EMV
January 28th, 2016 by Elma Jane

The shift to EMV is helping to address vulnerabilities in the United States payments ecosystem. It has been shown that EMV can deliver benefits as a part of industry efforts to combat fraud. 

EMV migration is a critical focus for enhancing payments security, which is why the current efforts around chip card deployment are greatly beneficial for consumers and merchants alike. EMV technology helps to reduce counterfeit card fraud, as it generates dynamic data with each payment to authenticate the card, after which the cardholder is prompted to sign or enter a PIN to confirm their identity.

The EMV rollout represents a dynamic time for card payments that promises great advances, among them is enhanced security for cardholders. It also presents an opportunity to consider other innovations such as mobile wallets and mobile POS to further engage your customers and drive customer loyalty. When merchants continue to invest in EMV and NFC (near field communications, used for tap-and-pay transactions), the purchases made at their EMV-enabled terminals are made more secure than magnetic stripe.

New mobile payment options such as mobile wallets support EMV and therefore offer this added layer of security. Ultimately, by enabling contactless payments, merchants can also enable more flexibility in addition to increasing security for their customers.

Additionally, industry players are backing major mobile wallets, such as Android Pay, Apple Pay, and Samsung Pay.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , ,

POS
November 13th, 2015 by Elma Jane

It’s important for merchants to understand the basic of how a credit card terminal works. It is the channel through which the process flows and the merchants can choose the right one for their processing needs, whether they use a point-of-sale (POS) countertop model, a cardreader that attaches to a smartphone or mobile device, a sleek handheld version for wireless processing or a virtual terminal for e-commerce transactions.

A credit card terminal’s function is to retrieve the account data stored on the payment card’s EMV microchip or a magnetic stripe and pass it along to the payment processing company (also known as merchant account provider).

For card-not-present (CNP) – mail order, telephone order and online transactions – the merchant enters the information manually using a keypad on the terminal, or the e-commerce shopper enters it on the website’s payment page. The back half of the process remains the same.

The actual data transmission goes from the terminal through a phoneline or Internet connection to a Payment Processing Company, which routes it to the bank that issued the credit card for authorization.

In card-present transactions where the card and cardholder are physically present, the card is connected to the reader housed in the POS terminal. The data is captured and transmitted electronically to the merchant account provider, who handles the authorization process with the issuing bank and credit card networks.

A POS retail terminal with a phone or Internet connection works best in a traditional retail setting that deals exclusively in card present transactions. For a business with a mobile sales, a mobile credit card processing option like Virtual Merchant Converge Mobile relies on a downloadable app to transform a smartphone or tablet into a credit card terminal equipped with a USB cardreader.

Wireless Terminals are compact, allowing you to accept credit cards in the field without relying on a phone connection. If you process debit cards, you’ll need a PIN pad in addition to your terminal so cardholders can enter their personal identification number to complete the sale.

Selecting the right terminal for your credit card processing needs depends largely on the type of business you run and the sorts of transactions you process. Terminals are highly specialized and provide different services. At National Transaction we offer a broad range of terminals with NFC (near field communication) Capability to accept Apple Pay, Android Pay and other NFC/Contactless payment transactions at your business. An informed business decision benefits your bottom line. Start accepting credit cards today with National Transaction.

 

 

Posted in Best Practices for Merchants, Credit card Processing, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mobile Point of Sale, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Best Practices For Merchants
October 22nd, 2015 by Elma Jane

Adoption of EMV technology in the U.S is important, because it provides protection against losses from counterfeit cards.

EMV, or chip cards, are the standard for secure point-of-sale (POS) transactions. Unlike magnetic stripe cards, chip cards are very difficult to counterfeit because of an embedded microchip that exchanges unique, dynamic data with a terminal each time it’s used.

To encourage the timely adoption of EMV, the leading payment networks have implemented an EMV Fraud Liability Shift that began in October 2015.

Both parties, card issuer and the merchant need to invest with EMV technology. If only one party has adopted EMV technology, the party that didn’t make the investment will be held liable.

For the card issuer, they came out with the chip cards, where all credit and debit cards have this security chips that are harder to counterfeit than magnetic strips.

For the merchant, an EMV capable terminals or POS hardware that can take advantage of the card’s security chip is needed.

With any new technology, there is a learning curve, and here are the things that you need to know.

For cardholders – with a chip card instead of swiping your card, you are going to do what is called card dipping; by inserting your card face-up and chip-first into the terminal slot. Wait and follow the terminal prompts, and only remove your card once the transaction is complete.

If you did a swipe on a chip card, an EMV-enabled terminal should prompt you to insert the card instead. If the terminal is not enabled for chip, you can still be able to swipe your card.

Employees will benefit from training – Once a merchant enables their EMV terminals, it is important to train your staff with talking points about why chip cards benefit consumers with greater security, and how they are used by helping customers with the new checkout process.

New mobile payment methods leverage both EMV and NFC, so the industry is now seeing greater interest in mobile payments among merchants and consumers.

There’s a lot of resources out there to help businesses make the transition with this EMV technology.

 

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication Tagged with: , , , , , , , , , , , ,

Best Practices For Merchants
October 6th, 2015 by Elma Jane

If you accept credit cards and don’t know what EMV is here is what you need to know.

EMV stands for Europay, MasterCard and Visa. A credit card that had a chip embedded in it is an EMV. EMV Cards have been standard in Europe for more than 10 years because they’re more secure than magnetic stripe cards. Magnetic stripe cards doesn’t change, it has static data, which makes them easy to clone. The chip embedded card makes it more difficult and costly to counterfeit because the data that is transmitted changes each time the card is read. This means less fraud.

Liability Shift rules set by Visa and MasterCard as of October 1st. The liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards.

  • Calculate your risk – Consider the cost of replacing your point-of-sale (POS) terminal vs. potential risk. Whether you replace it now or at a later time, eventually all businesses will have to replace their POS terminals.
  • Educate your staff – Educated employees translate to better-educated customers. Merchants can help customers better understand this change and what it means for them.
  • Upgrade your POS system – Consider using an EMV compliant credit-card reader on a wireless device for an ultra-secure mobile solution. This is also a chance to upgrade other options, such as near field communication NFC technology, which lets consumers use their mobile devices to make payments at the point of sale.

National Transaction Terminals with EMV and NFC (near field communication) Capability To accept Apple Pay, Android Pay and other NFC Transactions at your business. You will need to adopt point-of-sale devices with NFC/contactless readers. 

National Transaction offer a range of options to suite your specific needs.

If you’re using Virtual Merchant Mobile now called Converge please contact our office at 888-996-2273 to know your options.  

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , , , , , , ,

Risk
September 8th, 2015 by Elma Jane

card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant’s visual examination at the time that an order is given and payment effected, such as for mail-order transactions by mail or fax, or over the telephone or Internet.

The Card Associations created this term to help identify these Transactions, because CNP situations tend to be where the majority of fraudulent activity occurs; it is difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase.

The card security code system has been set up to reduce the incidence of credit card fraud arising from CNP.

Types of Security codes:

CVC1 or CVV1, encoded on track 2 of the magnetic stripe of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.

The most cited, is CVV2 or CVC2. This code is often sought by merchants for Card Not Present Transactions occurring by mail, fax, telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.

Contactless cards and chip cards may supply their own electronically-generated codes, such as iCVV or Dynamic CVV.

Code Location

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card.

American Express Cards have a four-digit code printed on the front side of the card above the number.

Diners Club, Discover, JCB, MasterCard, and Visa Credit and Debit Cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.

For Merchant Account Setup give us a call at 888-996-2273 or visit our website www.nationaltransaction.com

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , ,

June 25th, 2015 by Elma Jane

A product or service using a credit card or debit card should be efficient, fast and most importantly safe. There are a lot of regulations in place to make sure that the processing of payments using a card is safe and secure. One of the way is the EMV (Europay, MasterCard and Visa) technology, where payment cards used in an ATM and POS Terminals have been embedded with microchips. This form of payment technology has long been in use and is widely accepted in many regions such as Europe, Canada and Asia Pacific. The US, which is considered to be the largest number of plastic card users is one of the countries that have not yet fully optimized this otherwise global standard.

Advantages Of EMV  – EMV embedded chip is a lot more secure than the traditional magnetic stripe, especially when it comes to face-to-face credit/debit card transactions. Credit card fraud is rampant, but using this embedded chip has added another layer of protection against consumer fraud. Once the card has been inserted into a terminal, the payment will then be authenticated and processed using the EMV network. The chip within the card is hard to duplicate.

What Does This Mean For Your Business? – You will create more credibility and garner more customers in the market place by utilizing this more safe and secure payment method. There will be increased in consumer confidence.

What Happens When You Don’t Upgrade? – There is a Liability Shift. Currently, If a payment processing transaction has been approved and it turns out to be fraud, it’s the card issuer loss. With the new rule, liability shifts to merchants who has not implemented the EMV technology. When fraud happens, the responsibility falls on the business owner who makes the transaction.

How To Prepare Your Business For EMV? – Upgrade your terminal. Contact National transaction and we’ll help you prepare your business for the EMV migration.

Upgrading your current payment processing system is easy with NTC.

Give Us A Call Now! 888-996-2273

Check our website http://nationaltransaction.com click Demos and Videos to learn more!

          

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , ,

May 14th, 2015 by Elma Jane

The way customers Pay In Stores Is Changing.

Chip cards are here to provide advanced security with every transaction. Accepting chip cards could be as simple as changing your payment terminal.

What do you need to know about Chip Card and EMV? Chip cards are payment cards that have an embedded chip, which offers advanced security when you use the card to pay in store. Chip cards are based on a global card payment standard called EMV (Europay, MasterCard and VISA) currently used in more than 80 countries.

Why Is it More Secured? Chip card transactions offer you advanced security for in store payments by making every transaction unique,  and, more difficult to counterfeit or copy. If the card data and the one-time code are stolen, the information cannot be used to create counterfeit cards and commit fraud.

How do you know if a customer has a Chip Card? The customer’s card will have chip on the front of it, magnetic stripe remains on the back.

How to use Chip Card at the POS? Swipe the card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. The customer should insert their card with chip toward terminal, facing up. The chip card should not be removed until the customer is prompted.

Customer will provide their signature or PIN as prompted by the terminal.

Some transactions may not require either.

When the terminal says the transaction is complete, the customer can remove their card.

Chip-enabled terminals will still accept magnetic stripe card payments for customers who do not have a chip card.

What does a chip-enabled terminal look  like? They have all of the features you are used to with a payment terminal, with the addition of a slot for the customer to insert their card. The slot is typically located at the bottom or the top of the payment terminal.

How will you know if a terminal accepts chip card? During the transition to chip, customers are being told to swipe their card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. If you have chip-enabled terminals, you can tell your customer to insert their card for a chip transaction, if a customer has a chip card.

How can you get a chip-enabled terminal? Contact your acquirer or merchant service provider.

Show your customers that you care about their information security by making the move to chip. This will ensure that your business and your customers are protected from fraud. Start accepting chip cards!

You may be liable for fraud if you don’t make the change from chip terminal. Starting October 2015, rules are changing. Merchants that accept chip will be protected from fraud losses resulting from in store counterfeit magnetic stripe card transactions just as you are today. However, liability will shift from issuers to merchants if their payment terminals are not chip-enabled for in store transactions. Fraud liability for lost or stolen cards varies by payment network. Contact your acquirer or payment services providers for more information.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , ,

February 27th, 2015 by Elma Jane

Here are the Frequently Asked Questions:

You’re probably finding yourself staring at your old credit card machine and worrying about the cost of buying a new machine. The transition doesn’t have to be an expensive one, but it pays to be educated as you consider this important upgrade.

Things you need to know in the form of a brief FAQ.

Where To Buy an EMV Credit Card Terminal?

All the same places you can buy or rent a non-EMV terminal, for the most part. The vast majority of the time supported EMV machines can be reprogrammed just like their non-EMV predecessors. While credit card terminal tampering has occurred in the past, it is not common and is even less easily achieved with new EMV terminals.Terminals have built-in anti-tampering features to prevent this. Your provider is free to either charge a reprograming fee, or simply refuse to reprogram outside machines. While they can reprogram, there’s no law saying that they have to.

Is It A Must to Have an EMV-Compliant Machine?

NO BUT THERE IS RISK. NFC (Near Field Communication) is the technology used by digital wallets for contactless payments. NFC EMV terminals can be considerably more expensive than standard EMV terminals. You can buy a separate NFC reader without replacing your existing EMV terminal.

Does an EMV Chip Card Reader Cost Much?

NOT VERY MUCH! These terminals are really not more expensive that the old terminals. You can find them as cheap, especially if it’s refurbished. There’s no reason to sign on to an expensive non-cancellable lease. If you’d rather rent than own, at least look for inexpensive rental options. If you want a wireless terminal or an NFC-capable terminal, the prices will be a little bit higher. But for baseline EMV-compatible chip card readers, it’s a pretty minor investment even for a very small business.

Does EMV Terminal Upgrade Really Needed?

Technically? No, but it would be like buying a new computer and not getting a virus protection program. Worse because you have financial data on. Your CUSTOMER! Practically? You should!

If you stick with your old non-chip credit card terminal, you will still be able to run transactions. All chip cards are also equipped with the same magnetic stripe used previously, so you can still swipe them. The difference is that if one of those chip cards that you swipe is used fraudulently, you will now be liable. The rationale behind this is that if you had upgraded your terminal, the fraud could have been prevented. Therefore you are held accountable. You might be tempted to think that your small businesses is unlikely to be a victim of such fraud because it hasn’t happened in the past. But consider that all of the big retailers will be upgrading to the EMV terminals, which is likely to drive fraudsters to more vulnerable outlets (ie, small businesses). So I don’t want to be a fear-mongerer but for the fairly small business expense of a terminal upgrade you get a lot of fraud protection. If it prevents just one instance of fraud in the years to come, it has likely paid for itself many times over.

For most merchants, it’s not that expensive or difficult to switch over to EMV equipment and the insurance that the switch will provide you with is well worth the effort. So start thinking about it, and don’t wait until the last minute. The last month before the liability shift occurs in the US, equipment providers will be backed up with orders, making the transition less smooth. So there’s no time like the present to start looking into chip card machines. It might even be a good time to think about switching providers.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , , , , , , ,

September 24th, 2014 by Elma Jane

The CVV Number (Card Verification Value) on your credit card or debit card is a 3 digit number on VISA, MasterCard and Discover branded credit and debit cards. On your American Express branded credit or debit card it is a 4 digit numeric code.

The codes have different names:

American Express – CID or unique card code.

Debit Card – CSC or card security code.

Discover  – card identification number (CID)

Master Card – card validation code (CVC2)

Visa  – card verification value (CVV2) 

CVV numbers are NOT your card’s secret PIN (Personal Identification Number).

You should never enter your PIN number when asked to provide your CVV. (PIN numbers allow you to use your credit or debit card at an ATM or when making an in-person purchase with your debit card or a cash advance with any credit card.)

Types of security codes:

CVC1 or CVV1, is encoded on track-2 of the magnetic stripe  of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.

The most cited, is CVV2 or CVC2. This code is often sought by merchants for card not present transactions occurring by mail or fax or over the telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.

Contactless card and chip cards may supply their own codes generated electronically, such as iCVV or Dynamic CVV.

Code Location:

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card. On American Express cards, the card security code is the four digits printed (not embossed) on the front towards the right. The card security code is not encoded on the magnetic stripe but is printed flat.

American Express cards have a four-digit code printed on the front side of the card above the number.

MasterCard, Visa, Diners Club,  Discover, and JCB credit and debit cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.

New North American MasterCard and Visa cards feature the code in a separate panel to the right of the signature strip. This has been done to prevent overwriting of the numbers by signing the card.

Benefits when it comes to security:

As a security measure, merchants who require the CVV2 for card not present payment card transactions are required by the card issuer not to store the CVV2 once the individual transaction is authorized and completed. This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful. Virtual Terminals and payment gateways do not store the CVV2 code, therefore employees and customer service representatives with access to these web-based payment interfaces who otherwise have access to complete card numbers, expiration dates, and other information still lack the CVV2 code.

The Payment Card Industry Data Security Standard (PCI DSS) also prohibits the storage of CSC (and other sensitive authorization data) post transaction authorization. This applies globally to anyone who stores, processes or transmits card holder data. Since the CSC is not contained on the magnetic stripe of the card, it is not typically included in the transaction when the card is used face to face at a merchant. However, some merchants in North America require the code. For American Express cards, this has been an invariable practice (for card not present transactions) in European Union (EU) states like Ireland and the United Kingdom since the start of 2005. This provides a level of protection to the bank/cardholder, in that a fraudulent merchant or employee cannot simply capture the magnetic stripe details of a card and use them later for card not present  purchases over the phone, mail order or Internet. To do this, a merchant or its employee would also have to note the CVV2 visually and record it, which is more likely to arouse the cardholder’s suspicion.

Supplying the CSC code in a transaction is intended to verify that the customer has the card in their possession. Knowledge of the code proves that the customer has seen the card, or has seen a record made by somebody who saw the card.

 

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

August 27th, 2014 by Elma Jane

Backoff malware that has attacked point of sale systems at hundreds of businesses may accelerate adoption of EMV chip and PIN cards and two-factor authentication as merchants look for ways to soften the next attack. Chip and PIN are a big thing, because it greatly diminishes the value of the information that can be trapped by this malware, said Trustwave, a security company that estimates about 600 businesses have been victims of the new malware. The malware uses infected websites to infiltrate the computing devices that host point of sale systems or are used to make payments, such as PCs, tablets and smartphones. Merchants can install software that monitors their payments systems for intrusions, but the thing is you can’t just have anti-virus programs and think you are safe. Credit card data is particularly vulnerable because the malware can steal data directly from the magnetic stripe or keystrokes used to make card payments.

The point of sale system is low-hanging fruit because a lot of businesses don’t own their own POS system. They rent them, or a small business may hire a third party to implement their own point of sale system. The Payment Card Industry Security Standards Council issued new guidance this month to address security for outsourced digital payments. EMV-chip cards, which are designed to deter counterfeiting, would gut the value of any stolen data. With this magnetic stripe data, the crooks can clone the card and sell it on the black market. With chip and PIN, the data changes for each transaction, so each transaction is unique. Even if the malware grabs the data, there not a lot the crooks can do with it. The EMV transition in the U.S. has recently accelerated, driven in part by recent highprofile data breaches. Even with that momentum, the U.S. may still take longer than the card networks’ October 2015 deadline to fully shift to chip-card acceptance.

EMV does not by itself mitigate the threat of breaches. Two-factor authentication, or the use of a second channel or computing device to authorize a transaction, will likely share in the boost in investment stemming from data security concerns. The continued compromise of point of sale merchants through a variety of vectors, including malware such as Backoff, will motivate the implementation among merchants of stronger authentication to prevent unauthorized access to card data.

Backoff has garnered a lot of attention, including a warning from the U.S. government, but it’s not the only malware targeting payment card data. It is not the types of threats which are new, but rather the frequency with which they are occurring which has put merchants on their heels. There is also an acute need to educate small merchants on both the threats and respective mitigation techniques.. The heightened alert over data vulnerability should boost the card networks’ plans to replace account numbers with substitute tokens to protect digital payments. Tokens would not necessarily stop crooks from infiltrating point of sale systems, but like EMV technology, they would limit the value of the stolen data. There are two sides to the equation, the issuers and the merchants. To the extent we see both sides adopt tokenization, you will see fewer breaches and they will be less severe because the crooks will be getting a token instead of card data.

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,