E-Pay Security improves – but merchants remain cautious.
U.S. merchants are still reluctant to embrace 3D Secure technology in card-not-present transactions, even though it has vastly improved from the initial version.
3D secure technologies – namely Verified by Visa and SecureCode for MasterCard which offer an extra layer of protection for merchants and its customers. Merchant participation is mandatory to process certain cards in some countries.
Businesses continue to struggle with the prohibited storage of unencrypted customer payment data. The Payment Card Industry Data Security Standard (PCI DSS), merchants are instructed that, Protection methods are critical components of cardholder data protection in PCI DSS Requirement.
PCI DSS applies to every company that stores, processes or transmits cardholder information. Regardless of the size or type of business you operate, the number of credit card transactions you process annually or the method you use to do so, you must be PCI compliant.
Data breach is not a limited, one-time occurrence. This is why PCI compliance is required across all systems used by merchants.
Encryption and Tokenization is a strong combination to protect cardholder at all points in the transaction lifecycle; in use, in transit and at rest.
National Transaction’s security solutions provide layers of protection, when used in combination with EMV and PCI-DSS compliance.
Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment. From the moment a payment card is swiped or inserted at a terminal featuring a hardware-based, tamper resistant security module, encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center.
Tokenization can be used in card not present environments (travel merchants) such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments. Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use. Tokenization protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions.
The sooner businesses implement encryption and tokenization the sooner stored unencrypted data will become a thing of the past.
The shift to EMV is helping to address vulnerabilities in the United States payments ecosystem. It has been shown that EMV can deliver benefits as a part of industry efforts to combat fraud.
EMV migration is a critical focus for enhancing payments security, which is why the current efforts around chip card deployment are greatly beneficial for consumers and merchants alike. EMV technology helps to reduce counterfeit card fraud, as it generates dynamic data with each payment to authenticate the card, after which the cardholder is prompted to sign or enter a PIN to confirm their identity.
The EMV rollout represents a dynamic time for card payments that promises great advances, among them is enhanced security for cardholders. It also presents an opportunity to consider other innovations such as mobile wallets and mobile POS to further engage your customers and drive customer loyalty. When merchants continue to invest in EMV and NFC (near field communications, used for tap-and-pay transactions), the purchases made at their EMV-enabled terminals are made more secure than magnetic stripe.
New mobile payment options such as mobile wallets support EMV and therefore offer this added layer of security. Ultimately, by enabling contactless payments, merchants can also enable more flexibility in addition to increasing security for their customers.
Additionally, industry players are backing major mobile wallets, such as Android Pay, Apple Pay, and Samsung Pay.
Merchant accounts are as varied as the merchants themselves and the goods being sold.
What kind of account would you fall under:
High Risk Merchant Accounts – Finding a processor who is willing to take your account can be more challenging. High risk merchants range from travel agencies to multi-level marketing companies, credit restoration merchants, casinos, online pharmaceutical companies, adult/dating merchants and many other.
Internet based merchant account (Ecommerce/Website order processing) – E-Commerce is a booming market, with so many people buying and selling goods online due to the wide reach and easy access to the internet.
Mobile or Wireless merchant account – This merchant is specifically designed for small businesses, solo professionals, and mobile services (including lawyers, landscapers, contractors, consultants, repair tradesmen, etc), who are constantly on the move and require a payment to processed on the spot.
MOTO (Mail or Telephone order) – This enables phone based or direct mail orders processing for customers who can buy your product or service from the comfort of their home. Since there is no card present there is no need for traditional equipment.
Multiple Merchant Accounts – Some businesses can have merchant accounts of a couple or all different types. Merchants who fall into this category are called multi-channel merchants as they sell their goods through a number of different channels. Most commonly this is related to retail stores who also have an online presence to sell their goods. This is very common in today’s competitive market where constant contact with customers is critical to success.
Traditional Account with Equipment – Most commonly used for retail businesses (grocery, departmental stores etc) where the transactions are processed in a face to face interaction also known as Point of Sale (PoS).
Interested to setup an account give us a call at 888-9962273
We would like to let our customers know of additional benefits that are coming, in addition of the protection that chip card technology provides.
On January 24, Verifone will release a software update for your card terminal that will include two important new features:
PIN Debit: With this feature, when your customer pays with a Visa, MasterCard or Discover chip debit card, your terminal will allow you to process it as a debit transaction. The update will change the prompts you’re used to seeing based on how the card is configured.
Tip Adjust: If your business accepts tips, you will now have the option to add the tip at the time of sale or adjust it later, just like with non-chip card transactions. To use the tip adjust feature, simply skip the tip prompt during the sale.
Once the download is available, your card terminal will automatically receive the new application during its monthly update. For best results, leave your terminal on overnight to ensure it receives the update.
We appreciate your business and we are committed to providing you with solutions to ensure your ongoing transition to chip card acceptance is smooth.
Start accepting credit card payments at your business with the following features on your new POS terminal: NFC + EMV PIN & Signature capable. Give us a call now at 888-996-2273 or visit our website www.nationaltransaction.com Payments Expert for Travel Merchants and more!
If you’re a travel merchant or any merchants using Internet Explorer we want to share this information with you.
As Microsoft ends support for anything older than Internet Explorer 9 (IE9), security experts urged IT managers to migrate to newer versions of Internet Explorer to avoid risk exposing themselves to a new wave of attacks.
Back in August 2014, IEBlog shared important information on migration resources, upgrade guidance, and details on support timelines.
After January 12, 2016, only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates.
Vista SP2 and Server 2008 SP2 users will only be supported on IE9; Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows 8.1 users will need to upgrade to IE11; and Windows Server 2012 customers will need to migrate to IE10.
This will apparently ensure they get the benefit of Microsoft security updates and technical support.
Internet Explorer is one of the most commonly targeted platforms in the world for cyber-criminals, businesses would do well to get their house in order. Staying on unsupported versions will have a serious impact on your business.
To know more about Support Lifecycle Information click here
Can we securely store card data for recurring billing?
PCI DSS discourages businesses from storing credit card data, Merchants feel the practice is necessary in order to facilitate recurring payments.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
In order for the electronic storage of cardholder data to be PCI Compliant, appropriate encryption must be applied to the primary account number (PAN). In this situation, the numbers in the electronic file should be encrypted.
All PCI controls would apply to the environment in which the cardholder data is transmitted and stored. Tokenization can be implemented for recurring and/or delayed transactions. Travel Merchants and or Storage Facility could use this feature to help reduce the need for electronically stored cardholder data while still maintaining current business processes.
The best thing you can do for your business is to not store any cardholder data or personally identifiable information.
Tomorrow let’s tackle Encryption and Tokenization a strong combination to protect card data while reducing the cost of compliance!
National Transaction is now offering Apple Pay to Canadian Merchants.
Apple Pay works with NTC’s EMV-contactless point of sale terminals in Canada.
Security and privacy is at the core of Apple Pay, and when a consumer adds a credit card to Apple’s mobile wallet, the actual card numbers are not stored on the device, or on Apple servers.
Apple Pay will create a unique Device Account Number that is assigned, encrypted and securely stored in the secure element on the device, the same way it operates in the U.S. Each transaction is authorized with a one-time unique dynamic security code.
To pay, consumers simply hold their mobile device near the contactless reader, exactly as they would a contactless card today. The payment information is then passed to the POS system once the consumer confirms the transaction using Touch ID on their device.
Bringing Apple Pay to NTC terminals addresses an increasing consumer demand for contactless payments, while also allowing Canadian businesses to offer customers the convenience of paying through an iPhone, iPad or Apple Watch.
American Express is Apple’s issuing partner in Canada.
Chargebacks is a major problem for merchants, rules and regulations surrounding chargebacks can be confusing; becoming educated about these policies, which also includes the release of a new and upcoming regulations will help merchants to empower themselves.
Visawill make major changes to its chargeback rules document in January of 2016.
Traditionally, Visa has had two different excessive-chargeback programs for merchants:
1. For Domestic U.S. transactions – known as the U.S. Merchant Chargeback Monitoring Program.
2. For international transactions – called the Global Merchant Chargeback Monitoring Program.
Each program had a different threshold and monitored transactions in different geographic regions (each with unique risk profiles), it has been possible for a merchant to qualify for one program but not the other.
A leading provider of mobile point of sale and mobile payment technology, published today the EMV Migration Tracker.
Many merchants have deployed EMV capable terminals while cardholders have received cards with EMV chips, but not much data has been published about the real world use of EMV chip card technology in the U.S. Most published statistics rely on surveys or forecasts rather than real transactional data.
The EMV Migration Tracker shows new data and insights since the October 1 liability shift, including:
Over 50% of all cards in use now have EMV chips on them. From October to November, the percent grew 5% as banks and card issuers accelerated their rollout of new chip cards.
Over 83% of American Express cards have EMV chips, while Discover lags at 40%
Over 63% of the cards used in Hawaii have EMV chips, but Mississippi sees just 11% penetration of chip cards.
While EMV chip card technology has been implemented in Europe years ago, the rollout of EMV in the U.S is just beginning. The rollout came earlier this year with the October 1 liability shift in card present transaction, meaning that merchants who have not upgraded their POS system can become liable for counterfeit card fraud losses that occur at their stores. This is an early step in an ongoing process that the Payments Security Task Force predicts will lead to 98 percent of U.S. credit and debit cards containing EMV chips by the end of 2017.
