September 15th, 2016 by Elma Jane

 

Storing credit card data for recurring billing are discouraged.

But many feels storing is necessary in order to facilitate recurring payments.

Using a third party vault provider to store credit card data for recurring billing is the best way.

It helps reduce or eliminate the need for electronically stored cardholder data while still maintaining current business processes.

For recurring billing a token can be use, by utilizing a vault. The risk is removed from your possession.

Modern payment gateways allow card tokenization.

Any business that storing data needs to review and follow PCI DSS requirement in order for the electronic storage of cardholder data to be PCI compliant.

On the primary account number, an appropriate encryption will be applied. In this situation, the numbers in the electronic file should be encrypted either at the column level, file level or disk level.

 

Posted in Best Practices for Merchants, Credit Card Security Tagged with: , , , , , , , , ,

Monthly
August 9th, 2016 by Elma Jane

Businesses are discouraged from storing credit card data, but many feel the practice is necessary in order to facilitate recurring payments. Merchants that need to store credit card data are doing it for recurring billing.

Using a third party vault provider is the best way to store credit card data for recurring billing, it helps reduce or eliminate the need for electronically stored cardholder data while still maintaining current business processes. The risk of storing card data is removed from your possession and you are given back a token that can be used for the purpose of recurring billing, by utilizing a vault. Modern payment gateways allow card tokenization.

Any business that storing data via hard copy needs to review and follow PCI DSS requirement in order for the electronic storage of cardholder data to be PCI compliant.  Appropriate encryption must be applied to the PAN (primary account number). In this situation, the numbers in the electronic file should be encrypted either at the column level, file level or disk level.

 

Posted in Best Practices for Merchants, Payment Card Industry PCI Security, Travel Agency Agents Tagged with: , , , , , , , ,

PCI
July 14th, 2016 by Elma Jane

PCI Compliance applies to every merchant who is accepting credit cards large or small. Refusing or delaying to become PCI Compliant can end up being a costly mistake.

If you accept any credit or debit card payment, you need to be PCI Compliant no matter the volume is.

PCI applies to any company, organization or merchant of any size or transaction volume that accepts, stores or transmits cardholder data. Any merchant accepting payments directly from the customer via credit or debit card must be PCI Compliant.

The merchant themselves are responsible for becoming PCI Compliant, as the deadline for merchants to become Compliant is long overdue

Understanding and knowing the details of PCI Compliance can help you better prepare your business. Failing and waiting to become compliant or ignoring them, could end up being an expensive mistake.

The VISA regulations have to adhere to the PCI standard forms part of the operating regulations, the regulations signed when you open an account at the bank. The rules under which merchants are allowed to operate merchant accounts.

 

Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: , , , , , , , ,

Underwriting
June 14th, 2016 by Elma Jane

Getting a merchant account is an important step for any business that sells services. Helping merchant to understand the underwriting process and some of the key things that are reviewed, in order to get approved.

Billing policy – Does the business bill in advance or after products or services are rendered? Businesses that bill too far in advance are at greater risk for a chargeback.
Example: A travel agency who sold travel destination packages six months in advance and cancel the trip, you’ll need to reimburse your customers.

Business type – Some business types are riskier. Industries with vague products or services are more highly to be examined in detail than those with concrete offerings.

Chargeback history – A business with a lot of chargebacks tied to their old merchant account will have a hard time with underwriting. A chargeback might be issued by the cardholder when they feel that the merchant does not fulfil the product or service being rendered as agreed.

Owner / signer credit score – Credit score plays a big role during merchant account underwriting. However, some processors will review financial statements instead in the case of poor credit. if the original signer’s credit score is insufficient, businesses with multiple partners can also try the application with a different signer.

Requested volumes – Are weighed against the processing volumes requested on the application. New businesses usually start with smaller volumes to build a trustworthy relationship before increasing their processing volumes.

Years in business – Long terms in business go a long way in merchant account underwriting, it speaks for their legitimacy. They are more prepared to respond to something like a chargeback and often have a more stable cash flow.

 

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , ,

Ways
May 26th, 2016 by Elma Jane

NFC stands for Near Field Communication. It is a technology that allows contactless data exchange between two electronic devices

Contactless Payment is a description for the ability to pay without touching anything.

How do mobile wallets fit into NFC?

Mobile wallets like Apple and Android Pay use NFC technology. NFC technology allows the data to securely pass back and forth between each device to make a contactless payment.

How secure are NFC Payments?

Tokenization converts or replaces cardholder data with a unique token ID. This eliminates the possibility of having card data stolen. These tokens help heighten protection and security for the consumer.

As a merchant,  preparing to accept payments that meet customers satisfaction is needed. With the mobile wallet transaction process, it makes the traditional transaction quick and efficient.

NTC terminals allow merchants to accept NFC Payments, allowing you to process more transactions. For more information give us a call at 888-996-2273.  

 

 


Posted in Best Practices for Merchants, Credit Card Security, Mobile Point of Sale, Near Field Communication, Smartphone Tagged with: , , , , , , , , , , , , ,

Card-Present vs Card-Not-Present
April 12th, 2016 by Elma Jane

Bank Identification Number or (BIN) is the link between the customer and their credit, debit, prepaid or gift card.This help merchants identify the card, its owner, and the issuing bank. The first six digits are used to identify the issuing bank. These six digits are the Bank Identification Number (BIN).

What is a BIN LookUp and how can it help merchant?
The BIN and additional data about the card and the bank can be stored in a database since every card is associated with a bank. BIN lookup allows any merchant or institution doing card based transaction to check more about the transaction other than ensuring that the correct pin has been provided.

BIN LookUp gives the merchant added security and a number of benefits.

  • Protection against fraud and reversals of payments. Bank institution allow merchants a limited number of reversals and fraud before stopping their card privileges, and each card chargeback costs you money.
  • Permits a closer monitoring of the sales process. Who, what and where? Using these details you can service your customers better.
  • You can also gain from using the BIN system if you issue your customers’ gift card or pre-loaded cards.

How Can BIN LookUp or Cardholder Bank LookUp Help Merchants?
Utilize the Cardholder Bank Lookup when you need to inquire about which bank issued a particular card. Simply enter the first six digits on the card and you will receive the information on the issuing bank, including contact information. Merchant Connect BIN lookup data is accurate, it is an added protection to your business, assets, and your financial transactions.

For your payments technology needs, give us a call at 888-996-2273

 

 

Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: , , , , , , , , , , , , , ,

Travel
March 16th, 2016 by Elma Jane

More and more travel agents and tour operators are working in a card-not-present transaction that opens the door to travel agency credit card fraud. Travel Agencies are among the highest-risk merchants, as far as credit card processors are concerned. The reason is more likely the dispute and chargeback transactions.

So what should you do, whether you have just started your travel agency or have been in business for years to reduce risk?   

First, understand the potential liability associated with selling airfares online before you even apply for a merchant account. Understanding risk exposure will help travel agency take adequate steps to minimize losses associated with chargebacks.

A good example is an airline sales agent. A travel agency or a tour operator merchant account may be liable for the entire amount of an airline ticket, if it is successfully disputed by a customer or if it was purchased with a stolen credit card.

To reduce risk, you will need to set up card acceptance policies and procedures to address the following issues:

  1. Authorization requests approved by an issuer. In most cases, airlines are liable for card-not-present transaction fraud, even when they were approved by the card issuer, because authorization approval is not a proof that the legitimate cardholder is making the purchase, nor is it a guarantee of payment.
  2. As a travel agency, your organization may not necessarily be a Visa or MasterCard merchant, subject to the Credit Card Associations’ rules and regulations. In most fraud-related transactions, the airline transfers liability to the travel agency it has partnered with as part of the contractual agreement. In such cases, your organization will bear the full financial responsibility.

Selecting a payment processor is a big step, choose one with experience in working with travel agencies and other high-risk merchants. Your processor must be able to assist you with your fraud prevention procedures.

Check out National Transaction Corp. we are the travel experts when it comes to electronic payments for travel agencies! Give us a call now at 888-996-2273 or visit us at www.nationaltransaction.com

 

 

 

Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: , , , , , , , , , , , , , , , , ,

CODE 10
February 17th, 2016 by Elma Jane

Helping customers protect and safeguard their payment data is one of NTC’s top priorities. Experts agree that a layered approach is the most effective way to combat evolving security threats and unauthorized access to payment data.

Implementation of best practices and the latest protection technology is needed to ensure of cardholder data protection from increasingly complex and evolving security threats.

EMV is a good start to enhance data security with card authentication, cardholder verification, and transaction authorization. But a multi-layered security approach that includes encryption and tokenization provides complete data protection to both merchants and their customers.

EMV alone is not enough because EMV authenticates the validity of the card and the cardholder, but it does not secure the data. With encryption and tokenization without EMV, as a merchant, you are liable for fraudulent transactions. Encryption and tokenization are a process or system to protect sensitive cardholder data but do not authenticate the data.

EMV is a key component to a multi-layered security approach. It secures the payment transaction with enhanced functionality, by combining EMV, encryption and tokenization merchants can have a complete data protection that they need.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , , ,

CODE 10
February 2nd, 2016 by Elma Jane

Businesses continue to struggle with the prohibited storage of unencrypted customer payment data. The Payment Card Industry Data Security Standard (PCI DSS), merchants are instructed that, Protection methods are critical components of cardholder data protection in PCI DSS Requirement.

PCI DSS applies to every company that stores, processes or transmits cardholder information. Regardless of the size or type of business you operate, the number of credit card transactions you process annually or the method you use to do so, you must be PCI compliant.

Data breach is not a limited, one-time occurrence. This is why PCI compliance is required across all systems used by merchants.

Encryption and Tokenization is a strong combination to protect cardholder at all points in the transaction lifecycle; in use, in transit and at rest.

National Transaction’s security solutions provide layers of protection, when used in combination with EMV and PCI-DSS compliance.

Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment. From the moment a payment card is swiped or inserted at a terminal featuring a hardware-based, tamper resistant security module, encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center.

Tokenization can be used in card not present environments (travel merchants) such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments.  Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use. Tokenization protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions.

The sooner businesses implement encryption and tokenization the sooner stored unencrypted data will become a thing of the past.

 

Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

EMV
January 28th, 2016 by Elma Jane

The shift to EMV is helping to address vulnerabilities in the United States payments ecosystem. It has been shown that EMV can deliver benefits as a part of industry efforts to combat fraud. 

EMV migration is a critical focus for enhancing payments security, which is why the current efforts around chip card deployment are greatly beneficial for consumers and merchants alike. EMV technology helps to reduce counterfeit card fraud, as it generates dynamic data with each payment to authenticate the card, after which the cardholder is prompted to sign or enter a PIN to confirm their identity.

The EMV rollout represents a dynamic time for card payments that promises great advances, among them is enhanced security for cardholders. It also presents an opportunity to consider other innovations such as mobile wallets and mobile POS to further engage your customers and drive customer loyalty. When merchants continue to invest in EMV and NFC (near field communications, used for tap-and-pay transactions), the purchases made at their EMV-enabled terminals are made more secure than magnetic stripe.

New mobile payment options such as mobile wallets support EMV and therefore offer this added layer of security. Ultimately, by enabling contactless payments, merchants can also enable more flexibility in addition to increasing security for their customers.

Additionally, industry players are backing major mobile wallets, such as Android Pay, Apple Pay, and Samsung Pay.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , ,