Jan
21
2015
January 21st, 2015 by Elma Jane

With a crucial deadline, the payments industry is starting to look at just what kind of fraud liability and how much fraud merchant acquirers will have to assume if their merchants aren’t ready to accept Europay-MasterCard-Visa (EMV) chip cards by October.

While issuers currently absorb losses under card-network rules, that burden will shift to acquirers this fall in cases where the fraud occurs at merchants unprepared for EMV.

As a result, acquirers will have to reckon with a whole new category of risk exposure.

In card-not-present transactions, acquirers have faced this, but in the overwhelming majority of cases they’ll be confronting it for the first time.

Surprisingly, for all the talk in the industry about the imminent arrival of EMV, it appears few acquiring executives have fully accounted for what the shift really means for them.

Some 24% of U.S. point-of-sale terminals are “EMV-capable,” while 9% of debit/prepaid cards issued, and 2% of credit cards have EMV chips so far. But while terminals may be technically capable, it isn’t known just how many of these merchants have the software and trained personnel to accept EMV.

Foreign issuers, especially, may be licking their chops at the prospect of offloading their consumer-fraud risk onto U.S. acquirers. For years and years, these non-U.S. issuers have invested in EMV, but the U.S. is still using the mag stripe. So non-U.S. issuers appear to be very aware of the liability shift.

To be sure, acquirers’ increased risk exposure may be relatively short-lived. Under the network rules, liability rests with the issuer in cases where both the merchant and the issuer are EMV-compliant. That could be nearly universally the case within a few years. By 2018, nearly all cards and terminals will be compliant.

But that still leaves open the question of how many of these terminals will really be running chip card transactions.

The issue isn’t so much about terminals as about software. Many mid-size merchants are using so-called integrated solutions that run payments as part of a larger business-management system. That means acquirers must work with a number of other parties to reconfigure software, and that presents a challenge when it comes to getting masses of merchants EMV-compliant.

The bigger problem is the integrated point-of-sale market.

While the liability shift may impact acquirers, not all them are convinced their exposure will rise all that much. Some argue the risk of loss from lost/stolen/counterfeit cards at the point of sale is low and not likely to rise, especially for small-ticket merchants.

Fraudsters, are much more inclined to practice their trade online, where the risk of being caught is lower, compared to face-to-face transactions.

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , ,

Oct
23
2014
October 23rd, 2014 by Elma Jane

The U.S. government will replace roughly 9 million government-issued payment cards with EMV chip-and-PIN versions early next year in a push to increase awareness and use of the more secure cards. Between 5 and 6 million prepaid debit cards used for issuing government payments, including Social Security and veterans benefits, will be reissued in January 2015. Another 3 million cards issued to federal government employees will also be replaced with EMV versions through the General Services Administration’s SmartPay program.

All the cards will be set up for Chip and PIN security as a U.S. government standard under the upgrade program, rather than the Chip and Signature approach required by Visa and MasterCard for most U.S. retailers starting late next year. However, there was no indication that the new cards will actually have the less secure magnetic data stripe removed.

Finding the right answers with the latest technologies to stop these cyber thieves and taking proactive and positive steps by adopting PIN and chip technology for government-issued debit and credit cards shows the importance of protecting financial transactions. While EMV is important, it’s not a total solution to the issue of data security.

POS devices at all federal agencies that accept retail payments will also be converted to accept EMV cards on a schedule set by the U.S. Treasury Dept. No timetable was given for the federal POS conversion.

The rollouts at four of the six largest U.S. retail chains will give a boost to EMV, which despite an October 2015 deadline has seen slow uptake among retailers. Under a mandate by Visa and MasterCard, retailers who experience credit or debit card fraud after next October but haven’t upgraded their POS equipment to accept EMV cards will be liable for the loss. If the bank that issued the card hasn’t upgraded it to EMV, the bank will take the loss.

But despite that October deadline, fewer than half of retailers’ POS terminals are expected to be able to accept EMV cards by the end of 2015, and barely half of U.S. payment cards will have been upgraded by then, according to the Payments Security Task Force, a banking industry group tracking EMV uptake.

The 9 million federally issued cards are a tiny fraction of the 1 billion credit and debit cards in use in the U.S., so the overall impact of accelerated EMV conversion is likely to be small. However, the Buy Secure initiative also explicitly includes a consumer-education component. Visa said it will spend $20 million in a public service campaign, and American Express said it will launch a $10 million program to help small merchants upgrade their POS terminals.

Small merchants are less likely to know about EMV than large retail chains, which have been making implementation plans for years.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Sep
11
2014
September 11th, 2014 by Elma Jane

Every year Americans take more than 59 million trips abroad. Yet many of us don’t know which questions to ask regarding the use of credit cards. Before you hit the road, let your card issuer know where and when you’ll be traveling, so it doesn’t mistake those overseas charges with fraudulent activity. Start asking some questions below:

Does my card charge a foreign transaction fee? Because these fees can run as high as 3% and can be quite costly.

Does my card have an EMV chip? A smart chip widely used in Europe and other places. Contact your credit card provider and see if they can provide you at no cost a chip-and-PIN card if you don’t already have one. Most of the card companies are moving this way, but typically you have to request it.

Does my card offer any travel perks? You may want to inquire about additional coverage your card may provide you when you’re abroad such as insurance for accidents, lost luggage or auto collision.

How can I get cash overseas? Reach out to the bank or credit card provider and find out what relationships they have in the local market you’re traveling to. This will be helpful for avoiding ATM fees. Additionally, if you need to access cash from your credit card, they’ll be very helpful if you do it through a banking institution that has a relationship with your provider.

Will my card be accepted at my destination? Thirty to sixty days before traveling contact your bank or credit card provider and ask some important questions. Find out if their card is going to be accepted or if there will be any restrictions for it to be used abroad.

The best thing to do is to have a plan before you travel. Know how to minimize your fees and protect your credit cards. Then you can enjoy your adventure.

Posted in Uncategorized Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Aug
28
2014
August 28th, 2014 by Elma Jane

Merchants are still using pedestrian passwords that crooks can easily break, security company Trustwave has found. Of the nearly 630,000 stored passwords that Trustwave obtained during penetration tests in the past two years, its technicians were able to crack more than half in just a few minutes and 92% within 31 days. Even though adding new information about weak passwords or ongoing malware investigations gets frustrating because the same problems facing the financial and payments industries persist, it does not surprise Trustwave researchers. For a lot of software or hardware developers, their main concern is availability of the service. They want to make sure their POS is available and running to accept credit cards, often at the cost of a lot of security controls. It is difficult to implement security and to do it correctly.

Trustwave recommends longer passwords with more characters, rather than shorter ones with letters and numbers. A longer password that is a phrase not easily figured out is better than a shorter, complex password. These findings have been added to an online version of the 2014 Trustwave Global Security Report. To accommodate the fast changing nature of security threats, Trustwave is regularly updating its research and making the information available to consumers and payments industry stakeholders on the company’s site. The criminals stealing data are a constantly moving target. It no longer made sense for those interested in our research to have to wait a year to see new statistics. Having access to updated security reporting should be helpful to merchants. They can see how trends are tracking over time, instead of constantly having to go online to see what is relevant to them or rely on the trade groups to keep them informed. This provides one switch to keep them in the know, so there is some value there and it’s a smart move on Trustwave’s part. Since the new Payment Card Industry security requirements call for security measures to be embedded in software development lifecycles, there is some utility in Trustwave’s new approach to sharing research information.

Trustwave said the trend of businesses detecting breaches continues to rise, with 29% of businesses doing so in 2013 compared to only 9% in 2009. Trustwave compiled that data from 691 post-breach forensics investigations conducted in 2013. The report also indicated e-commerce breaches are increasing, with 54% of all breaches targeting e-commerce sites in 2013, compared to only 9% in 2010. More regions, including the U.S., being in various stages of converting to EMV chip-based cards for card-present transactions fuels the criminals’ shift to e-commerce fraud. Additionally, the company is working with law enforcement officials after discovering a control center of eight servers behind what is being called Magnitude, an exploit kit of Russian origin that has led to thousands of attacks and millions of attempted malware attacks globally.

Posted in Best Practices for Merchants, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Jun
09
2014
June 9th, 2014 by Elma Jane

Some American banks and financial institutions, like JPMorgan Chase, American Express and Citi, have already issued credit cards with new security technology. Other banks will do so by the end of the year. Often referred to as E.M.V. (short for Europay, MasterCard and Visa) or chip-and-PIN, these new cards use a combination of an embedded microchip and a personal numeric code to authorize payment transactions. Depending on the card issuer, some cards may have the chip but require just the old-fashioned signature instead of a PIN.

Most traditional credit cards in the United States today use a magnetic strip and a customer signature to seal a deal. The information embedded in the stripe can be easily cloned, however, and signatures can be forged. The chips in the newer E.M.V. cards which encode account information when transferring it to the merchant are harder to duplicate. The PIN must be entered for each charge, which helps make the cards more secure for in-person purchases. The cards are not infallible, though, criminals have still found ways to steal PINs and make fraudulent online purchases.

With new types of credit cards come new payment terminals, and many retailers must upgrade their equipment to make it compatible with E.M.V. cards. Instead of a slot to swipe the strip, the new credit card terminals typically need a chip reader. Most merchants will probably have the new equipment in place by October 2015, when new rules about fraud liability kick in. Under these rules, the bank or the merchant could be held accountable for any fraudulent charges if one of them has not upgraded to the new system. The party with the weaker security measures must pay.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , ,

May
09
2014
May 9th, 2014 by Elma Jane

Facebook is apparently ready to become a person-to-person (P2P) money transfer network. The clear decision to launch a money transfer service in the region can be seen as a test bed for Facebook’s larger ambitions of becoming a payments hub for its 1 billion user base. Facebook was only weeks away from gaining regulatory approval in Ireland for its remittance platform FT quoted unnamed sources. Facebook’s P2P platform will be geared to facilitating migrant remittances, with the goal of expanding its payment presence in emerging markets such as India. Facebook makes the bulk of its revenue from advertising, but 10 percent of its profits reportedly come from in-game payments for online and mobile games, such as Zynga’s popular FarmVille.

From WhatsApp to what’s next

Facebook’s February 2014 acquisition of mobile messaging service WhatsApp for $19 billion clarified the social network’s strategy. The WhatsApp acquisition and the expected P2P network launch as part of the first phase of Facebook’s deeper immersion into payments.

Tech giants face up to payments

When comparing the payment strategies of tech giants Google Inc., Apple Inc. and Facebook, the latter two competitors as having bigger potential upsides than Google. Facebook and Apple (via iTunes) already have established financial relationships with millions of users who have attached funding mechanisms – debit and credit cards –  to their social media accounts. As primarily a search engine, Google is playing catch up to persuade its users to set up Google Wallet accounts.

In May 2013, Google launched its own P2P network by integrating Google Wallet with Gmail accounts, so that wallet users can facilitate money transfers via email. More recently, reports have surfaced indicating Google plans to extend Google Wallet to its wearable technology solution Google Glass. But the success of such ventures rests on users’ confidence with Google as a financial service provider.

Facebook as having a brighter financial services future than Apple. Apple’s reach is limited to consumers who have iPhones and iPads, whereas Facebook is not tied to any branded mobile devices, it is a very ubiquitous offering. It could apply to anybody with any type of phone or tablet.

Eventually, tech companies like Facebook will need to partner with payment businesses in order to expand into the merchant-centric brick-and-mortar world. The mobile POS solution provider, a business unit of global POS terminal manufacturer Ingenico SA, would be an ideal partner for Facebook. If they extend what they do from P2P payments to more of a wallet purchasing capability for their users, then the next step could very easily be an extension of that into servicing the merchant side.

Posted in Financial Services, Mobile Payments, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Apr
17
2014
April 17th, 2014 by Elma Jane

Issuers participating in the MasterCard Rewards Platform can pursue greater engagement and value in their programs through a partnership MasterCard is announcing today with Points International Ltd. The companies say they struck the deal to take advantage of the popularity of travel and related experiences. Under the agreement, participating issuers can let their cardholders to exchange and trade earned airline miles, hotel points and loyalty currencies.

Travel happens to be one of the most popular redemption options for points on most programs today. So this is really about enabling consumers to get even more choice with regard to getting some redemption options.

Issuers individually will roll out the program later this year based on their own schedules. Any of the hundreds of banks that use the MasterCard Rewards Platform are eligible to participate. Participation is voluntary.

Enhanced flexibility in cardholder reward redemptions was a key driver behind the initiative, what this partnership allows to do is enable all customers that have points that they’ve gained from spending on their credit cards or debit cards to then exchange those points into a miles program or a hotel program that they tend to always have a lot of other points accumulated already.

Variable Exchange Rates

Cardholders will be provided with a conversation ratio applicable to the pair of rewards being exchanged. Ratios will differ by redemption transaction. Consumers also may choose to transfer small buckets of rewards points into one program and the rest in other programs. They can do transfers multiple times and across multiple rewards providers.

Posted in Best Practices for Merchants, Credit card Processing, Gift & Loyalty Card Processing, Travel Agency Agents Tagged with: , , , , , , , , , , , , , , , ,

Mar
17
2014
March 17th, 2014 by Elma Jane

Young people and Londoners are leading the way in adopting cashless payments in the U.K., The U.K.-based market research firm also found that non-bank electronic payment methods such as PayPal are trusted more than contactless and mobile card payments.

According to research, 38 percent of British people are interested in being able to make mobile payments and an enthusiastic 8 percent claim they would apply for mobile payment services straight away. Eighteen percent of U.K. Internet users say they would prefer to be able to stop using cash altogether.

Support for a cashless society is strongest in London, with 30 percent prepared to stop using cash. And it is the nation’s youth who are leading the way in new payment forms. Twenty-two percent of those aged 25 to 34 have used Barclays’ Pingit peer-to-peer mobile payment system, compared to 5 percent of those aged 45-54. About 17 percent of 25- to 34-year-olds have used the virtual currency Bitcoin at least once.

However, consumers are more concerned about the security of mobile payments than card payments. Sixty-five percent of consumers showed some concern about mobile payment security and 61 percent showed some concern about contactless cards, compared with 34 percent who were concerned about using debit cards and the 33 percent who were concerned about credit cards.

Consumers were notably less concerned about using non-bank payment services such as PayPal, which protect users’ financial data from being seen by third parties. Only 27 percent of Internet users are concerned about using non-bank payment services such as PayPal.

Posted in Credit card Processing, Credit Card Security, Digital Wallet Privacy, Electronic Payments, EMV EuroPay MasterCard Visa, Mobile Payments, Mobile Point of Sale, Near Field Communication, Smartphone Tagged with: , , , , , , , , , , , , , , , , ,

Mar
14
2014
March 14th, 2014 by Elma Jane

Merchant and Consumer Groups Seek Senate Support To Forego EMV Chip and Signature As Breach Concerns Rise

There’s no shortage of answers  in trying to put a stop to hackers set on throwing chaos into the way consumers transact at the point of sale, or online for  that matter. Yesterday, the Banking, Housing and Urban Affairs subcommittee on national security and international trade and finance got its chance to hear some of them.

During the hearing, William Noonan, deputy special agent in charge, U.S. Secret Service, noted the advances in computer technology and greater access to personally identifiable information online, which have created a virtual marketplace for transnational cyber criminals to share stolen information and criminal methodologies. As a result, the Secret Service has observed a marked increase in the quality, quantity, and complexity of cyber crimes targeting private industry and critical infrastructure. These crimes include network intrusions, hacking attacks, malicious software, and account takeovers leading to significant data breaches affecting every sector of the world economy.

The recently reported data breaches of Target and Neiman Marcus represent only the most recent, well-publicized examples of this decade-long trend of major data breaches perpetrated by cyber criminals intent on targeting the nation’s retailers and financial payment systems.  The increasing level of collaboration among cyber-criminals allows them to compartmentalize their operations, greatly increasing the sophistication of their criminal endeavors and allowing for development of expert specialization. These specialties raise both the complexity of investigating these cases, as well as the level of potential harm to companies and  individuals.

So how should the industry react to prevent further breaches? Those opinions provided during testimony at the hearing varied widely, though both consumer and merchant groups would like the card networks to give up requiring only signatures for smart card purchases at the point of sale.

Consumer program director at the U.S. Public Interest Research Group, called for myriad of changes, citing that the greater risk from the recent breaches is less related to identity theft than it is to fraud on existing accounts,  and he said it’s time for players on both sides of the transaction to focus more on protecting consumers than on managing their own risk.

Until now, both banks and merchants have looked at fraud and identity theft as a modest cost of doing business and have not protected the payment system well enough. They have failed to look seriously at harms to their customers from fraud and identity theft -including not just monetary losses and the hassles of restoring their good names, but also the emotional harm that they must face as they wonder whether future credit applications will be rejected due to the fraudulent accounts.

As a first step, Congress should institute the same fraud cap, $50, on debit/ATM cards that exists on credit cards, or eliminate the $50 cap entirely, since it is never imposed because of the zero-liability policies issuers have voluntarily have imposed. Congress also should provide debit and prepaid card customers with the stronger billing-dispute rights and rights to dispute payment for products that do not arrive or do not work as promised, just as many credit card users enjoy.

Congress should  endorse a specific technology, such as EMV smart cards and if it does, require the use of PINs when initiating smart card transactions. The current pending U.S. rollout of chip cards will allow use of the less-secure chip-and-signature cards rather than the more-secure chip-and-PIN cards. Why not go to the higher-and-PIN authentication standard immediately and skip past chip and signature? There is still time to make this improvement.”

Retailers have spent billions of dollars on card-security measures and upgrades to comply with PCI card security requirements, but it hasn’t made them immune to data breaches and fraud. The card networks have made those decisions for merchants, and the increases in fraud demonstrate that their decisions have not been as effective as they should have been.

The card networks should forego chip and signature and go straight to chip and PIN. To do otherwise would mean that merchants would spend billions to install new card readers without they or their customers obtaining PINs’ fraud-reducing benefits. We would essentially be spending billions to combine a 1990’s technology chips with a 1960’s relic signature in the face of 21st century threats.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, Digital Wallet Privacy, Electronic Payments, EMV EuroPay MasterCard Visa, Financial Services, Merchant Services Account, Payment Card Industry PCI Security, Point of Sale, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Mar
03
2014
March 3rd, 2014 by Elma Jane

Interchange is a word that’s talked about a lot in the payments industry. If you didn’t have to pay interchange fees, what would your business spend the money on? At its most basic, interchange is the fees businesses pay to credit card processors to swipe your credit and get paid – or the cost of moving money. Businesses are sick and tired of paying high fees and getting very little in return. Customers are sick and tired of seeing prices of items tick upwards as businesses are forced to charge more to cover the cost of interchange.

Businesses spend an exorbitant amount of money each year to accept credit cards – to the tune of $50B. Businesses could reinvest the money they’ve been spending on interchange to better connect with customers, enhance marketing initiatives and grow faster and smarter. Just imagine for a second the economic stimulus the country would get if all that money was put back into the business to drive growth, or back into the pockets of customers to lower costs.

In the past 30 years, interchange fees have mainly gone in only one direction: up. Luckily, things are starting to change, and I think we’re going to start seeing interchange being driven down. The days of a 3 -or 4-percent interchange rate are beginning to look numbered and here’s why:

Competition

There are nearly 200 players in the mobile payments space, with more entering daily. New opportunities are providing businesses with alternative payment options that are outside of Mastercard and Visa’s clutches. While there might be 1,000-plus credit card processing companies, they’re all based on the Mastercard/Visa rails, which provides a fixed floor. But not so with many of these new payment options. As such, traditional methods of payment (cash, credit cards) are facing an increasing amount of competition, and merchants are starting to pay attention.

It’s unlikely that cash and credit cards are going away anytime soon, but it only takes a small shift in volume (maybe 5 percent) for the card issuers to start paying attention. There are a number of ways for them to react, but if history is any guide, one of them will be to start lowering their prices. Alternatively, they could find ways to offer more value to their merchants. Either way, competition is offering merchants new ways to accept payments, and this will lower fees over time.

Innovation

The second thing driving down costs for merchants is rapid innovation, and like a good deal of innovation these days, much of it is centered around mobile. Mobile payments are starting to gain significant traction among consumers, accounting for $640M in 2012 and expected to have grown by an additional 234 percent in 2013.

QR codes, NFC, peer-to-peer payments, card emulation –  the list of new technologies trying to disrupt the payments space goes on and on. These new alternatives are challenging the current payments system and shedding light on the opportunities for businesses. This innovation is beneficial in two ways. The first, as discussed above is that more competition will naturally drive costs down. The second is that alternative payment options are focusing on value beyond the transaction.

There are new payment options out there that provide tangible information, such as data analytics, which help companies drive sales and increase revenues. New options are allowing small businesses access to the same technology and analytics that were previously reserved for big-box retailers or e-commerce sites only. These additional value propositions not only help businesses, they also provide new ways for payments companies to monetize, removing the need for them to make all of their money from interchange. With two (or more) revenue lines, lowering interchange is suddenly a lot more feasible.

Legislation

The Durbin Amendment is designed to introduce competition in the debit card processing network and limit fees for businesses. For all of its unintended consequences, Durbin legislation is actually helping to drive down interchange; it’s opening up competition for non-card-brand network players and lowering debit card fees. While it is certainly rife with controversy, this amendment is opening up new ways to move money that will, over time, contribute to a less expensive payment processing ecosystem.

Merchant demand

Business owners are smart and savvy. They pay attention to trends, focusing on finding new ways to set their business apart. Business owners are also conscious of ROI, and how much they’re spending to attract and retain customers. They understand there is some cost to accept payments, but are becoming more and more frustrated at the high swipe fee costs from traditional credit card processors and minimal return for those fees.

Businesses are looking to new, innovative solutions to provide more than just payment processing –  they want to understand and better connect with their customers. In short, merchants are ready for a new payments ecosystem, and where there’s this much demand from a group this big and influential, a solution can’t stay away for too long.

Interchange rates are not going away entirely in the near future, although it will happen eventually. A lot of powerful wheels are in motion to significantly reduce the interchange rates that merchants currently pay. Right now the impact might be small, but it’s growing quickly. In a few years, 3- to 4-percent interchange could be relegated to the same bit of history as $1.99 international phone calls.

Posted in Credit card Processing, Electronic Payments, Financial Services, Gift & Loyalty Card Processing, Internet Payment Gateway, Small Business Improvement Tagged with: , , , , , , , , , , , , , , , , , ,

← Previous Article
Next Articles »