October 26th, 2015 by Elma Jane
End Of Life (EOL) terminals are terminals that are no longer produced by the manufacturer, but are still commonly in use today, some of these terminals may be considered obsolete.
If you’re a merchant having trouble with your Hypercom/Equinox 4200 series terminals and they have stopped working or you’re receiving an error message such as Security Error please call your service provider to discuss available options. This is an industry-wide outage that potentially affects all Hypercom/Equinox users.
Now’s a great time to upgrade If you haven’t already, you will need to adopt point-of-sale devices with NFC/contactless readers where you can accept Apple Pay, Android Pay and other contactless device in your business. National Transaction Terminals are EMV/NFC/Contactless readers capable! Give us a call now! at 888-996-2273 or visit our website www.nationaltransaction.com
Posted in Best Practices for Merchants Tagged with: Android Pay, Apple Pay, contactless readers, EMV, Equinox, hypercom, merchant, nfc, point of sale, terminal
October 22nd, 2015 by Elma Jane
Adoption of EMV technology in the U.S is important, because it provides protection against losses from counterfeit cards.
EMV, or chip cards, are the standard for secure point-of-sale (POS) transactions. Unlike magnetic stripe cards, chip cards are very difficult to counterfeit because of an embedded microchip that exchanges unique, dynamic data with a terminal each time it’s used.
To encourage the timely adoption of EMV, the leading payment networks have implemented an EMV Fraud Liability Shift that began in October 2015.
Both parties, card issuer and the merchant need to invest with EMV technology. If only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.
For the card issuer, they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.
For the merchant, an EMV capable terminals or POS hardware that can take advantage of the card’s security chip is needed.
With any new technology, there is a learning curve, and here are the things that you need to know.
For cardholders – with a chip card instead of swiping your card, you are going to do what is called card dipping; by inserting your card face-up and chip-first into the terminal slot. Wait and follow the terminal prompts, and only remove your card once the transaction is complete.
If you did a swipe on a chip card, an EMV-enabled terminal should prompt you to insert the card instead. If the terminal is not enabled for chip, you can still be able to swipe your card.
Employees will benefit from training – Once a merchant enables their EMV terminals, it is important to train your staff with talking points about why chip cards benefit consumers with greater security, and how they are used by helping customers with the new checkout process.
New mobile payment methods leverage both EMV and NFC, so the industry is now seeing greater interest in mobile payments among merchants and consumers.
There’s a lot of resources out there to help businesses make the transition with this EMV technology.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication Tagged with: card issuer, chip cards, debit cards, EMV, magnetic stripe, merchants, microchip, Mobile Payments, nfc, payment networks, point of sale, POS, terminal slot
October 20th, 2015 by Elma Jane
We’ve covered a lot about EMV, but what about improving security for online and Card-Not-Present transactions? That’s where 3-D Secure comes in.
3-D Secure allows a card holder to authenticate himself while making an online payment.
In a traditional credit card transaction, a payment request is presented to the issuing bank for authorization. The Issuing bank authorizes the transaction based solely on the funds available to the card holder.
With card present, the magnetic strip on the card can be read and a signature collected. This process has now been largely superseded by Chip and PIN which gives the card holder the opportunity to identify himself via a secret PIN code.
An E-commerce transaction is conducted online, without the possibility to access the card physically. Un-authorized usage and fraud are therefore more likely.
3-D Secure allows transactions to be conducted in safety online, greatly reducing the risk of fraud and chargebacks.
How 3-D Secure Works?
When a payment request arrives at the merchant or payment gateway, the Merchant Plug In (MPI) component is activated. The MPI talks to Visa or MasterCard to check if the card is enrolled for 3-D Secure. If the card is not enrolled, this means that either the bank that issued the card is not yet supporting 3-D Secure or it means that the card holder has not yet been registered for the service. If the card is enrolled, the MPI will redirect the card holder to the 3-D Secure authentication web page for the issuing bank; the card holder will then identify himself. The MPI will evaluate the reply from the bank and, if successful, allow the transaction to proceed for authorization. The transaction could still fail for lack of funds or other reasons but is more likely to be approved because of the authentication.
3-D Secure allows 3 domains to work together.
Domain 1: The card holder has the peace of mind that his card is not used without his authorization.
Domain 2: Merchants are protected from fraud and can provide the product and service without delay or extra costs.
Domain 3: Banks see that the transaction has been authenticated and are more likely to approve the transaction, to the convenience of the card holder.
Implementation of 3-D Secure:
Visa is called Verified by Visa.
MasterCard is called Secure Code.
Amex is called SafeKey.
JCB is called J/Secure.
Posted in Best Practices for Merchants, e-commerce & m-commerce, Internet Payment Gateway Tagged with: 3-D Secure, amex, card holder, card present, card-not-present, chargebacks, Chip and PIN, credit card, ecommerce, EMV, fraud, jcb, magnetic strip, MasterCard, merchant, online payment, payment gateway, pin code, visa
October 19th, 2015 by Elma Jane
If you’re a merchant accepting credit cards, you’re probably aware that things are changing. As of October 1st, 2015, merchants are now liable for any fraudulent activity that occurs as a result of non-EMV-compliant. For those Merchants who haven’t yet updated their POS terminal, you need to talk with your processor to get a new equipment.
Things Merchant should know to be EMV ready:
What is EMV Chip Cards? Chip Cards are standard bank cards that are embedded with a micro-computer chip. Some may require a PIN instead of a signature to complete the transaction process. The new cards will still have magnetic stripes, at least for the time being, so you technically can continue to process payments with the same old equipment you’ve been using for years. But by refusing to upgrade your hardware, you are taking on responsibility for any fraud that might have otherwise been prevented with the new technology.
How does EMV Chip Cards Work? Instead of swiping your card, you are going to do what is called card dipping, which means inserting your card into a terminal slot and waiting for it to process.
When a Chip Card or EMV Card is dipped, data flows between the card chip and the issuing financial institution to verify the card’s legitimacy and create the unique transaction data.
This process isn’t as quick as a magnetic-stripe swipe. It will take a little longer for that transmission of data.
What Must a Merchant Do? For merchants and financial institutions, the switch to EMV chip cards means adding new in-store technology and internal processing systems, and complying with new liability rules. Merchants who have not yet purchased new POS Terminal may be held liable for fraud as of October 1st, 2015. Implementing EMV technology isn’t an option, it’s a necessity. If you are one of those in the retail business or retailers using mobile payment devices who missed the Oct. 1st deadline, you are already at risk. Upgrading should be a top priority.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: bank cards, chip cards, credit cards, data, EMV, financial institutions, magnetic stripes, merchant, mobile payment, PIN, POS terminal, processor, retail business, terminal slot
October 19th, 2015 by Elma Jane
Small merchants don’t consider themselves at risk for a cyberattack. But Cybercriminals thrive on data about employees, customers, bank accounts and many other types of information any small business would carry, with fewer resources than large firms, small businesses are especially at risk for attacks.
Here are Steps to find out to make your business more cybersecure:
Employ best practices on payment cards – Credit card companies are now shifting from magnetic-strip payment cards to safer, more secure chip card EMV Technology. Are you ready for the shift? Now is the time, you should work with your banks and processors to ensure you’re using the most trusted and validated anti-fraud services. You may also have additional security obligations pursuant to agreements with your bank or processor. You should isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
Educate employees about cyberthreats – Educate your employers about online threats and how to protect your organization’s data, including safe use of social networking sites.
Protect against viruses, spyware, and other malicious code – Make sure all of your organization’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.
Require employees to use strong passwords and to change them often – Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
Secure your networks – Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
No one can guarantee your safety from a cyberattack, appropriate planning makes a big difference. By using these tips and resources, you can help promote the safety of your employees, customers, and the future success of your small business.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: bank accounts, banks, chip card, credit card, data, EMV, magnetic strip, merchants, payment cards, payment systems, processors
October 16th, 2015 by Elma Jane
With the EMV liability shift that takes effect in October 2015, how much you’ll be affected depends on how you process credit card payments.
For Card Present Transactions
If you use POS hardware or terminal that you need to swipe the credit card, then you’ll be facing the same EMV environment as retailers. October 1st is the start of the liability shift for fraudulent charges made with the card present transactions. The party who hasn’t made an investment in EMV security features will be liable.
For the card issuer, they need to invest in EMV security features, that’s why they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.
For the merchant, they need to invest in EMV capable terminals or POS hardware that can take advantage of the card’s security chip.
If both parties have made the investment, then liability will be resolved in a similar manner to how it was before the shift. However, if only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.
For Card Not Present Transaction (CNP)
If you process credit cards online, over the phone, or through an online payment gateway integrated, the new EMV standards won’t directly change the way you do business. You’ll still be processing EMV cards based on the customer’s credit card number.
Chances are Card-Not-Present transactions will experience an increase in fraud. Because of the EMV-technology in the Card Present Transaction, fraudster will likely turn their attention to the next target which is CNP,
but payment gateways and banks concerned about the vulnerabilities, will begin to adopt new standards to minimize their exposure.
If you’re processing CNP transactions stay up-to-date on the newest security developments, online security standards find more effective ways to navigate the new credit card security frontier.
Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Point of Sale Tagged with: banks, Card Not Present Transaction, card-present transactions, chip cards, cnp, credit card, debit cards, EMV, merchant, payment gateway, payments, POS, terminal
October 16th, 2015 by Elma Jane
U.S. customers with the Ingenico iSC250 may now process EMV chip card transactions for Visa, MasterCard, American Express and Discover, (as well as mag stripe and contactless, including mobile wallet payments). For customers using the Ingenico iSC250, please make sure you have downloaded the latest version of ConvergeConnect and enabled EMV chip cards in Converge. Go to the Converge login page to download the software update or start the update process from their Windows system tray. If you do not have the Ingenico iSC250 but want to upgrade to process chip card transactions, give us a call at 888-996-2273 for more information.
Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa Tagged with: chip card, EMV, mag stripe
October 15th, 2015 by Elma Jane
There are numbers of guidelines issued for accepting card payments, and merchants are expected to understand them all. To avoid issues down the road know a few basic rules in order to keep your business going without being penalized.
There’s a lot of ways to process a credit card: In-store, online, and by phone. There’s also different ways to pay and different brands of cards.
In-store and Card-not-present policies.
In-Store Policies:
- Always verify that the person presenting the card is the cardholder
- Ask for a 2nd ID for comparison
- Cards are non-transferable, cardholder MUST be present for purchase
- Compare the signature on the back of the card with that of the person who presents the card
- Inspect the card to confirm that it’s not visibly altered or mutilated
- Validate the card’s expiration date
Online/Phone Payment Policies: Card-not-present transactions
- Card account number
- Card billing address
- CID (3 digits on back of card OR 4 on the front)
- Card expiration date
- Card member’s home or billing telephone number
- Card member name (as it appears on the Card)
Rules for Visa, MasterCard and Amex that merchants need to know:
- Never store cardholder data on any systems to help minimize the risk of fraud and protect your business from potential chargebacks.
Complying with Federal Laws, State Laws and PCI
- A merchant should be familiar with and abide by Federal Laws regarding accepting credit cards. The Fair Credit Reporting Act is the federal law that establishes the foundation of consumer credit rights. This law regulates the collection and use of consumer credit information by merchants.
- Check state laws on the use of consumer credit information and accepting credit cards. Not all states have additional laws that regulate credit card practices, but some (such as California) prohibit merchants from requesting/requiring a customer to provide any personal information (like their address or telephone number) on any form involved with their credit card transaction. So, it is advised that merchants inquire about further information in their particular state.
- The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies processing, storing, or transmitting credit card information uphold a secure environment. These rules essentially apply to any merchant that has a Merchant ID (MID). If you are a merchant that accepts credit card payments, you are required to comply with the PCI Data Security Standard, large or small businesses.
EMV Liability Shift Set By Visa and MasterCard as of October 1st
U.S. banks and credit card companies are now using the EMV (Europay, MasterCard, and Visa) technology. The EMV liability shift for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. While issuers absorb losses under card-network rules, that burden will shift to acquirers in cases where the fraud occurs at merchants unprepared for EMV.
It’s good to know every aspect of your business. The above guidelines are part of a business that every merchants should be familiar with. The main reason for these rules is to protect your business and keep your customer’s payment card data safe and secure.
To start accepting more credit cards give us a call now at 888-996-2273. We have the latest terminals that’s EMV/NFC capable.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: amex, card network, card payments, card-not-present, chargebacks, chip cards, credit card, credit card companies, Data Security Standard, EMV, EuroPay, MasterCard, merchants, MID, Payment Card Industry, PCI-DSS, POS system, U.S. banks, visa
October 13th, 2015 by Elma Jane
It is difficult to believe that many businesses still do not accept credit or debit cards for payments, while most customers preferred using cards for the following reasons.
- Doesn’t want to carry cash.
- Security and Protection offered by card issuers.
- Desire to earn reward points.
Some of the many advantages for businesses that accept credit card payments include:
Easy and cost efficient – credit card processing has become a highly competitive industry. NTC offers the latest in EMV and NFC technologies that allows businesses to accept contactless payment like Apple and Android Pay. NTC integrates with most POS systems.
Essential for online sales – internet selling is growing. The Internet makes it possible for a small business in a remote location to offer its products to potential customers throughout the nation and even across the world, almost all of those transactions require a credit or debit card.
Increases revenue – people like the convenience and security of paying with a credit or debit card. In fact, 66 percent of point-of-sale transactions use credit, debit or gift cards.
Merchant services accelerate cash flow – credit card transactions process quickly, with proceeds generally available in a bank account within two days or less. That eliminates the time it normally takes checks to clear. It also reduces or eliminates billing and the time spent waiting to receive payment checks from customers.
Reduce transaction risks – Check fraud remains a major problem for U.S. businesses, 77% of businesses were victims of check fraud, only 34% experienced credit card fraud and 92% said they believe new EMV chip and pin, credit cards will significantly reduce fraud at the point of sale.
Setting up a merchant account for your business is as simple as contacting a merchant service provider. A merchant service provider process payments and make sure the money is appropriately withdrawn from a credit card account and placed into the business’s merchant account.
For more details about setting up an account give us a call now! at 888-996-2273.
Posted in Best Practices for Merchants Tagged with: (POS) systems, Android Pay, Apple, Chip and PIN, contactless payment, credit card, debit cards, EMV, Gift Cards, merchant, merchant account, merchant service provider, merchant services, NFC technologies, payments, point of sale
October 9th, 2015 by Elma Jane
Credit card fraud is much more difficult to prevent in a card-not-present transaction. In a face-to-face setting the merchant can inspect the card to ensure that it is valid and can verify that the cardholder is an authorized user on the account. None of these actions can be performed when the payment is submitted online or accepted by phone. As we moved in adopting EMV Technology, majority of fraud is going to migrate away from counterfeit and stolen cards towards the card-not-present transaction as happened in other countries.
A combination of best practices and fraud prevention tools can provide card-not-present merchants with strong fraud prevention capabilities.
Steps to avoid fraud and protect your business for a card-not-present transaction:
- Email Verification: Send a message to the email address provided by the customer requesting that the customer verify the email address is correct, you can ensure that the email is associated with the other information provided.
- Maintain PCI compliance:All merchants accepting card payments are now required to be compliant with the requirements of the PCI DSS (Payment Card Industry Data Standard) which sets the rules for data security management, policies, procedures, network architecture, software design and other protective measures.
- Security Code Verification. Requesting the three digit security code on the back of a credit card. Visa (CVV2), MasterCard (CVC 2) and Discover (CID) cards, and the 4-digit numbers located on the front of American Express (CID) cards. Card Security Codes help verify that the customer is in a physical possession of a valid card during a card-not-present transaction.
- Use an Address Verification Service (AVS): Enables you to compare the billing address provided by your customer with the billing address on the card issuer’s file before processing a transaction. AVS is good protection against card information obtained through means like phishing and malware because fraudster might not know the billing address.
- Use 3D Secure Service: MasterCard and Verified by Visa enable cardholders to authenticate themselves to their card issuers through the use of personal passwords they create when they register their cards with the programs. The liability of any fraudulent charges through the 3D service is picked up by the issuer, not the merchant.
- Verify the phone number and transaction information.Prior to shipping your products, call the phone number provided by the customer and verify the transaction information. Criminals may be unable to verify such information, because in their haste to max out the credit line before the fraud is discovered, they often order at random and do not keep records.
Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Payment Card Industry PCI Security, Travel Agency Agents Tagged with: American Express, card-not-present, card-security, cardholder, cnp, credit card, Discover, EMV, MasterCard, merchant, Payment Card Industry, payments, PCI, visa