All merchants that accepts, transmit or stores cardholder data are required to be PCI (Payment Card Industry) Compliant. Most believe that because they do not charge the credit cards themselves, they are exempt. Why all agencies are required to be complaint even when they don’t charge credit cards themselves, and some steps to ensure your agency is PCI compliant.
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI applies to all organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Travel agents accepting, storing and transmitting credit card information to suppliers, are required to be compliant too. Suppliers reinforce this through their travel agent guidelines/contracts. Travel Agency must adhere to the applicable credit card company’s procedures for credit card transactions.
Consequences of Not Being PCI Compliant
If an agency is not PCI compliant, the agency can lose the ability to process credit card payments with that supplier. Not being able to pay with client credit cards can be a serious roadblock for agencies, and an inconvenience for clients.
If you have a merchant account and are found to be out of compliance, you can be fined.
How to be PCI Compliant
Don’t store the CCV security code from the client’s credit card. The client does not have the authority to grant you permission to store their CCV code. The credit card company explicitly forbid storage of the CCV code.
Make sure you securely store any client information, including their credit card number and expiration date. If you use a CRM, ensure that you have a strong password. If your CRM database is stored on your computer hard drive, encrypt it (there is a great encryption software that is free of charge). If you have an IT resource, talk to them about installing a firewall on your network, installing anti-virus and anti-malware protection, and any other steps that you can take to secure your client data even further.
If you keep paper copies of client information, keep it in a locked filing cabinet or desk drawer. When you no longer need their credit card information, cross shred it.
Home based businesses are arguably the most vulnerable simply because they are usually not well protected, according to the PCI Compliance Guide. Having strong passwords, encryption, a firewall, anti-virus and anti-malware protection are all inexpensive steps that you can take to protect your business and your clients’ sensitive data.
If you receive a courtesy call reminding you about PCI Compliance, don’t ignore it.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Payment Card Industry PCI Security Tagged with: cardholder, cardholder data, cards, CCV, CCV code, credit, credit card company, credit card number, credit card payments, credit card transactions, credit cards, crm, CRM database, data, database, encryption software, merchant account, Merchant's, network, Payment Card Industry, PCI, security code, transactions, travel agents
September 17th, 2014 by Elma Jane
Commuters using the London tube network can now tap their contactless bank cards on the ticket barriers to pay for their journeys, further displacing cash on the capital’s transit system.
Fares are cheaper than cash, with users being charged adult pay as you go fares and benefiting from daily and Monday to Sunday fare capping. Customers without bank cards will continue to benefit from cheaper fares through Transport for London’s Oyster card.
This is not the end of Oyster and it’s not the end of cash, but it is a significant dent in the market for cash.
The move follows the abolition of cash on London’s buses and covers all tube, overground, DLR, tram and National Rail services that accept Oyster.
The shift to contactless has future-proofed the capital’s transit system for up-and-coming innovations in payments. You can already use your mobile phones to make your payments and tap and go through the tube turnstiles, and in the future it will open up many other connected devices as well, whether that’s smart wristbands or smart watches.
An incredible response to the launch of contactless payments on London Buses with nearly 19 million Visa contactless journeys made since it launched in 2012. Today’s launch will be another major boost to contactless usage leading to the three-fold increase expected in the next year. To coincide with the rollout, Londoners are invited to sign up for 10,000 free bPay contactless payments bands. Its wearable device will let commuters pay for their journeys with a wave of their wrists and help avoid card clash.
Posted in Best Practices for Merchants Tagged with: bank, card clash, cards, contactless bank cards, contactless payments, customers, devices, mobile, mobile phones, network, payments, phones, smart watches, smart wristbands, Visa contactless journeys, wearable device
September 2nd, 2014 by Elma Jane
While Apple doesn’t talk about future products,latest report that the next iPhone would include mobile-payment capabilities powered by a short-distance wireless technology called near-field communication or NFC. Apple is hosting an event on September 9th, that’s widely expected to be the debut of the next iPhone or iPhones. Mobile payments, or the notion that you can pay for goods and services at the checkout with your smartphone, may finally break into the mainstream if Apple and the iPhone 6 get involved.
Apple’s embrace of mobile payments would represent a watershed moment for how people pay at drugstores, supermarkets or for cabs. The technology and capability to pay with a tap of your mobile device has been around for years, you can tap an NFC-enabled Samsung Galaxy S5 or NFC-enabled credit card at point-of-sale terminals found at many Walgreen drugstores, but awareness and usage remain low. Apple has again the opportunity to transform, disrupt and reshape an entire business sector. It is hard to overestimate what impact Apple could have if it really wants to play in the payments market.
Apple won’t be the first to enter the mobile-payments arena. Google introduced its Google Wallet service in May 2011. The wireless carriers formed their joint venture with the intent to create a platform for mobile payments. Apple tends to stay away from new technologies until it has had a chance to smooth out the kinks. It was two years behind some smartphones in offering an iPhone that could tap into the faster LTE wireless network. NFC was rumored to be included in at least the last two iPhones and could finally make its appearance in the iPhone 6. The technology will be the linchpin to enabling transactions at the checkout.
Struggles
The notion of turning smartphones into true digital wallets including the ability to pay at the register, has been hyped up for years. But so far, it’s been more promise than results. There have been many technical hurdles to making mobile devices an alternative to cash, checks, and credit cards. NFC technology has to be included in both the smartphone and the point-of-sale terminal to work, and it’s been a slow process getting NFC chips into more equipment. NFC has largely been relegated to a feature found on higher-end smartphones such as the Galaxy S5 or the Nexus 5. There’s also confusion on both sides, the merchant and the customer, on how the tech works and why tapping your smartphone on a checkout machine is any faster, better or easier than swiping a card. There’s a chicken-and-egg problem between lack of user adoption and lack of retailer adoption. It’s one reason why even powerhouses such as Google have struggled. Despite a splashy launch of its digital wallet and payment service more than three years ago, Google hasn’t won mainstream acceptance or even awareness for its mobile wallet. Google hasn’t said how many people are using Google Wallet, but a look at its page on the Google Play store lists more than 47,000 reviews giving it an average of a four-star rating.
The Puzzle
Apple has quietly built the foundation to its mobile-payment service in Passbook, an app introduced two years ago in its iOS software and released as a feature with the iPhone 4S. Passbook has so far served as a repository for airline tickets, membership cards, and credit card statements. While it started out with just a handful of compatible apps, Passbook works with apps from Delta, Starbucks, Fandango, The Home Depot, and more. But it could potentially be more powerful. Apple’s already made great inroads with Passbook, it could totally crack open the mobile payments space in the US. Apple could make up a fifth of the share of the mobile-payment transactions in a short few months after the launch. The company also has the credit or debit card information for virtually all of its customers thanks to its iTunes service, so it doesn’t have to go the extra step of asking people to sign up for a new service. That takes away one of the biggest hurdles to adoption. The last piece of the mobile-payments puzzle with the iPhone is the fingerprint recognition sensor Apple added into last year’s iPhone 5S. That sensor will almost certainly make its way to the upcoming iPhone 6. The fingerprint sensor, which Apple obtained through its acquisition of Authentic in 2012, could serve as a quick and secure way of verifying purchases, not just through online purchases, but large transactions made at big-box retailers such as Best Buy. Today, you can use the fingerprint sensor to quickly buy content from Apple’s iTunes, App and iBooks stores.
The bigger win for Apple is the services and features it could add on to a simple transaction, if it’s successful in raising the awareness of a form of payment that has been quietly lingering for years. Google had previously seen mobile payments as the optimal location for targeted advertisements and offers. It’s those services and features that ultimately matter in the end, replacing a simple credit card swipe isn’t that big of a deal.
Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Smartphone Tagged with: app, Apple, card, card swipe, cash, checkout machine, checks, chips, credit, credit card swipe, credit-card, customer, debit card, Digital wallets, fingerprint recognition, fingerprint sensor, Galaxy S5, Google Wallet, iOS, Iphone, market, merchant, mobile, mobile device, mobile payment, mobile wallet, Near Field Communication, network, Nexus 5, nfc, payment, payment service, platform, point of sale, products, sensor, services, smartphone, software, statements, swiping card, terminals, transactions, wireless technology
August 20th, 2014 by Elma Jane
The latest version of Microsoft’s smartphone operating system, already packs tons of new productivity-boosting features. Now, the first update for Windows Phone 8.1 is nearly ready to launch, with extra functionality that makes it even better for work. Features come on top of additions that already arrived with the initial release of Windows Phone 8.1, such as Cortana, a voice-activated virtual assistant. Windows Phone8.1 Update 1 was released to developers this month, and will roll to consumers in the coming months.
App Corner – gives you better control over how employees use company-owned smartphone. You can manage which apps are installed on a phone and even save and export your app settings to other devices to quickly configure company phones. That way, employees can’t accidentally install applications that could compromise company data.
Folders – Staying organized is one way to boost your productivity. Now, Windows Phone 8.1 gives you better control over your smartphone’s home screen with the addition of folders. Just drag one app over the top of another to group them into a folder, then tap a folder to see which apps it includes.
VPN support – is a secure, private network that lets employees wirelessly access company resources while on the go, including files, apps and printers. Windows Phone 8.1Update 1 adds VPN support to the mobile OS for the first time. Users will be able to toggle the VPN on or off easily, or set a device to automatically connect to a VPN when a particular Web domain is accessed. You can also turn on encryption to secure all traffic between your smartphone and the work network.
Posted in Smartphone Tagged with: app, consumers, data, encryption, network, smartphone, windows
August 11th, 2014 by Elma Jane
Tokenization technology has been available to keep payment card and personal data safer for several years, but it’s never had the attention it’s getting now in the wake of high-profile breaches. Still, merchants especially smaller ones haven’t necessarily caught on to the hacking threat or how tools such as tokenization limit exposure. That gap in understanding places ISOs and agents in an important place in the security mix, it’s their job to get the word out to merchants about the need for tokenization. That can begin with explaining what it is.
The biggest challenge that ISOs will see and are seeing, is this lack of awareness of these threats that are impacting that business sector. Data breaches are happening at small businesses, and even if merchants get past the point of accepting that they are at risk, they have no clue what to do next. Tokenization converts payment card account numbers into unique identification symbols for storage or for transactions through payment mechanisms such as mobile wallets. It’s complex and not enough ISOs understand it, even though it represents a potential revenue-producer and the industry as a whole is confused over tokenization standards and how to deploy and govern them.
ISOs presenting tokenization to merchants should echo what security experts and the Payment Card Industry Security Council often say about the technology. It’s a needed layer of security to complement EMV cards. EMV takes care of the card-present counterfeit fraud problem, while tokenization deters hackers from pilfering data from a payment network database. The Target data breach during the 2013 holiday shopping season haunts the payments industry. If Target’s card data had been tokenized, it would have been worthless to the criminals who stole it. It wouldn’t have stopped malware access to the database, but it would been as though criminals breaking into a bank vault found, instead of piles of cash, poker chips that only an authorized user could cash at a specific bank.
A database full of tokens has no value to criminals on the black market, which reduces risk for merchants. Unfortunately, the small merchants have not accepted the idea or the reality and fact, that there is malware attacking their point of sale and they are being exposed. That’s why ISOs should determine the level of need for tokenization in their markets. It is always the responsibility of those who are interacting with the merchant to have the knowledge for the market segment they are in. If you are selling to dry cleaners, you probably don’t need to know much about tokenization, but if you are selling to recurring billing or e-commerce merchants, you probably need a lot more knowledge about it.
Tokenization is critical for some applications in payments. Any sort of recurring billing that stores card information should be leveraging some form of tokenization. Whether the revenue stream comes directly from tokenization services or it is bundled into the overall payment acceptance product is not the most important factor. The point is that it’s an important value to the merchant to be able to tokenize the card number in recurring billing, but ISOs sell tokenization products against a confusing backdrop of standards developed for different forms of tokenization. EMVCo, which the card brands own, establishes guidelines for EMV chip-based smart card use. It’s working on standards for “payment” tokenization with the Clearing House, which establishes payment systems for financial institutions. Both entities were working on separate standards until The Clearing House joined EMVCo’s tokenization working group to determine similarities and determine whether one standard could cover the needs of banks and merchants.
Posted in Best Practices for Merchants Tagged with: account numbers, bank, billing, card, card brands, card number, card present, Clearing House, data, data breaches, database, e-commerce, EMV, emvco, fraud, ISOs, Malware, Merchant's, mobile wallets, network, payment, Payment Card Industry, Security, smart card, target, tokenization, transactions
August 4th, 2014 by Elma Jane
Run through a non-profit organisation, Stellar is a decentralized protocol for sending and receiving money in any pair of currencies, be they dollar, yen or bitcoin. The system works through the concept of gateways that let people get in and out of the network. Users hold a balance with a gateway, which is any network participant that they trust to accept a deposit in exchange for credit on the network. To cash out, a user invokes the promise represented by a gateway’s credits, returning them in exchange for the corresponding currency.
Like Ripple, Stellar comes with its own built-in digital currency, which will be given away for free to people who sign up via Facebook, to nonprofits and to current bitcoin and Ripple holders. Initially there will be 100 billion ‘stellars’ (five per cent of which will be kept back to fund the nonprofit) with the supply increasing at one per cent a year. Although stellars will have a market-determined value, their main purpose will be to provide a conversion path between other currencies. This means that when two parties exchange money through the distributed exchange, stellars sit in the middle. Example, a user might submit a transaction which converts EUR credits to stellar and then converts those stellar to AUD credits. Ultimately, the user will have sent EUR, the recipient will have received AUD, and two exchange orders will have been fulfilled.
Developers are being invited to jump in and work with the open-source code and build applications on top of Stellar. The project has secured the backing of payment industry darling Stripe, which has handed over $3 million in exchange for two per cent of stellars. Stellar is highly experimental, but it’s important to invest effort in basic infrastructure when the opportunity arises. Stellar could become a much better substrate for a lot of the world’s financial systems.
Posted in Internet Payment Gateway Tagged with: AUD credits, bitcoin, code, credit, credits, currencies, deposit, digital currency, EUR credits, Facebook, gateways, network, payment industry, transaction
July 22nd, 2014 by Elma Jane
Facebook has begun testing a buy button which lets users purchase products advertised on the social network. Meanwhile, Twitter is also stepping up its commerce game, acquiring payments outfit CardSpring.
Facebook users on desktop or mobile can now click a buy call-to-action button on ads and page posts to purchase a product directly from a business, without leaving the social network. Users can pay with a card that Facebook already has on file or enter new details and save them for future use or have them forgotten. No payment details are shared with advertisers. So far, the system is only being tested with a few small and medium-sized businesses in the US.
Separately, Twitter is also looking to strengthen its commerce credentials, buying CardSpring for an undisclosed fee. CardSpring provides an API designed to make it easy for developers to link digital applications to payment cards. It is expected that CardSpring’s technology will help merchants offer discounts in tweets, with customers entering their card details so that when they make a purchase at a later date, the saving is automatically applied.
Posted in Uncategorized Tagged with: api, card, card details, CardSpring, customers, desktop, digital applications, discounts, link, Merchant's, mobile, network, payment cards, payments, product, purchase, technology, twitter
July 21st, 2014 by Elma Jane
European authorities dismantled a Romanian-dominated cybercrime network that used a host of tactics to steal more than EUR2 million. As a direct result of the excellent cooperation and outstanding work by police officers and prosecutors from Romania, France and other European countries, a key criminal network has been successfully taken down this week.
Hundreds of police in Romania and France, backed by the European Cybercrime Centre, carried out raids on 177 addresses, interrogating 115 people and detaining 65. Those held are suspected of participating in sophisticated electronic payment crimes, using malware to take over and gain access to computers used by money transfer services all over Europe. They are also accused of stealing card data through skimming, money laundering and drug trafficking.Proceeds of the crimes were invested in different types of property, deposited in bank accounts or transferred electronically, says the EC3. Large sums of money, luxury vehicles and IT equipment were seized during the raids.
Posted in Uncategorized Tagged with: accounts, bank, bank accounts, card, card data, cybercrime, data, electronic payment, host, Malware, money transfer, network, payment
June 20th, 2014 by Elma Jane
The LinkedIn Job Search App available exclusively for iPhone for now, launched today with new tools for job seekers. LinkedIn is already one of the best spots on the Web to network and establish new business contacts and now with a new app designed to help you get hired. The app includes a deep search function to help you find the most relevant job openings. You can tailor your search to filter results by title, location, company, industry, seniority level and more. That could help you spend more time applying for jobs and less time browsing irrelevant posts.
Another handy feature lets you browse jobs LinkedIn recommends for you based on your saved searches, jobs you’ve viewed and information pulled from your LinkedIn profile. This could help ensure you won’t overlook a listing and miss a good opportunity. The feature also helps you browse job posts on your iPhone when you have just a few seconds or minutes to look, but what really sets this app apart from similar job search apps is its integration with LinkedIn. That means you can instantly view information about a company with just a few taps and because virtually every company and business owner has a presence on the social networking site, you’re sure to find information that will help you evaluate a job opening. You’ll even get alerts on your LinkedIn profile when recruiters view your application, taking a bit of uncertainty out of the job search process.
Posted in Uncategorized Tagged with: app, Iphone, linkedin, network, networking, tools, web
May 21st, 2014 by Elma Jane
Mobile credit card processing is way cheaper than traditional point-of-sale (POS) systems. Accepting credit cards using mobile devices is stressful, not to mention a hassle to set up and customers would never dare compromise security by saving or swiping their credit cards on a mobile device. Some of the many myths surrounding mobile payments, which allow merchants to process credit card payments using smartphones and tablets. Merchants process payments using a physical credit card reader attached to a mobile device or by scanning previously stored credit card information from a mobile app, as is the case with mobile wallets. Benefits include convenience, a streamlined POS system and access to a breadth of business opportunities based on collected consumer data. Nevertheless, mobile payments as a whole remains a hotly debated topic among retailers, customers and industry experts alike.
Although mobile payment adoption has been slow, consumers are steadily shifting their preferences as an increasing number of merchants implement mobile payment technologies (made easier and more accessible by major mobile payment players such as Square and PayPal). To stay competitive, it’s more important than ever for small businesses to stay current and understand where mobile payment technology is heading.
If you’re considering adopting mobile payments or are simply curious about the technology, here are mobile payment myths that you may have heard, but are completely untrue.
All rates are conveniently the same. Thanks to the marketing of big players like Square and PayPal – which are not actually credit card processors, but aggregators rates can vary widely and significantly. For instance, consider that the average debit rate is 1.35 percent. Square’s is 2.75 percent and PayPal Here’s is 2.7 percent, so customers will have to pay an additional 1.41 percent and 1.35 percent, respectively, using these two services. Some cards also get charged well over 4 percent, such as foreign rewards cards. These companies profit & mobile customers lose. Always read the fine print.
Credit card information is stored on my mobile device after a transaction. Good mobile developers do not store any critical information on the device. That information should only be transferred through an encrypted, secure handshake between the application and the processor. No information should be stored or left hanging around following the transaction.
I already have a POS system – the hassle isn’t worth it. Mobile payments offer more flexibility to reach the customer than ever before. No longer are sales people tied to a cash register and counters to finish the sale. That flexibility can mean the difference between revenue and a lost sale. Mobile payments also have the latest technology to track sales, log revenue, fight chargebacks, and analyze performance quickly and easily.
If we build it, they will come. Many wallet providers believe that if you simply build a new mobile payment method into the phones, consumers will adopt it as their new wallet. This includes proponents of NFC technology, QR codes, Bluetooth and other technologies, but given very few merchants have the POS systems to accept these new types of technologies, consumers have not adopted. Currently, only 6.6 percent of merchants can accept NFC, and even less for QR codes or BLE technology, hence the extremely slow adoption rate. Simply put, the new solutions are NOT convenient, and do not replace consumers’ existing wallets, not even close.
It raises the risk of fraud. Fraud’s always a concern. However, since data isn’t stored on the device for Square and others, the data is stored on their servers, the risk is lessened. For example, there’s no need for you to fear one of your employees walking out with your tablet and downloading all of your customers’ info from the tablet. There’s also no heightened fraud risk for data loss if a tablet or mobile device is ever sold.
Mobile processing apps are error-free. Data corruption glitches do happen on wireless mobile devices. A merchant using mobile credit card processing apps needs to be more diligent to review their mobile processing transactions. Mobile technology is fantastic when it works.
Mobile wallets are about to happen. They aren’t about to happen, especially in developed markets like the U.S. It took 60 years to put in the banking infrastructure we have today and it will take years for mobile wallets to achieve critical mass here.
Setup is difficult and complicated. Setting up usually just involves downloading the vendor’s app and following the necessary steps to get the hardware and software up and running. The beauty of modern payment solutions is that like most mobile apps, they are built to be user-friendly and intuitive so merchants would have little trouble setting them up. Most mobile payment providers offer customer support as well, so you can always give them a call in the unlikely event that you have trouble setting up the system.
The biggest business opportunity in the mobile payments space is in developed markets. While most investments and activity in the Mobile Point of Sale space take place today in developed markets (North America and Western Europe), the largest opportunity is actually in emerging markets where most merchants are informal and by definition can’t get a merchant account to accept card payments. Credit and debit card penetration is higher in developed markets, but informal merchants account for the majority of payments volume in emerging markets and all those transactions are conducted in cash today.
Wireless devices are unreliable. Reliability is very often brought up as I think many businesses are wary of fully wireless setups. I think this is partly justified, but very easily mitigated, for example with a separate Wi-Fi network solely for point of sale and payments. With the right device, network equipment, software and card processor, reliability shouldn’t be an issue.
Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Smartphone Tagged with: (POS) systems, aggregators rates, apps, BLE technology, bluetooth, card, card processor, card reader, cash, cash register, chargebacks, consumer data, credit, credit card payments, credit card processing, credit card processors, credit card reader, credit-card, customer support, data, data loss, debit card, debit rate, device, fraud, fraud risk, hardware, industry experts, merchant account, Merchant's, mobile, mobile app, mobile credit card processing, Mobile Devices, Mobile Payments, mobile point of sale, Mobile processing apps, mobile processing transactions, mobile technology, mobile wallets, network, network equipment, nfc, nfc technology, payment solutions, payment technology, PayPal, phones, point of sale, qr codes, retailers, rewards cards, Security, Smartphones, software, Square, tablet, tablets, vendor's app, wallet providers, Wi-Fi network, wireless mobile, wireless mobile devices