November 17th, 2015 by Elma Jane
Within the payment processing industry, Merchant accounts are categorized according to how they process their transactions.
There are two primary merchant account categories:
Swiped (Card Present) and Keyed (Card-Not-Present).
Swiped or Card-Present Transactions: Are those in which both the card and the cardholder are present at the time the payment is processed, they physically swipe their customers credit card through a terminal or point-of-sale system.
The sub-categories within this group include:
Retail Merchants – Normally conduct their business in an actual storefront or office space. They primarily use counter-top terminals or Point-of-Sale systems. Restaurant Merchants – Requires a special set-up that allows for tips to be added to the final sale amount by settling the transaction with an adjusted price that will include the tip amount.
Wireless / Mobile Merchants – They use wireless terminals or mobile phones to run these transactions in Real-Time. Have the ability to accept credit cards transactions wherever they are located out on the road.
Hotel / Lodging Merchant – Will authorize a customer’s credit card for a certain sale amount.
Card-Present Transactions also include grocery stores, department stores, movie theaters, etc. Card acceptance settings where cardholders use unattended point-of-sale (POS) terminals, such as gas stations, are also defined as card-present transactions.
Keyed-In or Card-Not-Present Transactions: Whenever the transaction is completed and the cardholder (or his or her credit card) is not physically present to hand to the seller.
The sub-categories within this group include:
Mail Order / Telephone Order (MOTO) – The customers card information is gathered via over the phone, fax, email or internet and then manually key-entered into a terminal or payment gateway software. Once the transaction is approved and completed, the product is then shipped to the customer for delivery.
eCommerce / Internet – Conduct ALL of their business over the internet through a web site. So all credit card transactions are processed online via a payment gateway in real-time. The payment gateway is integrated into the web sites shopping cart. The cardholders card is charged instantly.
Travel Merchants is one example of Keyed or Card-Not-Present Transactions.
Start processing credit card payments today whether Swiped or Keyed.
Give us a call now at 888-996-2273 so more details!
Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone, Travel Agency Agents Tagged with: Card Not Present transactions, card present, card-not-present, card-present transactions, cardholder, credit card, credit card payments, credit card transaction, ecommerce, keyed, Lodging Merchant, mail order, merchant accounts, merchants, mobile merchants, moto, payment gateway, payment processing, point of sale, POS terminals, Restaurant Merchants, Retail Merchants, shopping cart, swiped, telephone order, terminal, transactions, travel merchants
November 16th, 2015 by Elma Jane
Combat Fraud With Layered Approach!
Encryption and Tokenization a strong combination to protect cardholder data at all points in the transaction cycle.
Encryption – the strongest protection for card data when it’s in transit. From the moment a payment card is swiped or dipped at a terminal featuring a hardware-based, tamper resistant security module. Encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center. Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment.
Tokenization – protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions. This eliminates the possibility of having card data stolen because it no longer exists within your environment. Tokens can be used in card not present environments such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments. Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use.
A layered approach can be the most effective way to combat fraud. Security solutions that provide layers of protection, when used in combination with EMV and PCI-DSS compliance; to ensure you’re doing all you can to protect cardholder data from increasingly complex and evolving security threats.
Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: card data, card present, card transactions, card-not-present, cardholder, e-commerce, EMV, encryption, mail order, moto, payment card, PCI-DSS, PMS, POS, telephone order, terminal, tokenization, tokens
November 5th, 2015 by Elma Jane
EMV-compliant POS systems are now being equipped with NFC technology to accept contactless payments. What does this mean for the future of payments?
EMV lays the foundation for increased card-present and contactless payments security, with EMV, magnetic stripe cards are soon to be a bygone technology. Plastic EMV cards will not have a long lifespan as payments move into a more digital space, security and NFC upgrades merchants and consumers now will carry over into the digital and mobile payments space.
Consumers are constantly looking for more convenient ways to transact, which is made possible by the simultaneous adoption of EMV and NFC. While EMV supports plastic chip cards, payments are going digital and POS systems equipped with NFC technology save consumers from digging through their wallets, making it easier for consumers to transact via mobile devices. Mobile payments should be simple, scalable and affordable in today’s payment landscape and consumers should have the option to securely store and use multiple cards within their digital wallets or applications they most often use.
EMV standards increase security for card-present payments, which are relevant to many consumers today, but the convenience of mobile and contactless payments is the future. In an era of EMV, NFC plays as critical a role in propelling both technologies forward. Retailers and card issuers alike must recognize the opportunity to take advantage of both.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Smartphone Tagged with: (POS) systems, card present, chip cards, contactless payments, Digital wallets, EMV, magnetic stripe cards, merchants, Mobile Payments, nfc technology, payments
November 3rd, 2015 by Elma Jane
While EMV represents a significant improvement in the way credit/debit card fraud is detected and prevented, some have confused EMV’s capabilities with the concepts of data security and PCI compliance.
Does EMV override PCI?
The answer is NO, EMV technology does not satisfy any PCI requirements, nor does it reduce PCI scope.
- EMV is counterfeit card fraud protection – it makes it more difficult to make use of stolen card data.
- EMV is not encryption – EMV does not encrypt the Primary Account Number (PAN) and therefore the card data must still be protected according to PCI guidelines.
- EMV only works for card present transactions.
If your business accepts credit or debit cards in a physical store or other face-to-face setting, you will need to implement the EMV technology and PCI standards. If you upgrade your terminals for EMV, consider adding point-to-point encryption (P2PE) capabilities to reduce PCI scope and protect data end to end. In addition, using tokens after authorization can prevent the card data from being used, should it be stolen.
Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: card data, card fraud, card present, counterfeit card, credit, data security, debit card, EMV, emv technology, fraud, p2pe, PAN, PCI, PCI Compliance, point-to-point encryption, Primary Account Number, terminals, tokens
October 20th, 2015 by Elma Jane
We’ve covered a lot about EMV, but what about improving security for online and Card-Not-Present transactions? That’s where 3-D Secure comes in.
3-D Secure allows a card holder to authenticate himself while making an online payment.
In a traditional credit card transaction, a payment request is presented to the issuing bank for authorization. The Issuing bank authorizes the transaction based solely on the funds available to the card holder.
With card present, the magnetic strip on the card can be read and a signature collected. This process has now been largely superseded by Chip and PIN which gives the card holder the opportunity to identify himself via a secret PIN code.
An E-commerce transaction is conducted online, without the possibility to access the card physically. Un-authorized usage and fraud are therefore more likely.
3-D Secure allows transactions to be conducted in safety online, greatly reducing the risk of fraud and chargebacks.
How 3-D Secure Works?
When a payment request arrives at the merchant or payment gateway, the Merchant Plug In (MPI) component is activated. The MPI talks to Visa or MasterCard to check if the card is enrolled for 3-D Secure. If the card is not enrolled, this means that either the bank that issued the card is not yet supporting 3-D Secure or it means that the card holder has not yet been registered for the service. If the card is enrolled, the MPI will redirect the card holder to the 3-D Secure authentication web page for the issuing bank; the card holder will then identify himself. The MPI will evaluate the reply from the bank and, if successful, allow the transaction to proceed for authorization. The transaction could still fail for lack of funds or other reasons but is more likely to be approved because of the authentication.
3-D Secure allows 3 domains to work together.
Domain 1: The card holder has the peace of mind that his card is not used without his authorization.
Domain 2: Merchants are protected from fraud and can provide the product and service without delay or extra costs.
Domain 3: Banks see that the transaction has been authenticated and are more likely to approve the transaction, to the convenience of the card holder.
Implementation of 3-D Secure:
Visa is called Verified by Visa.
MasterCard is called Secure Code.
Amex is called SafeKey.
JCB is called J/Secure.
Posted in Best Practices for Merchants, e-commerce & m-commerce, Internet Payment Gateway Tagged with: 3-D Secure, amex, card holder, card present, card-not-present, chargebacks, Chip and PIN, credit card, ecommerce, EMV, fraud, jcb, magnetic strip, MasterCard, merchant, online payment, payment gateway, pin code, visa
August 13th, 2015 by Elma Jane
The credit card processing industry, have been working towards including EMV technology in all of the point of sale systems.
Many processors have sent out EMV capable devices that will need to be adjusted before they can start accepting EMV card transactions.
See which category you fall into so you are prepared when October 1 rolls around.
First, check and see if your credit card machine has the slot to accept EMV cards (it’s either a slot in front, or on the top of, the unit). If you don’t, you need to contact your processors or sales agent to update your equipment .
If you do have the slot for EMV cards, you’ll need to contact National Transaction to see if your EMV capable machine has been enabled to accept EMV cards.
What is the difference between EMV capable and EMV enabled?
- EMV Capable – EMV capable means that your credit card machine is equipped with the hardware (i.e. the slot) and has the capability to do a transaction, but first you’ll have to update the application to enable you to process the cards. At National Transaction, we have a support specialist to assist you with step-by-step instructions to switch your credit card Point-of-Sale System, from EMV capable to EMV enabled.
- EMV Enabled – When your machine is EMV enabled, your terminal is ready to accept EMV transactions. According to MasterCard, 73 percent of consumers say owning a chip card would encourage them to use their card more often. In addition, 75 percent of consumers expect to use their chip card at the merchants where they shop today. Keeping these numbers in mind, it only makes sense to equip your business with an EMV enabled credit card POS system.
What makes EMV technology so important?
EMV is a global payment system that adds a microprocessor chip into credit cards and debit cards, and reduces the chance a transaction is being made with a stolen or copied credit card. Unlike traditional magnetic-stripe cards, anytime you use an EMV card, the chip in the card creates a unique transaction sequence that can’t be replicated. Because the number will never be valid again, it makes it hard for hackers to fake these cards. If they attempt to use the copied EMV card, the transaction would be denied.
The rollout of EMV technology is ongoing, but even with the October 1 deadline, it’s estimated that only 70 percent of credit cards and 40 percent of debit cards in the U.S. will support EMV. Despite these numbers, that doesn’t mean you shouldn’t update your equipment.
Following the deadline, card present fraud liability will shift to whoever is the least EMV compliant party in a fraudulent transaction.
Make sure that’s not you!
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: card present, card transactions, chip, chip card, credit card, credit card processing, debit cards, EMV, EMV capable, EMV enabled, emv technology, magnetic stripe cards, merchants, payment system, point of sale, POS, processors, terminal
July 23rd, 2015 by Elma Jane
The digital payments landscape is changing at a rapid pace. Consumers are finally adopting digital wallets, like Apple Pay and Android Pay.
The deadline for merchants to become EMV compliant, the global standard that covers the processing of credit and debit card payments using a card that contains a microprocessor chip, is quickly approaching.
Today’s consumers show an increasing desire to use new payment methods because they’re convenient. However, this presents a challenge to merchants, as many have not made the switch to the modern technology required to accept these methods since they’re generally hard-wired to resist technology changes.
Merchants must evolve with technology or they’ll find themselves unable to compete and in danger of losing customers.
Looking long term, the benefits of adopting new payment technology will outweigh the cost of transitioning. The fact is that new payment technology will reduce fraud risk due to counterfeit cards, provide greater insight into shoppers with sophisticated data and will ultimately lower costs for merchants over time.
The value merchants will get out of new payment methods:
Security
Investing in new payment technology will help reduce the risk of fraud. EMV, as an example. Beginning in October 2015, merchants and the financial institutions that have made investments in EMV will be protected from financial fraud liability for card-present fraud losses for both counterfeit, lost, stolen and non-receipt fraud.
EMV is already a standard in Europe, where fraud is on the decline. In turn, American credit card issuers are being pressured to replace easily hacked magnetic strips on cards with more secure “chip-and-PIN” technology. Europe has been using Chip, and Chip & Pin for years.
There’s nothing that can guarantee 100 percent security, but when EMV is coupled with other payment innovations, like tokenization that separate the customer’s identity from the payment, much of the cost and risk of identity theft is eliminated. If hackers get access to the token, all they get is information from one transaction. They don’t have access to credit card numbers or banking accounts, so the damage that can be done is minimal.
As card fraud rises, there’s a strong case to upgrade to a payment system that works with a smartphone or tablet and accepts both EMV chip cards and tokens.
Insight into Customer Behavior
In addition to added security, upgrading to new payment technology opens up a door to greater customer insights, improved consumer engagement and enables merchants to grow revenue by providing customers with receipts, rewards, points and coupons. By collecting marketing data at the point of sale a business can save on that data that they only dreamed of buying.
Investment Outweighs the Cost
New technology does have upfront costs, but merchants need to think about it as an investment that will grow top-line revenue. Beware of providers offering free hardware. Business can benefit by doing some research on the actual cost of the hardware.
By increasing security, merchants are further enabling mobile and emerging technologies, which will make shopping easier.
Customers will also be more confident in using their cards.
As an added bonus to merchants, most EMV-enabled POS equipment will include contactless technology, allowing merchants to accept contactless and mobile payments. This will result in a quicker check-out experience so merchants can handle more transactions.
Faster customer checkout.
The best system for is the one that makes the merchant as efficient and profitable as possible, as well as improves the customer checkout experience.
Retail climate is competitive, merchants have two choices:
Do nothing or embrace the fact that payments are changing. Transitions from old systems to new ones require work and risk, but merchants who use modern technology are investing in the future and will certainly outperform those who choose to do nothing.
Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Mobile Payments, Near Field Communication, Point of Sale Tagged with: American credit card, card, card present, chip, Chip and PIN, contactless technology, credit, data, debit card, digital payments, Digital wallets, EMV, EMV compliant, EMV EuroPay MasterCard Visa, merchants, Mobile Payments, payment innovations, payment methods, payment technology, payments, point of sale, POS, provider's, smartphone, tablet, token, tokenization, transaction
September 16th, 2014 by Elma Jane
When plastic cards become digital tokens, they become virtual. So how do you say that the Card is Present or Not Present. The legendary regulatory difference that the cards industry has relied on to differentiate between interchange fees for Card Present and Card Not Present transactions.
Apple secured Card Present preferential rates for transactions acquired by iTunes on the basis that the card’s legitimacy is verified with the issuer at the time of registration and the token minimizes probability of fraud. If an API call to the issuing bank is sufficient to say that the Card is Present, who is to say that the same logic can’t apply to online merchants who also verify the authenticity of Cards on File when they tokenize them? How can one arbitrarily say that the transaction processed with token from an online merchant is Card Not Present, but the one processed with Apple Pay is Card Present even though both might have made the same API call to the bank to verify the card’s validity?
In the Apple case, a physical picture of the card is taken and used to verify that the person registering the card has it. It is not that hard for an online merchant to verify that the Card on File converted as a token does belong to the person performing an online transaction.
As we move towards chip and pin the card present merchants will spend substantial money upgrading their hardware and POS systems. That expense will be offset by that savings in losses due to fraud. MOTO and e-commerce transactions ( card NOT present ) will always have a higher cost because the nature of processing is NON face to face transactions. Of course the fraud and losses are higher when the card is manually entered or given to someone over the phone……Face to face will always have the lowest cost per transaction because it is usually the final step in the sale. Restaurants are low risk because you had the transaction AFTER you eat. If there is a dispute it happens before the merchant even sees the credit card.
In the long run, as cards become digital and virtual through tokens, we are all going to wonder if card is present or not present. May be some will say. Card is a ghost.
Posted in Best Practices for Merchants, Credit card Processing, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: (POS) systems, API call, Apple secured Card Present, bank, Card Not Present transactions, card present, card present merchants, cards, cards industry, chip, credit-card, digital and virtual, digital tokens, e-commerce transactions, fees, fraud, hardware, industry, interchange, interchange fees, issuer, issuing bank, low risk, Merchant's, moto, NON face to face transactions, online, online merchants, online transaction, PIN, Processing, Rates, token, transactions
August 11th, 2014 by Elma Jane
Tokenization technology has been available to keep payment card and personal data safer for several years, but it’s never had the attention it’s getting now in the wake of high-profile breaches. Still, merchants especially smaller ones haven’t necessarily caught on to the hacking threat or how tools such as tokenization limit exposure. That gap in understanding places ISOs and agents in an important place in the security mix, it’s their job to get the word out to merchants about the need for tokenization. That can begin with explaining what it is.
The biggest challenge that ISOs will see and are seeing, is this lack of awareness of these threats that are impacting that business sector. Data breaches are happening at small businesses, and even if merchants get past the point of accepting that they are at risk, they have no clue what to do next. Tokenization converts payment card account numbers into unique identification symbols for storage or for transactions through payment mechanisms such as mobile wallets. It’s complex and not enough ISOs understand it, even though it represents a potential revenue-producer and the industry as a whole is confused over tokenization standards and how to deploy and govern them.
ISOs presenting tokenization to merchants should echo what security experts and the Payment Card Industry Security Council often say about the technology. It’s a needed layer of security to complement EMV cards. EMV takes care of the card-present counterfeit fraud problem, while tokenization deters hackers from pilfering data from a payment network database. The Target data breach during the 2013 holiday shopping season haunts the payments industry. If Target’s card data had been tokenized, it would have been worthless to the criminals who stole it. It wouldn’t have stopped malware access to the database, but it would been as though criminals breaking into a bank vault found, instead of piles of cash, poker chips that only an authorized user could cash at a specific bank.
A database full of tokens has no value to criminals on the black market, which reduces risk for merchants. Unfortunately, the small merchants have not accepted the idea or the reality and fact, that there is malware attacking their point of sale and they are being exposed. That’s why ISOs should determine the level of need for tokenization in their markets. It is always the responsibility of those who are interacting with the merchant to have the knowledge for the market segment they are in. If you are selling to dry cleaners, you probably don’t need to know much about tokenization, but if you are selling to recurring billing or e-commerce merchants, you probably need a lot more knowledge about it.
Tokenization is critical for some applications in payments. Any sort of recurring billing that stores card information should be leveraging some form of tokenization. Whether the revenue stream comes directly from tokenization services or it is bundled into the overall payment acceptance product is not the most important factor. The point is that it’s an important value to the merchant to be able to tokenize the card number in recurring billing, but ISOs sell tokenization products against a confusing backdrop of standards developed for different forms of tokenization. EMVCo, which the card brands own, establishes guidelines for EMV chip-based smart card use. It’s working on standards for “payment” tokenization with the Clearing House, which establishes payment systems for financial institutions. Both entities were working on separate standards until The Clearing House joined EMVCo’s tokenization working group to determine similarities and determine whether one standard could cover the needs of banks and merchants.
Posted in Best Practices for Merchants Tagged with: account numbers, bank, billing, card, card brands, card number, card present, Clearing House, data, data breaches, database, e-commerce, EMV, emvco, fraud, ISOs, Malware, Merchant's, mobile wallets, network, payment, Payment Card Industry, Security, smart card, target, tokenization, transactions