February 5th, 2016 by Elma Jane
Businesses and banking institutions must require consumers to use other types of authentication methods, like biometrics, mobile verification codes and geo-location.
Merchants and banks can expect more hackers to breach customer accounts that rely only on usernames and passwords for online authentication.
This type of fraud will only grow more as hackers recognize and take advantage of the opportunity presented by on-file accounts protected by weak authentication.
Many online users use the same username and password for multiple accounts, once those credentials are compromised, criminals can use them to access accounts on different websites.
With the ease and simplicity of password vaults and safes that are easy and efficient to use and user education, this problem finds a solution.
A stronger authentication that goes far beyond username and password, is a powerful tool in effort to prevent data breaches.
Posted in Best Practices for Merchants Tagged with: banking institutions, banks, biometrics, consumers, customer, data, data breaches, fraud, merchants, mobile, online
February 2nd, 2016 by Elma Jane
Businesses continue to struggle with the prohibited storage of unencrypted customer payment data. The Payment Card Industry Data Security Standard (PCI DSS), merchants are instructed that, Protection methods are critical components of cardholder data protection in PCI DSS Requirement.
PCI DSS applies to every company that stores, processes or transmits cardholder information. Regardless of the size or type of business you operate, the number of credit card transactions you process annually or the method you use to do so, you must be PCI compliant.
Data breach is not a limited, one-time occurrence. This is why PCI compliance is required across all systems used by merchants.
Encryption and Tokenization is a strong combination to protect cardholder at all points in the transaction lifecycle; in use, in transit and at rest.
National Transaction’s security solutions provide layers of protection, when used in combination with EMV and PCI-DSS compliance.
Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment. From the moment a payment card is swiped or inserted at a terminal featuring a hardware-based, tamper resistant security module, encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center.
Tokenization can be used in card not present environments (travel merchants) such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments. Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use. Tokenization protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions.
The sooner businesses implement encryption and tokenization the sooner stored unencrypted data will become a thing of the past.
Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: card, card data, card present, cardholder, compliance, credit card, customer, data, data breach, data security, e-commerce, EMV, encryption, Mail Order/Telephone Order, merchants, moto, payment, Payment Card Industry, PCI-DSS, POS, secure data, Security, terminal, tokenization, tokens, travel, travel merchants
January 28th, 2016 by Elma Jane
The shift to EMV is helping to address vulnerabilities in the United States payments ecosystem. It has been shown that EMV can deliver benefits as a part of industry efforts to combat fraud.
EMV migration is a critical focus for enhancing payments security, which is why the current efforts around chip card deployment are greatly beneficial for consumers and merchants alike. EMV technology helps to reduce counterfeit card fraud, as it generates dynamic data with each payment to authenticate the card, after which the cardholder is prompted to sign or enter a PIN to confirm their identity.
The EMV rollout represents a dynamic time for card payments that promises great advances, among them is enhanced security for cardholders. It also presents an opportunity to consider other innovations such as mobile wallets and mobile POS to further engage your customers and drive customer loyalty. When merchants continue to invest in EMV and NFC (near field communications, used for tap-and-pay transactions), the purchases made at their EMV-enabled terminals are made more secure than magnetic stripe.
New mobile payment options such as mobile wallets support EMV and therefore offer this added layer of security. Ultimately, by enabling contactless payments, merchants can also enable more flexibility in addition to increasing security for their customers.
Additionally, industry players are backing major mobile wallets, such as Android Pay, Apple Pay, and Samsung Pay.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Smartphone Tagged with: card, cardholder, chip card, consumers, contactless payments, customers, data, EMV, fraud, magnetic stripe, merchants, mobile, mobile payment, mobile wallets, near field communications, nfc, payments, PIN, POS, Security, terminals, transactions
January 27th, 2016 by Elma Jane
Fighting chargebacks is important to business. Whether you process transactions at a point of sale location or operate an e-Commerce business making sure you have implemented a process to dispute your chargebacks is critical.
Basic concepts that can be used to begin learning how to dispute chargebacks for Visa and MasterCard transactions:
Keep accurate records of data that is easily accessible. Keeping track of your sales and products have a much easier time in collecting the information necessary to combat a chargeback.
Act quickly. Don’t wait until you only have a few days left to respond to a chargeback or retrieval request. Responding in a timely fashion shows your processor that this is of concern to you and that you’re taking matters seriously.
Create chargeback packets or templates. These allow you to quickly input specific relevant transaction information to support your view of the transaction being valid. Packets should include documents that support your case against the chargeback.
Compile and submit your packet to your processor in the form that is most convenient for both you and them. Make sure the packet has the original chargeback documents attached as well as your packet with supporting documents.
Monitor your chargebacks to see which ones you’re successful on and which you’re not. This will help you understand what processes are work for each specific chargeback type.
Posted in Best Practices for Merchants Tagged with: chargebacks, data, processor, transactions
January 21st, 2016 by Elma Jane
HYATT DATA BREACH HITS 250 HOTELS WORLDWIDE
Hyatt hotel company noted that the breach that occurred over the course of almost four months hit 250 different hotels over the span of about 50 countries.
The breach covered payment card data from the cards used at various Hyatt hotels in that range of dates, reports note, and most of the breaches seem to have hit at hotel restaurants. Those who also hit the spas at Hyatt, along with front desks, gold shops, and even parking structures may also have been impacted by the breach.
The company couldn’t confirm how long the network was vulnerable nor if any payment card data had actually been stolen.
Perimeter Defense where data is protected with passwords and firewalls and the like is fine and well, but more needs to be put into protecting the data in the event someone clears security.
Encrypting Data is a great step to take, assuming someone manages to clear the perimeter, the encryption makes the data itself much more difficult to access and use. So while perimeter defense keeps unauthorized users away from data, encryption keeps those who reach the data from being able to readily read it.
Data Security is something none of us can take for granted, so doing what we can to protect that data being vigilant about statements, putting up proper security, encrypting data all of these contribute to better protected data and a safer time online.
Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: card data, cards, data, online, payment, Security
January 12th, 2016 by Elma Jane
Can we securely store card data for recurring billing?
PCI DSS discourages businesses from storing credit card data, Merchants feel the practice is necessary in order to facilitate recurring payments.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
In order for the electronic storage of cardholder data to be PCI Compliant, appropriate encryption must be applied to the primary account number (PAN). In this situation, the numbers in the electronic file should be encrypted.
All PCI controls would apply to the environment in which the cardholder data is transmitted and stored. Tokenization can be implemented for recurring and/or delayed transactions. Travel Merchants and or Storage Facility could use this feature to help reduce the need for electronically stored cardholder data while still maintaining current business processes.
The best thing you can do for your business is to not store any cardholder data or personally identifiable information.
Tomorrow let’s tackle Encryption and Tokenization a strong combination to protect card data while reducing the cost of compliance!
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Payment Card Industry PCI Security, Travel Agency Agents, Visa MasterCard American Express Tagged with: cardholder data, credit card, data, merchants, payments, Security, tokenization, transactions, travel
December 28th, 2015 by Elma Jane
Major data breaches were acknowledged by another hotel chain and another brand popular with kids.
Hyatt discovered the intrusion on Nov. 30, which targeted Hyatt-managed properties (not those owned by franchisees), but did not disclose exactly how many properties were affected or how many records may have been exposed. The malware used in the attack targeted payment-card information including cardholder names, PANs, expiration date and CVV/CVC information.
Separately, a security researcher discovered a leaked database from Sanrio, the Japanese company that designs, licenses and produces the popular hello Kitty character. The database reportedly contains account data for 3.3 million users of Sanriotown.com and other Sanrio-owned Websites including hellokitty.com. The company has not yet acknowledged the extent of the breach publicly but said it is investigating.
If so, it is the second network intrusion made public putting the personal information of young people at risk after the Vtech Toy Company Data Breached. Almost 5 million parents and more than 200,000 kids was exposed. The hacked data includes names, email addresses, passwords, and home addresses of 4,833,678 parents who have bought products sold by VTech.
Posted in Best Practices for Merchants Tagged with: card, card information, data, data breaches, payment
December 18th, 2015 by Elma Jane
A leading provider of mobile point of sale and mobile payment technology, published today the EMV Migration Tracker.
Many merchants have deployed EMV capable terminals while cardholders have received cards with EMV chips, but not much data has been published about the real world use of EMV chip card technology in the U.S. Most published statistics rely on surveys or forecasts rather than real transactional data.
The EMV Migration Tracker shows new data and insights since the October 1 liability shift, including:
- Over 50% of all cards in use now have EMV chips on them. From October to November, the percent grew 5% as banks and card issuers accelerated their rollout of new chip cards.
- Over 83% of American Express cards have EMV chips, while Discover lags at 40%
- Over 63% of the cards used in Hawaii have EMV chips, but Mississippi sees just 11% penetration of chip cards.
While EMV chip card technology has been implemented in Europe years ago, the rollout of EMV in the U.S is just beginning. The rollout came earlier this year with the October 1 liability shift in card present transaction, meaning that merchants who have not upgraded their POS system can become liable for counterfeit card fraud losses that occur at their stores. This is an early step in an ongoing process that the Payments Security Task Force predicts will lead to 98 percent of U.S. credit and debit cards containing EMV chips by the end of 2017.
http://www.finextra.com/news/announcement.aspx?pressreleaseid=62506
Posted in Best Practices for Merchants Tagged with: American Express, banks, card issuers, card present, card technology, cardholders, chip cards, credit, data, debit, Discover, EMV, EMV chips, merchants, mobile payment, mobile point of sale, payment technology, point of sale, POS, provider
October 29th, 2015 by Elma Jane
What is Identity Theft?
Identity theft and identity fraud are terms used to refer to all types of crimes in which someone wrongfully obtains and uses another person’s personal data.
Basic categories of identity theft:
Account Takeover Fraud – is one of the two basic forms of financial identity theft, it occurs when a fraudster obtains and uses a victim’s personal information to take control of existing bank or credit card accounts and carries out unauthorized transactions right at a point of sale or access individual accounts online. Victims are often the first to detect account takeover when they discover charges on monthly statements they did not authorize or funds depleted from existing accounts.
Business or commercial identity theft – entails using a business’ name to obtain credit or even billing a business’ clients for products and services. Business identity theft can go on for years undetected.
Criminal identity theft – occurs when an imposter gives another person’s name and personal information such as drivers’ license, date of birth, or Social Security Number to a law enforcement officer during an investigation or upon arrest.
Identity cloning – some people use identity theft and identity cloning interchangeably, but definitely are not the same thing. True identity clones pretends to be you, they want to assume your identity. They want to become YOU.
Medical identity theft – occurs when someone steals your personal information (like name, Social Security Number or MediCare Number) to obtain medical care in your name. Medical identity theft can damage your credit rating.
New Account Fraud – means using another’s personal identifying information to obtain products and services. New credit card accounts is the most prevalent form of new account fraud. Because the thief is likely to use a different mailing address, the victim never sees the bill for the new account. When this type of fraud involves a credit card, once the new plastic is issued, the criminal turns it into cash very quickly. Victims may also be denied credit as a result of applying for loans.
Posted in Best Practices for Merchants Tagged with: bank, credit, credit card, data, fraud, medical, Medicare, point of sale, transactions
October 23rd, 2015 by Elma Jane
Loyalty programs continue to change and evolve, with the new and more powerful technology available today, rewarding customers is becoming easier and more targeted.
If you’re starting a new loyalty program or looking to maximize an existing one check this out.
Communication Is Key
Consumer-facing technology is playing a big role in today’s loyalty and rewards programs. Communication with customers is one of the most important marketing tools in loyalty, including digital coupons, direct communication and mobile payment via smartphones and apps.
Keep It Simple
The message to the customer should be simple, as loyalty and rewards programs may be complex and detailed on the backend. Employees should be able to easily communicate how the program works and it should be easy for consumers to understand.
Make It Mobile
Mobile apps, can connect with loyal customers on the go, and utilize messaging and notifications to communicate relevant promotions. The next wave of mobile will be mobile wallet integration, utilizing the big platforms like Google Pay and Apple Pay.
Personalize Offers
Loyalty and rewards programs are becoming more personal. With data and analytics can target promotions and offers based on customer behavior.
Top-Down Approach
When launching or building a loyalty or rewards program, companies need to get everyone on board, explain the goals of the program and what it will look like for customers. Everyone should understand the program and how it works.
For more information about Loyalty Rewards Program and Gift Card Processing you can give us a call now at 888-996-2273 or go to https://www.nationaltransaction.com/merchant-services/gift-card-loyalty-rewards-processing.html
Posted in Best Practices for Merchants, Gift & Loyalty Card Processing Tagged with: Apple Pay, data, Google Pay, Loyalty Rewards Programs, mobile payment, mobile wallet