October 16th, 2015 by Elma Jane
With the EMV liability shift that takes effect in October 2015, how much you’ll be affected depends on how you process credit card payments.
For Card Present Transactions
If you use POS hardware or terminal that you need to swipe the credit card, then you’ll be facing the same EMV environment as retailers. October 1st is the start of the liability shift for fraudulent charges made with the card present transactions. The party who hasn’t made an investment in EMV security features will be liable.
For the card issuer, they need to invest in EMV security features, that’s why they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.
For the merchant, they need to invest in EMV capable terminals or POS hardware that can take advantage of the card’s security chip.
If both parties have made the investment, then liability will be resolved in a similar manner to how it was before the shift. However, if only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.
For Card Not Present Transaction (CNP)
If you process credit cards online, over the phone, or through an online payment gateway integrated, the new EMV standards won’t directly change the way you do business. You’ll still be processing EMV cards based on the customer’s credit card number.
Chances are Card-Not-Present transactions will experience an increase in fraud. Because of the EMV-technology in the Card Present Transaction, fraudster will likely turn their attention to the next target which is CNP,
but payment gateways and banks concerned about the vulnerabilities, will begin to adopt new standards to minimize their exposure.
If you’re processing CNP transactions stay up-to-date on the newest security developments, online security standards find more effective ways to navigate the new credit card security frontier.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Point of Sale Tagged with: banks, Card Not Present Transaction, card-present transactions, chip cards, cnp, credit card, debit cards, EMV, merchant, payment gateway, payments, POS, terminal
October 15th, 2015 by Elma Jane
There are numbers of guidelines issued for accepting card payments, and merchants are expected to understand them all. To avoid issues down the road know a few basic rules in order to keep your business going without being penalized.
There’s a lot of ways to process a credit card: In-store, online, and by phone. There’s also different ways to pay and different brands of cards.
In-store and Card-not-present policies.
In-Store Policies:
- Always verify that the person presenting the card is the cardholder
- Ask for a 2nd ID for comparison
- Cards are non-transferable, cardholder MUST be present for purchase
- Compare the signature on the back of the card with that of the person who presents the card
- Inspect the card to confirm that it’s not visibly altered or mutilated
- Validate the card’s expiration date
Online/Phone Payment Policies: Card-not-present transactions
- Card account number
- Card billing address
- CID (3 digits on back of card OR 4 on the front)
- Card expiration date
- Card member’s home or billing telephone number
- Card member name (as it appears on the Card)
Rules for Visa, MasterCard and Amex that merchants need to know:
- Never store cardholder data on any systems to help minimize the risk of fraud and protect your business from potential chargebacks.
Complying with Federal Laws, State Laws and PCI
- A merchant should be familiar with and abide by Federal Laws regarding accepting credit cards. The Fair Credit Reporting Act is the federal law that establishes the foundation of consumer credit rights. This law regulates the collection and use of consumer credit information by merchants.
- Check state laws on the use of consumer credit information and accepting credit cards. Not all states have additional laws that regulate credit card practices, but some (such as California) prohibit merchants from requesting/requiring a customer to provide any personal information (like their address or telephone number) on any form involved with their credit card transaction. So, it is advised that merchants inquire about further information in their particular state.
- The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies processing, storing, or transmitting credit card information uphold a secure environment. These rules essentially apply to any merchant that has a Merchant ID (MID). If you are a merchant that accepts credit card payments, you are required to comply with the PCI Data Security Standard, large or small businesses.
EMV Liability Shift Set By Visa and MasterCard as of October 1st
U.S. banks and credit card companies are now using the EMV (Europay, MasterCard, and Visa) technology. The EMV liability shift for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. While issuers absorb losses under card-network rules, that burden will shift to acquirers in cases where the fraud occurs at merchants unprepared for EMV.
It’s good to know every aspect of your business. The above guidelines are part of a business that every merchants should be familiar with. The main reason for these rules is to protect your business and keep your customer’s payment card data safe and secure.
To start accepting more credit cards give us a call now at 888-996-2273. We have the latest terminals that’s EMV/NFC capable.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: amex, card network, card payments, card-not-present, chargebacks, chip cards, credit card, credit card companies, Data Security Standard, EMV, EuroPay, MasterCard, merchants, MID, Payment Card Industry, PCI-DSS, POS system, U.S. banks, visa
October 8th, 2015 by Elma Jane
Rules have changed in regards to swiping credit cards October 1st, 2015 with the EMV Liability Shift; which may not cause much concern for most consumers, but for merchants.
EMV compliance isn’t a legal requirement. However, if you’re a merchant that accepts credit cards in-person, then you need to find out whether you’re meeting the EMV Standard. The new rule for the liability shift applies October 1st, regardless of the size or type of business.
What Is EMV Standard?
EMV stands for EuroPay, MasterCard, and Visa, the three companies that originally created the standard.
The EMV Shift is to provide enhanced security and prevent fraudulent activity with credit cards. Updated equipment is also necessary for processing the new computerized cards, and unfortunately, the responsibility of securing up-to-date hardware falls on the merchant.
Since card evolves more instead of cash in our society, fraud and data breaches is on the increase, and now a common occurrence. Adapting new technology is therefore necessary. A hassle for many merchants, but there are actually benefits from all parties involved in a credit card transaction.
Data shows that fraud decreases dramatically when EMV Standards are implemented In Europe. The region has experienced an 80% reduction in credit card fraud, while the USA has seen a 47% increase by NOT implementing EMV standards.
The new liability rules took effect on October 1st in the US, and any party that has not yet implemented EMV-compliant machines might now be liable for fraud committed with counterfeit chip cards. Note that this liability shift only applies to in-person transactions. Phone order and web order transactions will be dealt with as they always were.
For Merchants, it means you’ll eventually need to get new equipment for processing credit cards payments in-person (unless you’ve already done so not too long ago, as nearly all POS terminals sold in the USA nowadays are EMV compliant). For most business owners, it’s a good idea to implement the new system sooner rather than later.
Step to take as a Merchant Until you get your EMV equipment
- Ask for an official ID from customers whose credit card you process.
- Conduct some research to see which EMV system would be best for your business.
- Start shopping around for new payment processing options that are EMV compliant.
If you already have a machine that can process chip cards, you’re fully EMV-compliant.
If you don’t accept any in-person payments, then you’re all set.
If you do accept in-person payments and you do not have a chip card machine, chances are you’ll be fine for a little while. But those of you with a high risk of encountering a fake card (if you are a high-volume business with a large average ticket, for instance) should probably upgrade soon.
Fraudsters are going to be taking advantage of businesses that haven’t upgraded so it’s a great time to switch!
Check out NTC’s EMV/NFC Capable Terminal!
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: chip cards, credit card transaction, credit cards, credit cards payments, EMV, EMV equipment, EuroPay, high risk, MasterCard, merchants, nfc, payment processing, POS terminals, visa
October 6th, 2015 by Elma Jane
If you accept credit cards and don’t know what EMV is here is what you need to know.
EMV stands for Europay, MasterCard and Visa. A credit card that had a chip embedded in it is an EMV. EMV Cards have been standard in Europe for more than 10 years because they’re more secure than magnetic stripe cards. Magnetic stripe cards doesn’t change, it has static data, which makes them easy to clone. The chip embedded card makes it more difficult and costly to counterfeit because the data that is transmitted changes each time the card is read. This means less fraud.
Liability Shift rules set by Visa and MasterCard as of October 1st. The liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards.
- Calculate your risk – Consider the cost of replacing your point-of-sale (POS) terminal vs. potential risk. Whether you replace it now or at a later time, eventually all businesses will have to replace their POS terminals.
- Educate your staff – Educated employees translate to better-educated customers. Merchants can help customers better understand this change and what it means for them.
- Upgrade your POS system – Consider using an EMV compliant credit-card reader on a wireless device for an ultra-secure mobile solution. This is also a chance to upgrade other options, such as near field communication NFC technology, which lets consumers use their mobile devices to make payments at the point of sale.
National Transaction Terminals with EMV and NFC (near field communication) Capability To accept Apple Pay, Android Pay and other NFC Transactions at your business. You will need to adopt point-of-sale devices with NFC/contactless readers.
National Transaction offer a range of options to suite your specific needs.
If you’re using Virtual Merchant Mobile now called Converge please contact our office at 888-996-2273 to know your options.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: Android Pay, Apple Pay, chip cards, contactless readers, Converge, credit cards, EMV, EuroPay, magnetic stripe, MasterCard, merchants, Near Field Communication, nfc, payments, POS, terminal, Virtual Merchant Mobile, visa
October 1st, 2015 by Elma Jane
The day the payments industry has pointed to for several years arrives today, a turning point in the U.S.‘s migration to EMV chip-and-PIN cards.
Rules set by Visa and MasterCard as of today, the liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. Banks will be issuing EMV Chip Cards.
An enormous change, as everyone learns to deal with the new technology that requires consumers to insert their cards and leave them in the store machines throughout a payment transaction, rather than swipe.
In a recent survey, less than a third of merchants overall have invested in EMV-compliant technology, and one study said 80 percent of small and midsize merchants have not upgraded their systems as of today’s liability shift.
Issuers are claiming to be more prepared than merchants, but according to the Smart Card Alliance, around 200 million chip cards have been issued to U.S. cardholders. That, however, is less than 17 percent of the approximately 1.2 billion payment cards in circulation.
What is clear is that today does not represent the end of the journey. The lack of preparedness at the physical point of sale, however, may be beneficial for card-not-present merchants.
Over the past few months, the mainstream media has awoken to the fact that implementing EMV does not mean fraud will disappear. Fraudsters quickly adapted to the difficulty of counterfeiting cards by attacking Card-Not-Present channels, where a chip has no effect.
In other markets, fraud migrated quite rapidly to card-not-present channels. It is necessary on e-commerce merchants to protect themselves with an array of tools, like device authentication, one-time passwords, randomized PIN pad and biometrics. Fraud mitigation tools like data analytics, address and CVV verification, 3D secure and tokenization. These services should be available from their merchant acquirer processor or gateway.
There should be a gradual reduction in card fraud over the next 12-18 months in spite of the delays in this country’s EMV migration. It’s going to take time for the technology to be adopted.
U.S. Merchants’ overall relative lack of preparedness for EMV may give e-commerce and mobile merchants time they didn’t think they would have to explore the options.
Sophisticated authentication technologies such as biometrics will help increase the security of card transactions. Device-based verification could be easily incorporated in an EMV transaction.
Banks have expressed interest more in using the phone as a biometrics. It’s all going to depend on what is the most convenient way to access your funds. The nice thing about biometrics is it’s meant to enable more convenience and stronger security.
Posted in Best Practices for Merchants, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mobile Payments, Mobile Point of Sale, Point of Sale Tagged with: banks, biometrics, card fraud, card-not-present, chip cards, chip-and-PIN cards, e-commerce, EMV, gateway, merchant acquirer, merchants, mobile merchants, payments industry, point of sale, POS system, processor, tokenization, Visa and MasterCard
September 8th, 2015 by Elma Jane
A card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant’s visual examination at the time that an order is given and payment effected, such as for mail-order transactions by mail or fax, or over the telephone or Internet.
The Card Associations created this term to help identify these Transactions, because CNP situations tend to be where the majority of fraudulent activity occurs; it is difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase.
The card security code system has been set up to reduce the incidence of credit card fraud arising from CNP.
Types of Security codes:
CVC1 or CVV1, encoded on track 2 of the magnetic stripe of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.
The most cited, is CVV2 or CVC2. This code is often sought by merchants for Card Not Present Transactions occurring by mail, fax, telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.
Contactless cards and chip cards may supply their own electronically-generated codes, such as iCVV or Dynamic CVV.
Code Location
The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card.
American Express Cards have a four-digit code printed on the front side of the card above the number.
Diners Club, Discover, JCB, MasterCard, and Visa Credit and Debit Cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.
For Merchant Account Setup give us a call at 888-996-2273 or visit our website www.nationaltransaction.com
Posted in Best Practices for Merchants Tagged with: card transaction, card-not-present, cardholder, chip cards, cnp, contactless cards, credit card, debit cards, magnetic stripe, merchant, moto, security code
May 14th, 2015 by Elma Jane
The way customers Pay In Stores Is Changing.
Chip cards are here to provide advanced security with every transaction. Accepting chip cards could be as simple as changing your payment terminal.
What do you need to know about Chip Card and EMV? Chip cards are payment cards that have an embedded chip, which offers advanced security when you use the card to pay in store. Chip cards are based on a global card payment standard called EMV (Europay, MasterCard and VISA) currently used in more than 80 countries.
Why Is it More Secured? Chip card transactions offer you advanced security for in store payments by making every transaction unique, and, more difficult to counterfeit or copy. If the card data and the one-time code are stolen, the information cannot be used to create counterfeit cards and commit fraud.
How do you know if a customer has a Chip Card? The customer’s card will have chip on the front of it, magnetic stripe remains on the back.
How to use Chip Card at the POS? Swipe the card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. The customer should insert their card with chip toward terminal, facing up. The chip card should not be removed until the customer is prompted.
Customer will provide their signature or PIN as prompted by the terminal.
Some transactions may not require either.
When the terminal says the transaction is complete, the customer can remove their card.
Chip-enabled terminals will still accept magnetic stripe card payments for customers who do not have a chip card.
What does a chip-enabled terminal look like? They have all of the features you are used to with a payment terminal, with the addition of a slot for the customer to insert their card. The slot is typically located at the bottom or the top of the payment terminal.
How will you know if a terminal accepts chip card? During the transition to chip, customers are being told to swipe their card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. If you have chip-enabled terminals, you can tell your customer to insert their card for a chip transaction, if a customer has a chip card.
How can you get a chip-enabled terminal? Contact your acquirer or merchant service provider.
Show your customers that you care about their information security by making the move to chip. This will ensure that your business and your customers are protected from fraud. Start accepting chip cards!
You may be liable for fraud if you don’t make the change from chip terminal. Starting October 2015, rules are changing. Merchants that accept chip will be protected from fraud losses resulting from in store counterfeit magnetic stripe card transactions just as you are today. However, liability will shift from issuers to merchants if their payment terminals are not chip-enabled for in store transactions. Fraud liability for lost or stolen cards varies by payment network. Contact your acquirer or payment services providers for more information.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Point of Sale Tagged with: card data, cards, chip cards, Chip-enabled terminals, data, EMV, EuroPay, magnetic stripe, MasterCard and VISA, merchant service provider, Merchant's, payment, payment cards, payment network, payment terminal, POS, Security, terminal, transaction
With the EMV migration just a few months away, Visa is stepping up its merchant education efforts, by launching an online portal for merchants featuring a background on chip cards, demonstrations on proper usage, and tips for implementation.
Visa also kicked off its 20-City Small Business Chip Education Tour expounding on the benefits and necessity of chip cards to local small businesses.
Visa is bringing payment industry experts to connect directly with merchants to answer their questions on the transition across the United States.
Merchant education will be a herculean task, but payments industry stakeholders should make every effort to make sure chip cards are adopted and used effectively by both merchants and consumers.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: cards, chip, chip cards, consumers, EMV, EMV migration, Merchant's, payment, payment industry, visa
February 27th, 2015 by Elma Jane
Here are the Frequently Asked Questions:
You’re probably finding yourself staring at your old credit card machine and worrying about the cost of buying a new machine. The transition doesn’t have to be an expensive one, but it pays to be educated as you consider this important upgrade.
Things you need to know in the form of a brief FAQ.
Where To Buy an EMV Credit Card Terminal?
All the same places you can buy or rent a non-EMV terminal, for the most part. The vast majority of the time supported EMV machines can be reprogrammed just like their non-EMV predecessors. While credit card terminal tampering has occurred in the past, it is not common and is even less easily achieved with new EMV terminals.Terminals have built-in anti-tampering features to prevent this. Your provider is free to either charge a reprograming fee, or simply refuse to reprogram outside machines. While they can reprogram, there’s no law saying that they have to.
Is It A Must to Have an EMV-Compliant Machine?
NO BUT THERE IS RISK. NFC (Near Field Communication) is the technology used by digital wallets for contactless payments. NFC EMV terminals can be considerably more expensive than standard EMV terminals. You can buy a separate NFC reader without replacing your existing EMV terminal.
Does an EMV Chip Card Reader Cost Much?
NOT VERY MUCH! These terminals are really not more expensive that the old terminals. You can find them as cheap, especially if it’s refurbished. There’s no reason to sign on to an expensive non-cancellable lease. If you’d rather rent than own, at least look for inexpensive rental options. If you want a wireless terminal or an NFC-capable terminal, the prices will be a little bit higher. But for baseline EMV-compatible chip card readers, it’s a pretty minor investment even for a very small business.
Does EMV Terminal Upgrade Really Needed?
Technically? No, but it would be like buying a new computer and not getting a virus protection program. Worse because you have financial data on. Your CUSTOMER! Practically? You should!
If you stick with your old non-chip credit card terminal, you will still be able to run transactions. All chip cards are also equipped with the same magnetic stripe used previously, so you can still swipe them. The difference is that if one of those chip cards that you swipe is used fraudulently, you will now be liable. The rationale behind this is that if you had upgraded your terminal, the fraud could have been prevented. Therefore you are held accountable. You might be tempted to think that your small businesses is unlikely to be a victim of such fraud because it hasn’t happened in the past. But consider that all of the big retailers will be upgrading to the EMV terminals, which is likely to drive fraudsters to more vulnerable outlets (ie, small businesses). So I don’t want to be a fear-mongerer but for the fairly small business expense of a terminal upgrade you get a lot of fraud protection. If it prevents just one instance of fraud in the years to come, it has likely paid for itself many times over.
For most merchants, it’s not that expensive or difficult to switch over to EMV equipment and the insurance that the switch will provide you with is well worth the effort. So start thinking about it, and don’t wait until the last minute. The last month before the liability shift occurs in the US, equipment providers will be backed up with orders, making the transition less smooth. So there’s no time like the present to start looking into chip card machines. It might even be a good time to think about switching providers.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: chip card readers, chip cards, contactless payments, credit card machine, credit card terminal, credit-card, Digital wallets, EMV, EMV compliant, EMV machines, EMV terminal, magnetic stripe, Merchant's, Near Field Communication, nfc, NFC reader, NFC-capable terminal, wireless terminal
January 21st, 2015 by Elma Jane
With a crucial deadline, the payments industry is starting to look at just what kind of fraud liability and how much fraud merchant acquirers will have to assume if their merchants aren’t ready to accept Europay-MasterCard-Visa (EMV) chip cards by October.
While issuers currently absorb losses under card-network rules, that burden will shift to acquirers this fall in cases where the fraud occurs at merchants unprepared for EMV.
As a result, acquirers will have to reckon with a whole new category of risk exposure.
In card-not-present transactions, acquirers have faced this, but in the overwhelming majority of cases they’ll be confronting it for the first time.
Surprisingly, for all the talk in the industry about the imminent arrival of EMV, it appears few acquiring executives have fully accounted for what the shift really means for them.
Some 24% of U.S. point-of-sale terminals are “EMV-capable,” while 9% of debit/prepaid cards issued, and 2% of credit cards have EMV chips so far. But while terminals may be technically capable, it isn’t known just how many of these merchants have the software and trained personnel to accept EMV.
Foreign issuers, especially, may be licking their chops at the prospect of offloading their consumer-fraud risk onto U.S. acquirers. For years and years, these non-U.S. issuers have invested in EMV, but the U.S. is still using the mag stripe. So non-U.S. issuers appear to be very aware of the liability shift.
To be sure, acquirers’ increased risk exposure may be relatively short-lived. Under the network rules, liability rests with the issuer in cases where both the merchant and the issuer are EMV-compliant. That could be nearly universally the case within a few years. By 2018, nearly all cards and terminals will be compliant.
But that still leaves open the question of how many of these terminals will really be running chip card transactions.
The issue isn’t so much about terminals as about software. Many mid-size merchants are using so-called integrated solutions that run payments as part of a larger business-management system. That means acquirers must work with a number of other parties to reconfigure software, and that presents a challenge when it comes to getting masses of merchants EMV-compliant.
The bigger problem is the integrated point-of-sale market.
While the liability shift may impact acquirers, not all them are convinced their exposure will rise all that much. Some argue the risk of loss from lost/stolen/counterfeit cards at the point of sale is low and not likely to rise, especially for small-ticket merchants.
Fraudsters, are much more inclined to practice their trade online, where the risk of being caught is lower, compared to face-to-face transactions.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: card network, card-not-present, chip cards, credit cards, debit/prepaid cards, EMV, EuroPay, fraud, integrated solutions, mag stripe, MasterCard, merchant acquirers, Merchant's, payments, payments industry, point of sale, terminals, transactions, visa