Tokenization
November 16th, 2015 by Elma Jane

Combat Fraud With Layered Approach!

Encryption and Tokenization a strong combination to protect cardholder data at all points in the transaction cycle.

Encryption – the strongest protection for card data when it’s in transit. From the moment a payment card is swiped or dipped at a terminal featuring a hardware-based, tamper resistant security module. Encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center. Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment.

Tokenization – protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions. This eliminates the possibility of having card data stolen because it no longer exists within your environment. Tokens can be used in card not present environments such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments. Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use.

A layered approach can be the most effective way to combat fraud. Security solutions that provide layers of protection, when used in combination with EMV and PCI-DSS compliance; to ensure you’re doing all you can to protect cardholder data from increasingly complex and evolving security threats.

Posted in Best Practices for Merchants, Credit Card Security, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , ,

October 30th, 2015 by Elma Jane

This is a question we encounter on a daily basis. Travel environments are unique in that your transactions are usually keyed, there is almost always a delayed delivery period, large ticket transactions are not uncommon since one cardholder may be paying for multiple tickets, they tend to be seasonal, with peak season months generating an unusual spike in their “average” monthly volume, and chargeback’s pose a potential threat by travelers who are unable to complete their trip. Combine even a few of these factors together and you have cause for a reserve, or even account termination.

Being a part of a MO/TO (Mail Order/Telephone Order) or Keyed environment carries an increased risk of potential fraud or unauthorized use of a credit card. Since the credit card and cardholder are not present at the time of the transaction, the merchant has a limited ability to ensure the card is not being misused or that the proper AVS (address Verification Service) information is provided. NTC stresses the use of Credit Card authorization forms in order to obtain the correct credit card number, expiration date, billing address, and signature of the cardholder.

Travel merchants tend to have periods of increased volume based on peak travel seasons, whereas most other industries tend to have the same average monthly volume every month. This can generate spikes in volume on the merchant account that can trigger security concerns with the processor. Helping the merchant to analyze their volume trends and reporting the trends to the underwriters helps eliminate the security concerns when these spikes occur.

Large transactions which exceed the average sale amount for the merchant account can also trigger security concerns. Merchants who do not inform their merchant processor of large transactions prior to charging the credit cards can trigger security concerns and cause funding delays and reserve holds. Educating and clearly communicating with the merchant how to handle large tickets, volume spikes, and group bookings, prevents reserves, funding delays and/or other merchant account issues.

Another concern from the underwriters is the delayed delivery time frame. Delayed Delivery refers to the amount of time between accepting a credit card payment (whether a deposit or full purchase) and the time the cardholder travels. The client’s credit card is billed and the travel agent is paid however, the trip the travel agent was paid for doesn’t generally take place for 2 to 3 months. This leaves a lot of time for things to change, and should the client not travel for some reason, the first thing they do if the travel agent does not issue a refund, is claim a chargeback. NTC offers quite a few tips that can help protect the travel agent from chargeback situations.

Most merchants do not realize that merchant processors carry a financial risk on merchant accounts, and normally fund merchants prior to receiving payment from the client’s bank. Essentially, a merchant account is an unsecured loan. The merchant runs a transaction and at the end of the day they settle their batch. Generally the merchant will receive the funds for that batch in their bank account within 2 business days even though the travel arrangements the client paid for do not take place right away.

Here at National Transaction Corp, we specialize in understanding what makes your transactions, as a travel agent, unique in how they affect your merchant account. Educating the merchant and ensuring they have a good understanding of what makes travel merchant account high risk, is one of our specialties. We have established a special relationship with our underwriting department which facilitates our ability to approve your high risk travel merchant account.

Contact your travel merchant account specialist at NTC today.

Mark Fravel
National Transaction Corp
Founder and President
888-996-2273

 

 

Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: , , , , , , , , , , , , , ,

September 11th, 2015 by Elma Jane

Apple Pay NFC

National Transaction Terminals with NFC (near field communication) Capability   

To accept Apple Pay transactions at your business, you will need to adopt point-of-sale devices with NFC/contactless readers.

National Transaction offer a range of options to suite your specific needs:

Tablet solutions:                                                                                                               Talech with iCMP device and NCR Silver.

Short-range wireless terminals for pay at the table: Bring the point-of-sale to your customers. Ideal for table-service restaurants, curbside pick-up, salons and more.

These terminals are all-in-one solutions with an integrated PIN Pad and printer. The short range terminals use secure, encrypted Bluetooth technology, allowing only the base and terminal to talk to each other, while also monitoring channels to prevent interference from other devices.

The Bluetooth terminals we offer are:                                                                            VeriFone VX680B and Ingenico iWL220B. (Both Bluetooth Wireless)

Long-range wireless (cellular/mobile) terminals: Have a long-life battery and compact design, which allows you to process transactions anywhere your customers are ideal for deliveries, kiosks and more.

These terminals are all-in-one solutions with an integrated PIN Pad and printer. Phone lines and internet connections are not required to take advantage of our mobile payment solutions.

The GPRS wireless terminals we offer are:                                                                      VeriFone VX680G and Ingenico iWL250G. (Both GPRS Wireless)

Countertop terminals:                                                                                                    

Ingenico iCT250 – has a “magic box” cable management system that prevents cable tangle and clutter. The terminal boasts a color display for improved readability and ease of use.

Verifone VX520 – has a built-in secure software authentication process which prevents unauthorized software applications from being downloaded.

Ingenico iCT220 with iPP320 external PIN pad – has a “magic box” cable management system that prevents cable tangle and clutter, along with a black and white screen for crisp visual clarity. Combine with an iPP320 for a consumer- facing solution to support contactless payments. (Note: the iCT220 device only supports contactless transactions when connected to this external PIN pad).

Whether you need a stand-alone POS terminal, want to take advantage of your existing tablet or PC, or require a wireless or mobile solution, National Transaction Corp., offers numerous user-friendly options. No matter how your customer wants to pay, NTC will help you enable quick and easy transactions from Traditional credit and debit cards, gift cards, smart cards (or EMV), mobile or digital wallets like Apple Pay and eCommerce or MOTO transactions.

Start growing your business quickly by accepting all kinds of credit card payments and  debit cards. Choose a state-of-the-art solution so you can accept payment in store or on your mobile device. With transparent pricing, live customer support, no cancellation fees and a secure platform, you’ll be confident you made the right partner for your business with National Transaction Corp.

Learn how easy it can be to accept any contactless or Apple Pay transactions.

Click here for more information about Apple Pay.

For Merchant Account Setup give us a call at 888-996-2273 or visit our website www.nationaltransaction.com

Posted in Best Practices for Merchants, e-commerce & m-commerce, Mail Order Telephone Order, Mobile Point of Sale, Near Field Communication, Point of Sale Tagged with: , , , , , , , , , , , , , , , ,

Risk
September 8th, 2015 by Elma Jane

card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant’s visual examination at the time that an order is given and payment effected, such as for mail-order transactions by mail or fax, or over the telephone or Internet.

The Card Associations created this term to help identify these Transactions, because CNP situations tend to be where the majority of fraudulent activity occurs; it is difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase.

The card security code system has been set up to reduce the incidence of credit card fraud arising from CNP.

Types of Security codes:

CVC1 or CVV1, encoded on track 2 of the magnetic stripe of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.

The most cited, is CVV2 or CVC2. This code is often sought by merchants for Card Not Present Transactions occurring by mail, fax, telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.

Contactless cards and chip cards may supply their own electronically-generated codes, such as iCVV or Dynamic CVV.

Code Location

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card.

American Express Cards have a four-digit code printed on the front side of the card above the number.

Diners Club, Discover, JCB, MasterCard, and Visa Credit and Debit Cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.

For Merchant Account Setup give us a call at 888-996-2273 or visit our website www.nationaltransaction.com

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , ,

September 16th, 2014 by Elma Jane

When plastic cards become digital tokens, they become virtual. So how do you say that the Card is Present or Not Present.  The legendary regulatory difference that the cards industry has relied on to differentiate between interchange fees for Card Present and Card Not Present transactions.

Apple secured Card Present preferential rates for transactions acquired by iTunes on the basis that the card’s legitimacy is verified with the issuer at the time of registration and the token minimizes probability of fraud. If an API call to the issuing bank is sufficient to say that the Card is Present, who is to say that the same logic can’t apply to online merchants who also verify the authenticity of Cards on File when they tokenize them? How can one arbitrarily say that the transaction processed with token from an online merchant is Card Not Present, but the one processed with Apple Pay is Card Present even though both might have made the same API call to the bank to verify the card’s validity?

In the Apple case, a physical picture of the card is taken and used to verify that the person registering the card has it. It is not that hard for an online merchant to verify that the Card on File converted as a token does belong to the person performing an online transaction.

As we move towards chip and pin the card present merchants will spend substantial money upgrading their hardware and POS systems. That expense will be offset by that savings in losses due to fraud. MOTO and e-commerce transactions ( card NOT present ) will always have a higher cost because the nature of processing is NON face to face transactions. Of course the fraud and losses are higher when the card is manually entered or given to someone over the phone……Face to face will always have the lowest cost per transaction because it is usually the final step in the sale. Restaurants are low risk because you had the transaction AFTER you eat. If there is a dispute it happens before the merchant even sees the credit card.

In the long run, as cards become digital and virtual through tokens, we are all going to wonder if card is present or not present. May be some will say. Card is a ghost.

Posted in Best Practices for Merchants, Credit card Processing, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 11th, 2013 by Elma Jane

(Moto) Mail Order/Telephone Order Merchant – In the realm of credit card processing is defined as a merchant who manually keys in over 50% of their transactions and an Internet Merchant is one who accepts transactions over the Internet via an E-Commerce store with an online gateway or who submits transactions manually through a Virtual Terminal.

Qualified Transaction Conditions (For MOTO/Internet merchants the Mid-Qualified Rate is essentially the Qualified rate as these merchants never swipe a credit card through a terminal.)

One electronic authorization request is made per transaction and the transaction date is equal to the shipping date. The authorization response data must also be included in the settled transaction.

Additional data (sales tax and customer code) is required in the settled transaction on all commercial (business) cards at non-Travel & Entertainment (T&E) locations.
The authorization request message must include Address Verification Service (AVS), which verifies the street address and the zip code of the card holder. NOTE: The only way this happens is if your software is set up to do this, or, if you are using a terminal, then if you capture the AVS information at the time of keying in your transaction.
The settled transaction amount must equal the authorized amount.
The settled transaction must include the business’s customer service telephone number, order number, and total authorized amount.
The transaction is electronically deposited (batch transmitted) on or 1 day after authorization date.
The transaction/shipping date must be within 7 calendar days of authorization date.

Non-Qualified Transaction Conditions
One or more of the Qualified or Partially Qualified conditions were not met.
Commercial Card without the additional data.
The transaction was not electronically authorized or the authorization response data was not included in the settled transaction.
The transaction was electronically deposited (batch transmitted) greater than 1 day from transaction/shipping/authorization date, or:
The VISA Infinite card was accepted.
Commercial Card Additional Data

MasterCard

Corporate Data Rate II (Purchasing cards): Sales Tax and customer Code (supplied by cardholder at point of sale) Corporate Data Rate II (Business and Corporate cards): Sales Tax International Corporate Purchasing Data Rate II: Sales Tax and Customer Code (supplied by cardholder at point of sale)

The following information must also be provided: Merchant’s Federal Tax ID; Merchant Incorporation Status; and Owner’s full name if the merchant is a sole proprietor.

Visa

Purchasing cards: Sales Tax and Customer Code (supplied by cardholder at point of sale) Corporate and Business cards: Sales Tax

Posted in Credit card Processing, e-commerce & m-commerce, Electronic Payments, Internet Payment Gateway, Mail Order Telephone Order Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,