Convention
November 6th, 2015 by Elma Jane

Money 20/20 was billed as the largest convention in payments history held in Las Las Vegas, during the last week of October 2015.

The show delivered well-organized, incisive content such as Europay, MasterCard and Visa (EMV) migration, mobile payments, security and omnichannel commerce.

20/20 Highlights

  • Alternative lending and credit.
  • Bill Payments, Financial Services: Newly released market research provides insights into the future of household bill payments, millennials, and financial services.
  • Connected Commerce and the Mobile Enterprise: The Internet of Things is changing the way that consumers interact with their environments. Analysts predict up to 30 billion interactive devices will be connected to the Internet by 2020, noting that many of these devices will be payment-enabled.
  • Marketing and Customer Experience: Most marketers agree that the era of demographic profiles and pull marketing is over. Retailers, card brands and information technology professionals looked at the customer experience in the digital world. They explored new marketing practices, trends in e-commerce and mobile commerce, and big data findings in other industries that may be useful to financial service companies.
  • Mobile Banking: Banks are undergoing an incremental transformation as they learn to compete with nonbank lenders, balance cash management with digital currencies, and shift from local branches to online and mobile forms of banking.
  • Mobile Payments: Payments analysts reviewed Apple Pay a year after its launch and a range of other mobile wallet offerings, and they speculated on how third-party wallets will impact bank apps.
  • Payment Card Evolution: Payment card issuers, processors and network service providers analyzed the changing look, feel and role of payment cards in the greater ecosystem. Discussions ranged from card linking to the coolness factor of gift cards to how e-cards are expanding market opportunities.
  • POS, Processing and Open Platforms: Executive roundtables with leading acquirers explored front-end and back-end technology and omnichannel commerce for small and midsize businesses.
  • Regulatory Landscape: Increased federal and state oversight has had a significant impact on the financial services sector.
  • Security: Security analysts made in-depth presentations on tokenization, end-to-end encryption, and secure methods of authentication designed to protect consumers, merchants and industry stakeholders from cybercriminals. Many agreed that EMV implementation in the United States will drive fraudsters to the card-not-present space. They discussed how EMV adoption has changed fraud patterns in other regions and offered examples of best practices geared toward identifying and preventing electronic payment fraud.

More than 10,000 attendees and 3,000 exhibitors from 75 countries attended Money20/20. Financial services professionals from mobile, retail, marketing services, data and technology met at what show organizers described as the intersection of mobile, retail, marketing services, data and technology.

The years to come will be a turning point in the payments sector, and with the recent shift to EMV, the entire conference confirmed that all the players are more interested than ever in finding innovative solutions for combating online fraud.

 

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , ,

E-Pay
October 20th, 2015 by Elma Jane

We’ve covered  a lot about EMV, but what about improving security for online and Card-Not-Present transactions? That’s where 3-D Secure comes in.

3-D Secure allows a card holder to authenticate himself while making an online payment.

In a traditional credit card transaction, a payment request is presented to the issuing bank for authorization. The Issuing bank authorizes the transaction based solely on the funds available to the card holder.

With card present, the magnetic strip on the card can be read and a signature collected. This process has now been largely superseded by Chip and PIN which gives the card holder the opportunity to identify himself via a secret PIN code.

An E-commerce transaction is conducted online, without the possibility to access the card physically. Un-authorized usage and fraud are therefore more likely.

3-D Secure allows transactions to be conducted in safety online, greatly reducing the risk of fraud and chargebacks.

How 3-D Secure Works?

When a payment request arrives at the merchant or payment gateway, the Merchant Plug In (MPI) component is activated. The MPI talks to Visa or MasterCard to check if the card is enrolled for 3-D Secure. If the card is not enrolled, this means that either the bank that issued the card is not yet supporting 3-D Secure or it means that the card holder has not yet been registered for the service. If the card is enrolled, the MPI will redirect the card holder to the 3-D Secure authentication web page for the issuing bank; the card holder will then identify himself. The MPI will evaluate the reply from the bank and, if successful, allow the transaction to proceed for authorization. The transaction could still fail for lack of funds or other reasons but is more likely to be approved because of the authentication.

3-D Secure allows 3 domains to work together.

Domain 1: The card holder has the peace of mind that his card is not used without his authorization.

Domain 2: Merchants are protected from fraud and can provide the product and service without delay or extra costs.

Domain 3: Banks see that the transaction has been authenticated and are more likely to approve the transaction, to the convenience of the card holder.

Implementation of 3-D Secure:

Visa is called Verified by Visa.

MasterCard is called Secure Code.

Amex is called SafeKey.

JCB is called J/Secure.

Posted in Best Practices for Merchants, e-commerce & m-commerce, Internet Payment Gateway Tagged with: , , , , , , , , , , , , , , , , , ,

NTC
October 15th, 2015 by Elma Jane

There are numbers of guidelines issued for accepting card payments, and merchants are expected to understand them all. To avoid issues down the road know a few basic rules in order to keep your business going without being penalized.

There’s a lot of ways to process a credit card: In-store, online, and by phone. There’s also different ways to pay and different brands of cards.

In-store and Card-not-present policies.

In-Store Policies:

  • Always verify that the person presenting the card is the cardholder
  • Ask for a 2nd ID for comparison
  • Cards are non-transferable, cardholder MUST be present for purchase
  • Compare the signature on the back of the card with that of the person who presents the card
  • Inspect the card to confirm that it’s not visibly altered or mutilated
  • Validate the card’s expiration date

Online/Phone Payment Policies: Card-not-present transactions

  • Card account number
  • Card billing address
  • CID (3 digits on back of card OR 4 on the front)
  • Card expiration date
  • Card member’s home or billing telephone number
  • Card member name (as it appears on the Card)

Rules for Visa, MasterCard and Amex that merchants need to know:

  • Never store cardholder data on any systems to help minimize the risk of fraud and protect your business from potential chargebacks.

Complying with Federal Laws, State Laws and PCI

  • A merchant should be familiar with and abide by Federal Laws regarding accepting credit cards. The Fair Credit Reporting Act is the federal law that establishes the foundation of consumer credit rights. This law regulates the collection and use of consumer credit information by merchants.
  • Check state laws on the use of consumer credit information and accepting credit cards. Not all states have additional laws that regulate credit card practices, but some (such as California) prohibit merchants from requesting/requiring a customer to provide any personal information (like their address or telephone number) on any form involved with their credit card transaction. So, it is advised that merchants inquire about further information in their particular state.
  • The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies processing, storing, or transmitting credit card information uphold a secure environment. These rules essentially apply to any merchant that has a Merchant ID (MID). If you are a merchant that accepts credit card payments, you are required to comply with the PCI Data Security Standard, large or small businesses.

EMV Liability Shift Set By Visa and MasterCard as of October 1st

U.S. banks and credit card companies are now using the EMV (Europay, MasterCard, and Visa) technology. The EMV liability shift for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. While issuers absorb losses under card-network rules, that burden will shift to acquirers in cases where the fraud occurs at merchants unprepared for EMV.

It’s good to know every aspect of your business. The above guidelines are part of a business that every merchants should be familiar with. The main reason for these rules is to protect your business and keep your customer’s payment card data safe and secure.

To start accepting more credit cards give us a call now at 888-996-2273. We have the latest terminals that’s EMV/NFC capable.

 

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , ,

Risk
October 9th, 2015 by Elma Jane

Credit card fraud is much more difficult to prevent in a card-not-present transaction. In a face-to-face setting the merchant can inspect the card to ensure that it is valid and can verify that the cardholder is an authorized user on the account. None of these actions can be performed when the payment is submitted online or accepted by phone. As we moved in adopting EMV Technology, majority of fraud is going to migrate away from counterfeit and stolen cards towards the card-not-present transaction as happened in other countries.

A combination of best practices and fraud prevention tools can provide card-not-present merchants with strong fraud prevention capabilities.

Steps to avoid fraud and protect your business for a card-not-present transaction:

  • Email Verification: Send a message to the email address provided by the customer requesting that the customer verify the email address is correct, you can ensure that the email is associated with the other information provided.   
  • Maintain PCI compliance:All merchants accepting card payments are now required to be compliant with the requirements of the PCI DSS (Payment Card Industry Data Standard) which sets the rules for data security management, policies, procedures, network architecture, software design and other protective measures.
  • Security Code Verification. Requesting the three digit security code on the back of a credit card. Visa (CVV2), MasterCard (CVC 2) and Discover (CID) cards, and the 4-digit numbers located on the front of American Express (CID) cards. Card Security Codes help verify that the customer is in a physical possession of a valid card during a card-not-present transaction.
  • Use an Address Verification Service (AVS): Enables you to compare the billing address provided by your customer with the billing address on the card issuer’s file before processing a transaction. AVS is good protection against card information obtained through means like phishing and malware because fraudster might not know the billing address.
  • Use 3D Secure Service: MasterCard and Verified by Visa enable cardholders to authenticate themselves to their card issuers through the use of personal passwords they create when they register their cards with the programs. The liability of any fraudulent charges through the 3D service is picked up by the issuer, not the merchant.
  • Verify the phone number and transaction information.Prior to shipping your products, call the phone number provided by the customer and verify the transaction information. Criminals may be unable to verify such information, because in their haste to max out the credit line before the fraud is discovered, they often order at random and do not keep records.

 

 

 

Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Payment Card Industry PCI Security, Travel Agency Agents Tagged with: , , , , , , , , , , , , ,

PCI COMPLIANCE
October 9th, 2015 by Elma Jane

In order to maintain some sort of order within PCI Compliance, VISA and MasterCard have created 4 risk levels that will apply to any particular business, for determining the risk level of a merchant.

Merchant Level               Description            Validation Requirements
Level 1 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region. Annual Report on Compliance (ROC) by Qualified Security Assessor (QSA) or internal auditor if signed by officer of the company.

Quarterly network scan by Approved Scan Vendor (ASV).

Attestation of Compliance Form.

Level 2 Merchants processing 1 million to 6 million Visa transactions annually (all channels). Annual Self-Assessment Questionnaire (SAQ).

Quarterly network scan by ASV.Attestation of Compliance Form.

Level 3 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually. Annual Self-Assessment Questionnaire (SAQ).

Quarterly network scan by ASV.

Attestation of Compliance Form.

Level 4 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually. Annual SAQ recommended.

Quarterly network scan by ASV if applicable.

Compliance validation requirements set by acquirer.

 

Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce, Payment Card Industry PCI Security Tagged with: , , ,

EMV
October 8th, 2015 by Elma Jane

Rules have changed in regards to swiping credit cards October 1st, 2015 with the EMV Liability Shift; which may not cause much concern for most consumers, but for merchants.

EMV compliance isn’t a legal requirement. However, if you’re a merchant that accepts credit cards in-person, then you need to find out whether you’re meeting the EMV Standard. The new rule for the liability shift applies October 1st, regardless of the size or type of business. 

What Is EMV Standard?

EMV stands for EuroPay, MasterCard, and Visa, the three companies that originally created the standard.

The EMV Shift is to provide enhanced security and prevent fraudulent activity with credit cards. Updated equipment is also necessary for processing the new computerized cards, and unfortunately, the responsibility of securing up-to-date hardware falls on the merchant.

Since card evolves more instead of cash in our society, fraud and data breaches is on the increase, and now a common occurrence. Adapting new technology is therefore necessary. A hassle for many merchants, but there are actually benefits from all parties involved in a credit card transaction.

Data shows that fraud decreases dramatically when EMV Standards are implemented In Europe. The region has experienced an 80% reduction in credit card fraud, while the USA has seen a 47% increase by NOT implementing EMV standards.

The new liability rules took effect on October 1st in the US, and any party that has not yet implemented EMV-compliant machines might now be liable for fraud committed with counterfeit chip cards. Note that this liability shift only applies to in-person transactions. Phone order and web order transactions will be dealt with as they always were.

For Merchants, it means you’ll eventually need to get new equipment for processing credit cards payments in-person (unless you’ve already done so not too long ago, as nearly all POS terminals sold in the USA nowadays are EMV compliant). For most business owners, it’s a good idea to implement the new system sooner rather than later.

Step to take as a Merchant Until you get your EMV equipment

  • Ask for an official ID from customers whose credit card you process.
  • Conduct some research to see which EMV system would be best for your business.
  • Start shopping around for new payment processing options that are EMV compliant. 

If you already have a machine that can process chip cards, you’re fully EMV-compliant.

If you don’t accept any in-person payments, then you’re all set.

If you do accept in-person payments and you do not have a chip card machine, chances are you’ll be fine for a little while. But those of you with a high risk of encountering a fake card (if you are a high-volume business with a large average ticket, for instance) should probably upgrade soon.

Fraudsters are going to be taking advantage of businesses that haven’t upgraded so it’s a great time to switch!

Check out NTC’s EMV/NFC Capable Terminal!  

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , , , , ,

Best Practices For Merchants
October 6th, 2015 by Elma Jane

If you accept credit cards and don’t know what EMV is here is what you need to know.

EMV stands for Europay, MasterCard and Visa. A credit card that had a chip embedded in it is an EMV. EMV Cards have been standard in Europe for more than 10 years because they’re more secure than magnetic stripe cards. Magnetic stripe cards doesn’t change, it has static data, which makes them easy to clone. The chip embedded card makes it more difficult and costly to counterfeit because the data that is transmitted changes each time the card is read. This means less fraud.

Liability Shift rules set by Visa and MasterCard as of October 1st. The liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards.

  • Calculate your risk – Consider the cost of replacing your point-of-sale (POS) terminal vs. potential risk. Whether you replace it now or at a later time, eventually all businesses will have to replace their POS terminals.
  • Educate your staff – Educated employees translate to better-educated customers. Merchants can help customers better understand this change and what it means for them.
  • Upgrade your POS system – Consider using an EMV compliant credit-card reader on a wireless device for an ultra-secure mobile solution. This is also a chance to upgrade other options, such as near field communication NFC technology, which lets consumers use their mobile devices to make payments at the point of sale.

National Transaction Terminals with EMV and NFC (near field communication) Capability To accept Apple Pay, Android Pay and other NFC Transactions at your business. You will need to adopt point-of-sale devices with NFC/contactless readers. 

National Transaction offer a range of options to suite your specific needs.

If you’re using Virtual Merchant Mobile now called Converge please contact our office at 888-996-2273 to know your options.  

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , , , , , , ,

Terminal
September 24th, 2015 by Elma Jane

If you accept credit cards and don’t know what EMV is here is what you need to know.

EMV stands for Europay, MasterCard and Visa. A credit card that had a chip embedded in it is an EMV. EMV Cards have been standard in Europe for more than 10 years because they’re more secure than magnetic stripe cards. Magnetic stripe cards doesn’t change, it has static data, which makes them easy to clone. The chip embedded card makes it more difficult and costly to counterfeit because the data that is transmitted changes each time the card is read. This means less fraud.

Questions to ask to help you decide about terminal upgrade.

  • Calculate your risk – Consider the cost of replacing your point-of-sale (POS) terminal vs. potential risk. Whether you replace it now or at a later time, eventually all businesses will have to replace their POS terminals.
  • Educate your staff – Educated employees translate to better-educated customers. Merchants can help customers better understand this change and what it means for them.
  • Upgrade your POS system – Consider using an EMV compliant credit-card reader on a wireless device for an ultra-secure mobile solution. This is also a chance to upgrade other options, such as near field communication NFC technology, which lets consumers use their mobile devices to make payments at the point of sale.

 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mobile Point of Sale, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , , ,

July 10th, 2015 by Elma Jane

unnamed

 

Every Merchant in the country needs to upgrade their terminal. Are you ready for the October 1, 2015 Liability Shift?

Beginning October 1, 2015, all businesses that accept in-person payments must be able to take cards embedded with chips to avoid liability for fraud. The chips are more secure than magnetic stripes.

National Transaction brings the latest EMV and NFC technologies to Merchants.

NTC Clients will be able to accept contactless payment with the same NFC technology used by Apple Pay, Google Wallet and SoftCard. Additionally, the Ingenico terminals are EMV Enabled, delivering the latest in fraud prevention technology.

The new EMV enabled terminals are designed to accept EMV chip cards and magnetic stripe cards.

EMV (an acronym for Europay, MasterCard® and Visa®) is a global technology standard for payment cards.

What are the benefits of having an EMV terminal?

These next generation terminals can reduce your risk of accepting counterfeit cards, as chip and PIN transactions verify both the card and the cardholder.

Eliminate your card present fraud liability exposure associated with the October 1st, 2015* liability shift imposed by the card brands.

Improve customer service for your international cardholder customer. EMV cards are already the standard in over 80 countries.

Be on the lookout for more information about how to be chip card ready before OCTOBER.

*Businesses with Automated Fuel Dispensers (also called “Pay at the Pump”) acceptance methods have until October 2017 to comply with the new standard.

 

Untitled

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mobile Payments, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , ,

July 7th, 2015 by Elma Jane

The global brand MasterCard is in the process of launching a pilot program with the help of Google, BlackBerry, Apple, Microsoft, and Samsung to boost security for online payments using facial recognition systems.

About 500 customers are trialing for the new features, participants will provide feedback based on their experience. The company will continue to refine the product until ready to launch. MasterCard confirmed that it is planning to eventually release the new biometric security system publicly.

The payments company is also in the process of securing agreements with two major banking institutions. If all goes as planned, the undisclosed financial establishments will likely participate in the launching of the new security option.

When consumers shop on the Internet, their banks need ways to verify their identities. So this particular product seamlessly integrates biometrics into the overall payments experience, a security expert at MasterCard said.

The system does not actually save a photo of the user during the verification process. Instead, it creates a map of the individual’s face. Afterwards, the map is turned into code, which is sent to MasterCard for confirmation. The facial recognition feature only kicks in when an individual makes an online purchase.

During checkout, users will be prompted to confirm their identity using fingerprint scanning or facial detection.

To prevent criminals from using a photo to dupe the verification process, a user is required to blink once while having his or her face scanned. Technical specifications and mobile requirements for the security feature are still unknown.

With the test of facial recognition, MasterCard seemingly hopes to move away from password-based protocols by providing additional security options for consumers.

 

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Smartphone, Visa MasterCard American Express Tagged with: , , , , , , ,