September 4th, 2014 by Elma Jane

EMV, which stands for Europay, MasterCard and Visa, and is slated to be mandated across the United States starting in October 2015 and automated fuel dispensers have until October 2017 to comply. Unlike magnetic swipe cards, EMV chip cards encrypt data and authenticate communication between the card and card reader. Additionally, chip card user is prompted for a PIN for authentication.

Why are those dates important? Companies lose $5.33 billion to fraud today, with card issuers and merchants incurring 63 and 37 percent of these losses, respectively. Under the EMV mandate, merchants who do not process chip cards will bear the burden of the issuer loss. By accepting chip card transactions, merchants and issuers should see a reduction in fraud.

Overcoming Barriers to EMV Adoption

Given the significant barriers to EMV adoption, it may be tempting for merchants to meet minimum requirements for accepting EMV payments. However, medium to large retailers should also consider the bigger picture of customer security and peace of mind.

Some key critical success factors for a payment initiative of this size include:

Business Continuity Architecture: As with all payment systems, it is imperative to have the EMV system running at all times. The solution should preferably have Active-Active architecture across multiple data centers and have a low Recovery Point Objective (the point in time to which the systems and data must be recovered after an outage).

Cost Benefit Analysis: Take a top down approach and decide accordingly on the scope of the analysis. This will ensure that decisions on scope are made on basis of quantitative data and not just qualitative arguments.

Phased Approach: To overcome time or cost overage in a project of this scope and complexity, retailers should try using an iterative approach for development. The rollout can be divided into multiple releases of six to seven months, which will provide the opportunity to review, capture lessons learnt, and improve subsequent releases.

Proactive Monitoring Alerts: Considering the criticality of business function carried out by EMV, tokenization and payment gateway, a vigorous supervising environment must be defined to perform proactive and reactive monitoring. It should take into consideration the monitoring targets, tools, scope and methods. This will provide advance visibility to the failure points and better ensuring maximum system availability.

Resilience Testing: Typically in a software project, the testing is limited to the unit, integration, performance and user acceptance. However, due to the critical nature of the applications and systems involved, robust resiliency testing is vital. This will ensure that there are no single points of failure and the system remains available when running in error conditions.

Stakeholder Identification: This is a key step to ensure that you have varied perspectives from all departments and their support. It will keep your organization from being blindsided and reduce the risk of disagreements in later stages of the program. Key stakeholders should include Store Operations, Card Accounting, Loss Prevention, Contact Center and IT & Data Security.

Organizations should adopt a five step approach to implement a secure, robust and industry-leading payment solution:

Encryption – Point to point encryption will ensure card data is secure and encrypted from the point of capture to the processor. Usually, merchants use data encryption that is not point to point, rendering their organization vulnerable to data breaches. Software encryption is the most common form of encryption, as it is easily installed and quires little or no hardware upgrades; however, it is less secure, may expose encryption keys, and is prone to memory scanning attacks. Hardware encryption is considered more secure but requires more costly terminal upgrades. Hardware encryption is designed to self-destruct the keys if tampered, but is not well-defined as very limited headway has been made in this space. 

Tokenization – Build a Card Data Environment (CDE) that will host a centralized card data storage solution. Only limited applications with firewall access and capability to mutually authenticate via certificates can access CDE and receive card data. The rest of the applications will have tokens which are random numbers. This architecture will ease the merchant’s burden with existing and emerging PCI Data Security Standards.

Payment Gateway – Perform a risk assessment on the current payment gateway and identify gaps in functionality, manageability, compliance, scalability, speed to market and best practices. Determine the alternatives to mitigate the risks. Some of the important aspects of a leading payment gateway solution are support for all forms of credit, debit, gift cards and check transactions. Its ability to work with any acquirer, in-built encryption abilities, support for settlement and reconciliation must also be kept into consideration.

Settlement, Funding and Reconciliation – A workflow-based system to handle chargebacks and the automation of chargeback processing will greatly reduce labor-intensive work and enhance the quality of data used for settlement and reconciliation. Upgrades to the existing receipt retrieval system may be needed.

Card fraud is on the rise in the U.S., and merchants are the primary target for stealing information. With the EMV deadline just over a year away, the responsible retailer must take steps to prepare now. Although EMV implementation might seem overwhelming to merchants, they should start their journey to secure payments rather than wait for a looming deadline. Solutions such as data encryption and tokenization should be used in combination with EMV to implement a robust payment solution to better protect merchants against fraud. By proactively adopting EMV payment solutions, merchants can stay ahead of the regulatory curve and better protect their customers from fraud.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

July 21st, 2014 by Elma Jane

European authorities dismantled a Romanian-dominated cybercrime network that used a host of tactics to steal more than EUR2 million. As a direct result of the excellent cooperation and outstanding work by police officers and prosecutors from Romania, France and other European countries, a key criminal network has been successfully taken down this week.

Hundreds of police in Romania and France, backed by the European Cybercrime Centre, carried out raids on 177 addresses, interrogating 115 people and detaining 65. Those held are suspected of participating in sophisticated electronic payment crimes, using malware to take over and gain access to computers used by money transfer services all over Europe. They are also accused of stealing card data through skimming, money laundering and drug trafficking.Proceeds of the crimes were invested in different types of property, deposited in bank accounts or transferred electronically, says the EC3. Large sums of money, luxury vehicles and IT equipment were seized during the raids.

Posted in Uncategorized Tagged with: , , , , , , , , , , , ,

November 7th, 2013 by Elma Jane

Android 4.4 introduces an additional method of card emulation that does not involve a secure element, called host-based card emulation. This allows any Android application to emulate a card and talk directly to the NFC reader. This document describes how host-based card emulation (HCE) works on Android and how you can develop an app that emulates an NFC card using this technique.

Many Android-powered devices that offer NFC functionality already support NFC card emulation. In most cases, the card is emulated by a separate chip in the device, called a secure element. Many SIM cards provided by wireless carriers also contain a secure element.

Card Emulation with a Secure Element

The secure element itself performs the communication with the NFC terminal, and no Android application is involved in the transaction at all. After the transaction is complete, an Android application can query the secure element directly for the transaction status and notify the user.

When NFC card emulation is provided using a secure element, the card to be emulated is provisioned into the secure element on the device through an Android application. Then, when the user holds the device over an NFC terminal, the NFC controller in the device routes all data from the reader directly to the secure element.

Host-based Card Emulation

The NFC standards offer support for many different protocols, and there are different types of cards that can be emulated. When an NFC card is emulated using host-based card emulation, the data is routed to the host CPU on which Android applications are running directly, instead of routing the NFC protocol frames to a secure element.

Android 4.4 supports several protocols that are common in the market today. Many existing contactless cards are already based on these protocols, such as contactless payment cards. These protocols are also supported by many NFC readers in the market today, including Android NFC devices functioning as readers themselves. This allows you to build and deploy an end-to-end NFC solution around HCE using only Android-powered devices.

Posted in Electronic Payments, Mobile Payments, Near Field Communication, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

September 30th, 2013 by Elma Jane

National Transaction Corporation and Trams Back Office

As National Transaction Corporation Executives get to meet Sabre’s key people in Miami FL let’s know more about what Trams Back Office one of their respective products can offer.

Travel and transportation industry is evolving quickly, agility is needed in adapting to the changing customer needs. In addition to providing the right services for customers and for business.

With Trams Back Office, part of the Sabre Red travel solution, your capable to easily monitor, manage and grow your business. Trams provides right-size, right-price information technology (IT) solutions and is one of the most popular back office accounting and reporting system on the market today. It’s easy to learn and use, helping you control costs with extreme efficiency.

In addition, Trams Back Office seamlessly works withClientBase to deliver a complete solution incorporating GDS integration, CRM, General Ledger, and more.

Special Features

Credit Card Merchant – process your merchant credit card service fees and other transactions through Trams Back Office.Trams and ClientBase Products and Services has formed alliances with credit card processing companies, to bring you competitive rates and an easy-to-use interface to process agency merchant credit card service fees and other transactions through Trams Back Office.

The Credit Card (CC) Merchant Reconciliation under Payments|Reconciliation|CC Merchant Reconciliation takes the CC Merchant payments from Trams Back Office (TBO) verifies them, and sends them electronically to your credit card processor. Your credit card transactions are then processed and sent back to Trams Back Office, where TBO clears the processed items and creates the payment and the journal entry to record the activity in the General Ledger.

Add Ons

Trams Crystal Reports – measure effectiveness and efficiency by running pre-designed Crystal Reports within the Trams Back Office system. Its FREE!! Trams Crystal Reports is an add-on to ClientBase and/or Trams Back Office that offers you the ability to run pre-designed Crystal Reports in addition to those offered within the Trams Back Office and ClientBase products. TCR10 is the most recent version of Trams Crystal Reports that is integrated with Trams Back Office and ClientBase. When TCR10 is installed, you will be able to launch Trams Crystal Reports from your desktop or in Trams Back Office, using the TCR Viewer under Reports.

 IC/Host Agency Export Utility- allows Independent Contractors to share invoice data with their Host Agency’s Trams Back Office system for FREE!! Agencies today are choosing to change the way they make their bookings. Many are dropping out of ARC/BSP and booking air tickets through a Host Agency. They may also book some or all of their Cruise & Tour business with a Host Agency, or continue doing those bookings as they always have. These Independent Contractor (IC) Agents working through a Host Agency, may still operate a Store Front location, or move into a “home based” environment. This utility is designed for independent contractors (IC) and host agencies to share data more efficiently. IC’s use the host’s GDS create invoices marked with their own IC code. These invoices are then interfaced into the host’s Trams Back Office (TBO) database. This utility gives the Host the ability to transfer these interfaced invoices to the IC for importing into their IC copy of Trams Back Office. To receive records from a host agency using this utility, an IC must have a copy of Trams Back Office. The utility also allows IC’s that use ClientBase to create invoices, to export those invoices and share them with the host agency.

Over View – Trams Back Office is a locally installed solution that allows agency to effectively manage entire accounting and reporting process with their Free Special Features and Free AddOns.

Posted in Credit card Processing, Electronic Payments, Merchant Services Account, Travel Agency Agents Tagged with: , , , , , , , , , , , , , , , , , ,