June 18th, 2015 by Elma Jane

Untitled

Every Merchant in the country needs to upgrade their terminal.

Are you ready for the October 1, 2015 Liability Shift?

Beginning October 1, 2015, all businesses that accept in-person payments must be able to take cards embedded with chips to avoid liability for fraud. The chips are more secure than magnetic stripes.

National Transaction brings the latest EMV and NFC technologies to Merchants.

NTC Clients will be able to accept contactless payment with the same NFC technology used by Apple Pay, Google Wallet and SoftCard. Additionally, the Ingenico terminals are EMV Enabled, delivering the latest in fraud prevention technology.

The new EMV enabled terminals are designed to accept EMV chip cards and magnetic stripe cards.

EMV (an acronym for Europay, MasterCard® and Visa®) is a global technology standard for payment cards.

By accepting chip cards EMV terminal, you help protect your business from card present fraud liability and prepare your business for the future of payment application technology. If your business accepts and processes a counterfeit card transaction on a non-EMV terminal, the liability for that fraudulent transaction is yours, not incurred by the card issuers.

How do you process an EMV chip card transaction?

  1. Insert Card. Instead of swiping, the customer will insert the card into the terminal, chip first, face up.
  2. Leave the Card in the Terminal. The card must remain in the terminal during the entire transaction.
  3. The Receipt or Enter a PIN. As prompted, the customer will sign the receipt or enter their PIN to complete the transaction.
  4. Remove Your Card. When the purchase is complete, remind the customer to take the card with them.

What are the benefits of having an EMV terminal?

These next generation terminals can reduce your risk of accepting counterfeit cards, as chip and PIN transactions verify both the card and the cardholder.

Eliminate your card present fraud liability exposure associated with the October 1st, 2015* liability shift imposed by the card brands.

Improve customer service for your international cardholder customer. EMV cards are already the standard in over 80 countries.

Be on the lookout for more information about how to be chip card ready before OCTOBER.

*Businesses with Automated Fuel Dispensers (also called “Pay at the Pump”) acceptance methods have until October 2017 to comply with the new standard.

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication Tagged with: , , , , , , , , , , , , , ,

May 19th, 2015 by Elma Jane

We’re now nearly midway through 2015, and payment security still remains a topic that stirs up great concern and confusion. While there is seemingly unanimous agreement on the need for heightened security, there’s uncertainty about those who are tasked with actually implementing it. Let’s dig deeper into EMV, P2PE and tokenization. How each will play a part in the next generation of securing payments, and how without properly working together they might just fall short.

 

 

Europay, MasterCard, and Visa (EMV) – A powerful guard against credit card skimming. EMV also uses cryptography to create dynamic data for every transaction and relies on an integrated chip embedded into the card.

Downside: For Independent Software Vendor (ISVs), the biggest downside of EMV is the complexity of creating an EMV solution. ISVs interested in certifying PINpads with a few processors face up to 22 months of costly work, and because there are a large number of pending certifications, processors will be backed up over the next few years.

It’s not impossible for an ISV to build EMV solutions in-house, but it’s difficult and unnecessary when there are plug-and-play EMV solutions available. These solutions include pre-packaged and pre-certified APIs that remove most of the need for research, the complexity and the burden of time and cost.

Point to Point Encryption (P2PE) – Secures devices, apps and processes using encrypted data with cryptographic keys only known to the payment company or gateway from the earliest point of the transaction, from tech-savvy criminals, jumping at their chance to intercept POS systems and scrape the memory from Windows machines.

How does a key get into card reader? Through an algorithm called derived unique key per transaction (DUKPT), or “duck putt.” DUKPT generates a base key that’s shared with device manufacturers securely, where output cardholder data is rendered differently each time a card is swiped, making it impossible to reverse engineer the card data. P2PE not only benefits the cardholders, but also the ISVs and merchants. PA-DSS certification was designed to address the problems created with cardholder data which is not encrypted.

Downside: P2PE isn’t cheap if an organization wants to do it in-house. The secure cryptographic device needed to manage the keys, Hardware Security Module (HSM), can cost $30-40,000 but when it’s built out, that total cost can jump to $100,000.

TOKENIZATION – The best way to protect cardholder data when it’s stored is using tokenization, a process which the PCI Security Standards Council describes as one where the primary account number is replaced with a surrogate value a token. For merchants dealing with recurring billing, future payments, loyalty programs and more, tokenization is critical.

Downside: Tokenization doesn’t prevent malware that’s remotely installed on POS devices. It’s possible, as seen with recent retail card breaches, for data to be stolen before it is tokenized. That’s why it’s essential to group tokenization together with P2PE and EMV to offer optimal security.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May 14th, 2015 by Elma Jane

The way customers Pay In Stores Is Changing.

Chip cards are here to provide advanced security with every transaction. Accepting chip cards could be as simple as changing your payment terminal.

What do you need to know about Chip Card and EMV? Chip cards are payment cards that have an embedded chip, which offers advanced security when you use the card to pay in store. Chip cards are based on a global card payment standard called EMV (Europay, MasterCard and VISA) currently used in more than 80 countries.

Why Is it More Secured? Chip card transactions offer you advanced security for in store payments by making every transaction unique,  and, more difficult to counterfeit or copy. If the card data and the one-time code are stolen, the information cannot be used to create counterfeit cards and commit fraud.

How do you know if a customer has a Chip Card? The customer’s card will have chip on the front of it, magnetic stripe remains on the back.

How to use Chip Card at the POS? Swipe the card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. The customer should insert their card with chip toward terminal, facing up. The chip card should not be removed until the customer is prompted.

Customer will provide their signature or PIN as prompted by the terminal.

Some transactions may not require either.

When the terminal says the transaction is complete, the customer can remove their card.

Chip-enabled terminals will still accept magnetic stripe card payments for customers who do not have a chip card.

What does a chip-enabled terminal look  like? They have all of the features you are used to with a payment terminal, with the addition of a slot for the customer to insert their card. The slot is typically located at the bottom or the top of the payment terminal.

How will you know if a terminal accepts chip card? During the transition to chip, customers are being told to swipe their card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. If you have chip-enabled terminals, you can tell your customer to insert their card for a chip transaction, if a customer has a chip card.

How can you get a chip-enabled terminal? Contact your acquirer or merchant service provider.

Show your customers that you care about their information security by making the move to chip. This will ensure that your business and your customers are protected from fraud. Start accepting chip cards!

You may be liable for fraud if you don’t make the change from chip terminal. Starting October 2015, rules are changing. Merchants that accept chip will be protected from fraud losses resulting from in store counterfeit magnetic stripe card transactions just as you are today. However, liability will shift from issuers to merchants if their payment terminals are not chip-enabled for in store transactions. Fraud liability for lost or stolen cards varies by payment network. Contact your acquirer or payment services providers for more information.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , ,

May 5th, 2015 by Admin

With the EMV migration just a few months away, Visa is stepping up its merchant education efforts, by launching an online portal for merchants featuring a background on chip cards, demonstrations on proper usage, and tips for implementation.

Visa also kicked off its 20-City Small Business Chip Education Tour expounding on the benefits and necessity of chip cards to local small businesses.

 

 

Visa is bringing payment industry experts to connect directly with merchants to answer their questions on the transition across the United States.

Merchant education will be a herculean task, but payments industry stakeholders should make every effort to make sure chip cards are adopted and used effectively by both merchants and consumers.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , ,

May 4th, 2015 by Elma Jane

The rate of payments fraud is steadily decreasing, the current frequency stands at 0.06 percent or six basis points. 

The perception of risks associated with card payments are much larger than the actual threat or reported losses. But the lack of trust that comes from such perception could impact the growth of the payments industry.

Recent advancements in payments security, such as tokenization and multiple tier authentication protocols, have contributed to the manageable number of fraudulent transactions. The EMV migration is expected to push the figure even lower, as chip-enabled technology spreads to over 50 percent of the US by the end of 2015.

For criminals, breaking into robust financial systems is becoming more costly and time consuming, which has discouraged many from attempting such unlawful acts.

Fraud is something that we can’t say will be eliminated completely. But efforts by all stakeholders in the industry can contain it to the minimum.

Counterfeit cards and payments data falling into the wrong hands are the two most common types of fraud that consumers are facing today. The surge in e-commerce has been linked to greater risks of fraud in the online channel, and while counterfeiting cards may be more difficult with EMV in place, online fraud has historically increased in its place.  

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , ,

April 27th, 2015 by Elma Jane

I was shopping in Kmart and didn’t understand why my Credit Card transaction was declined. My card is EMV and Kmart is EMV, but the Kmart system did not forced the transaction to run as EMV so, Citibank declined it. Kmart can loose a $600 sale can your small business afford it? If you think hiring a professional is expensive try an amatuer…

A lot of stores, specially big chain stores, have EMV capable terminals, but they haven’t turned them on yet and still force you to swipe. Some think, migration is just getting a new terminal and asking their acquirer to enable EMV on their account. Its not only about the liability shift, and the EMV equipment, It’s the lack of information for the Merchants.

There has to be training and orientation that merchants will need to invest into for their employees. As well as changing our mentality that we all need to be prepared for this upcoming transition….as both consumers and business owners.

The issuing banks can, and are starting to decline transactions when a merchant CAN use EMV but do not. EMV is coming October 2015 and if you are not ready you may loose sales, and will loose when a fraudulent card walks in your business.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , ,

April 13th, 2015 by Elma Jane

With only six months to go before the EMV chip-card liability shift takes effect, many U.S. merchants are not yet aware of the EMV migration.

When the Oct. 1 liability shift takes hold, merchants not accepting the new chip-card technology will become liable for any losses resulting from payment card fraud at the point of sale. Some merchants have stated that they would rather trust their existing security measures than pay for the upgrade to EMV, but others still need to educate themselves on the benefits and drawbacks of EMV – and it’s not even clear how many are out of the loop.

The challenge is that no one really knows about the level of EMV readiness because there is no single, common way to reach all of the merchants of all different levels and sizes at the same time.

Instead, various organizations are picking bits and pieces of the market they can reach and do everything they can to inform and help merchants to determine if they are moving toward chip-based technology or not.

EMV cards improve security at the point of sale by including technology that makes them resistant to counterfeiting. They can also be used with a PIN to address stolen card fraud. Though the card networks set an October deadline for conversion to EMV technology, it is not a mandate; companies will still be able to handle credit card transactions even if they do not have EMV technology in place.

And even the merchants that have the right technology installed may not be using it properly. During the EMV preparedness process, it has become apparent that installed EMV terminals had not been turned on or otherwise were not fully capable of accepting EMV transactions.

The confusion extends to the banks as well. Not all issuers will be ready for EMV, and some have outright stated that they do not think it will be possible to meet this year’s deadline.

In a move designed to get more small-business merchants on board with EMV, Visa Inc. introduced a 20-city small business chip education tour last month.

The real measurement of the implementation will be in transaction volumes, or actual chip-on-chip transactions.

Even though the liability shift is just six months away, still really early to make a determination on all of this.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , ,

February 27th, 2015 by Elma Jane

Here are the Frequently Asked Questions:

You’re probably finding yourself staring at your old credit card machine and worrying about the cost of buying a new machine. The transition doesn’t have to be an expensive one, but it pays to be educated as you consider this important upgrade.

Things you need to know in the form of a brief FAQ.

Where To Buy an EMV Credit Card Terminal?

All the same places you can buy or rent a non-EMV terminal, for the most part. The vast majority of the time supported EMV machines can be reprogrammed just like their non-EMV predecessors. While credit card terminal tampering has occurred in the past, it is not common and is even less easily achieved with new EMV terminals.Terminals have built-in anti-tampering features to prevent this. Your provider is free to either charge a reprograming fee, or simply refuse to reprogram outside machines. While they can reprogram, there’s no law saying that they have to.

Is It A Must to Have an EMV-Compliant Machine?

NO BUT THERE IS RISK. NFC (Near Field Communication) is the technology used by digital wallets for contactless payments. NFC EMV terminals can be considerably more expensive than standard EMV terminals. You can buy a separate NFC reader without replacing your existing EMV terminal.

Does an EMV Chip Card Reader Cost Much?

NOT VERY MUCH! These terminals are really not more expensive that the old terminals. You can find them as cheap, especially if it’s refurbished. There’s no reason to sign on to an expensive non-cancellable lease. If you’d rather rent than own, at least look for inexpensive rental options. If you want a wireless terminal or an NFC-capable terminal, the prices will be a little bit higher. But for baseline EMV-compatible chip card readers, it’s a pretty minor investment even for a very small business.

Does EMV Terminal Upgrade Really Needed?

Technically? No, but it would be like buying a new computer and not getting a virus protection program. Worse because you have financial data on. Your CUSTOMER! Practically? You should!

If you stick with your old non-chip credit card terminal, you will still be able to run transactions. All chip cards are also equipped with the same magnetic stripe used previously, so you can still swipe them. The difference is that if one of those chip cards that you swipe is used fraudulently, you will now be liable. The rationale behind this is that if you had upgraded your terminal, the fraud could have been prevented. Therefore you are held accountable. You might be tempted to think that your small businesses is unlikely to be a victim of such fraud because it hasn’t happened in the past. But consider that all of the big retailers will be upgrading to the EMV terminals, which is likely to drive fraudsters to more vulnerable outlets (ie, small businesses). So I don’t want to be a fear-mongerer but for the fairly small business expense of a terminal upgrade you get a lot of fraud protection. If it prevents just one instance of fraud in the years to come, it has likely paid for itself many times over.

For most merchants, it’s not that expensive or difficult to switch over to EMV equipment and the insurance that the switch will provide you with is well worth the effort. So start thinking about it, and don’t wait until the last minute. The last month before the liability shift occurs in the US, equipment providers will be backed up with orders, making the transition less smooth. So there’s no time like the present to start looking into chip card machines. It might even be a good time to think about switching providers.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , , , , , , ,

January 21st, 2015 by Elma Jane

With a crucial deadline, the payments industry is starting to look at just what kind of fraud liability and how much fraud merchant acquirers will have to assume if their merchants aren’t ready to accept Europay-MasterCard-Visa (EMV) chip cards by October.

While issuers currently absorb losses under card-network rules, that burden will shift to acquirers this fall in cases where the fraud occurs at merchants unprepared for EMV.

As a result, acquirers will have to reckon with a whole new category of risk exposure.

In card-not-present transactions, acquirers have faced this, but in the overwhelming majority of cases they’ll be confronting it for the first time.

Surprisingly, for all the talk in the industry about the imminent arrival of EMV, it appears few acquiring executives have fully accounted for what the shift really means for them.

Some 24% of U.S. point-of-sale terminals are “EMV-capable,” while 9% of debit/prepaid cards issued, and 2% of credit cards have EMV chips so far. But while terminals may be technically capable, it isn’t known just how many of these merchants have the software and trained personnel to accept EMV.

Foreign issuers, especially, may be licking their chops at the prospect of offloading their consumer-fraud risk onto U.S. acquirers. For years and years, these non-U.S. issuers have invested in EMV, but the U.S. is still using the mag stripe. So non-U.S. issuers appear to be very aware of the liability shift.

To be sure, acquirers’ increased risk exposure may be relatively short-lived. Under the network rules, liability rests with the issuer in cases where both the merchant and the issuer are EMV-compliant. That could be nearly universally the case within a few years. By 2018, nearly all cards and terminals will be compliant.

But that still leaves open the question of how many of these terminals will really be running chip card transactions.

The issue isn’t so much about terminals as about software. Many mid-size merchants are using so-called integrated solutions that run payments as part of a larger business-management system. That means acquirers must work with a number of other parties to reconfigure software, and that presents a challenge when it comes to getting masses of merchants EMV-compliant.

The bigger problem is the integrated point-of-sale market.

While the liability shift may impact acquirers, not all them are convinced their exposure will rise all that much. Some argue the risk of loss from lost/stolen/counterfeit cards at the point of sale is low and not likely to rise, especially for small-ticket merchants.

Fraudsters, are much more inclined to practice their trade online, where the risk of being caught is lower, compared to face-to-face transactions.

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , ,

October 23rd, 2014 by Elma Jane

The U.S. government will replace roughly 9 million government-issued payment cards with EMV chip-and-PIN versions early next year in a push to increase awareness and use of the more secure cards. Between 5 and 6 million prepaid debit cards used for issuing government payments, including Social Security and veterans benefits, will be reissued in January 2015. Another 3 million cards issued to federal government employees will also be replaced with EMV versions through the General Services Administration’s SmartPay program.

All the cards will be set up for Chip and PIN security as a U.S. government standard under the upgrade program, rather than the Chip and Signature approach required by Visa and MasterCard for most U.S. retailers starting late next year. However, there was no indication that the new cards will actually have the less secure magnetic data stripe removed.

Finding the right answers with the latest technologies to stop these cyber thieves and taking proactive and positive steps by adopting PIN and chip technology for government-issued debit and credit cards shows the importance of protecting financial transactions. While EMV is important, it’s not a total solution to the issue of data security.

POS devices at all federal agencies that accept retail payments will also be converted to accept EMV cards on a schedule set by the U.S. Treasury Dept. No timetable was given for the federal POS conversion.

The rollouts at four of the six largest U.S. retail chains will give a boost to EMV, which despite an October 2015 deadline has seen slow uptake among retailers. Under a mandate by Visa and MasterCard, retailers who experience credit or debit card fraud after next October but haven’t upgraded their POS equipment to accept EMV cards will be liable for the loss. If the bank that issued the card hasn’t upgraded it to EMV, the bank will take the loss.

But despite that October deadline, fewer than half of retailers’ POS terminals are expected to be able to accept EMV cards by the end of 2015, and barely half of U.S. payment cards will have been upgraded by then, according to the Payments Security Task Force, a banking industry group tracking EMV uptake.

The 9 million federally issued cards are a tiny fraction of the 1 billion credit and debit cards in use in the U.S., so the overall impact of accelerated EMV conversion is likely to be small. However, the Buy Secure initiative also explicitly includes a consumer-education component. Visa said it will spend $20 million in a public service campaign, and American Express said it will launch a $10 million program to help small merchants upgrade their POS terminals.

Small merchants are less likely to know about EMV than large retail chains, which have been making implementation plans for years.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , ,