AML
February 4th, 2016 by Elma Jane

Companies providing electronic money services, such as online or mobile payments accounts, have more than doubled since 2013.

This number has been on the rise over the past few years as consumer confidence in alternative payments methods has increased.

UK consumers and businesses are increasingly comfortable with the idea of a cashless economy, in which they might not be able to physically see or access money. More are embracing pre-paid cards, contactless and mobile payment systems for ease of use, efficiency and enhanced security.

According to a specialist financial services regulatory consultancy, there has been a significant increase in the number of electronic money providers registered with the Financial Conduct Authority (FCA).

E money providers must be authorized with the FCA under the Electronic Money Regulations 2011 and meet stringent consumer protection criteria, including adequate capital, the separation of customer’s money from the company’s funds.

The regulatory background is complex and electronic money providers need to ensure that systems, processes and controls are tight to ensure a high level of consumer protection. The FCA is not afraid to place these businesses under a microscope.

Many are concerned that this increase in alternative payments methods will lead to the death of the traditional bank, but only if they fail to innovate and adapt to market trends and consumer needs.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , ,

Cashless
December 21st, 2015 by Elma Jane

You will think United States or China are the two world’s biggest market when it comes to digital payments and other cashless spending systems. But according to a study, the answer is a less likely source: Sweden is actually on its way to becoming a fully cashless society.

Several factors have come together to give the Swedes an unexpected edge, a combination of IT awareness, and a growing number of useful mobile payments solutions.

The entire country currently only has about 80 billion Swedish crowns in circulation, and as users more often turn to mobile payment systems, the need for cash only declines. About 20 percent of all purchases made in cash in Swedish retail, and that number is falling off almost daily.

Some transactions can only be carried out by digital payments, since the mobile apps are convenient, free to use, and generally regarded as secure, there’s not much impediment for users to turn to such systems.

A truly cashless society is probably a bridge too far; there will always be those who’d rather handle cash. Only time will tell if the market shapes up looking like this, but even with lower actual results than projected, that’s still a lot of people turning to mobile payment and other cashless payment systems. There will still be a huge majority trending toward cashless society.

http://paymentweek.com/2015-12-18-world-leader-in-cashless-trading-an-unexpected-source-9182/

Posted in Best Practices for Merchants Tagged with: , , , , ,

Security
October 19th, 2015 by Elma Jane

Small merchants don’t consider themselves at risk for a cyberattack. But Cybercriminals thrive on data about employees, customers, bank accounts and many other types of information any small business would carry, with fewer resources than large firms, small businesses are especially at risk for attacks.

Here are Steps to find out to make your business more cybersecure:

Employ best practices on payment cards – Credit card companies are now shifting from magnetic-strip payment cards to safer, more secure chip card EMV Technology. Are you ready for the shift? Now is the time, you should work with your banks and processors to ensure you’re using the most trusted and validated anti-fraud services. You may also have additional security obligations pursuant to agreements with your bank or processor. You should isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

Educate employees about cyberthreats – Educate your employers about online threats and how to protect your organization’s data, including safe use of social networking sites.

Protect against viruses, spyware, and other malicious code – Make sure all of your organization’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.

Require employees to use strong passwords and to change them often – Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.

Secure your networks – Safeguard your Internet connection by using a firewall and encrypting information.  If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.

No one can guarantee your safety from a cyberattack, appropriate planning makes a big difference. By using these tips and resources, you can help promote the safety of your employees, customers, and the future success of your small business.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , ,

September 4th, 2014 by Elma Jane

EMV, which stands for Europay, MasterCard and Visa, and is slated to be mandated across the United States starting in October 2015 and automated fuel dispensers have until October 2017 to comply. Unlike magnetic swipe cards, EMV chip cards encrypt data and authenticate communication between the card and card reader. Additionally, chip card user is prompted for a PIN for authentication.

Why are those dates important? Companies lose $5.33 billion to fraud today, with card issuers and merchants incurring 63 and 37 percent of these losses, respectively. Under the EMV mandate, merchants who do not process chip cards will bear the burden of the issuer loss. By accepting chip card transactions, merchants and issuers should see a reduction in fraud.

Overcoming Barriers to EMV Adoption

Given the significant barriers to EMV adoption, it may be tempting for merchants to meet minimum requirements for accepting EMV payments. However, medium to large retailers should also consider the bigger picture of customer security and peace of mind.

Some key critical success factors for a payment initiative of this size include:

Business Continuity Architecture: As with all payment systems, it is imperative to have the EMV system running at all times. The solution should preferably have Active-Active architecture across multiple data centers and have a low Recovery Point Objective (the point in time to which the systems and data must be recovered after an outage).

Cost Benefit Analysis: Take a top down approach and decide accordingly on the scope of the analysis. This will ensure that decisions on scope are made on basis of quantitative data and not just qualitative arguments.

Phased Approach: To overcome time or cost overage in a project of this scope and complexity, retailers should try using an iterative approach for development. The rollout can be divided into multiple releases of six to seven months, which will provide the opportunity to review, capture lessons learnt, and improve subsequent releases.

Proactive Monitoring Alerts: Considering the criticality of business function carried out by EMV, tokenization and payment gateway, a vigorous supervising environment must be defined to perform proactive and reactive monitoring. It should take into consideration the monitoring targets, tools, scope and methods. This will provide advance visibility to the failure points and better ensuring maximum system availability.

Resilience Testing: Typically in a software project, the testing is limited to the unit, integration, performance and user acceptance. However, due to the critical nature of the applications and systems involved, robust resiliency testing is vital. This will ensure that there are no single points of failure and the system remains available when running in error conditions.

Stakeholder Identification: This is a key step to ensure that you have varied perspectives from all departments and their support. It will keep your organization from being blindsided and reduce the risk of disagreements in later stages of the program. Key stakeholders should include Store Operations, Card Accounting, Loss Prevention, Contact Center and IT & Data Security.

Organizations should adopt a five step approach to implement a secure, robust and industry-leading payment solution:

Encryption – Point to point encryption will ensure card data is secure and encrypted from the point of capture to the processor. Usually, merchants use data encryption that is not point to point, rendering their organization vulnerable to data breaches. Software encryption is the most common form of encryption, as it is easily installed and quires little or no hardware upgrades; however, it is less secure, may expose encryption keys, and is prone to memory scanning attacks. Hardware encryption is considered more secure but requires more costly terminal upgrades. Hardware encryption is designed to self-destruct the keys if tampered, but is not well-defined as very limited headway has been made in this space. 

Tokenization – Build a Card Data Environment (CDE) that will host a centralized card data storage solution. Only limited applications with firewall access and capability to mutually authenticate via certificates can access CDE and receive card data. The rest of the applications will have tokens which are random numbers. This architecture will ease the merchant’s burden with existing and emerging PCI Data Security Standards.

Payment Gateway – Perform a risk assessment on the current payment gateway and identify gaps in functionality, manageability, compliance, scalability, speed to market and best practices. Determine the alternatives to mitigate the risks. Some of the important aspects of a leading payment gateway solution are support for all forms of credit, debit, gift cards and check transactions. Its ability to work with any acquirer, in-built encryption abilities, support for settlement and reconciliation must also be kept into consideration.

Settlement, Funding and Reconciliation – A workflow-based system to handle chargebacks and the automation of chargeback processing will greatly reduce labor-intensive work and enhance the quality of data used for settlement and reconciliation. Upgrades to the existing receipt retrieval system may be needed.

Card fraud is on the rise in the U.S., and merchants are the primary target for stealing information. With the EMV deadline just over a year away, the responsible retailer must take steps to prepare now. Although EMV implementation might seem overwhelming to merchants, they should start their journey to secure payments rather than wait for a looming deadline. Solutions such as data encryption and tokenization should be used in combination with EMV to implement a robust payment solution to better protect merchants against fraud. By proactively adopting EMV payment solutions, merchants can stay ahead of the regulatory curve and better protect their customers from fraud.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

August 28th, 2014 by Elma Jane

The new ECB regulation, which came into force earlier this month, covers large-value and retail payment systems in the euro area operated by both central banks and private entities. The aim is to promote the smooth operation of safe and efficient payment systems through strong management of legal, credit, liquidity, operational, general business, custody, and investment risks.  In identifying systemically important payment systems, the ECB looked at the value of payments settled, market share, cross-border relevance and provision of services to other infrastructures.  If a system is deemed to meet at least two of these four criteria it makes the list.

Target2 operated by the Eurosystem.

Euro1 and Step2-T both run by EBA Clearing.

Core(Fr) – French bank joint initiative, have been identified.

The list will be reviewed annually based on updated data. With this regulation, Europe is consolidating international practice for the oversight of Sips into EU law, as with past efforts for other financial market infrastructures, such as the European Market Infrastructure Regulation for the supervision of central counter parties and trade repositories and the ongoing regulatory initiative for central securities depositories.

Posted in Financial Services Tagged with: , , , , , , , , ,