September 4th, 2014 by Elma Jane
EMV, which stands for Europay, MasterCard and Visa, and is slated to be mandated across the United States starting in October 2015 and automated fuel dispensers have until October 2017 to comply. Unlike magnetic swipe cards, EMV chip cards encrypt data and authenticate communication between the card and card reader. Additionally, chip card user is prompted for a PIN for authentication.
Why are those dates important? Companies lose $5.33 billion to fraud today, with card issuers and merchants incurring 63 and 37 percent of these losses, respectively. Under the EMV mandate, merchants who do not process chip cards will bear the burden of the issuer loss. By accepting chip card transactions, merchants and issuers should see a reduction in fraud.
Overcoming Barriers to EMV Adoption
Given the significant barriers to EMV adoption, it may be tempting for merchants to meet minimum requirements for accepting EMV payments. However, medium to large retailers should also consider the bigger picture of customer security and peace of mind.
Some key critical success factors for a payment initiative of this size include:
Business Continuity Architecture: As with all payment systems, it is imperative to have the EMV system running at all times. The solution should preferably have Active-Active architecture across multiple data centers and have a low Recovery Point Objective (the point in time to which the systems and data must be recovered after an outage).
Cost Benefit Analysis: Take a top down approach and decide accordingly on the scope of the analysis. This will ensure that decisions on scope are made on basis of quantitative data and not just qualitative arguments.
Phased Approach: To overcome time or cost overage in a project of this scope and complexity, retailers should try using an iterative approach for development. The rollout can be divided into multiple releases of six to seven months, which will provide the opportunity to review, capture lessons learnt, and improve subsequent releases.
Proactive Monitoring Alerts: Considering the criticality of business function carried out by EMV, tokenization and payment gateway, a vigorous supervising environment must be defined to perform proactive and reactive monitoring. It should take into consideration the monitoring targets, tools, scope and methods. This will provide advance visibility to the failure points and better ensuring maximum system availability.
Resilience Testing: Typically in a software project, the testing is limited to the unit, integration, performance and user acceptance. However, due to the critical nature of the applications and systems involved, robust resiliency testing is vital. This will ensure that there are no single points of failure and the system remains available when running in error conditions.
Stakeholder Identification: This is a key step to ensure that you have varied perspectives from all departments and their support. It will keep your organization from being blindsided and reduce the risk of disagreements in later stages of the program. Key stakeholders should include Store Operations, Card Accounting, Loss Prevention, Contact Center and IT & Data Security.
Organizations should adopt a five step approach to implement a secure, robust and industry-leading payment solution:
Encryption – Point to point encryption will ensure card data is secure and encrypted from the point of capture to the processor. Usually, merchants use data encryption that is not point to point, rendering their organization vulnerable to data breaches. Software encryption is the most common form of encryption, as it is easily installed and quires little or no hardware upgrades; however, it is less secure, may expose encryption keys, and is prone to memory scanning attacks. Hardware encryption is considered more secure but requires more costly terminal upgrades. Hardware encryption is designed to self-destruct the keys if tampered, but is not well-defined as very limited headway has been made in this space.
Tokenization – Build a Card Data Environment (CDE) that will host a centralized card data storage solution. Only limited applications with firewall access and capability to mutually authenticate via certificates can access CDE and receive card data. The rest of the applications will have tokens which are random numbers. This architecture will ease the merchant’s burden with existing and emerging PCI Data Security Standards.
Payment Gateway – Perform a risk assessment on the current payment gateway and identify gaps in functionality, manageability, compliance, scalability, speed to market and best practices. Determine the alternatives to mitigate the risks. Some of the important aspects of a leading payment gateway solution are support for all forms of credit, debit, gift cards and check transactions. Its ability to work with any acquirer, in-built encryption abilities, support for settlement and reconciliation must also be kept into consideration.
Settlement, Funding and Reconciliation – A workflow-based system to handle chargebacks and the automation of chargeback processing will greatly reduce labor-intensive work and enhance the quality of data used for settlement and reconciliation. Upgrades to the existing receipt retrieval system may be needed.
Card fraud is on the rise in the U.S., and merchants are the primary target for stealing information. With the EMV deadline just over a year away, the responsible retailer must take steps to prepare now. Although EMV implementation might seem overwhelming to merchants, they should start their journey to secure payments rather than wait for a looming deadline. Solutions such as data encryption and tokenization should be used in combination with EMV to implement a robust payment solution to better protect merchants against fraud. By proactively adopting EMV payment solutions, merchants can stay ahead of the regulatory curve and better protect their customers from fraud.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: authentication, automation, card, card data, Card Data Environment, card fraud, card issuers, card transactions, CDE, chargeback, chargeback processing, check, check transactions, chip, chip cards, credit, customer, customer security, data, data breaches, data encryption, data security, debit, EMV, emv chip cards, EuroPay, fraud, gateway, Gift Cards, host, integration, magnetic swipe cards, MasterCard, Merchant's, payment, payment gateway, payment solution, payment systems, PCI, PCI Data Security Standards, PIN, processor, retailers, Security, software, swipe, terminal, tokenization, tools, visa
February 17th, 2014 by Elma Jane
Facts about Chargeback
Merchants know chargebacks are bad, but many aren’t aware of simple facts that can help them better understand and guard against fraud accordingly.
Do you know which month is the worst for fraud charge backs?
which transaction amounts are the most likely to be disputed?
or which U.S. states are the biggest offenders?
If not, a Big Data fraud science firm – will help you prepare for a smoother 2014.
Facts you’ll learn:
The most common fraudulent chargeback amount.
The day of the week when chargebacks are most likely to occur.
The time of year charge backs are most likely to occur.
49% of all fraudulent chargebacks happen after 60 days or more from date of purchase.
$1,000 is the most common attempted unauthorized sales amount (followed by $2,500, $2,000, $1,500 and $5,000).
11% of all fraudulent transactions fall under the Merchant category “Code of 7299”.
Services. The word most often found in registered fictitious names for fraudulent merchant accounts is “Services”.
Wednesday Is the day of the week when the most chargebacks (19%) occur.
One-Third of all fraud chargebacks happen in the fall (September to November).
California Republic is the top state registered by fraudulent businesses, accounting for 14% of chargebacks the U.S. total.
Florida, Texas and New York round out the top four states with 12%, 9% and 7% respectively.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Merchant Services Account, Payment Card Industry PCI Security Tagged with: big data, charge backs, chargeback, disputed, fraudulent businesses, fraudulent transactions, guard against fraud, merchant accounts, unauthorized sales
November 14th, 2013 by Elma Jane
Los Angeles-based company Verifi, providing antifraud and risk-management services recently secured a patent for its dispute-resolution technology that enables merchants to avoid chargebacks by turning them into refunds earlier in the process. According to the patent abstract, the patent covers “receiving, at the partner platform, an inquiry/dispute event notification,” and “refunding the transaction or canceling future or recurring charges associated with the transaction.”
Verifi noted in the patent application, consumers are increasingly contacting their issuing bank first in the case of a disputed credit or debit card charge, cutting the merchant out until later in the process. The patent in question, in addition to streamlining the process for issuers engaged in the dispute process, helps recurring merchants by removing cardholders from the recurring payment program during the resolution process so additional charges will not come into question until the original dispute is settled.
Posted in Best Practices for Merchants, Credit card Processing, Payment Card Industry PCI Security Tagged with: antifraud, cardholders, chargeback, consumers, dispute-resolution, disputed, inquiry/dispute, issuing, Merchant's, patent, payment, platform, process, receiving, recurring charges, refund, refunding, resulution, risk-management, Security, services, settled, transaction, verifi
October 14th, 2013 by Elma Jane
First what is a Merchant Account? It is a type of bank account that allows businesses to accept payments by payment cards, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions. In some cases a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement. Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator such as PayPal, the agreement contractually binds the merchant to obey the operating regulations established by the card associations.
Merchant Account comes in 2 Basic Types – Aggregated Accounts and Dedicated Accounts.
Aggregated Merchant Account – such as those provide by PayPal that use a single merchant account to provide credit card processing for an entire portfolio of companies.
Dedicated Merchant Account – are provisioned specifically for your business.
Each has its Advantages and Disadvantages.
4 Key Points to Consider when deciding which type is the most advantageous for your small business.
1. Creditworthiness: To obtain a dedicated credit card processing merchant account your business will need to go through comprehensive underwriting. If you’re in a difficult to underwrite industry or if your business is very new and if it has a less than stellar credit history then an aggregated merchant account is the best choice. You still need to provide information about your business, underwriting for aggregated accounts is typically far less rigorous than for dedicated merchant accounts.
2. Funds Control: With an aggregated merchant account, transaction proceeds go to the service provider and are then deposited to your bank account at the provider’s discretion. There are no industry standards or rules that govern how an aggregated merchant account provider handles or disburses your money. The provider makes the rules, and can change them at will, so if you choose an aggregated merchant pay very close attention to the contract terms and any changes made to them. With a dedicated merchant account, transaction proceeds, less processing fees, are deposited directly into your business account. While the merchant account provider can correct errors, react to potential fraud and debit your account for customer “chargeback” claims. This must all be done based on industry-standard credit card processing rules.
3. Neighborhood: With an aggregated account, you’ll have no idea about the other companies processing transactions. If a good number of them engage in fraudulent activity, it is possible that the service provider’s processing account will be terminated and even honorable businesses like yours will lose credit card processing ability. If you do go with an aggregated account, it is very important to make sure that your provider is large enough to absorb fraud generated by a few bad apples.
If you’re using a small provider, try to get a list of the other business using the service and check them out to see if you want to live in the same neighborhood. With a dedicated merchant account the only company processing credit card transactions through it will be yours. You are in full control of keeping the account in good standing.
4. Speed: Getting a dedicated merchant account can take time. While there are some providers automating the process and providing same-day decisions. A typical application will take 48 hours to approve and additional time to integrate into a POS or electronic payment processing environment. Signing up for a credit card processing under an aggregated account service provider can usually be done in minutes, and it often comes with an online system that can have you actively processing payment within the hour.
Offering your customers the option to pay with a credit card is a great way to enhance revenue for your small business. Customers want the points associated with rewards cards, and they want to manage their own cash flow by floating balances or financing their purchases. Allowing them to use credit cards accomplishes both. So, give the customers what they want. If you don’t accept credit cards yet, now is a great time to start. Having made that decision, the next step is to obtain a merchant account for credit card processing.
The actual credit card processing rates you’ll be charged are a critically important factor as well. But as with most things, you get what you pay for. So don’t choose a low rate without also considering how the provider you select will impact your overall business.
For Merchant Account Services Please call National Transaction at 888-996-2273 or visit our website www.nationaltransaction.com to know more about our services.
Posted in Credit card Processing, Merchant Services Account Tagged with: account, accounts, acquiring, aggregator, card, cards, chargeback, credit, debit, electronic, environment, fees, financing, fraud, ISO, merchant, msp, payment, PayPal, POS, Processing, provider, transaction, underwriting