May 8th, 2015 by Admin

 

 

 

 

 

 

 

 

 

All merchants that accepts, transmit or stores cardholder data are required to be PCI (Payment Card Industry) Compliant. Most believe that because they do not charge the credit cards themselves, they are exempt. Why all agencies are required to be complaint even when they don’t charge credit cards themselves, and some steps to ensure your agency is PCI compliant.

What is PCI compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI applies to all organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Travel agents accepting, storing and transmitting credit card information to suppliers, are required to be compliant too. Suppliers reinforce this through their travel agent guidelines/contracts. Travel Agency must adhere to the applicable credit card company’s procedures for credit card transactions.

Consequences of Not Being PCI Compliant

If an agency is not PCI compliant, the agency can lose the ability to process credit card payments with that supplier. Not being able to pay with client credit cards can be a serious roadblock for agencies, and an inconvenience for clients.

If you have a merchant account and are found to be out of compliance, you can be fined.

How to be PCI Compliant

Don’t store the CCV security code from the client’s credit card. The client does not have the authority to grant you permission to store their CCV code. The credit card company explicitly forbid storage of the CCV code.

Make sure you securely store any client information, including their credit card number and expiration date. If you use a CRM, ensure that you have a strong password. If your CRM database is stored on your computer hard drive, encrypt it (there is a great encryption software that is free of charge). If you have an IT resource, talk to them about installing a firewall on your network, installing anti-virus and anti-malware protection, and any other steps that you can take to secure your client data even further.

If you keep paper copies of client information, keep it in a locked filing cabinet or desk drawer. When you no longer need their credit card information, cross shred it.

Home based businesses are arguably the most vulnerable simply because they are usually not well protected, according to the PCI Compliance Guide. Having strong passwords, encryption, a firewall, anti-virus and anti-malware protection are all inexpensive steps that you can take to protect your business and your clients’ sensitive data.

If you receive a courtesy call reminding you about PCI Compliance, don’t ignore it.

 

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

September 19th, 2014 by Elma Jane

CREDIT CARD NUMBER’S ANATOMY

The numbers on front of a credit card aren’t just random. They give away specific information about the card and where it comes from.

The first 6 digits of the credit card number is the Bank Identification number (BIN). This will tell the name of the credit card issuer.

Example: Travel or entertainment cards, such as American Express  cards, begin with a 3 . All Visa credit cards start with a 4, MasterCard with a 5, and 6 is dedicated to Discover.

The first six digits of the card, including the Bank Identification number, represent the issuer identification number. This identifies the bank that issued the card.

Of course, there’s the personal account number. This is made up of the seventh digit on, everything except the last number on the card.

The final digit on the credit card is known as the check digit or checksum. This number is set by something called the Luhn formula, patented by an IBM scientist in 1960. It’s a formula that uses the numerals in your card’s account number to verify that it’s valid. Various combinations of the card’s digits must ultimately add up to a number divisible by 10.

The formula is mostly used to protect against input errors. Let’s say you enter in the wrong numbers on an online shopping site. The formula will compute that the digits don’t add up right, telling you you’ve entered an invalid card number. That last digit of your credit card makes sure the formula works like it’s supposed to.

Now you know that there’s a lot of information on that little card in the wallet.

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , ,

December 16th, 2013 by Elma Jane

1. Account Updater (Visa)

Incorrect billing information leads to declined credit cards, loss of sales and unhappy customers.

Visa touts its Account Updater as an easier way to keep customer data current. The tool appends all card data with up-to-date customer info so businesses can avoid difficulties over address changes, name changes, expired cards and more.

The tool can benefit any business that bills customers on a recurring basis.

It eliminates the need for manual administration, so it can lower your business’s operational costs and customer-service expenses. And by saving your clients the hassle of a declined payment, you can boost customer satisfaction and overall sales.

2. Netswipe

Paying online is convenient for customers, but keying in an unwieldy credit card number is still a pain.

Netswipe from Jumio gives customers an easier way: The tool lets users pay by snapping a photo of their credit card; it’s almost as easy as swiping your card through a traditional card reader.

According to Jumio, customers can use their smartphone or tablet to scan a card in as little as 5 seconds, whereas traditional key entry takes 60 seconds or more, on average. Having a quick and convenient way to pay could help contribute to a positive buying experience and encourage repeat business.

The system is compatible with any iOS or Android mobile device, as well as with any computer with a webcam.

3. Netverify

Jumio’s fraud-scrubbing tool helps you determine if your customers are who they say they are.

Net verify allows customers to snap a picture of their driver’s license or other identification using a smartphone, tablet or PC webcam. Once the image is taken, the tool can verify the authenticity of the documentation in as little as 60 seconds.

That’s much faster and more convenient than asking a customer to fax or mail a copy of their ID in the middle of a transaction.

The tool can verify identifying documents from more than 60 countries…including passports, ID cards and driver’s licenses, and even bank statements and utility bills. Jumio says its software is smart enough to automatically reject nonauthentic documents.

And customers can rest easy knowing that all submitted information is protected with 256-bit encryption to prevent identity theft.

Online merchants embed Netverify into their websites as part of the checkout process.

4. Payment Gateway

Payment Gateway service does all the heavy lifting of routing and managing credit card transactions online.

Portals like this one benefit small businesses by providing a fast and secure transmission of credit card data between your website and the major payment networks. It works a lot like a traditional credit card reader, but uses the Internet to process transactions instead of a phone line.

Payment Gateway also offers built-in fraud-prevention tools and supports a range of payment options, including all major credit cards and debit cards.

5. PayPal Here

Mobile credit card processing services like PayPal Here  make it easy to accept credit cards in person using a smartphone or tablet.

PayPal Here and other similar services send you a dongle that attaches directly to your iPhone, iPad or Android device, allowing you to swipe physical credit cards wherever you are.

One major benefit of mobile credit card readers is that they work with the devices you already own. That means there’s no need to carry around additional hardware, aside from the reader add-on itself. Most credit card readers attach to your device via the headphone jack or charger port, and are small enough to fit in your pocket.

The smallest businesses have the most to gain by opting for mobile credit card readers, which are cheaper and far more portable than traditional options.

6. Virtual Terminal

If you do business online, your website needs the infrastructure to accept credit card information.

Web-based applications like virtual terminal offer the basic processing functionality of a physical point-of-sale system, and are easy to install on your business’s website.

The system allows merchants to collect orders straight from the Web, or take orders via phone or mail and before initiating card authorizations online.

It also includes extensive transaction history to help you manage payment data, split shipments, back orders and reversals. Business owners can even receive a daily email report of all credit card transaction activity from the prior day.

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, e-commerce & m-commerce, Electronic Payments, EMV EuroPay MasterCard Visa, Gift & Loyalty Card Processing, Mail Order Telephone Order, Merchant Cash Advance, Merchant Services Account, Mobile Payments, Mobile Point of Sale, Near Field Communication, Point of Sale, Smartphone, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,