PCI COMPLIANCE
September 21st, 2016 by Elma Jane

PCI compliance applies to any company, organization or merchant of any size or transaction volume that either accepts, stores or transmits cardholder data.

Any merchant accepting payments directly from the customer via credit or debit card must be Compliant. The merchant themselves are therefore responsible for becoming Compliant, as the deadline for the merchant becomes overdue.

Understanding and knowing the details of Payment Card Industry Compliance can help you better prepare your business. Because failing and waiting to become compliant or ignoring them, could end up being an expensive mistake.

The VISA regulations have to adhere to the PCI standard forms as part of the operating regulations. The regulations signed when you open an account at the bank. The rules under which merchants are allowed to operate merchant accounts.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

 

 

 

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , ,

E-Pay
October 20th, 2015 by Elma Jane

We’ve covered  a lot about EMV, but what about improving security for online and Card-Not-Present transactions? That’s where 3-D Secure comes in.

3-D Secure allows a card holder to authenticate himself while making an online payment.

In a traditional credit card transaction, a payment request is presented to the issuing bank for authorization. The Issuing bank authorizes the transaction based solely on the funds available to the card holder.

With card present, the magnetic strip on the card can be read and a signature collected. This process has now been largely superseded by Chip and PIN which gives the card holder the opportunity to identify himself via a secret PIN code.

An E-commerce transaction is conducted online, without the possibility to access the card physically. Un-authorized usage and fraud are therefore more likely.

3-D Secure allows transactions to be conducted in safety online, greatly reducing the risk of fraud and chargebacks.

How 3-D Secure Works?

When a payment request arrives at the merchant or payment gateway, the Merchant Plug In (MPI) component is activated. The MPI talks to Visa or MasterCard to check if the card is enrolled for 3-D Secure. If the card is not enrolled, this means that either the bank that issued the card is not yet supporting 3-D Secure or it means that the card holder has not yet been registered for the service. If the card is enrolled, the MPI will redirect the card holder to the 3-D Secure authentication web page for the issuing bank; the card holder will then identify himself. The MPI will evaluate the reply from the bank and, if successful, allow the transaction to proceed for authorization. The transaction could still fail for lack of funds or other reasons but is more likely to be approved because of the authentication.

3-D Secure allows 3 domains to work together.

Domain 1: The card holder has the peace of mind that his card is not used without his authorization.

Domain 2: Merchants are protected from fraud and can provide the product and service without delay or extra costs.

Domain 3: Banks see that the transaction has been authenticated and are more likely to approve the transaction, to the convenience of the card holder.

Implementation of 3-D Secure:

Visa is called Verified by Visa.

MasterCard is called Secure Code.

Amex is called SafeKey.

JCB is called J/Secure.

Posted in Best Practices for Merchants, e-commerce & m-commerce, Internet Payment Gateway Tagged with: , , , , , , , , , , , , , , , , , ,

February 18th, 2014 by Elma Jane

Payment Tokenization Standards

Tokenization is the process of replacing a traditional card account number with a unique payment token that is restricted in how it can be used with a specific device, merchant, transaction type or channel. When using tokenization, merchants and digital wallet operators do not need to store card account numbers; instead they are able to store payment tokens that can only be used for their designated purpose. The tokenization process happens in the background in a manner that is expected to be invisible to the consumer.

EMVCo – which is collectively owned by American Express, Discover, JCB, MasterCard, UnionPay and Visa – has announced that it is expanding its scope to lead the payments industry’s work to standardize payment tokenization. EMVCo says that the new specification will help provide the payments community with a consistent, secure and interoperable environment to make digital payments when using a mobile handset, tablet, personal computer or other smart device.

Key elements of EMVCo’s work include adding new data fields to provide richer industry information about the transaction, which will improve transaction efficiency and enhance the consumer and merchant payment experience by helping to prevent fraudulent card account use. EMVCo will also create a consistent approach to identify and verify the valid use of a token during payment processing including authorization, capture, clearing and settlement.

EMVCo’s announcement follows an earlier joint announcement from MasterCard, Visa and American Express that proposed an initial framework for industry collaboration to standardize payment tokenization. EMVCo says it will now build on this framework with collective input from all of its members and the industry as a whole.

Posted in Credit card Processing, Credit Card Reader Terminal, Credit Card Security, Digital Wallet Privacy, Electronic Payments, Financial Services, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,