PCI COMPLIANCE
November 3rd, 2015 by Elma Jane

While EMV represents a significant improvement in the way credit/debit card fraud is detected and prevented, some have confused EMV’s capabilities with the concepts of data security and PCI compliance.

Does EMV override PCI?

The answer is NO, EMV technology does not satisfy any PCI requirements, nor does it reduce PCI scope.

  • EMV is counterfeit card fraud protection – it makes it more difficult to make use of stolen card data.
  • EMV is not encryption – EMV does not encrypt the Primary Account Number (PAN) and therefore the card data must still be protected according to PCI guidelines.
  • EMV only works for card present transactions.

If your business accepts credit or debit cards in a physical store or other face-to-face setting, you will need to implement the EMV technology and PCI standards. If you upgrade your terminals for EMV, consider adding point-to-point encryption (P2PE) capabilities to reduce PCI scope and protect data end to end. In addition, using tokens after authorization can prevent the card data from being used, should it be stolen.

 

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , ,

Debit
October 27th, 2015 by Elma Jane

If there’s an unauthorized charge made on your credit card account, no money is taken from you. There’s no immediate financial hit while you straighten things out. But if someone gets hold of your debit card information, your bank account will be drained depending on the nature of the transaction.

Differences between a credit card and a debit card:

Debit cards fall under a different federal law than credit cards. Regulation E, the Electronic Fund Transfer Act, says after two days, you could be liable for up to $50. After 2 days liability jumps to 500.00. Beyond 60 days, you could be liable for all unauthorized transactions. Otherwise, federal rules are on the bank’s side. Beyond 60 days, there’s likelihood you’ll never see your money again.

Federal law protects you from unauthorized charges made with your credit card number rather than with the actual card. In the event the credit card is in a thief’s hands, you’ll be liable, but only for a maximum of $50, provided you report the problem to the credit card company. However, in many cases a zero liability policy may kick in.

There are many things that can go wrong. Best solution is to pay close attention to your statements, online or via a mobile app, frequently. Report if there’s a malicious transaction.

 

 

Posted in Best Practices for Merchants, Credit Card Security Tagged with: , , , , ,

July 30th, 2015 by Elma Jane

Converge Powers Potential          Converge Logo

Over the next several weeks, we’ll focus on a series of topics to hopefully provide a better understanding of the payment capabilities

Converge can bring you customers. In this article, we’ll zoom in on the card-present product enhancements of Converge first, including bringing EMV and mobile wallet capabilities to in-person payments, and ultimately VirtualMerchant Mobile later this year.

converge graphics

New Peripherals Added to Converge – Ingenico iSC250 and Star                                 Micronics TSP650II Printer

Ingenico iSC250 Signature-Capture PIN Pad – is a signature-capture PIN pad offering the ability to accept PIN-based transactions, like debit card and Electronic Benefit Transfer (EBT), as well as EMV chip card and mobile wallet payments.

The iSC250 will initially ship EMV-capable meaning it’s physically configured with a slot to accept an EMV chip card, but it does not yet have the EMV application to process a chip card transaction.

A simple download process later in the year will allow customers to accept chip cards. The good news is customers can accept NFC contactless payments right away, including Apple Pay and Google Wallet.

Key features of the Ingenico iSC250 include:

  • EMV-capable smart card reader to support EMV chip cards; EMV-enabled with a download later in the year
  • NFC-enabled for contactless cards and Apple Pay and Google Wallet mobile wallets
  • Magnetic stripe capture for all standard mag stripe cards
  • Encryption technology to help secure cardholder data at point of entry and throughout the payment network
  • Signature Area Display for signature capture with electronic stylus
  • Bright color 4.3″ display and backlit key pad for ease of use

Star Micronics TSP650III:

In addition to the new iSC250PIN pad, a new USB printer were also added to the lineup of Converge supported peripherals, the Star Micronics TSP650II receipt printer. Now customers have two options for thermal receipt printing!

ConvergeConnect Makes Device Setup a Snap

A new peripheral and device management software called ConvergeConnect to make it easier for your customers to setup their devices quickly as well as add additional peripherals as their business needs grow. It will be the go-forward device management application, and we’ll be able to bring more and more EMV and NFC devices to market faster, giving our customers even more in-store payment processing options.

Legacy peripherals, like magnetic stripe card readers, check imagers and the Epson ReadyPrint T20 printer will continue to be managed using the Device Assistant.

Customers may have to use both ConvergeConnect and Device Assistant depending on their peripheral configuration.

A new Peripheral Device Installation and Setup Guide was developed to help customers install and manage their peripherals for both applications.

Converge Mobile with EMV on the Horizon

Work continues on the new VirtualMerchant Mobile app to be branded as Converge Mobile, and releasing the Ingenico iCMP in the third quarter. The Ingenico iCMP accepts EMV and NFC transactions, including contactless cards and mobile wallets, like Apple Pay. Stay tuned as more information becomes available.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, EMV EuroPay MasterCard Visa, Mobile Payments, Near Field Communication Tagged with: , , , , , , , , , , , , , , , , , ,

July 23rd, 2015 by Elma Jane

11237919_953691038016869_6612538874204982877_n

The digital payments landscape is changing at a rapid pace. Consumers are finally adopting digital wallets, like Apple Pay and Android Pay.

The deadline for merchants to become EMV compliant, the global standard that covers the processing of credit and debit card payments using a card that contains a microprocessor chip, is quickly approaching.

Today’s consumers show an increasing desire to use new payment methods because they’re convenient. However, this presents a challenge to merchants, as many have not made the switch to the modern technology required to accept these methods since they’re generally hard-wired to resist technology changes.

Merchants must evolve with technology or they’ll find themselves unable to compete and in danger of losing customers.

Looking long term, the benefits of adopting new payment technology will outweigh the cost of transitioning. The fact is that new payment technology will reduce fraud risk due to counterfeit cards, provide greater insight into shoppers with sophisticated data and will ultimately lower costs for merchants over time.

The value merchants will get out of new payment methods: 

Security

Investing in new payment technology will help reduce the risk of fraud. EMV, as an example. Beginning in October 2015, merchants and the financial institutions that have made investments in EMV will be protected from financial fraud liability for card-present fraud losses for both counterfeit, lost, stolen and non-receipt fraud.

EMV is already a standard in Europe, where fraud is on the decline. In turn, American credit card issuers are being pressured to replace easily hacked magnetic strips on cards with more secure “chip-and-PIN” technology. Europe has been using Chip, and Chip & Pin for years.

There’s nothing that can guarantee 100 percent security, but when EMV is coupled with other payment innovations, like tokenization that separate the customer’s identity from the payment, much of the cost and risk of identity theft is eliminated. If hackers get access to the token, all they get is information from one transaction. They don’t have access to credit card numbers or banking accounts, so the damage that can be done is minimal.

As card fraud rises, there’s a strong case to upgrade to a payment system that works with a smartphone or tablet and accepts both EMV chip cards and tokens.

Insight into Customer Behavior

In addition to added security, upgrading to new payment technology opens up a door to greater customer insights, improved consumer engagement and enables merchants to grow revenue by providing customers with receipts, rewards, points and coupons. By collecting marketing data at the point of sale a business can save on that data that they only dreamed of buying.

Investment Outweighs the Cost

New technology does have upfront costs, but merchants need to think about it as an investment that will grow top-line revenue. Beware of providers offering free hardware. Business can benefit by doing some research on the actual cost of the hardware.

By increasing security, merchants are further enabling mobile and emerging technologies, which will make shopping easier.

Customers will also be more confident in using their cards.

As an added bonus to merchants, most EMV-enabled POS equipment will include contactless technology, allowing merchants to accept contactless and mobile payments. This will result in a quicker check-out experience so merchants can handle more transactions.

Faster customer checkout.                                               

The best system for is the one that makes the merchant as efficient and profitable as possible, as well as improves the customer checkout experience.

Retail climate is competitive, merchants have two choices:

Do nothing or embrace the fact that payments are changing. Transitions from old systems to new ones require work and risk, but merchants who use modern technology are investing in the future and will certainly outperform those who choose to do nothing.

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Mobile Payments, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , ,

June 25th, 2015 by Elma Jane

A product or service using a credit card or debit card should be efficient, fast and most importantly safe. There are a lot of regulations in place to make sure that the processing of payments using a card is safe and secure. One of the way is the EMV (Europay, MasterCard and Visa) technology, where payment cards used in an ATM and POS Terminals have been embedded with microchips. This form of payment technology has long been in use and is widely accepted in many regions such as Europe, Canada and Asia Pacific. The US, which is considered to be the largest number of plastic card users is one of the countries that have not yet fully optimized this otherwise global standard.

Advantages Of EMV  – EMV embedded chip is a lot more secure than the traditional magnetic stripe, especially when it comes to face-to-face credit/debit card transactions. Credit card fraud is rampant, but using this embedded chip has added another layer of protection against consumer fraud. Once the card has been inserted into a terminal, the payment will then be authenticated and processed using the EMV network. The chip within the card is hard to duplicate.

What Does This Mean For Your Business? – You will create more credibility and garner more customers in the market place by utilizing this more safe and secure payment method. There will be increased in consumer confidence.

What Happens When You Don’t Upgrade? – There is a Liability Shift. Currently, If a payment processing transaction has been approved and it turns out to be fraud, it’s the card issuer loss. With the new rule, liability shifts to merchants who has not implemented the EMV technology. When fraud happens, the responsibility falls on the business owner who makes the transaction.

How To Prepare Your Business For EMV? – Upgrade your terminal. Contact National transaction and we’ll help you prepare your business for the EMV migration.

Upgrading your current payment processing system is easy with NTC.

Give Us A Call Now! 888-996-2273

Check our website http://nationaltransaction.com click Demos and Videos to learn more!

          

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , ,

April 6th, 2015 by Elma Jane

Merchant Cash Advance – A lump-sum payment to a business in exchange for an agreed-upon percentage of future credit card and/or debit card sales. The term is now commonly used to describe a variety of small business financing options characterized by short payment terms (generally under 24 months) and small regular payments (typically paid each business day) as opposed to the larger monthly payments and longer payment terms associated with traditional bank loans.

Merchant Cash Advance companies, provide funds to businesses in exchange for a percentage of the businesses daily credit card income, directly from the processor that clears and settles the credit card payment. A company’s remittances are drawn from customers’ debit-and credit-card purchases on a daily basis until the obligation has been met. Most providers form partnerships with payment processors and then take a fixed variable percentage of a merchant’s future credit card sales.

The Term Merchant Cash Advance – may be used to describe purchases of future credit card sales receivables, revenue and receivables factoring or short-term business loans.

This structure has some advantage over the structure of a conventional loan. Most importantly, payments to the merchant cash advance company fluctuate directly with the merchant’s sales volumes, giving the merchant greater flexibility with which to manage their cash flow, particularly during a slow season. Advances are processed quicker than a typical type loan, giving borrowers quicker access to capital. Also, because MCA providers like typically give more weight to the underlying performance of a business who may not qualify for a conventional loan.

Merchant Cash Advances are often used by businesses that do not qualify for regular bank loans, and are generally more expensive than bank loans. Competition and innovation led to downward pressure on rates and terms are now more closely correlated with an applicant’s FICO score.

There are generally three different repayment methods:

Split withholding – when the credit card processing company automatically splits the credit card sales between the business and the finance company per the agreed portion. The most common preferred method of collecting funds for both the clients and finance companies since it is seamless.

Lock box or trust bank account withholding – all of the business’s credit card sales are deposited into bank account controlled by the finance company and then the agreed upon portion is forwarded onto the business via ACH, EFT or wire. The least preferred method since it results in a one-day delay in the business receiving the proceeds of their credit card sales.

ACH withholding – when structured as a sale, the finance company receives the credit card processing information and deducts its portion directly from the business’s checking account via ACH. When structured as a loan, the finance company debits a fixed amount daily regardless of business sales.

Posted in Best Practices for Merchants, Financial Services, Merchant Account Services News Articles, Merchant Cash Advance, Merchant Services Account Tagged with: , , , , , , , , , , , , , ,

March 17th, 2015 by Elma Jane

Merchant Cash Advance – A lump-sum payment to a business in exchange for an agreed-upon percentage of future credit card and/or debit card sales. The term is now commonly used to describe a variety of small business financing options characterized by short payment terms (generally under 24 months) and small regular payments (typically paid each business day) as opposed to the larger monthly payments and longer payment terms associated with traditional bank loans. The term Merchant Cash Advance may be used to describe purchases of future credit card sales receivables, revenue and receivables factoring or short-term business loans.

Merchant Cash Advance companies, provide funds to businesses in exchange for a percentage of the businesses daily credit card income, directly from the processor that clears and settles the credit card payment. A company’s remittances are drawn from customers’ debit-and credit-card purchases on a daily basis until the obligation has been met. Most providers form partnerships with payment processors and then take a fixed variable percentage of a merchant’s future credit card sales.

These Merchant Cash Advances are not loans – rather, they are a sale of a portion of future credit and/or debit card sales.

This structure has some advantage over the structure of a conventional loan. Most importantly, payments to the merchant cash advance company fluctuate directly with the merchant’s sales volumes, giving the merchant greater flexibility with which to manage their cash flow, particularly during a slow season. Advances are processed quicker than a typical type loan, giving borrowers quicker access to capital. Also, because MCA providers like typically give more weight to the underlying performance of a business who may not qualify for a conventional loan.

Merchant Cash Advances are often used by businesses that do not qualify for regular bank loans, and are generally more expensive than bank loans. Competition and innovation led to downward pressure on rates and terms are now more closely correlated with an applicant’s FICO score.

There are generally three different repayment methods:

Split withholding – when the credit card processing company automatically splits the credit card sales between the business and the finance company per the agreed portion. The most common preferred method of collecting funds for both the clients and finance companies since it is seamless.

Lock box or trust bank account withholding – all of the business’s credit card sales are deposited into bank account controlled by the finance company and then the agreed upon portion is forwarded onto the business via ACH, EFT or wire. The least preferred method since it results in a one-day delay in the business receiving the proceeds of their credit card sales.

ACH withholding – when structured as a sale, the finance company receives the credit card processing information and deducts its portion directly from the business’s checking account via ACH. When structured as a loan, the finance company debits a fixed amount daily regardless of business sales.

 

 

 

 

Posted in Best Practices for Merchants, Merchant Account Services News Articles, Merchant Cash Advance Tagged with: , , , , , , , , , , , , , ,

October 1st, 2014 by Elma Jane

Approximately $350 billion in housing rent is written out on checks or given in cash annually and until now more than 90 million renters in the U.S. didn’t have an option to use their credit or debit card to pay their rent. RadPad wants to be that option. The service works by allowing users to sign up and link their debit or credit card to their account, then asks for the Landlords mailing address and email, which presumably allows to mail the check to the Landlord. By saving the payments to the customers RadPad profile, Renters Can conceivably improve their credit score. Moreover, it allows roommates or others who split rent to pay communally. They can get both terms to go mainstream by letting people pay their rent by phone.

Posted in Best Practices for Merchants, Mobile Payments Tagged with: , , , , , , , , , , , ,

September 24th, 2014 by Elma Jane

The CVV Number (Card Verification Value) on your credit card or debit card is a 3 digit number on VISA, MasterCard and Discover branded credit and debit cards. On your American Express branded credit or debit card it is a 4 digit numeric code.

The codes have different names:

American Express – CID or unique card code.

Debit Card – CSC or card security code.

Discover  – card identification number (CID)

Master Card – card validation code (CVC2)

Visa  – card verification value (CVV2) 

CVV numbers are NOT your card’s secret PIN (Personal Identification Number).

You should never enter your PIN number when asked to provide your CVV. (PIN numbers allow you to use your credit or debit card at an ATM or when making an in-person purchase with your debit card or a cash advance with any credit card.)

Types of security codes:

CVC1 or CVV1, is encoded on track-2 of the magnetic stripe  of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.

The most cited, is CVV2 or CVC2. This code is often sought by merchants for card not present transactions occurring by mail or fax or over the telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.

Contactless card and chip cards may supply their own codes generated electronically, such as iCVV or Dynamic CVV.

Code Location:

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card. On American Express cards, the card security code is the four digits printed (not embossed) on the front towards the right. The card security code is not encoded on the magnetic stripe but is printed flat.

American Express cards have a four-digit code printed on the front side of the card above the number.

MasterCard, Visa, Diners Club,  Discover, and JCB credit and debit cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.

New North American MasterCard and Visa cards feature the code in a separate panel to the right of the signature strip. This has been done to prevent overwriting of the numbers by signing the card.

Benefits when it comes to security:

As a security measure, merchants who require the CVV2 for card not present payment card transactions are required by the card issuer not to store the CVV2 once the individual transaction is authorized and completed. This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful. Virtual Terminals and payment gateways do not store the CVV2 code, therefore employees and customer service representatives with access to these web-based payment interfaces who otherwise have access to complete card numbers, expiration dates, and other information still lack the CVV2 code.

The Payment Card Industry Data Security Standard (PCI DSS) also prohibits the storage of CSC (and other sensitive authorization data) post transaction authorization. This applies globally to anyone who stores, processes or transmits card holder data. Since the CSC is not contained on the magnetic stripe of the card, it is not typically included in the transaction when the card is used face to face at a merchant. However, some merchants in North America require the code. For American Express cards, this has been an invariable practice (for card not present transactions) in European Union (EU) states like Ireland and the United Kingdom since the start of 2005. This provides a level of protection to the bank/cardholder, in that a fraudulent merchant or employee cannot simply capture the magnetic stripe details of a card and use them later for card not present  purchases over the phone, mail order or Internet. To do this, a merchant or its employee would also have to note the CVV2 visually and record it, which is more likely to arouse the cardholder’s suspicion.

Supplying the CSC code in a transaction is intended to verify that the customer has the card in their possession. Knowledge of the code proves that the customer has seen the card, or has seen a record made by somebody who saw the card.

 

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 2nd, 2014 by Elma Jane

While Apple doesn’t talk about future products,latest report that the next iPhone would include mobile-payment capabilities powered by a short-distance wireless technology called near-field communication or NFC. Apple is hosting an event on September 9th, that’s widely expected to be the debut of the next iPhone or iPhones. Mobile payments, or the notion that you can pay for goods and services at the checkout with your smartphone, may finally break into the mainstream if Apple and the iPhone 6 get involved.

Apple’s embrace of mobile payments would represent a watershed moment for how people pay at drugstores, supermarkets or for cabs. The technology and capability to pay with a tap of your mobile device has been around for years, you can tap an NFC-enabled Samsung Galaxy S5 or NFC-enabled credit card at point-of-sale terminals found at many Walgreen drugstores, but awareness and usage remain low.  Apple has again the opportunity to transform, disrupt and reshape an entire business sector. It is hard to overestimate what impact Apple could have if it really wants to play in the payments market.

Apple won’t be the first to enter the mobile-payments arena. Google introduced its Google Wallet service in May 2011. The wireless carriers formed their joint venture with the intent to create a platform for mobile payments. Apple tends to stay away from new technologies until it has had a chance to smooth out the kinks. It was two years behind some smartphones in offering an iPhone that could tap into the faster LTE wireless network. NFC was rumored to be included in at least the last two iPhones and could finally make its appearance in the iPhone 6. The technology will be the linchpin to enabling transactions at the checkout.

Struggles

The notion of turning smartphones into true digital wallets including the ability to pay at the register, has been hyped up for years. But so far, it’s been more promise than results. There have been many technical hurdles to making mobile devices an alternative to cash, checks, and credit cards. NFC technology has to be included in both the smartphone and the point-of-sale terminal to work, and it’s been a slow process getting NFC chips into more equipment. NFC has largely been relegated to a feature found on higher-end smartphones such as the Galaxy S5 or the Nexus 5. There’s also confusion on both sides, the merchant and the customer, on how the tech works and why tapping your smartphone on a checkout machine is any faster, better or easier than swiping a card. There’s a chicken-and-egg problem between lack of user adoption and lack of retailer adoption. It’s one reason why even powerhouses such as Google have struggled. Despite a splashy launch of its digital wallet and payment service more than three years ago, Google hasn’t won mainstream acceptance or even awareness  for its mobile wallet. Google hasn’t said how many people are using Google Wallet, but a look at its page on the Google Play store lists more than 47,000 reviews giving it an average of a four-star rating.

The Puzzle

Apple has quietly built the foundation to its mobile-payment service in Passbook, an app introduced two years ago in its iOS software and released as a feature with the iPhone 4S. Passbook has so far served as a repository for airline tickets, membership cards, and credit card statements. While it started out with just a handful of compatible apps, Passbook works with apps from Delta, Starbucks, Fandango, The Home Depot, and more. But it could potentially be more powerful. Apple’s already made great inroads with Passbook, it could totally crack open the mobile payments space in the US. Apple could make up a fifth of the share of the mobile-payment transactions in a short few months after the launch. The company also has the credit or debit card information for virtually all of its customers thanks to its iTunes service, so it doesn’t have to go the extra step of asking people to sign up for a new service. That takes away one of the biggest hurdles to adoption. The last piece of the mobile-payments puzzle with the iPhone is the fingerprint recognition sensor Apple added into last year’s iPhone 5S. That sensor will almost certainly make its way to the upcoming iPhone 6. The fingerprint sensor, which Apple obtained through its acquisition of Authentic in 2012, could serve as a quick and secure way of verifying purchases, not just through online purchases, but large transactions made at big-box retailers such as Best Buy. Today, you can use the fingerprint sensor to quickly buy content from Apple’s iTunes, App and iBooks stores.

The bigger win for Apple is the services and features it could add on to a simple transaction, if it’s successful in raising the awareness of a form of payment that has been quietly lingering for years. Google had previously seen mobile payments as the optimal location for targeted advertisements and offers. It’s those services and features that ultimately matter in the end, replacing a simple credit card swipe isn’t that big of a deal.

 

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,