Identity
October 29th, 2015 by Elma Jane

What is Identity Theft?

Identity theft and identity fraud are terms used to refer to all types of crimes in which someone wrongfully obtains and uses another person’s personal data.

Basic categories of identity theft:

Account Takeover Fraud – is one of the two basic forms of financial identity theft, it occurs when a fraudster obtains and uses a victim’s personal information to take control of existing bank or credit card accounts and carries out unauthorized transactions right at a point of sale or access individual accounts online. Victims are often the first to detect account takeover when they discover charges on monthly statements they did not authorize or funds depleted from existing accounts.

Business or commercial identity theft – entails using a business’ name to obtain credit or even billing a business’ clients for products and services. Business identity theft can go on for years undetected.

Criminal identity theft – occurs when an imposter gives another person’s name and personal information such as drivers’ license, date of birth, or Social Security Number to a law enforcement officer during an investigation or upon arrest.

Identity cloning – some people use identity theft and identity cloning interchangeably, but definitely are not the same thing. True identity clones pretends to be you, they want to assume your identity. They want to become YOU.

Medical identity theft – occurs when someone steals your personal information (like name, Social Security Number or MediCare Number) to obtain medical care in your name. Medical identity theft can damage your credit rating.

New Account Fraud – means using another’s personal identifying information to obtain products and services. New credit card accounts is the most prevalent form of new account fraud. Because the thief is likely to use a different mailing address, the victim never sees the bill for the new account. When this type of fraud involves a credit card, once the new plastic is issued, the criminal turns it into cash very quickly. Victims may also be denied credit as a result of applying for loans.

 

 

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , ,

Debit
October 27th, 2015 by Elma Jane

If there’s an unauthorized charge made on your credit card account, no money is taken from you. There’s no immediate financial hit while you straighten things out. But if someone gets hold of your debit card information, your bank account will be drained depending on the nature of the transaction.

Differences between a credit card and a debit card:

Debit cards fall under a different federal law than credit cards. Regulation E, the Electronic Fund Transfer Act, says after two days, you could be liable for up to $50. After 2 days liability jumps to 500.00. Beyond 60 days, you could be liable for all unauthorized transactions. Otherwise, federal rules are on the bank’s side. Beyond 60 days, there’s likelihood you’ll never see your money again.

Federal law protects you from unauthorized charges made with your credit card number rather than with the actual card. In the event the credit card is in a thief’s hands, you’ll be liable, but only for a maximum of $50, provided you report the problem to the credit card company. However, in many cases a zero liability policy may kick in.

There are many things that can go wrong. Best solution is to pay close attention to your statements, online or via a mobile app, frequently. Report if there’s a malicious transaction.

 

 

Posted in Best Practices for Merchants, Credit Card Security Tagged with: , , , , ,

E-Pay
October 20th, 2015 by Elma Jane

We’ve covered  a lot about EMV, but what about improving security for online and Card-Not-Present transactions? That’s where 3-D Secure comes in.

3-D Secure allows a card holder to authenticate himself while making an online payment.

In a traditional credit card transaction, a payment request is presented to the issuing bank for authorization. The Issuing bank authorizes the transaction based solely on the funds available to the card holder.

With card present, the magnetic strip on the card can be read and a signature collected. This process has now been largely superseded by Chip and PIN which gives the card holder the opportunity to identify himself via a secret PIN code.

An E-commerce transaction is conducted online, without the possibility to access the card physically. Un-authorized usage and fraud are therefore more likely.

3-D Secure allows transactions to be conducted in safety online, greatly reducing the risk of fraud and chargebacks.

How 3-D Secure Works?

When a payment request arrives at the merchant or payment gateway, the Merchant Plug In (MPI) component is activated. The MPI talks to Visa or MasterCard to check if the card is enrolled for 3-D Secure. If the card is not enrolled, this means that either the bank that issued the card is not yet supporting 3-D Secure or it means that the card holder has not yet been registered for the service. If the card is enrolled, the MPI will redirect the card holder to the 3-D Secure authentication web page for the issuing bank; the card holder will then identify himself. The MPI will evaluate the reply from the bank and, if successful, allow the transaction to proceed for authorization. The transaction could still fail for lack of funds or other reasons but is more likely to be approved because of the authentication.

3-D Secure allows 3 domains to work together.

Domain 1: The card holder has the peace of mind that his card is not used without his authorization.

Domain 2: Merchants are protected from fraud and can provide the product and service without delay or extra costs.

Domain 3: Banks see that the transaction has been authenticated and are more likely to approve the transaction, to the convenience of the card holder.

Implementation of 3-D Secure:

Visa is called Verified by Visa.

MasterCard is called Secure Code.

Amex is called SafeKey.

JCB is called J/Secure.

Posted in Best Practices for Merchants, e-commerce & m-commerce, Internet Payment Gateway Tagged with: , , , , , , , , , , , , , , , , , ,

Security
October 19th, 2015 by Elma Jane

Small merchants don’t consider themselves at risk for a cyberattack. But Cybercriminals thrive on data about employees, customers, bank accounts and many other types of information any small business would carry, with fewer resources than large firms, small businesses are especially at risk for attacks.

Here are Steps to find out to make your business more cybersecure:

Employ best practices on payment cards – Credit card companies are now shifting from magnetic-strip payment cards to safer, more secure chip card EMV Technology. Are you ready for the shift? Now is the time, you should work with your banks and processors to ensure you’re using the most trusted and validated anti-fraud services. You may also have additional security obligations pursuant to agreements with your bank or processor. You should isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

Educate employees about cyberthreats – Educate your employers about online threats and how to protect your organization’s data, including safe use of social networking sites.

Protect against viruses, spyware, and other malicious code – Make sure all of your organization’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.

Require employees to use strong passwords and to change them often – Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.

Secure your networks – Safeguard your Internet connection by using a firewall and encrypting information.  If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.

No one can guarantee your safety from a cyberattack, appropriate planning makes a big difference. By using these tips and resources, you can help promote the safety of your employees, customers, and the future success of your small business.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , ,

EMV
October 16th, 2015 by Elma Jane

With the EMV liability shift that takes effect in October 2015, how much you’ll be affected depends on how you process credit card payments.

For Card Present Transactions

If you use POS hardware or terminal that you need to swipe the credit card, then you’ll be facing the same EMV environment as retailers. October 1st is the start of the liability shift for fraudulent charges made with the card present transactions. The party who hasn’t made an investment in EMV security features will be liable.

For the card issuer, they need to invest in EMV security features, that’s why they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.

For the merchant, they need to invest in EMV capable terminals or POS hardware that can take advantage of the card’s security chip.

If both parties have made the investment, then liability will be resolved in a similar manner to how it was before the shift. However, if only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.

For Card Not Present Transaction (CNP)

If you process credit cards online, over the phone, or through an online payment gateway integrated, the new EMV standards won’t directly change the way you do business. You’ll still be processing EMV cards based on the customer’s credit card number.

Chances are Card-Not-Present transactions will experience an increase in fraud. Because of the EMV-technology in the Card Present Transaction, fraudster will likely turn their attention to the next target which is CNP,

but payment gateways and banks concerned about the vulnerabilities, will begin to adopt new standards to minimize their exposure.

If you’re processing CNP transactions stay up-to-date on the newest security developments, online security standards find more effective ways to navigate the new credit card security frontier.

 

 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Point of Sale Tagged with: , , , , , , , , , , , ,

NTC
October 15th, 2015 by Elma Jane

There are numbers of guidelines issued for accepting card payments, and merchants are expected to understand them all. To avoid issues down the road know a few basic rules in order to keep your business going without being penalized.

There’s a lot of ways to process a credit card: In-store, online, and by phone. There’s also different ways to pay and different brands of cards.

In-store and Card-not-present policies.

In-Store Policies:

  • Always verify that the person presenting the card is the cardholder
  • Ask for a 2nd ID for comparison
  • Cards are non-transferable, cardholder MUST be present for purchase
  • Compare the signature on the back of the card with that of the person who presents the card
  • Inspect the card to confirm that it’s not visibly altered or mutilated
  • Validate the card’s expiration date

Online/Phone Payment Policies: Card-not-present transactions

  • Card account number
  • Card billing address
  • CID (3 digits on back of card OR 4 on the front)
  • Card expiration date
  • Card member’s home or billing telephone number
  • Card member name (as it appears on the Card)

Rules for Visa, MasterCard and Amex that merchants need to know:

  • Never store cardholder data on any systems to help minimize the risk of fraud and protect your business from potential chargebacks.

Complying with Federal Laws, State Laws and PCI

  • A merchant should be familiar with and abide by Federal Laws regarding accepting credit cards. The Fair Credit Reporting Act is the federal law that establishes the foundation of consumer credit rights. This law regulates the collection and use of consumer credit information by merchants.
  • Check state laws on the use of consumer credit information and accepting credit cards. Not all states have additional laws that regulate credit card practices, but some (such as California) prohibit merchants from requesting/requiring a customer to provide any personal information (like their address or telephone number) on any form involved with their credit card transaction. So, it is advised that merchants inquire about further information in their particular state.
  • The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies processing, storing, or transmitting credit card information uphold a secure environment. These rules essentially apply to any merchant that has a Merchant ID (MID). If you are a merchant that accepts credit card payments, you are required to comply with the PCI Data Security Standard, large or small businesses.

EMV Liability Shift Set By Visa and MasterCard as of October 1st

U.S. banks and credit card companies are now using the EMV (Europay, MasterCard, and Visa) technology. The EMV liability shift for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. While issuers absorb losses under card-network rules, that burden will shift to acquirers in cases where the fraud occurs at merchants unprepared for EMV.

It’s good to know every aspect of your business. The above guidelines are part of a business that every merchants should be familiar with. The main reason for these rules is to protect your business and keep your customer’s payment card data safe and secure.

To start accepting more credit cards give us a call now at 888-996-2273. We have the latest terminals that’s EMV/NFC capable.

 

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , ,

October 13th, 2015 by Elma Jane

It is difficult to believe that many businesses still do not accept credit or debit cards for payments, while most customers preferred using cards for the following reasons.

  • Doesn’t want to carry cash.
  • Security and Protection offered by card issuers.
  • Desire to earn reward points.

Some of the many advantages for businesses that accept credit card payments include:

Easy and cost efficient – credit card processing has become a highly competitive industry. NTC offers the latest in EMV and NFC technologies that allows businesses to accept contactless payment like Apple and Android Pay. NTC integrates with most POS systems.

Essential for online sales – internet selling is growing. The Internet makes it possible for a small business in a remote location to offer its products to potential customers throughout the nation and even across the world, almost all of those transactions require a credit or debit card.

Increases revenue – people like the convenience and security of paying with a credit or debit card. In fact, 66 percent of point-of-sale transactions use credit, debit or gift cards.

Merchant services accelerate cash flow – credit card transactions process quickly, with proceeds generally available in a bank account within two days or less. That eliminates the time it normally takes checks to clear. It also reduces or eliminates billing and the time spent waiting to receive payment checks from customers.

Reduce transaction risks – Check fraud remains a major problem for U.S. businesses, 77% of businesses were victims of check fraud, only 34% experienced credit card fraud and 92% said they believe new EMV chip and pin, credit cards will significantly reduce fraud at the point of sale.

Setting up a merchant account for your business is as simple as contacting a merchant service provider. A merchant service provider process payments and make sure the money is appropriately withdrawn from a credit card account and placed into the business’s merchant account.

For more details about setting up an account give us a call now! at 888-996-2273.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , ,

Contacless
October 13th, 2015 by Elma Jane

 

What can near field communication do for individual and how can it make lives easier. Many uses of NFC technology offer benefits in a number of everyday tasks ranging from paying for groceries to receiving adequate health care treatments.

Check this out if the benefits are worth it:  

Contactless Payments – well-known use of NFC technology is for contactless payment. Customers can use their smartphone over a card reader to make a purchase without swiping or counting out cash. This saves time and also reduces the chances of losing a credit card that comes with carrying multiple cards around.

Health Care – With NFC technology, hospitals can better track patient information and doctors’ notes in real-time. This helps prevent the wrong medications from going to the wrong patient and creates a streamlined system focused on the best in patient care.

Information Sharing – NFC tags most common way NFC is currently used on Android and Windows phones. Using your Phone or Tablet, you can tap a strategically-placed NFC tag, which prompts your phone to take action on something, like automatically prompts your phone to enable Wi-Fi, disable sounds and decrease brightness. Exchange information between two Android phones.

Pairing with Devices – Smart household appliances are adopting NFC. LG’s smart washing machines let you pair your phone with the machine so that you can remotely monitor the washing cycle.

Social Networking Social networking is booming, and NFC tags are looking to get in on the action. NFC allows users to interact with each other and update their location and other info without any unnecessary log-ins or tapping through menu screens.

Transportation – Swiping a smartphone not only allows the passenger access to the subway but also keeps track of the number of trips he has left. Passengers can come and go much faster and easily pay for extra trips.

Posted in Best Practices for Merchants, Near Field Communication, Smartphone Tagged with: , , , , , , ,

Risk
October 9th, 2015 by Elma Jane

Credit card fraud is much more difficult to prevent in a card-not-present transaction. In a face-to-face setting the merchant can inspect the card to ensure that it is valid and can verify that the cardholder is an authorized user on the account. None of these actions can be performed when the payment is submitted online or accepted by phone. As we moved in adopting EMV Technology, majority of fraud is going to migrate away from counterfeit and stolen cards towards the card-not-present transaction as happened in other countries.

A combination of best practices and fraud prevention tools can provide card-not-present merchants with strong fraud prevention capabilities.

Steps to avoid fraud and protect your business for a card-not-present transaction:

  • Email Verification: Send a message to the email address provided by the customer requesting that the customer verify the email address is correct, you can ensure that the email is associated with the other information provided.   
  • Maintain PCI compliance:All merchants accepting card payments are now required to be compliant with the requirements of the PCI DSS (Payment Card Industry Data Standard) which sets the rules for data security management, policies, procedures, network architecture, software design and other protective measures.
  • Security Code Verification. Requesting the three digit security code on the back of a credit card. Visa (CVV2), MasterCard (CVC 2) and Discover (CID) cards, and the 4-digit numbers located on the front of American Express (CID) cards. Card Security Codes help verify that the customer is in a physical possession of a valid card during a card-not-present transaction.
  • Use an Address Verification Service (AVS): Enables you to compare the billing address provided by your customer with the billing address on the card issuer’s file before processing a transaction. AVS is good protection against card information obtained through means like phishing and malware because fraudster might not know the billing address.
  • Use 3D Secure Service: MasterCard and Verified by Visa enable cardholders to authenticate themselves to their card issuers through the use of personal passwords they create when they register their cards with the programs. The liability of any fraudulent charges through the 3D service is picked up by the issuer, not the merchant.
  • Verify the phone number and transaction information.Prior to shipping your products, call the phone number provided by the customer and verify the transaction information. Criminals may be unable to verify such information, because in their haste to max out the credit line before the fraud is discovered, they often order at random and do not keep records.

 

 

 

Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Payment Card Industry PCI Security, Travel Agency Agents Tagged with: , , , , , , , , , , , , ,

September 11th, 2015 by Elma Jane

Apple Pay NFC

National Transaction Terminals with NFC (near field communication) Capability   

To accept Apple Pay transactions at your business, you will need to adopt point-of-sale devices with NFC/contactless readers.

National Transaction offer a range of options to suite your specific needs:

Tablet solutions:                                                                                                               Talech with iCMP device and NCR Silver.

Short-range wireless terminals for pay at the table: Bring the point-of-sale to your customers. Ideal for table-service restaurants, curbside pick-up, salons and more.

These terminals are all-in-one solutions with an integrated PIN Pad and printer. The short range terminals use secure, encrypted Bluetooth technology, allowing only the base and terminal to talk to each other, while also monitoring channels to prevent interference from other devices.

The Bluetooth terminals we offer are:                                                                            VeriFone VX680B and Ingenico iWL220B. (Both Bluetooth Wireless)

Long-range wireless (cellular/mobile) terminals: Have a long-life battery and compact design, which allows you to process transactions anywhere your customers are ideal for deliveries, kiosks and more.

These terminals are all-in-one solutions with an integrated PIN Pad and printer. Phone lines and internet connections are not required to take advantage of our mobile payment solutions.

The GPRS wireless terminals we offer are:                                                                      VeriFone VX680G and Ingenico iWL250G. (Both GPRS Wireless)

Countertop terminals:                                                                                                    

Ingenico iCT250 – has a “magic box” cable management system that prevents cable tangle and clutter. The terminal boasts a color display for improved readability and ease of use.

Verifone VX520 – has a built-in secure software authentication process which prevents unauthorized software applications from being downloaded.

Ingenico iCT220 with iPP320 external PIN pad – has a “magic box” cable management system that prevents cable tangle and clutter, along with a black and white screen for crisp visual clarity. Combine with an iPP320 for a consumer- facing solution to support contactless payments. (Note: the iCT220 device only supports contactless transactions when connected to this external PIN pad).

Whether you need a stand-alone POS terminal, want to take advantage of your existing tablet or PC, or require a wireless or mobile solution, National Transaction Corp., offers numerous user-friendly options. No matter how your customer wants to pay, NTC will help you enable quick and easy transactions from Traditional credit and debit cards, gift cards, smart cards (or EMV), mobile or digital wallets like Apple Pay and eCommerce or MOTO transactions.

Start growing your business quickly by accepting all kinds of credit card payments and  debit cards. Choose a state-of-the-art solution so you can accept payment in store or on your mobile device. With transparent pricing, live customer support, no cancellation fees and a secure platform, you’ll be confident you made the right partner for your business with National Transaction Corp.

Learn how easy it can be to accept any contactless or Apple Pay transactions.

Click here for more information about Apple Pay.

For Merchant Account Setup give us a call at 888-996-2273 or visit our website www.nationaltransaction.com

Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Mobile Point of Sale, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , , ,