EMV
November 30th, 2015 by Elma Jane

Cybercriminals will continue to look for opportunities to steal payment information. Despite the superior security features associated with EMV technology, chip cards may still be vulnerable to certain types of fraud.

An EMV chip does not stop lost or stolen cards from being used in card-not-present transactions. Merchants who deal in card-not-present transactions like sales over the telephone or via the Internet are encouraged to adopt additional security measures to ensure the authenticity of cards used for transactions. The strength of the U.S. e-commerce market makes card-not-present fraud an equally important security issue that card issuers and merchants need to consider in the shift to chip cards for point-of-sale transactions.

Retailers and service providers who deal in card-present transactions are reminded that upgrading to EMV terminal at the POS is the best way to protect their customers and their business from fraudulent transactions.

EMV cards are available as either chip-and-PIN (requiring the cardholder to enter their personal identification number to complete a transaction) or chip-and-signature (requiring the cardholder’s signature), U.S. banks have primarily chosen to issue chip-and-sign cards for now.

While 59 percent of US adults have already received a new chip card, only 41 percent of them know its benefits and only 37 percent say their card issuers explained how to use the chip cards.

 

 

Posted in Best Practices for Merchants, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , ,

Payment
November 17th, 2015 by Elma Jane

Within the payment processing industry, Merchant accounts are categorized according to how they process their transactions.

There are two primary merchant account categories:

Swiped (Card Present) and Keyed (Card-Not-Present).

Swiped or Card-Present Transactions: Are those in which both the card and the cardholder are present at the time the payment is processed, they physically swipe their customers credit card through a terminal or point-of-sale system.

The sub-categories within this group include:

Retail Merchants – Normally conduct their business in an actual storefront or office space. They primarily use counter-top terminals or Point-of-Sale systems.                          Restaurant Merchants – Requires a special set-up that allows for tips to be added to the final sale amount by settling the transaction with an adjusted price that will include the tip amount.
Wireless / Mobile Merchants – They use wireless terminals or mobile phones to run these transactions in Real-Time. Have the ability to accept credit cards transactions wherever they are located out on the road.
Hotel / Lodging Merchant – Will authorize a customer’s credit card for a certain sale amount.

Card-Present Transactions also include grocery stores, department stores, movie theaters, etc. Card acceptance settings where cardholders use unattended point-of-sale (POS) terminals, such as gas stations, are also defined as card-present transactions. 

Keyed-In or Card-Not-Present Transactions: Whenever the transaction is completed and the cardholder (or his or her credit card) is not physically present to hand to the seller.

The sub-categories within this group include:
Mail Order / Telephone Order (MOTO) – The customers card information is gathered via over the phone, fax, email or internet and then manually key-entered into a terminal or payment gateway software. Once the transaction is approved and completed, the product is then shipped to the customer for delivery.
eCommerce / Internet – Conduct ALL of their business over the internet through a web site. So all credit card transactions are processed online via a payment gateway in real-time. The payment gateway is integrated into the web sites shopping cart. The cardholders card is charged instantly.

Travel Merchants is one example of Keyed or Card-Not-Present Transactions.

Start processing credit card payments today whether Swiped or Keyed.

Give us a call now at 888-996-2273 so more details!

Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone, Travel Agency Agents Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Tokenization
November 16th, 2015 by Elma Jane

Combat Fraud With Layered Approach!

Encryption and Tokenization a strong combination to protect cardholder data at all points in the transaction cycle.

Encryption – the strongest protection for card data when it’s in transit. From the moment a payment card is swiped or dipped at a terminal featuring a hardware-based, tamper resistant security module. Encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center. Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment.

Tokenization – protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions. This eliminates the possibility of having card data stolen because it no longer exists within your environment. Tokens can be used in card not present environments such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments. Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use.

A layered approach can be the most effective way to combat fraud. Security solutions that provide layers of protection, when used in combination with EMV and PCI-DSS compliance; to ensure you’re doing all you can to protect cardholder data from increasingly complex and evolving security threats.

Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , ,

POS
November 13th, 2015 by Elma Jane

It’s important for merchants to understand the basic of how a credit card terminal works. It is the channel through which the process flows and the merchants can choose the right one for their processing needs, whether they use a point-of-sale (POS) countertop model, a cardreader that attaches to a smartphone or mobile device, a sleek handheld version for wireless processing or a virtual terminal for e-commerce transactions.

A credit card terminal’s function is to retrieve the account data stored on the payment card’s EMV microchip or a magnetic stripe and pass it along to the payment processing company (also known as merchant account provider).

For card-not-present (CNP) – mail order, telephone order and online transactions – the merchant enters the information manually using a keypad on the terminal, or the e-commerce shopper enters it on the website’s payment page. The back half of the process remains the same.

The actual data transmission goes from the terminal through a phoneline or Internet connection to a Payment Processing Company, which routes it to the bank that issued the credit card for authorization.

In card-present transactions where the card and cardholder are physically present, the card is connected to the reader housed in the POS terminal. The data is captured and transmitted electronically to the merchant account provider, who handles the authorization process with the issuing bank and credit card networks.

A POS retail terminal with a phone or Internet connection works best in a traditional retail setting that deals exclusively in card present transactions. For a business with a mobile sales, a mobile credit card processing option like Virtual Merchant Converge Mobile relies on a downloadable app to transform a smartphone or tablet into a credit card terminal equipped with a USB cardreader.

Wireless Terminals are compact, allowing you to accept credit cards in the field without relying on a phone connection. If you process debit cards, you’ll need a PIN pad in addition to your terminal so cardholders can enter their personal identification number to complete the sale.

Selecting the right terminal for your credit card processing needs depends largely on the type of business you run and the sorts of transactions you process. Terminals are highly specialized and provide different services. At National Transaction we offer a broad range of terminals with NFC (near field communication) Capability to accept Apple Pay, Android Pay and other NFC/Contactless payment transactions at your business. An informed business decision benefits your bottom line. Start accepting credit cards today with National Transaction.

 

 

Posted in Best Practices for Merchants, Credit card Processing, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mobile Point of Sale, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Risk
October 9th, 2015 by Elma Jane

Credit card fraud is much more difficult to prevent in a card-not-present transaction. In a face-to-face setting the merchant can inspect the card to ensure that it is valid and can verify that the cardholder is an authorized user on the account. None of these actions can be performed when the payment is submitted online or accepted by phone. As we moved in adopting EMV Technology, majority of fraud is going to migrate away from counterfeit and stolen cards towards the card-not-present transaction as happened in other countries.

A combination of best practices and fraud prevention tools can provide card-not-present merchants with strong fraud prevention capabilities.

Steps to avoid fraud and protect your business for a card-not-present transaction:

  • Email Verification: Send a message to the email address provided by the customer requesting that the customer verify the email address is correct, you can ensure that the email is associated with the other information provided.   
  • Maintain PCI compliance:All merchants accepting card payments are now required to be compliant with the requirements of the PCI DSS (Payment Card Industry Data Standard) which sets the rules for data security management, policies, procedures, network architecture, software design and other protective measures.
  • Security Code Verification. Requesting the three digit security code on the back of a credit card. Visa (CVV2), MasterCard (CVC 2) and Discover (CID) cards, and the 4-digit numbers located on the front of American Express (CID) cards. Card Security Codes help verify that the customer is in a physical possession of a valid card during a card-not-present transaction.
  • Use an Address Verification Service (AVS): Enables you to compare the billing address provided by your customer with the billing address on the card issuer’s file before processing a transaction. AVS is good protection against card information obtained through means like phishing and malware because fraudster might not know the billing address.
  • Use 3D Secure Service: MasterCard and Verified by Visa enable cardholders to authenticate themselves to their card issuers through the use of personal passwords they create when they register their cards with the programs. The liability of any fraudulent charges through the 3D service is picked up by the issuer, not the merchant.
  • Verify the phone number and transaction information.Prior to shipping your products, call the phone number provided by the customer and verify the transaction information. Criminals may be unable to verify such information, because in their haste to max out the credit line before the fraud is discovered, they often order at random and do not keep records.

 

 

 

Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Payment Card Industry PCI Security, Travel Agency Agents Tagged with: , , , , , , , , , , , , ,

Risk
September 8th, 2015 by Elma Jane

card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant’s visual examination at the time that an order is given and payment effected, such as for mail-order transactions by mail or fax, or over the telephone or Internet.

The Card Associations created this term to help identify these Transactions, because CNP situations tend to be where the majority of fraudulent activity occurs; it is difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase.

The card security code system has been set up to reduce the incidence of credit card fraud arising from CNP.

Types of Security codes:

CVC1 or CVV1, encoded on track 2 of the magnetic stripe of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.

The most cited, is CVV2 or CVC2. This code is often sought by merchants for Card Not Present Transactions occurring by mail, fax, telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.

Contactless cards and chip cards may supply their own electronically-generated codes, such as iCVV or Dynamic CVV.

Code Location

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card.

American Express Cards have a four-digit code printed on the front side of the card above the number.

Diners Club, Discover, JCB, MasterCard, and Visa Credit and Debit Cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.

For Merchant Account Setup give us a call at 888-996-2273 or visit our website www.nationaltransaction.com

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , ,

July 30th, 2015 by Elma Jane

Converge Powers Potential          Converge Logo

Over the next several weeks, we’ll focus on a series of topics to hopefully provide a better understanding of the payment capabilities

Converge can bring you customers. In this article, we’ll zoom in on the card-present product enhancements of Converge first, including bringing EMV and mobile wallet capabilities to in-person payments, and ultimately VirtualMerchant Mobile later this year.

converge graphics

New Peripherals Added to Converge – Ingenico iSC250 and Star                                 Micronics TSP650II Printer

Ingenico iSC250 Signature-Capture PIN Pad – is a signature-capture PIN pad offering the ability to accept PIN-based transactions, like debit card and Electronic Benefit Transfer (EBT), as well as EMV chip card and mobile wallet payments.

The iSC250 will initially ship EMV-capable meaning it’s physically configured with a slot to accept an EMV chip card, but it does not yet have the EMV application to process a chip card transaction.

A simple download process later in the year will allow customers to accept chip cards. The good news is customers can accept NFC contactless payments right away, including Apple Pay and Google Wallet.

Key features of the Ingenico iSC250 include:

  • EMV-capable smart card reader to support EMV chip cards; EMV-enabled with a download later in the year
  • NFC-enabled for contactless cards and Apple Pay and Google Wallet mobile wallets
  • Magnetic stripe capture for all standard mag stripe cards
  • Encryption technology to help secure cardholder data at point of entry and throughout the payment network
  • Signature Area Display for signature capture with electronic stylus
  • Bright color 4.3″ display and backlit key pad for ease of use

Star Micronics TSP650III:

In addition to the new iSC250PIN pad, a new USB printer were also added to the lineup of Converge supported peripherals, the Star Micronics TSP650II receipt printer. Now customers have two options for thermal receipt printing!

ConvergeConnect Makes Device Setup a Snap

A new peripheral and device management software called ConvergeConnect to make it easier for your customers to setup their devices quickly as well as add additional peripherals as their business needs grow. It will be the go-forward device management application, and we’ll be able to bring more and more EMV and NFC devices to market faster, giving our customers even more in-store payment processing options.

Legacy peripherals, like magnetic stripe card readers, check imagers and the Epson ReadyPrint T20 printer will continue to be managed using the Device Assistant.

Customers may have to use both ConvergeConnect and Device Assistant depending on their peripheral configuration.

A new Peripheral Device Installation and Setup Guide was developed to help customers install and manage their peripherals for both applications.

Converge Mobile with EMV on the Horizon

Work continues on the new VirtualMerchant Mobile app to be branded as Converge Mobile, and releasing the Ingenico iCMP in the third quarter. The Ingenico iCMP accepts EMV and NFC transactions, including contactless cards and mobile wallets, like Apple Pay. Stay tuned as more information becomes available.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, EMV EuroPay MasterCard Visa, Mobile Payments, Near Field Communication Tagged with: , , , , , , , , , , , , , , , , , ,

July 10th, 2015 by Elma Jane

unnamed

 

Every Merchant in the country needs to upgrade their terminal. Are you ready for the October 1, 2015 Liability Shift?

Beginning October 1, 2015, all businesses that accept in-person payments must be able to take cards embedded with chips to avoid liability for fraud. The chips are more secure than magnetic stripes.

National Transaction brings the latest EMV and NFC technologies to Merchants.

NTC Clients will be able to accept contactless payment with the same NFC technology used by Apple Pay, Google Wallet and SoftCard. Additionally, the Ingenico terminals are EMV Enabled, delivering the latest in fraud prevention technology.

The new EMV enabled terminals are designed to accept EMV chip cards and magnetic stripe cards.

EMV (an acronym for Europay, MasterCard® and Visa®) is a global technology standard for payment cards.

What are the benefits of having an EMV terminal?

These next generation terminals can reduce your risk of accepting counterfeit cards, as chip and PIN transactions verify both the card and the cardholder.

Eliminate your card present fraud liability exposure associated with the October 1st, 2015* liability shift imposed by the card brands.

Improve customer service for your international cardholder customer. EMV cards are already the standard in over 80 countries.

Be on the lookout for more information about how to be chip card ready before OCTOBER.

*Businesses with Automated Fuel Dispensers (also called “Pay at the Pump”) acceptance methods have until October 2017 to comply with the new standard.

 

Untitled

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mobile Payments, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , ,

June 18th, 2015 by Elma Jane

Untitled

Every Merchant in the country needs to upgrade their terminal.

Are you ready for the October 1, 2015 Liability Shift?

Beginning October 1, 2015, all businesses that accept in-person payments must be able to take cards embedded with chips to avoid liability for fraud. The chips are more secure than magnetic stripes.

National Transaction brings the latest EMV and NFC technologies to Merchants.

NTC Clients will be able to accept contactless payment with the same NFC technology used by Apple Pay, Google Wallet and SoftCard. Additionally, the Ingenico terminals are EMV Enabled, delivering the latest in fraud prevention technology.

The new EMV enabled terminals are designed to accept EMV chip cards and magnetic stripe cards.

EMV (an acronym for Europay, MasterCard® and Visa®) is a global technology standard for payment cards.

By accepting chip cards EMV terminal, you help protect your business from card present fraud liability and prepare your business for the future of payment application technology. If your business accepts and processes a counterfeit card transaction on a non-EMV terminal, the liability for that fraudulent transaction is yours, not incurred by the card issuers.

How do you process an EMV chip card transaction?

  1. Insert Card. Instead of swiping, the customer will insert the card into the terminal, chip first, face up.
  2. Leave the Card in the Terminal. The card must remain in the terminal during the entire transaction.
  3. The Receipt or Enter a PIN. As prompted, the customer will sign the receipt or enter their PIN to complete the transaction.
  4. Remove Your Card. When the purchase is complete, remind the customer to take the card with them.

What are the benefits of having an EMV terminal?

These next generation terminals can reduce your risk of accepting counterfeit cards, as chip and PIN transactions verify both the card and the cardholder.

Eliminate your card present fraud liability exposure associated with the October 1st, 2015* liability shift imposed by the card brands.

Improve customer service for your international cardholder customer. EMV cards are already the standard in over 80 countries.

Be on the lookout for more information about how to be chip card ready before OCTOBER.

*Businesses with Automated Fuel Dispensers (also called “Pay at the Pump”) acceptance methods have until October 2017 to comply with the new standard.

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication Tagged with: , , , , , , , , , , , , , ,

May 19th, 2015 by Elma Jane

We’re now nearly midway through 2015, and payment security still remains a topic that stirs up great concern and confusion. While there is seemingly unanimous agreement on the need for heightened security, there’s uncertainty about those who are tasked with actually implementing it. Let’s dig deeper into EMV, P2PE and tokenization. How each will play a part in the next generation of securing payments, and how without properly working together they might just fall short.

 

 

Europay, MasterCard, and Visa (EMV) – A powerful guard against credit card skimming. EMV also uses cryptography to create dynamic data for every transaction and relies on an integrated chip embedded into the card.

Downside: For Independent Software Vendor (ISVs), the biggest downside of EMV is the complexity of creating an EMV solution. ISVs interested in certifying PINpads with a few processors face up to 22 months of costly work, and because there are a large number of pending certifications, processors will be backed up over the next few years.

It’s not impossible for an ISV to build EMV solutions in-house, but it’s difficult and unnecessary when there are plug-and-play EMV solutions available. These solutions include pre-packaged and pre-certified APIs that remove most of the need for research, the complexity and the burden of time and cost.

Point to Point Encryption (P2PE) – Secures devices, apps and processes using encrypted data with cryptographic keys only known to the payment company or gateway from the earliest point of the transaction, from tech-savvy criminals, jumping at their chance to intercept POS systems and scrape the memory from Windows machines.

How does a key get into card reader? Through an algorithm called derived unique key per transaction (DUKPT), or “duck putt.” DUKPT generates a base key that’s shared with device manufacturers securely, where output cardholder data is rendered differently each time a card is swiped, making it impossible to reverse engineer the card data. P2PE not only benefits the cardholders, but also the ISVs and merchants. PA-DSS certification was designed to address the problems created with cardholder data which is not encrypted.

Downside: P2PE isn’t cheap if an organization wants to do it in-house. The secure cryptographic device needed to manage the keys, Hardware Security Module (HSM), can cost $30-40,000 but when it’s built out, that total cost can jump to $100,000.

TOKENIZATION – The best way to protect cardholder data when it’s stored is using tokenization, a process which the PCI Security Standards Council describes as one where the primary account number is replaced with a surrogate value a token. For merchants dealing with recurring billing, future payments, loyalty programs and more, tokenization is critical.

Downside: Tokenization doesn’t prevent malware that’s remotely installed on POS devices. It’s possible, as seen with recent retail card breaches, for data to be stolen before it is tokenized. That’s why it’s essential to group tokenization together with P2PE and EMV to offer optimal security.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,