Aug
27
2014
August 27th, 2014 by Elma Jane

Backoff malware that has attacked point of sale systems at hundreds of businesses may accelerate adoption of EMV chip and PIN cards and two-factor authentication as merchants look for ways to soften the next attack. Chip and PIN are a big thing, because it greatly diminishes the value of the information that can be trapped by this malware, said Trustwave, a security company that estimates about 600 businesses have been victims of the new malware. The malware uses infected websites to infiltrate the computing devices that host point of sale systems or are used to make payments, such as PCs, tablets and smartphones. Merchants can install software that monitors their payments systems for intrusions, but the thing is you can’t just have anti-virus programs and think you are safe. Credit card data is particularly vulnerable because the malware can steal data directly from the magnetic stripe or keystrokes used to make card payments.

The point of sale system is low-hanging fruit because a lot of businesses don’t own their own POS system. They rent them, or a small business may hire a third party to implement their own point of sale system. The Payment Card Industry Security Standards Council issued new guidance this month to address security for outsourced digital payments. EMV-chip cards, which are designed to deter counterfeiting, would gut the value of any stolen data. With this magnetic stripe data, the crooks can clone the card and sell it on the black market. With chip and PIN, the data changes for each transaction, so each transaction is unique. Even if the malware grabs the data, there not a lot the crooks can do with it. The EMV transition in the U.S. has recently accelerated, driven in part by recent highprofile data breaches. Even with that momentum, the U.S. may still take longer than the card networks’ October 2015 deadline to fully shift to chip-card acceptance.

EMV does not by itself mitigate the threat of breaches. Two-factor authentication, or the use of a second channel or computing device to authorize a transaction, will likely share in the boost in investment stemming from data security concerns. The continued compromise of point of sale merchants through a variety of vectors, including malware such as Backoff, will motivate the implementation among merchants of stronger authentication to prevent unauthorized access to card data.

Backoff has garnered a lot of attention, including a warning from the U.S. government, but it’s not the only malware targeting payment card data. It is not the types of threats which are new, but rather the frequency with which they are occurring which has put merchants on their heels. There is also an acute need to educate small merchants on both the threats and respective mitigation techniques.. The heightened alert over data vulnerability should boost the card networks’ plans to replace account numbers with substitute tokens to protect digital payments. Tokens would not necessarily stop crooks from infiltrating point of sale systems, but like EMV technology, they would limit the value of the stolen data. There are two sides to the equation, the issuers and the merchants. To the extent we see both sides adopt tokenization, you will see fewer breaches and they will be less severe because the crooks will be getting a token instead of card data.

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
22
2014
August 22nd, 2014 by Elma Jane

IMG_1446

Turn Around Strip Down

There was a bit of confusion at a supermarket. When this senior was ready to pay for his groceries, the cashier said, Strip Down facing me.

Making a mental note to complain about excessive security running amok, the senior did just as the lady cashier had instructed.

When the hysterical shrieking and alarms finally subsided, he found out that the lady cashier was referring to his credit card, to turn around the card, strip down and swipe it.

The senior have been asked to shop elsewhere in the future.

Posted in Uncategorized Tagged with: , , ,

Aug
21
2014
August 21st, 2014 by Elma Jane

Package delivery giant UPS has become the latest company to admit that customer payment card details may be at risk after it discovered malware at 51 of its US stores. In a statement, UPS says that customers who used credit and debit cards at 51 of its 4470 franchised sites between 20 January and 11 August are at risk. Names, postal and email addresses and payment card information may all be compromised, but UPS says that it has no evidence of any fraud, and that the malware has now been eliminated. Earlier this month the US government took the step of putting out an alert warning retailers about a new family of malware, dubbed Backoff, targeting point-of-sale systems. The UPS Store, received a bulletin from the government among many other US retailers that made them aware of the problem. As soon as they became aware of the potential malware intrusion, they deployed extensive resources to quickly address and eliminate the issue. Customers can be assured that they have identified and fully contained the incident. US merchants have found themselves under siege from hackers in recent months, with the most notable case seeing thieves use a vendor’s credentials to infect POS devices with malware and steal the details of around 40 million Target customer cards.

Posted in Best Practices for Merchants, Credit Card Security Tagged with: , , , , , , , , , , , , , ,

Aug
08
2014
August 8th, 2014 by Elma Jane

Visa Inc., the global leader in payments, is helping U.S. fuel retailers prevent credit and debit card fraud at the pump with intelligent analytics that identify higher-risk transactions that may be fraudulent. Visa Transaction Advisor uses sophisticated analytics based on the breadth and scale of VisaNet data to flag the riskiest transactions by working with fuel companies to understand their needs, creating a new service that builds on Visa’s predictive analytics capabilities, providing fuel merchants with more intelligence to prevent fraud and improve their bottom line. While global fraud rates across the Visa payment system remain near historic lows, less than 6 cents for every $100 transacted – fuel pumps can be targets for criminals because they are often self-service terminals. The new solution, Visa Transaction Advisor (VTA), enables merchants to use real-time authorization risk scores to identify transactions that could involve lost, stolen or counterfeit cards. A pilot test of the new service showed a 23 percent reduction in the rate of fraudulent transactions – all without costly infrastructure upgrades or disruption of the customer experience.

How It Works

After a cardholder inserts the card at the pump, Visa analyzes multiple data sets such as past transactions, whether the account has been involved in a data compromise and nearly 500 other pieces of data to create a risk score. This allows merchants to identify those transactions with a higher risk of fraud and perform further cardholder authentication before gas is pumped. The time and costs associated with resolving fraudulent transactions can be substantial for both merchants and financial institutions and inconvenient for cardholders, which is one of the reasons why fraud prevention is critical. Visa’s solution is easy to implement, using existing message fields and formats as well as pump software or hardware to ensure minimal impact to merchants and acquirers. Several fuel merchants who piloted the technology over the last several months noticed a decrease in fraud, without negatively impacting their consumers’ experience. VTA as a tool help mitigate fraudulent transactions. A 23 percent reduction in the rate of fraudulent chargebacks during a pilot program in Los Angeles. This was done with minimal impact to the customer experience, making secure payment at the pump as convenient as possible. Providing fuel to millions of customers each month through approximately 15,000 service stations in the United States, said US Credit Card Operations Manager, from Shell, considering new solutions and technology it has to have a clear business benefit, be customer-centric and easy to implement. With no infrastructure investment, testing VTA as part of proactive fraud prevention tool-set to better identify fraudulent card activity earlier in the transaction cycle, without inconveniencing customers.

Visa Transaction Advisor is available to merchants through participating U.S. acquirers. Visa has partnered with Vantiv and is also working with other acquirers to offer the service to its fuel clients. Ease of implementation is a critical requirement whenever talking about a new merchant service. Visa Transaction Advisor builds on existing payment infrastructure, is easy to implement and flexible enough to allow customization by merchants.

 

Posted in Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
04
2014
August 4th, 2014 by Elma Jane

Run through a non-profit organisation, Stellar is a decentralized protocol for sending and receiving money in any pair of currencies, be they dollar, yen or bitcoin. The system works through the concept of gateways that let people get in and out of the network. Users hold a balance with a gateway, which is any network participant that they trust to accept a deposit in exchange for credit on the network. To cash out, a user invokes the promise represented by a gateway’s credits, returning them in exchange for the corresponding currency.

Like Ripple, Stellar comes with its own built-in digital currency, which will be given away for free to people who sign up via Facebook, to nonprofits and to current bitcoin and Ripple holders. Initially there will be 100 billion ‘stellars’ (five per cent of which will be kept back to fund the nonprofit) with the supply increasing at one per cent a year. Although stellars will have a market-determined value, their main purpose will be to provide a conversion path between other currencies. This means that when two parties exchange money through the distributed exchange, stellars sit in the middle. Example, a user might submit a transaction which converts EUR credits to stellar and then converts those stellar to AUD credits. Ultimately, the user will have sent EUR, the recipient will have received AUD, and two exchange orders will have been fulfilled.

Developers are being invited to jump in and work with the open-source code and build applications on top of Stellar. The project has secured the backing of payment industry darling Stripe, which has handed over $3 million in exchange for two per cent of stellars. Stellar is highly experimental, but it’s important to invest effort in basic infrastructure when the opportunity arises. Stellar could become a much better substrate for a lot of the world’s financial systems.

 

Posted in Internet Payment Gateway Tagged with: , , , , , , , , , , , , ,

May
29
2014
May 29th, 2014 by Elma Jane

New enhancements intended to provide its U.S. cardholders with greater protection from fraud and identity theft has been announced by MasterCard.

All MasterCard credit, debit, prepaid and small business cards issued in the U.S. will now carry Identity Theft Resolution assistance. MasterCard new program will provide help in canceling missing cards and alerting credit reporting agencies, as well as targeting searches to detect if stolen personal and confidential data appears online. The new Identity Theft coverage extension begins in July 2014.

MasterCard is also extending its zero liability policy in the U.S. to include all MasterCard PIN-based and ATM transactions. This is in addition to coverage already provided on signature debit and credit transactions. The Zero Liability coverage extension takes effect in October 2014.

Fraud prevention and detection is a 24/7 job at MasterCard. The changes in cardholder protection is a combined efforts to move the U.S. payments industry to EMV chip technology will help deliver safer shopping experiences to consumers. MasterCard noted that tanks and financial institutions issuing MasterCard-branded cards provide financial indemnity against fraud.

 

Posted in Credit card Processing, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , ,

May
21
2014
May 21st, 2014 by Elma Jane

Mobile credit card processing is way cheaper than traditional point-of-sale (POS) systems. Accepting credit cards using mobile devices is stressful, not to mention a hassle to set up  and customers would never dare compromise security by saving or swiping their credit cards on a mobile device. Some of the many myths surrounding mobile payments, which allow merchants to process credit card payments using smartphones and tablets. Merchants process payments using a physical credit card reader attached to a mobile device or by scanning previously stored credit card information from a mobile app, as is the case with mobile wallets. Benefits include convenience, a streamlined POS system and access to a breadth of business opportunities based on collected consumer data. Nevertheless, mobile payments as a whole remains a hotly debated topic among retailers, customers and industry experts alike.

Although mobile payment adoption has been slow, consumers are steadily shifting their preferences as an increasing number of merchants implement mobile payment technologies (made easier and more accessible by major mobile payment players such as Square and PayPal). To stay competitive, it’s more important than ever for small businesses to stay current and understand where mobile payment technology is heading.

If you’re considering adopting mobile payments or are simply curious about the technology, here are mobile payment myths that you may have heard, but are completely untrue. 

All rates are conveniently the same. Thanks to the marketing of big players like Square and PayPal – which are not actually credit card processors, but aggregators rates can vary widely and significantly. For instance, consider that the average debit rate is 1.35 percent. Square’s is 2.75 percent and PayPal Here’s is 2.7 percent, so customers will have to pay an additional 1.41 percent and 1.35 percent, respectively, using these two services. Some cards also get charged well over 4 percent, such as foreign rewards cards. These companies profit & mobile customers lose. Always read the fine print.

Credit card information is stored on my mobile device after a transaction. Good mobile developers do not store any critical information on the device. That information should only be transferred through an encrypted, secure handshake between the application and the processor. No information should be stored or left hanging around following the transaction.

I already have a POS system – the hassle isn’t worth it. Mobile payments offer more flexibility to reach the customer than ever before. No longer are sales people tied to a cash register and counters to finish the sale. That flexibility can mean the difference between revenue and a lost sale. Mobile payments also have the latest technology to track sales, log revenue, fight chargebacks, and analyze performance quickly and easily.

If we build it, they will come. Many wallet providers believe that if you simply build a new mobile payment method into the phones, consumers will adopt it as their new wallet.   This includes proponents of NFC technology, QR codes, Bluetooth and other technologies, but given very few merchants have the POS systems to accept these new types of technologies, consumers have not adopted. Currently, only 6.6 percent of merchants can accept NFC, and even less for QR codes or BLE technology, hence the extremely slow adoption rate.  Simply put, the new solutions are NOT convenient, and do not replace consumers’ existing wallets, not even close.

It raises the risk of fraud. Fraud’s always a concern. However, since data isn’t stored on the device for Square and others, the data is stored on their servers, the risk is lessened. For example, there’s no need for you to fear one of your employees walking out with your tablet and downloading all of your customers’ info from the tablet. There’s also no heightened fraud risk for data loss if a tablet or mobile device is ever sold.

Mobile processing apps are error-free. Data corruption glitches do happen on wireless mobile devices. A merchant using mobile credit card processing apps needs to be more diligent to review their mobile processing transactions. Mobile technology is fantastic when it works.

Mobile wallets are about to happen. They aren’t about to happen, especially in developed markets like the U.S. It took 60 years to put in the banking infrastructure we have today and it will take years for mobile wallets to achieve critical mass here.

Setup is difficult and complicated. Setting up usually just involves downloading the vendor’s app and following the necessary steps to get the hardware and software up and running. The beauty of modern payment solutions is that like most mobile apps, they are built to be user-friendly and intuitive so merchants would have little trouble setting them up. Most mobile payment providers offer customer support as well, so you can always give them a call in the unlikely event that you have trouble setting up the system.

The biggest business opportunity in the mobile payments space is in developed markets. While most investments and activity in the Mobile Point of Sale space take place today in developed markets (North America and Western Europe), the largest opportunity is actually in emerging markets where most merchants are informal and by definition can’t get a merchant account to accept card payments. Credit and debit card penetration is higher in developed markets, but informal merchants account for the majority of payments volume in emerging markets and all those transactions are conducted in cash today.

Wireless devices are unreliable. Reliability is very often brought up as I think many businesses are wary of fully wireless setups. I think this is partly justified, but very easily mitigated, for example with a separate Wi-Fi network solely for point of sale and payments. With the right device, network equipment, software and card processor, reliability shouldn’t be an issue.

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
19
2014
May 19th, 2014 by Elma Jane

Keeping your business’s finances in order doesn’t have to take all day. Bookkeeping is a necessary for small business owners, but it’s a time-consuming chore.

If you use QuickBooks for payroll, inventory or keeping track of sales, there are several timesaving shortcuts you can utilize to make bookkeeping easier.

Time-saving tips for getting the most out of QuickBooks in the least amount of time. Help  you spend more time building your business and less time using QuickBooks.

Download data whenever possible. Even after factoring in initial setup time, downloading banking and credit card activity directly into QuickBooks is a huge time saver. Doing this will minimize the chance of human error and enable you to record activity faster than if you did it manually.

Make the Find feature your friend. Using the Find feature is the most efficient way to locate a particular invoice in QuickBooks. Those who usually open the form and click Previous until the form appears on the screen know how tedious this process can be. The Find tool will search for almost any transaction-level data, depending on your filters.

Memorize transactions. QuickBooks has the capability to memorize recurring transactions (invoices, bills, checks, etc.) and set them for automatic posts daily, weekly, monthly, quarterly and annually, eliminating the need to enter the same transaction into the software every month.

Use accounts payable aging. Use this feature for a snapshot on who you owe money to and manage your cash flow more efficiently.

Use accounts-receivable aging. Use this feature for a snapshot of information on who owes you money, how much you are owed and how long the individual has owed you.

Use classes. Classes can be very helpful to track income and expenses by department, location, separate properties or other meaningful breakdowns of your business.

Use QuickBooks on the go with remote access. Remote-access methods include QuickBooks Online, desktop sharing and QuickBooks hosting on the cloud, which allows you to take the program on the go and make changes no matter where you are.

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

May
16
2014
May 16th, 2014 by Elma Jane

National Transaction discussed about credit card underwriting today, a training twice a week given to our Sales Representatives together with our partner Elavon. Training outlined the following why Elavon needs guidelines, credit decision factors as well as which merchants are restricted vs. which merchants are prohibited. For company understanding, facts about fulfillment will be outlined allowing for a better understanding of the department that receives and processes new merchant applications. Application requirements will be identified and then why applications pend.

Fulfillment Services – The department who manages merchant applications through the process of: Data Entry, Underwriting, Deployment and Merchant Activation.

Best way to get an application to boarding Email and Fax.

The key to success is gathering the right information, such as data from a myriad of sources, including bank statements, credit reporting agencies, utility assessments, tax assessments and additional financial documentation. These are just some chunk of what we have discussed today. With the right tool and support from National Transaction Team closing a deal is feasible.

Posted in Best Practices for Merchants, Credit card Processing, nationaltransaction.com Tagged with: , , , , , , , , , , , ,

Nov
22
2013
November 22nd, 2013 by Admin

As we move to smartphones and tablets as payment methods security and privacy concerns are a real issue. With recent NSA leaks shedding light on our data and the access others have to it, we have to consider security, privacy and health implications. This year alone e-commerce transactions on smartphones and tablets during the holiday season are set to grow by 15%. Although tablets, not smartphones will drive the bulk of that growth, smartphones are set to overtake mobile-commerce payments over the next 5 years. Tablet payments in the U.S. alone are expecting to reach $26 billion in transactions. Currently tablets are more convenient for m-commerce due to their size, but as far as the future of electronic payment processing, smartphones are where it’s at.

The smart merchant sees this coming and realizes frictionless transactions increase sales. The more comfortable and less complicated a transaction is for a customer, the better. Smartphones, tablets, PCs, laptops and more can already process electronic transactions from credit and debit cards, gift cards, electronic checks and more. Money movement is easier than ever and more convenient than cash. Cash is king however in situations where internet connectivity and power are an issue. In India for example, a poor electric grid makes power outages a common occurrence. During natural disasters, when resources are badly needed, power outages or severed internet communications mean no electronic transactions can be processed. So physical currency remains a must, in the future we may see payment technology evolve to where digital money like crypto currency (BitCoin) may be stored on the device itself similar to having cash. As these electronic payment systems evolve, merchants need to position themselves to accept what their market prefers to transact with.

The smart citizen also sees this coming and has concerns that things like a National ID program being established may compromise their privacy.
As an extreme example of electronic transactions, a nightclub in Spain used subdermally implanted RFID chips in a woman that allowed patrons to pay for food and beverages without a credit card.

Posted in e-commerce & m-commerce, Electronic Check Services, Electronic Payments, Gift & Loyalty Card Processing, Merchant Services Account, Near Field Communication, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

← Previous Article
Next Articles »