March 23rd, 2016 by Elma Jane
A data breach can occur from inside a business just as much as it can externally. The one common element between both is “Opportunity.” It doesn’t matter whether a business is a multi-national corporation or a small single-location.
Attacks from criminals can range in sophistication. While the sophistication of some attacks may be low, experts note that criminals continue to evolve their techniques and now they are becoming more sophisticated than ever.
While large corporations may have millions of customer records, they also maintain the resources to protect their sensitive information from the average criminal. It may take weeks, months, or even years for a criminal to penetrate the defenses of one large corporation. This is why attacks on small business are becoming so attractive to criminals.
It all goes back to the “Opportunity.” The average small business lacks the resources to properly protect their business from the variety of attacks at the disposal of criminals. Or worse, they may believe their business is of no interest to criminals. The fact is, they are less secure than larger businesses. These are all issues for the average small business owner, and more importantly, their customers.
So what can a small business do to protect themselves from the growing threat of a data compromise?
- Background checks on employees.
- Have someone monitor the network activity.
- Protect business with proper network security protocols.
- Protect your payment’s environment by using a layered approach that includes EMV, encryption and tokenization to help prevent sensitive payment card data from being stolen.
These are all fairly simple and inexpensive ways for businesses to help protect themselves and their customers from being a victim of a costly data compromise.
Posted in Best Practices for Merchants, Credit Card Security, Travel Agency Agents Tagged with: card, customer, data, data breach, EMV, encryption, payment, Security, tokenization
February 17th, 2016 by Elma Jane
Helping customers protect and safeguard their payment data is one of NTC’s top priorities. Experts agree that a layered approach is the most effective way to combat evolving security threats and unauthorized access to payment data.
Implementation of best practices and the latest protection technology is needed to ensure of cardholder data protection from increasingly complex and evolving security threats.
EMV is a good start to enhance data security with card authentication, cardholder verification, and transaction authorization. But a multi-layered security approach that includes encryption and tokenization provides complete data protection to both merchants and their customers.
EMV alone is not enough because EMV authenticates the validity of the card and the cardholder, but it does not secure the data. With encryption and tokenization without EMV, as a merchant, you are liable for fraudulent transactions. Encryption and tokenization are a process or system to protect sensitive cardholder data but do not authenticate the data.
EMV is a key component to a multi-layered security approach. It secures the payment transaction with enhanced functionality, by combining EMV, encryption and tokenization merchants can have a complete data protection that they need.
Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: card, cardholder, customers, data, data protection, data security, EMV, encryption, merchants, payment, payment transaction, Security, tokenization, transaction
February 2nd, 2016 by Elma Jane
Businesses continue to struggle with the prohibited storage of unencrypted customer payment data. The Payment Card Industry Data Security Standard (PCI DSS), merchants are instructed that, Protection methods are critical components of cardholder data protection in PCI DSS Requirement.
PCI DSS applies to every company that stores, processes or transmits cardholder information. Regardless of the size or type of business you operate, the number of credit card transactions you process annually or the method you use to do so, you must be PCI compliant.
Data breach is not a limited, one-time occurrence. This is why PCI compliance is required across all systems used by merchants.
Encryption and Tokenization is a strong combination to protect cardholder at all points in the transaction lifecycle; in use, in transit and at rest.
National Transaction’s security solutions provide layers of protection, when used in combination with EMV and PCI-DSS compliance.
Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment. From the moment a payment card is swiped or inserted at a terminal featuring a hardware-based, tamper resistant security module, encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center.
Tokenization can be used in card not present environments (travel merchants) such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments. Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use. Tokenization protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions.
The sooner businesses implement encryption and tokenization the sooner stored unencrypted data will become a thing of the past.
Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: card, card data, card present, cardholder, compliance, credit card, customer, data, data breach, data security, e-commerce, EMV, encryption, Mail Order/Telephone Order, merchants, moto, payment, Payment Card Industry, PCI-DSS, POS, secure data, Security, terminal, tokenization, tokens, travel, travel merchants
November 19th, 2015 by Elma Jane
The Ingenico iCMP PIN pad is now available with Converge in the US! This EMV-enabled device is flexible to use with a USB connection and Converge or with a Bluetooth connection and Converge Mobile (launching soon!).
Key features of the Ingenico iCMP include:
Chip, Contactless and Mag Stripe
Accept EMV chip cards, including Chip & Pin and Chip & Signature as well as mag stripe cards and contactless payments – mobile wallets like Apple Pay and contactless cards. The EMV-capabilities of the PIN pad help protect our customers from counterfeit card fraud.
Debit and Credit PIN Based Transactions
Accept debit and credit cards using PIN capabilities on the device. This is important to help further protect our customers from lost, stolen and NRI (not received/issued) fraud.
Encryption
Encrypted to keep card data separate and away from the mobile app/device and safe as it travels through the payment network.
Bluetooth or USB
Connect with a USB connection when using a computer and Converge www.convergepay.com or Bluetooth when using with the upcoming Converge Mobile app.
Pocket size
Takes up little space on a countertop, and it’s easy to carry when on the go.
Give us a call now at 888-996-2273.
Posted in Best Practices for Merchants Tagged with: Apple Pay, card data, Chip & PIN, Chip & Signature, chip cards, contactless cards, contactless payments, Converge, Converge Mobile, credit cards, Debit and Credit, EMV, encryption, ingenico, mag stripe, mobile wallets, payment network, transactions
November 16th, 2015 by Elma Jane
Combat Fraud With Layered Approach!
Encryption and Tokenization a strong combination to protect cardholder data at all points in the transaction cycle.
Encryption – the strongest protection for card data when it’s in transit. From the moment a payment card is swiped or dipped at a terminal featuring a hardware-based, tamper resistant security module. Encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center. Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment.
Tokenization – protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions. This eliminates the possibility of having card data stolen because it no longer exists within your environment. Tokens can be used in card not present environments such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments. Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use.
A layered approach can be the most effective way to combat fraud. Security solutions that provide layers of protection, when used in combination with EMV and PCI-DSS compliance; to ensure you’re doing all you can to protect cardholder data from increasingly complex and evolving security threats.
Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: card data, card present, card transactions, card-not-present, cardholder, e-commerce, EMV, encryption, mail order, moto, payment card, PCI-DSS, PMS, POS, telephone order, terminal, tokenization, tokens
August 20th, 2014 by Elma Jane
The latest version of Microsoft’s smartphone operating system, already packs tons of new productivity-boosting features. Now, the first update for Windows Phone 8.1 is nearly ready to launch, with extra functionality that makes it even better for work. Features come on top of additions that already arrived with the initial release of Windows Phone 8.1, such as Cortana, a voice-activated virtual assistant. Windows Phone8.1 Update 1 was released to developers this month, and will roll to consumers in the coming months.
App Corner – gives you better control over how employees use company-owned smartphone. You can manage which apps are installed on a phone and even save and export your app settings to other devices to quickly configure company phones. That way, employees can’t accidentally install applications that could compromise company data.
Folders – Staying organized is one way to boost your productivity. Now, Windows Phone 8.1 gives you better control over your smartphone’s home screen with the addition of folders. Just drag one app over the top of another to group them into a folder, then tap a folder to see which apps it includes.
VPN support – is a secure, private network that lets employees wirelessly access company resources while on the go, including files, apps and printers. Windows Phone 8.1Update 1 adds VPN support to the mobile OS for the first time. Users will be able to toggle the VPN on or off easily, or set a device to automatically connect to a VPN when a particular Web domain is accessed. You can also turn on encryption to secure all traffic between your smartphone and the work network.
Posted in Smartphone Tagged with: app, consumers, data, encryption, network, smartphone, windows
May 15th, 2014 by Elma Jane
Looking to buy a new business phone? Wait!!! A slew of hot new smartphones are set to launch in the coming months, 2014 has already seen its share of major releases. This spring, HTC unveiled the new HTC One M8, which packs a slick all-metal body and Samsung debuted the featured-packed Galaxy S5. Nokia also released the Lumia Icon, its new flagship Windows Phone. But some of the year’s biggest releases are still to come, including a new version of Apple’s iPhone and a follow-up to Samsung’s stylus-equipped Galaxy Note 3. Meanwhile, a new Android phone from startup OnePlus could make a splash.
Galaxy Note 4
Samsung is expected to launch a follow-up to the Galaxy Note 3 this fall, one of the best business phones ever made, thanks in part to the included S Pen stylus, which slides out from a slot on the phone’s chassis and turns the device into a note-taking machine. The phablet also boasts a stunning 5.7-inch display that’s big enough for real productivity tasks. Samsung hasn’t officially confirmed any details about the Note 3’s successor, but there are a few safe bets. For starters, fans can expect the line’s trademark stylus to return for the Galaxy Note 4. Its display meanwhile, should rival the Samsung’s newer Galaxy S5 in terms of brightness and picture quality. Finally, considering Samsung packed a fingerprint reader into the S5’s home button, it’s likely the company will do the same for the Note 4. A fingerprint reader can make your business phone more secure, since only you can unlock the device with a quick swipe of your finger.
iPhone 6
Apple’s iPhone 5s is a great phone, but its compact 4-inch display could be too small for some people. Reports indicate that Apple might deliver a much bigger device in the iPhone 6, which is expected to debut this fall in 4.7-inch and 5.5-inch variants. That’s a big deal for business users who depend on their smartphone to stay productive but prefer a larger display. Both models are also rumored to include a blazing-fast A8 processor, an upgrade over the speedy 64-bit A7 chip found in the iPhone 5s. The iPhone 6 is also expected to include the same fingerprint reader that debuted with the iPhone 5s. The reader is embedded in the phone’s home button, and lets you unlock the device simply by placing your finger on the button. And of course, the iPhone is the only smartphone that gives you access to Apple’s App Store, which features the biggest and arguably the best, library of business and productivity apps on any platform.
LG G3
LG is preparing to unveil a successor to its flagship phone, the LG G2 this spring. The so-called LG G3 could be one of the year’s most noteworthy business phones if it retains the G2’s superlong battery life. The phone ran for up to 11 hours in tests that involved continuous Web browsing, making it one of the longest-lasting smartphones ever made. In addition to longevity, the G2 boasts a snappy quad-core processor, a roomy 5.2-inch display and a handy multitasking feature called QSlide, which lets you run a second app in a floating window over your main app. That’s a plus for business users who need to juggle tasks such as responding to email while conducting research in a Web browser. LG hasn’t yet announced which features will get an upgrade for the LG G3, but fans won’t have to wait long to find out. The company is expected to show the device off at a special press event on May 27, though it’s not yet known when the phone will hit store shelves.
Lumia 635
Windows Phone fans saw the release of a new flagship device in the Nokia Lumia Icon this spring. Now, Nokia is following that up with the Lumia 635. A new midrange Windows Phone with a lower price point, that could make it worth a look for budget-minded business users, especially since the device runs on Windows Phone 8.1, a new version of Microsoft’s mobile operating system. One of the phone’s standout features is Cortana, a voice-activated personal digital assistant that can notify you of upcoming appointments, flight information, weather alerts and more. Also, new in Windows Phone 8.1 is the Action Center, which is similar to the notification hub found on both the Android and iOS operating systems. Just swipe down from the top of your phone’s display to view all of your alerts at a glance, and like every Windows Phone device. The Lumia 635 is fully integrated with the desktop version of Microsoft Office.
OnePlus One
The OnePlusOne set to launch this June, is a powerful new business phone with a unique set of features. The 5.5-inch Android device packs a huge display, a top-tier processor and a high-capacity battery. The phone also adds features you won’t find in many flagship phones, such as always-on voice commands. So instead of fiddling with menus and touch-screen controls, you can set an alarm, place an appointment in your calendar or access turn-by-turn directions by uttering a few words – even when the display is off. The OnePlus One also offers a few notable security features you won’t find in most other smartphones. For instance, the phone’s Privacy Guard setting lets you block individual apps from accessing personal information stored on your device. The OnePlus One also ships with built-in encryption for SMS text messages to ensure your private business communications remain private.
Posted in Smartphone Tagged with: Android, Android and iOS operating systems, Android device, Android phone, App Store, Apple's iPhone, Apple's iPhone 5s, chip, Cortana, desktop, device, digital, email, encryption, fingerprint reader, flagship phones, Galaxy Note 3, Galaxy Note 4, Galaxy S5, high-capacity, HTC, HTC One M8, hub, integrated, iOS, iPhone 6, LG G2, LG G3, Lumia 635, Microsoft, Microsoft Office, Microsoft's mobile operating system, mobile, Nokia, Nokia Lumia Icon, OnePlusOne, operating systems, phablet, phones, platform, Privacy Guard, processor, QSlide, S Pen stylus, Samsung, Security, slot, Smartphones, sms, stylus, swipe, top-tier processor, touch-screen controls, voice commands, web, Web browsing, windows, windows phone, Windows Phone 8.1
November 15th, 2013 by Elma Jane
November 7, 2013 – Payment Card Industry (PCI) Council’s recent acceptance of the world’s first Point-To-Point Encryption-validated solution is great news for both acquirers and merchants, and will aid in reducing merchant scope and increasing business security worldwide. If your P2PE know-how is a little spotty, here are the basics.
What is P2PE?
Point-To-Point Encryption (P2PE) is the combination of hardware and processes that encrypts customer credit/debit card data from the point of interaction until it reaches a merchant solution provider’s environment for processing. Because card data is immediately encrypted as the card is swiped (or dipped), it prevents clear-text information from residing on the payment environment. Encrypted card data is then transferred to, decrypted by, and processed through the solution provider processor who is the sole holder of the decryption key.
In a POS environment, merchants often store decryption keys on their backend servers. Bad idea. If a cybercriminal hacks into that environment, they not only have access to the encrypted card numbers, but the decryption key as well. Hacker jackpot. Many question the difference between P2PE and typical point of sale (POS) encryption.
The reason P2PE is arguably the most secure way to process is because merchants don’t have access to decryption keys. If a hacker breaches a merchant using a validated P2PE solution, he/she will only recover a long string of useless encrypted card numbers with no way to decode them.
Why use P2PE?
Basically, P2PE increases data security and has the ability to make a merchant’s job of reaching PCI compliance easier. The main point of using a P2PE-valiated solution is to significantly lessen the scope of security efforts through PCI Data Security Standard (DSS) requirement and P2PE Self-Assessment Questionnaire (SAQ) reduction. Compared to the 80+ questions required of mainstream merchant SAQs, the P2PE-HW SAQ only requires merchants to answer 18 questions.
Are all P2PE solutions created equal?
Answer is no. Many P2PE solution vendors claim their solution reduces scope, but in order for a merchant to qualify, they must select only P2PE-validated solutions listed on the PCI Council’s website.
To get P2PE solutions and applications listed on the approved website, solution provider processors must go through a rigorous testing process performed by a qualified P2PE Qualified Security Assessor (QSA). P2PE QSAs help entities thorough the 210-page document of P2PE requirements, testing procedures, and controls required to keep cardholder data secure – a task which only a few companies in the world can do.
As of this post, the only P2PE hardware solution approved by the PCI Council is European Payment Services’ (EPS) Total Care P2PE solution, validated by P2PE QSA SecurityMetrics. A number of other P2PE solutions are currently undergoing the review process and will be added to the list once approved.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Merchant Services Account, Payment Card Industry PCI Security, Point of Sale, Visa MasterCard American Express Tagged with: acceptance, acquirers, backend, cardholder, credit/debit, cybercriminal, data, decode, decrypted, decryption, DSS, encrypted, encryption, encrypts, hacker, hardware, key, Merchant's, p2pe, p2pe-hw, Payment Card Industry, PCI Council, point of sale, point-to-point, POS, process, processed, processes, Processing, processor, provider's, saqs, secure, solution, transferred, validated
October 15th, 2013 by Elma Jane
What is an electronic check?
Electronic Check also known as Echeck – is an electronic version of a Paper Check. Electronic Checks allow merchants to convert paper check payments made by customers to electronic payments that are processed through the (ACH) Automated Clearing House Network. It’s a fast, efficient, and secure way to process check payments.
Because of the many benefits and increased security methods that electronic checks offer, this method of payment is quickly growing in popularity. In 2007, electronic check conversion increased by 30%, with more than 3.1 billion paper checks converted to echecks through in-store transactions. Familiarizing yourself with how electronic checks work, the benefits and security features they offer, and how you can get started with electronic check conversion will save you time and money and help you provide greater protection for your business and your customers.
How it works:
Electronic check conversion is a simple method of processing payments, and the changes to how you do business are minimal. One of this method’s greatest advantages is that you can electronically submit checks instead of having to physically take them to the bank, saving you time and increasing employee efficiency.
When you receive a paper check payment from your customer, you will run the check through an electronic scanner system supplied by your merchant service provider like National Transaction Corporation (NTC). This virtual terminal captures the customer’s banking information and payment amount written on the check. The information is transferred electronically via the Federal Reserve Bank’s ACH Network, which takes the funds from your customer’s account and deposits them to yours.
Once the echeck has been processed and approved, the virtual terminal will instantly print a receipt for the customer to sign and keep. Employees should mark the paper check as “void” and return it to the customer. Your merchant transactions will be available online for viewing with customized detailed reporting, which may vary in features depending on the merchant service provider you choose.
Using electronic check conversion to process your customers’ payments holds many benefits over paper checks:
Benefits:
1. Received Funds Sooner. Businesses that use electronic check conversion have funds deposited almost twice as fast as those using the traditional check processing method, with billing companies often receiving payments within one day.
2. Reduced Fraud and Fewer Errors. Echecks are processed using an automated system, which cuts down the number of people who must handle the check, reducing the potential for error and fraud. Merchant service providers (NTC) also maintain, monitor, and check files against negative account databases that store information about individuals or companies that have past records of fraud to help decrease fraudulent activity.
3. Reduced Processing Costs. In general, the cost to process an echeck is substantially less than that of paper check processing or credit card transactions. Echecks require less manpower to process and eliminate incidental costs such as deposit and transaction fees that accompany paper checks. With Echecks, you can save up to 60% in processing fees.
4. Sales Increase. If your business didn’t accept paper checks in the past, you can expand the payment options available to your customers and increase sales by offering echecks. If you are converting from accepting paper checks to echecks, you can still expand your customer base by being able to accept international and
out-of-state checks without the worry of fraud. Echecks require account validation and customer authentication processes that identify bad checks within seconds.
5. Safe, Simple and Smart. Electronic check conversion is easy to set up and relies on the ACH Network for processing, the same reliable and trusted funds transfer system that handles Direct Deposit and Direct Payment. Plus, echecks are a smart choice for the environment, helping to reduce more than 67.4 million gallons of fuel used and 3.6 million tons of greenhouse gas emissions created by transporting paper checks.
Increase security with electronic checks – Electronic check conversion leverages the latest information protection features such as encryption and message authentication. Because of this, many retail merchants, merchant service providers, and financial institutions consider it to be one of the most secure payment methods in the electronic payment processing industry.
Authentication – Merchants must verify that the person providing the checking account information has the authority to use that checking account. There are a number of authentication services and products available to merchants, including:
Digital Signatures or Digital Certificates are a way of Encrypting information that gives the receiver a more reliable indication that the information was sent by the claimed sender. They are used by programs on the Internet to confirm the identity of a customer to concerned third parties, serving a similar purpose as a handwritten signature. Digital Signatures cannot be easily tampered with or imitated and are easily transportable, thereby making them a reliable method for verifying identity when implemented correctly. Digital Signatures are often used to implement Electronic Signatures, a broader term that refers to any Electronic Data that carries the intent of a signature.
Duplicate Detection and prevention is another way to reduce fraudulent activities. Financial institutions have software and operational controls in place to prevent duplication of the scanned electronic representations of customer checks.
Encryption The ACH Network automatically encrypts messages using 128-bit encryption and a secure sockets layer (SSL).
Public Key Cryptography is an Encryption/Decryption Security Method that uses one key to Encrypt a sent message and another to Decrypt it. With Electronic Check Conversion, the Private Key is a secret mathematical calculation used to create the digital signature on the Echeck, and the Public Key is the corresponding key given to anyone who needs to verify that the sender signed the echeck and that the electronic transfer has not been tampered with. Public Key Cryptography is another way to ensure authenticity of the Electronic Transfer of Funds.
What is the (ACH) Automated Clearing House Network?
The Automated Clearing House (ACH) Network is a funds distribution system that moves funds electronically from one entity to another. This highly reliable and efficient nationwide electronic network is governed by the rules established by the National Automated Clearing House Association (NACHA) and the Federal Reserve (Fed). The ACH payment system also handles debit card transactions; direct deposits of payroll, Social Security, and other government benefits; direct debit payments; and business-to-business payments.
How to get started with Echeck:
Useful advice to help make the implementation of electronic check conversion at your business run smoothly:
Choose a processing company that is well established in the market. While a competitive pricing package may also be of importance, having a processor that is reliable with a good reputation is essential.
Look for a processor that enables you to easily align your current business processes with your new electronic processing system. Ensure that you can easily export customer data and smoothly integrate the electronic payment processing system with your business management software.
Notify your customers that your business will begin using electronic check conversion to process payments. Federal rules require you to post a notification about this change in practice as well as to give your customers a takeaway copy of the notification. You must also provide customers a telephone number to request more information about electronic check conversion.
Posted in Electronic Check Services, Electronic Payments, Financial Services Tagged with: ach, authentication, automated clearing house, bank, check, checks, conversion, deposited, digital, echeck, electronic, electronically, encryption, fees, in-store, market, merchant, merchant service provider, money, online, payments, process, Processing, reporting, scanner, Security, signature, submit, terminal, transactions, virtual