Oct
15
2015
NTC
October 15th, 2015 by Elma Jane

There are numbers of guidelines issued for accepting card payments, and merchants are expected to understand them all. To avoid issues down the road know a few basic rules in order to keep your business going without being penalized.

There’s a lot of ways to process a credit card: In-store, online, and by phone. There’s also different ways to pay and different brands of cards.

In-store and Card-not-present policies.

In-Store Policies:

  • Always verify that the person presenting the card is the cardholder
  • Ask for a 2nd ID for comparison
  • Cards are non-transferable, cardholder MUST be present for purchase
  • Compare the signature on the back of the card with that of the person who presents the card
  • Inspect the card to confirm that it’s not visibly altered or mutilated
  • Validate the card’s expiration date

Online/Phone Payment Policies: Card-not-present transactions

  • Card account number
  • Card billing address
  • CID (3 digits on back of card OR 4 on the front)
  • Card expiration date
  • Card member’s home or billing telephone number
  • Card member name (as it appears on the Card)

Rules for Visa, MasterCard and Amex that merchants need to know:

  • Never store cardholder data on any systems to help minimize the risk of fraud and protect your business from potential chargebacks.

Complying with Federal Laws, State Laws and PCI

  • A merchant should be familiar with and abide by Federal Laws regarding accepting credit cards. The Fair Credit Reporting Act is the federal law that establishes the foundation of consumer credit rights. This law regulates the collection and use of consumer credit information by merchants.
  • Check state laws on the use of consumer credit information and accepting credit cards. Not all states have additional laws that regulate credit card practices, but some (such as California) prohibit merchants from requesting/requiring a customer to provide any personal information (like their address or telephone number) on any form involved with their credit card transaction. So, it is advised that merchants inquire about further information in their particular state.
  • The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies processing, storing, or transmitting credit card information uphold a secure environment. These rules essentially apply to any merchant that has a Merchant ID (MID). If you are a merchant that accepts credit card payments, you are required to comply with the PCI Data Security Standard, large or small businesses.

EMV Liability Shift Set By Visa and MasterCard as of October 1st

U.S. banks and credit card companies are now using the EMV (Europay, MasterCard, and Visa) technology. The EMV liability shift for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. While issuers absorb losses under card-network rules, that burden will shift to acquirers in cases where the fraud occurs at merchants unprepared for EMV.

It’s good to know every aspect of your business. The above guidelines are part of a business that every merchants should be familiar with. The main reason for these rules is to protect your business and keep your customer’s payment card data safe and secure.

To start accepting more credit cards give us a call now at 888-996-2273. We have the latest terminals that’s EMV/NFC capable.

 

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , ,

Oct
09
2015
Risk
October 9th, 2015 by Elma Jane

Credit card fraud is much more difficult to prevent in a card-not-present transaction. In a face-to-face setting the merchant can inspect the card to ensure that it is valid and can verify that the cardholder is an authorized user on the account. None of these actions can be performed when the payment is submitted online or accepted by phone. As we moved in adopting EMV Technology, majority of fraud is going to migrate away from counterfeit and stolen cards towards the card-not-present transaction as happened in other countries.

A combination of best practices and fraud prevention tools can provide card-not-present merchants with strong fraud prevention capabilities.

Steps to avoid fraud and protect your business for a card-not-present transaction:

  • Email Verification: Send a message to the email address provided by the customer requesting that the customer verify the email address is correct, you can ensure that the email is associated with the other information provided.   
  • Maintain PCI compliance:All merchants accepting card payments are now required to be compliant with the requirements of the PCI DSS (Payment Card Industry Data Standard) which sets the rules for data security management, policies, procedures, network architecture, software design and other protective measures.
  • Security Code Verification. Requesting the three digit security code on the back of a credit card. Visa (CVV2), MasterCard (CVC 2) and Discover (CID) cards, and the 4-digit numbers located on the front of American Express (CID) cards. Card Security Codes help verify that the customer is in a physical possession of a valid card during a card-not-present transaction.
  • Use an Address Verification Service (AVS): Enables you to compare the billing address provided by your customer with the billing address on the card issuer’s file before processing a transaction. AVS is good protection against card information obtained through means like phishing and malware because fraudster might not know the billing address.
  • Use 3D Secure Service: MasterCard and Verified by Visa enable cardholders to authenticate themselves to their card issuers through the use of personal passwords they create when they register their cards with the programs. The liability of any fraudulent charges through the 3D service is picked up by the issuer, not the merchant.
  • Verify the phone number and transaction information.Prior to shipping your products, call the phone number provided by the customer and verify the transaction information. Criminals may be unable to verify such information, because in their haste to max out the credit line before the fraud is discovered, they often order at random and do not keep records.

 

 

 

Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Payment Card Industry PCI Security, Travel Agency Agents Tagged with: , , , , , , , , , , , , ,

Oct
09
2015
PCI COMPLIANCE
October 9th, 2015 by Elma Jane

In order to maintain some sort of order within PCI Compliance, VISA and MasterCard have created 4 risk levels that will apply to any particular business, for determining the risk level of a merchant.

Merchant Level               Description            Validation Requirements
Level 1 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region. Annual Report on Compliance (ROC) by Qualified Security Assessor (QSA) or internal auditor if signed by officer of the company.

Quarterly network scan by Approved Scan Vendor (ASV).

Attestation of Compliance Form.
Level 2 Merchants processing 1 million to 6 million Visa transactions annually (all channels). Annual Self-Assessment Questionnaire (SAQ).

Quarterly network scan by ASV.Attestation of Compliance Form.
Level 3 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually. Annual Self-Assessment Questionnaire (SAQ).

Quarterly network scan by ASV.

Attestation of Compliance Form.
Level 4 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually. Annual SAQ recommended.

Quarterly network scan by ASV if applicable.

Compliance validation requirements set by acquirer.

 

Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce, Payment Card Industry PCI Security Tagged with: , , ,

Oct
08
2015
EMV
October 8th, 2015 by Elma Jane

Rules have changed in regards to swiping credit cards October 1st, 2015 with the EMV Liability Shift; which may not cause much concern for most consumers, but for merchants.

EMV compliance isn’t a legal requirement. However, if you’re a merchant that accepts credit cards in-person, then you need to find out whether you’re meeting the EMV Standard. The new rule for the liability shift applies October 1st, regardless of the size or type of business. 

What Is EMV Standard?

EMV stands for EuroPay, MasterCard, and Visa, the three companies that originally created the standard.

The EMV Shift is to provide enhanced security and prevent fraudulent activity with credit cards. Updated equipment is also necessary for processing the new computerized cards, and unfortunately, the responsibility of securing up-to-date hardware falls on the merchant.

Since card evolves more instead of cash in our society, fraud and data breaches is on the increase, and now a common occurrence. Adapting new technology is therefore necessary. A hassle for many merchants, but there are actually benefits from all parties involved in a credit card transaction.

Data shows that fraud decreases dramatically when EMV Standards are implemented In Europe. The region has experienced an 80% reduction in credit card fraud, while the USA has seen a 47% increase by NOT implementing EMV standards.

The new liability rules took effect on October 1st in the US, and any party that has not yet implemented EMV-compliant machines might now be liable for fraud committed with counterfeit chip cards. Note that this liability shift only applies to in-person transactions. Phone order and web order transactions will be dealt with as they always were.

For Merchants, it means you’ll eventually need to get new equipment for processing credit cards payments in-person (unless you’ve already done so not too long ago, as nearly all POS terminals sold in the USA nowadays are EMV compliant). For most business owners, it’s a good idea to implement the new system sooner rather than later.

Step to take as a Merchant Until you get your EMV equipment

  • Ask for an official ID from customers whose credit card you process.
  • Conduct some research to see which EMV system would be best for your business.
  • Start shopping around for new payment processing options that are EMV compliant. 

If you already have a machine that can process chip cards, you’re fully EMV-compliant.

If you don’t accept any in-person payments, then you’re all set.

If you do accept in-person payments and you do not have a chip card machine, chances are you’ll be fine for a little while. But those of you with a high risk of encountering a fake card (if you are a high-volume business with a large average ticket, for instance) should probably upgrade soon.

Fraudsters are going to be taking advantage of businesses that haven’t upgraded so it’s a great time to switch!

Check out NTC’s EMV/NFC Capable Terminal!  

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , , , , ,

Oct
06
2015
Best Practices For Merchants
October 6th, 2015 by Elma Jane

If you accept credit cards and don’t know what EMV is here is what you need to know.

EMV stands for Europay, MasterCard and Visa. A credit card that had a chip embedded in it is an EMV. EMV Cards have been standard in Europe for more than 10 years because they’re more secure than magnetic stripe cards. Magnetic stripe cards doesn’t change, it has static data, which makes them easy to clone. The chip embedded card makes it more difficult and costly to counterfeit because the data that is transmitted changes each time the card is read. This means less fraud.

Liability Shift rules set by Visa and MasterCard as of October 1st. The liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards.

  • Calculate your risk – Consider the cost of replacing your point-of-sale (POS) terminal vs. potential risk. Whether you replace it now or at a later time, eventually all businesses will have to replace their POS terminals.
  • Educate your staff – Educated employees translate to better-educated customers. Merchants can help customers better understand this change and what it means for them.
  • Upgrade your POS system – Consider using an EMV compliant credit-card reader on a wireless device for an ultra-secure mobile solution. This is also a chance to upgrade other options, such as near field communication NFC technology, which lets consumers use their mobile devices to make payments at the point of sale.

National Transaction Terminals with EMV and NFC (near field communication) Capability To accept Apple Pay, Android Pay and other NFC Transactions at your business. You will need to adopt point-of-sale devices with NFC/contactless readers. 

National Transaction offer a range of options to suite your specific needs.

If you’re using Virtual Merchant Mobile now called Converge please contact our office at 888-996-2273 to know your options.  

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , , , , , , ,

Sep
24
2015
Terminal
September 24th, 2015 by Elma Jane

If you accept credit cards and don’t know what EMV is here is what you need to know.

EMV stands for Europay, MasterCard and Visa. A credit card that had a chip embedded in it is an EMV. EMV Cards have been standard in Europe for more than 10 years because they’re more secure than magnetic stripe cards. Magnetic stripe cards doesn’t change, it has static data, which makes them easy to clone. The chip embedded card makes it more difficult and costly to counterfeit because the data that is transmitted changes each time the card is read. This means less fraud.

Questions to ask to help you decide about terminal upgrade.

  • Calculate your risk – Consider the cost of replacing your point-of-sale (POS) terminal vs. potential risk. Whether you replace it now or at a later time, eventually all businesses will have to replace their POS terminals.
  • Educate your staff – Educated employees translate to better-educated customers. Merchants can help customers better understand this change and what it means for them.
  • Upgrade your POS system – Consider using an EMV compliant credit-card reader on a wireless device for an ultra-secure mobile solution. This is also a chance to upgrade other options, such as near field communication NFC technology, which lets consumers use their mobile devices to make payments at the point of sale.

 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mobile Point of Sale, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , , ,

Jul
10
2015
July 10th, 2015 by Elma Jane

unnamed

 

Every Merchant in the country needs to upgrade their terminal. Are you ready for the October 1, 2015 Liability Shift?

Beginning October 1, 2015, all businesses that accept in-person payments must be able to take cards embedded with chips to avoid liability for fraud. The chips are more secure than magnetic stripes.

National Transaction brings the latest EMV and NFC technologies to Merchants.

NTC Clients will be able to accept contactless payment with the same NFC technology used by Apple Pay, Google Wallet and SoftCard. Additionally, the Ingenico terminals are EMV Enabled, delivering the latest in fraud prevention technology.

The new EMV enabled terminals are designed to accept EMV chip cards and magnetic stripe cards.

EMV (an acronym for Europay, MasterCard® and Visa®) is a global technology standard for payment cards.

What are the benefits of having an EMV terminal?

These next generation terminals can reduce your risk of accepting counterfeit cards, as chip and PIN transactions verify both the card and the cardholder.

Eliminate your card present fraud liability exposure associated with the October 1st, 2015* liability shift imposed by the card brands.

Improve customer service for your international cardholder customer. EMV cards are already the standard in over 80 countries.

Be on the lookout for more information about how to be chip card ready before OCTOBER.

*Businesses with Automated Fuel Dispensers (also called “Pay at the Pump”) acceptance methods have until October 2017 to comply with the new standard.

 

Untitled

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Mobile Payments, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , ,

Jul
07
2015
July 7th, 2015 by Elma Jane

The global brand MasterCard is in the process of launching a pilot program with the help of Google, BlackBerry, Apple, Microsoft, and Samsung to boost security for online payments using facial recognition systems.

About 500 customers are trialing for the new features, participants will provide feedback based on their experience. The company will continue to refine the product until ready to launch. MasterCard confirmed that it is planning to eventually release the new biometric security system publicly.

The payments company is also in the process of securing agreements with two major banking institutions. If all goes as planned, the undisclosed financial establishments will likely participate in the launching of the new security option.

When consumers shop on the Internet, their banks need ways to verify their identities. So this particular product seamlessly integrates biometrics into the overall payments experience, a security expert at MasterCard said.

The system does not actually save a photo of the user during the verification process. Instead, it creates a map of the individual’s face. Afterwards, the map is turned into code, which is sent to MasterCard for confirmation. The facial recognition feature only kicks in when an individual makes an online purchase.

During checkout, users will be prompted to confirm their identity using fingerprint scanning or facial detection.

To prevent criminals from using a photo to dupe the verification process, a user is required to blink once while having his or her face scanned. Technical specifications and mobile requirements for the security feature are still unknown.

With the test of facial recognition, MasterCard seemingly hopes to move away from password-based protocols by providing additional security options for consumers.

 

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Smartphone, Visa MasterCard American Express Tagged with: , , , , , , ,

Jun
18
2015
June 18th, 2015 by Elma Jane

Untitled

Every Merchant in the country needs to upgrade their terminal.

Are you ready for the October 1, 2015 Liability Shift?

Beginning October 1, 2015, all businesses that accept in-person payments must be able to take cards embedded with chips to avoid liability for fraud. The chips are more secure than magnetic stripes.

National Transaction brings the latest EMV and NFC technologies to Merchants.

NTC Clients will be able to accept contactless payment with the same NFC technology used by Apple Pay, Google Wallet and SoftCard. Additionally, the Ingenico terminals are EMV Enabled, delivering the latest in fraud prevention technology.

The new EMV enabled terminals are designed to accept EMV chip cards and magnetic stripe cards.

EMV (an acronym for Europay, MasterCard® and Visa®) is a global technology standard for payment cards.

By accepting chip cards EMV terminal, you help protect your business from card present fraud liability and prepare your business for the future of payment application technology. If your business accepts and processes a counterfeit card transaction on a non-EMV terminal, the liability for that fraudulent transaction is yours, not incurred by the card issuers.

How do you process an EMV chip card transaction?

  1. Insert Card. Instead of swiping, the customer will insert the card into the terminal, chip first, face up.
  2. Leave the Card in the Terminal. The card must remain in the terminal during the entire transaction.
  3. The Receipt or Enter a PIN. As prompted, the customer will sign the receipt or enter their PIN to complete the transaction.
  4. Remove Your Card. When the purchase is complete, remind the customer to take the card with them.

What are the benefits of having an EMV terminal?

These next generation terminals can reduce your risk of accepting counterfeit cards, as chip and PIN transactions verify both the card and the cardholder.

Eliminate your card present fraud liability exposure associated with the October 1st, 2015* liability shift imposed by the card brands.

Improve customer service for your international cardholder customer. EMV cards are already the standard in over 80 countries.

Be on the lookout for more information about how to be chip card ready before OCTOBER.

*Businesses with Automated Fuel Dispensers (also called “Pay at the Pump”) acceptance methods have until October 2017 to comply with the new standard.

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication Tagged with: , , , , , , , , , , , , , ,

May
26
2015
May 26th, 2015 by Elma Jane

MasterCard is aiming to change the way people transfer money between debit cards, with its new program called MasterCard Send. This first-of-its-kind, global personal payments platform allows consumers to send and receive funds within seconds, rather than waiting for the standard 1-3 business day transfer time.

Unlike most person-to-person (P2P) processors like PayPal, MasterCard Send is not designed specifically for consumers. Instead, it aims to help businesses send disbursements and cash back to customers in something very close to real-time.

Customers can receive direct deposits into their debit card accounts for shipping rebates. There is no waiting for a check in the mail or a long transfer process.

Consumers can still use MasterCard Send to send and receive money from friends and family members. The recipient does not need a debit card to access the funds. Send will also work with programs like Western Union.

According to MasterCard, cash and checks still contribute $1 trillion in global spending every year. MasterCard Send is attempting to be a safer, faster and cheaper alternative to these transactions. The program is now live in the United States.

MasterCard Send is addressing a real need that exists in today’s digital world to enable consumers, businesses, governments and more to have a safe, simple and secure way to transfer and receive funds quickly.

 

 

Posted in Financial Services Tagged with: , , , , , , , , , , ,

← Previous Article
Next Articles »