card transactions are required by the card issuer not to store the CVV2 once the individual transaction is authorized and completed. This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful. Virtual Terminals and payment gateways do not store the CVV2 code, therefore employees and customer service representatives with access to these web-based payment interfaces who otherwise have access to complete card numbers, expiration dates, and other information still lack the CVV2 code.

The Payment Card Industry Data Security Standard (PCI DSS) also prohibits the storage of CSC (and other sensitive authorization data) post transaction authorization. This applies globally to anyone who stores, processes or transmits card holder data. Since the CSC is not contained on the magnetic stripe of the card, it is not typically included in the transaction when the card is used face to face at a merchant. However, some merchants in North America require the code. For American Express cards, this has been an invariable practice (for card not present transactions) in European Union (EU) states like Ireland and the United Kingdom since the start of 2005. This provides a level of protection to the bank/cardholder, in that a fraudulent merchant or employee cannot simply capture the magnetic stripe details of a card and use them later for card not present  purchases over the phone, mail order or Internet. To do this, a merchant or its employee would also have to note the CVV2 visually and record it, which is more likely to arouse the cardholder’s suspicion.

Supplying the CSC code in a transaction is intended to verify that the customer has the card in their possession. Knowledge of the code proves that the customer has seen the card, or has seen a record made by somebody who saw the card.

 

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
16
2014
September 16th, 2014 by Elma Jane

When plastic cards become digital tokens, they become virtual. So how do you say that the Card is Present or Not Present.  The legendary regulatory difference that the cards industry has relied on to differentiate between interchange fees for Card Present and Card Not Present transactions.

Apple secured Card Present preferential rates for transactions acquired by iTunes on the basis that the card’s legitimacy is verified with the issuer at the time of registration and the token minimizes probability of fraud. If an API call to the issuing bank is sufficient to say that the Card is Present, who is to say that the same logic can’t apply to online merchants who also verify the authenticity of Cards on File when they tokenize them? How can one arbitrarily say that the transaction processed with token from an online merchant is Card Not Present, but the one processed with Apple Pay is Card Present even though both might have made the same API call to the bank to verify the card’s validity?

In the Apple case, a physical picture of the card is taken and used to verify that the person registering the card has it. It is not that hard for an online merchant to verify that the Card on File converted as a token does belong to the person performing an online transaction.

As we move towards chip and pin the card present merchants will spend substantial money upgrading their hardware and POS systems. That expense will be offset by that savings in losses due to fraud. MOTO and e-commerce transactions ( card NOT present ) will always have a higher cost because the nature of processing is NON face to face transactions. Of course the fraud and losses are higher when the card is manually entered or given to someone over the phone……Face to face will always have the lowest cost per transaction because it is usually the final step in the sale. Restaurants are low risk because you had the transaction AFTER you eat. If there is a dispute it happens before the merchant even sees the credit card.

In the long run, as cards become digital and virtual through tokens, we are all going to wonder if card is present or not present. May be some will say. Card is a ghost.

Posted in Best Practices for Merchants, Credit card Processing, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,