Sep
17
2014
September 17th, 2014 by Elma Jane

Host Card Emulation (HCE) offers virtual payment card issuers the promise of removing dependencies on secure element issuers such as mobile network operators (MNOs). HCE allows issuers to run the payment application in the operating system (OS) environment of the smart phone, so the issuing bank does not depend on a secure element issuer. This means lower barriers to entry and potentially a boost to the NFC ecosystem in general. The issuer will have to deal with the absence of a hardware secure element, since the OS environment itself cannot offer equivalent security. The issuer must mitigate risk using software based techniques, to reduce the risk of an attack. Considering that the risk is based on probability of an attack times the impact of an attack, mitigation measures will generally be geared towards minimizing either one of those.

To reduce the probability of an attack, various software based methods are available. The most obvious one in this category is to move part of the hardware secure element’s functionality from the device to the cloud (thus creating a cloud based secure element). This effectively means that valuable assets are not stored in the easily accessible device, but in the cloud. Secondly, user and hardware verification methods can be implemented. The mobile application itself can be secured with software based technologies.

Should an attack occur, several approaches exist for mitigating the Impact of such an attack. On an application level, it is straightforward to impose transaction constraints (allowing low value and/or a limited number of transactions per timeframe, geographical limitations). But the most characteristic risk mitigation method associated with HCE is to devaluate the assets that are contained by the mobile app, that is to tokenize such assets. Tokenization is based on replacing valuable assets with something that has no value to an attacker, and for which the relation to the valuable asset is established only in the cloud. Since the token itself has no value to the attacker it may be stored in the mobile app. The principle of tokenization is leveraged in the cloud based payments specifications which are (or will soon be) issued by the different card schemes such as Visa and MasterCard.

HCE gives the issuer complete autonomy in defining and implementing the payment application and required risk mitigations (of course within the boundaries set by the schemes). However, the hardware based security approach allowed for a strict separation between the issuance of the mobile payment application on one hand and the transactions performed with that application on the other hand. For the technology and operations related to the issuance, a bank had the option of outsourcing it to a third party (a Trusted Service Manager). From the payment transaction processing perspective, there would be negligible impact and it would practically be business as usual for the bank.

This is quite different for HCE-based approaches. As a consequence of tokenization, the issuance and transaction domains become entangled. The platform involved in generating the tokens, which constitute payment credentials and are therefore related to the issuance domain, is also involved in the transaction authorization.

HCE is offering autonomy to the banks because it brings independence of secure element issuers. But this comes at a cost, namely the full insourcing of all related technologies and systems. Outsourcing becomes less of an option, largely due to the entanglement of the issuance and transaction validation processes, as a result of tokenization.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
15
2014
September 15th, 2014 by Elma Jane

Visa has taken advantage of the hoopla surrounding Apple’s application of digital account tokens to replace card numbers for online and mobile purchasing by initiating the roll out of its Token Service to US clients.

Visa Tokens will be made available to issuing financial institutions globally, starting with US banks next month, and followed by a phased roll-out overseas beginning in 2015. The technology has been designed to support payments with mobile devices using all major mobile platforms.

More than 750 staff from across the Visa organisation globally were involved in the effort, working closely with initial launch partners – financial institutions, merchants and processors to ensure the ecosystem was ready. Today, Visa is making these services available and believe it will help transform connected devices and wearables into secure payment vehicles.

Visa Token Service replaces sensitive payment account information found on plastic cards with a digital account number or token. Because tokens do not carry a consumer’s payment account details, such as the 16-digit account number, they can be safely stored by online merchants or on mobile devices to for e-commerce and mobile payments.

The release of the service has been given added urgency by a spate of successful hacks on merchant card data stores, such as the recent plundering of card account data at Home Depot and Target.

MasterCard has its own equivalent Digital Enablement Service, which will be released outside of the US in 2015.

Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce, Mobile Payments, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
04
2014
September 4th, 2014 by Elma Jane

EMV, which stands for Europay, MasterCard and Visa, and is slated to be mandated across the United States starting in October 2015 and automated fuel dispensers have until October 2017 to comply. Unlike magnetic swipe cards, EMV chip cards encrypt data and authenticate communication between the card and card reader. Additionally, chip card user is prompted for a PIN for authentication.

Why are those dates important? Companies lose $5.33 billion to fraud today, with card issuers and merchants incurring 63 and 37 percent of these losses, respectively. Under the EMV mandate, merchants who do not process chip cards will bear the burden of the issuer loss. By accepting chip card transactions, merchants and issuers should see a reduction in fraud.

Overcoming Barriers to EMV Adoption

Given the significant barriers to EMV adoption, it may be tempting for merchants to meet minimum requirements for accepting EMV payments. However, medium to large retailers should also consider the bigger picture of customer security and peace of mind.

Some key critical success factors for a payment initiative of this size include:

Business Continuity Architecture: As with all payment systems, it is imperative to have the EMV system running at all times. The solution should preferably have Active-Active architecture across multiple data centers and have a low Recovery Point Objective (the point in time to which the systems and data must be recovered after an outage).

Cost Benefit Analysis: Take a top down approach and decide accordingly on the scope of the analysis. This will ensure that decisions on scope are made on basis of quantitative data and not just qualitative arguments.

Phased Approach: To overcome time or cost overage in a project of this scope and complexity, retailers should try using an iterative approach for development. The rollout can be divided into multiple releases of six to seven months, which will provide the opportunity to review, capture lessons learnt, and improve subsequent releases.

Proactive Monitoring Alerts: Considering the criticality of business function carried out by EMV, tokenization and payment gateway, a vigorous supervising environment must be defined to perform proactive and reactive monitoring. It should take into consideration the monitoring targets, tools, scope and methods. This will provide advance visibility to the failure points and better ensuring maximum system availability.

Resilience Testing: Typically in a software project, the testing is limited to the unit, integration, performance and user acceptance. However, due to the critical nature of the applications and systems involved, robust resiliency testing is vital. This will ensure that there are no single points of failure and the system remains available when running in error conditions.

Stakeholder Identification: This is a key step to ensure that you have varied perspectives from all departments and their support. It will keep your organization from being blindsided and reduce the risk of disagreements in later stages of the program. Key stakeholders should include Store Operations, Card Accounting, Loss Prevention, Contact Center and IT & Data Security.

Organizations should adopt a five step approach to implement a secure, robust and industry-leading payment solution:

Encryption – Point to point encryption will ensure card data is secure and encrypted from the point of capture to the processor. Usually, merchants use data encryption that is not point to point, rendering their organization vulnerable to data breaches. Software encryption is the most common form of encryption, as it is easily installed and quires little or no hardware upgrades; however, it is less secure, may expose encryption keys, and is prone to memory scanning attacks. Hardware encryption is considered more secure but requires more costly terminal upgrades. Hardware encryption is designed to self-destruct the keys if tampered, but is not well-defined as very limited headway has been made in this space. 

Tokenization – Build a Card Data Environment (CDE) that will host a centralized card data storage solution. Only limited applications with firewall access and capability to mutually authenticate via certificates can access CDE and receive card data. The rest of the applications will have tokens which are random numbers. This architecture will ease the merchant’s burden with existing and emerging PCI Data Security Standards.

Payment Gateway – Perform a risk assessment on the current payment gateway and identify gaps in functionality, manageability, compliance, scalability, speed to market and best practices. Determine the alternatives to mitigate the risks. Some of the important aspects of a leading payment gateway solution are support for all forms of credit, debit, gift cards and check transactions. Its ability to work with any acquirer, in-built encryption abilities, support for settlement and reconciliation must also be kept into consideration.

Settlement, Funding and Reconciliation – A workflow-based system to handle chargebacks and the automation of chargeback processing will greatly reduce labor-intensive work and enhance the quality of data used for settlement and reconciliation. Upgrades to the existing receipt retrieval system may be needed.

Card fraud is on the rise in the U.S., and merchants are the primary target for stealing information. With the EMV deadline just over a year away, the responsible retailer must take steps to prepare now. Although EMV implementation might seem overwhelming to merchants, they should start their journey to secure payments rather than wait for a looming deadline. Solutions such as data encryption and tokenization should be used in combination with EMV to implement a robust payment solution to better protect merchants against fraud. By proactively adopting EMV payment solutions, merchants can stay ahead of the regulatory curve and better protect their customers from fraud.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aug
21
2014
August 21st, 2014 by Elma Jane

Accept Electronic Payments in Their Currency, Convert it to Yours. National Transaction helps you and your customers transact with confidence.

DCC provides convenient currency conversion service at the time of purchase benefiting both the credit card holder and merchants. Our solution provides a system where the Visa or MasterCard holder in a foreign country can shop on an American based website that displays prices in their own local currency. Dynamic Currency Conversion utilizes a Bank Reference Table (BRT) otherwise known as a Card Recognition Table (CRT). This table is updated on a daily basis so that transactions have the most up to date conversion rate for transactions. Your web site holds pricing information in $USD, and based on the selection of the shopper, prices are converted to their native currency. At the close of the transaction an invoice or receipt can present the total to the customer in their currency, along with the merchants local currency along with the exchange rate that was applied.Your business reaches foreign nations expanding your market while presenting new opportunities, increasing your businesses bottom line and making international transaction with confidence. We have diverse set of applications to enable various kinds of business models and financial frameworks.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , ,

Aug
08
2014
August 8th, 2014 by Elma Jane

 

MasterCard’s latest Card Personalization Validation module in the Collis EMV Personalization Validation Tool qualified by MasterCard, including the U.S. Common Debit AID. The tool will be used to support EMV card issuers in the U.S., and specifically checks if MasterCard cards are correctly personalized according to the latest MasterCard specifications. It also includes specific personalization profiles to certify compliance with the Durbin Legislation. The Collis EMV Personalization Validation Tool is the most thorough and comprehensive test tool for issuers, card personalization bureaus and card manufacturers that w­­­­­ant to validate the personalization of their contact/contactless payment cards and mobile payment applications. With the tool, issuers easily check the correctness of the personalization of any EMV card application according to the latest test specifications of the seven major worldwide payment schemes. He added that the Collis EMV Personalization Validation Tool fits also seamlessly to prepare for the MasterCard CPV Formal Approve Service that UL can deliver.

Posted in Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , ,

Jun
09
2014
June 9th, 2014 by Elma Jane

Some American banks and financial institutions, like JPMorgan Chase, American Express and Citi, have already issued credit cards with new security technology. Other banks will do so by the end of the year. Often referred to as E.M.V. (short for Europay, MasterCard and Visa) or chip-and-PIN, these new cards use a combination of an embedded microchip and a personal numeric code to authorize payment transactions. Depending on the card issuer, some cards may have the chip but require just the old-fashioned signature instead of a PIN.

Most traditional credit cards in the United States today use a magnetic strip and a customer signature to seal a deal. The information embedded in the stripe can be easily cloned, however, and signatures can be forged. The chips in the newer E.M.V. cards which encode account information when transferring it to the merchant are harder to duplicate. The PIN must be entered for each charge, which helps make the cards more secure for in-person purchases. The cards are not infallible, though, criminals have still found ways to steal PINs and make fraudulent online purchases.

With new types of credit cards come new payment terminals, and many retailers must upgrade their equipment to make it compatible with E.M.V. cards. Instead of a slot to swipe the strip, the new credit card terminals typically need a chip reader. Most merchants will probably have the new equipment in place by October 2015, when new rules about fraud liability kick in. Under these rules, the bank or the merchant could be held accountable for any fraudulent charges if one of them has not upgraded to the new system. The party with the weaker security measures must pay.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , ,

Jun
04
2014
June 4th, 2014 by Elma Jane

The operator of a gold vault on the Isle of man is to issue a credit card made of solid gold that enables customers to draw down cash on their holdings of the valuable metal. The 14-carat Visa gold card from IMGold will be made available to clients who have at least £100,000 of the metal bars in their vault. The idea is that customers can use the card to borrow against their reserves, effectively hedging against a decline in the value of gold.

IMGold is currently inviting applicants for the blinged up store of wealth under the banner: The card that carries more weight.

The Isle of man is some way behind Kazakhstan’s oligarchs, who have been brandishing gold and diamond-encrusted cards for some year now. MasterCard and Kazkommertsbank introduced their own diamond-encrusted card in the province back in 2008. This was followed in 2012 by the launch of Visa Infinite Exclusive cards – made of pure gold, with pearl embossing and 26 diamonds – by Sberbank for its top 100 customers in the energy-rich country.

Posted in EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , ,

May
29
2014
May 29th, 2014 by Elma Jane

New enhancements intended to provide its U.S. cardholders with greater protection from fraud and identity theft has been announced by MasterCard.

All MasterCard credit, debit, prepaid and small business cards issued in the U.S. will now carry Identity Theft Resolution assistance. MasterCard new program will provide help in canceling missing cards and alerting credit reporting agencies, as well as targeting searches to detect if stolen personal and confidential data appears online. The new Identity Theft coverage extension begins in July 2014.

MasterCard is also extending its zero liability policy in the U.S. to include all MasterCard PIN-based and ATM transactions. This is in addition to coverage already provided on signature debit and credit transactions. The Zero Liability coverage extension takes effect in October 2014.

Fraud prevention and detection is a 24/7 job at MasterCard. The changes in cardholder protection is a combined efforts to move the U.S. payments industry to EMV chip technology will help deliver safer shopping experiences to consumers. MasterCard noted that tanks and financial institutions issuing MasterCard-branded cards provide financial indemnity against fraud.

 

Posted in Credit card Processing, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , ,

May
23
2014
May 23rd, 2014 by Elma Jane

State senate in California is advancing a bill SB 1351, mandates April 1, 2016, that would require California-based bankcard issuers and retailers to adopt Europay/MasterCard/Visa (EMV) chip card technology. SB 1351 bill is introduced March of 2014, passed out of committee on May 6 and may be voted on by the full senate as early as tomorrow, May 22nd.

Additionally, the bill specifies that any contracts entered into by financial institutions and card brands on or after Jan. 1, 2015, would have to include the provision that any new or replacement cards issued after April 1, 2016, be EMV compliant. The rationale for the bill comes from oft-cited evidence that EMV cards substantially reduce fraud.

In April 2014, Sen. Hill stated, My legislation holds all stakeholders accountable to protect consumers from scam artists who use fake cards to game the system.

The Electronic Transactions Association, however, does not see the issue the same way. Passing a single state technology standard will open the floodgate to additional state responses and create an expensive, unsafe and inefficient myriad of technology standards, the ETA said. The ETA is urging payment professionals in California to contact their legislators and let their opinions be heard.

The bill initially mandated Oct. 1, 2015, as the deadline for EMV implementation, which is the date set by Visa Inc. and MasterCard Worldwide for retailers to be EMV complaint or face potential fines in case of fraud. The bill also makes exceptions for small retailers and convenience stores/gas stations; they have until Oct. 1, 2017, to transition to EMV.

 

 

Posted in Best Practices for Merchants, Credit card Processing, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , , , , , , , , , , ,

May
07
2014
May 7th, 2014 by Elma Jane

NTC's Payment

NTC’s New Approach On Payment Processing brings Client Satisfaction

About NTC (National Transaction Corporation)
NTC is a credit card processing company that was built uniquely. Combining leading edge technology with passion for customer service, as well as service to help customers maximize the value of their merchant service program. NTC provides sales agents, financial institutions and merchants with benefits not available from other providers, such as next day funding with a late cut-off time and unparallel graphical and web-based reporting.
To learn more visit http://www.nationaltransaction.com or call 888-996-2273.
Marking a 65% increase over 2012 NTC now serves approximately 15,000 businesses.
This rapid growth was driven by the many unique benefits that NTC offers its merchants and sales partners, ranging from best technology to superior customer service.
The major differentiators made possible by NTC’s proprietary back-end processing system is the Next Day Funding Service. Because NTC connects directly to the following: Amex, Discover, MasterCard and VISA. This way sales partners and merchants are able to avoid the middleman and go straight to the source of all their processing needs. This also means that the merchants can batch out their terminal POS with one of the latest cut-off times in the industry by as late as 11:00 pm Eastern.
NTC’s another appealing factor to new sales partners and merchants is its merchant connect online reporting system. It provides 24/7 access to graphical account information through a system that is fast easy and secure. Merchants are now able to clearly see and understand their payment processing costs. ISO’s have access to sugar CRM to make notes and see Merchant Marketing Data. Card Numbers are secure on the banks server so our faculty has credentials to access the bank servers.
Independent sales organizations (ISOs) and Merchant sales professionals continue to choose NTC as their payment processing partner to obtain these unique benefits. In addition to industry-leading technology, NTC offers its merchants and sales partners a level of personalized support that is not easily found among other credit card processing companies. They get round the clock account and terminal support. Collective hard work and determination helped NTC grow faster in the industry, resulted in more loyal ISO sales partners who are submitting more applications. Looking forward for continued success for NTC, its sales partners and merchants.

 

Posted in Credit card Processing, EMV EuroPay MasterCard Visa, Financial Services, Merchant Account Services News Articles, nationaltransaction.com, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , ,

← Previous Article
Next Articles »