Android
December 16th, 2015 by Elma Jane

Google’s contactless payment solution, Android Pay, will now be available through the mobile checkouts of several Android apps in the U.S.

With this addition, it avoids having to pull out your card everytime you make a purchase, meaning card data never makes it to the merchants. A good news for anyone who is concerned about privacy.

Android Pay is compatible with all Near Field Communication (NFC) or Host Card Emulation (HCE) enabled devices using any OS released since KitKat.

With Coca-Cola signing up as the first merchant in the Google program, a new loyalty program was recently released for the mobile wallet, by tapping your phone on an NFC-enabled Coke vending machine, you’ll get a Coke and get points added into your Android Pay Account for future purchases.

http://www.pymnts.com/news/payment-methods/2015/android-pay-now-in-app-payment-option/

 

Posted in Best Practices for Merchants, Credit Card Security, Mobile Payments, Smartphone Tagged with: , , , , , , , , , , ,

Malware
November 19th, 2015 by Elma Jane

Cyphort Advance Malware Defense, the next generation Advanced Persistent Threat (APT) defense company, recently analyzed the top financial malware threats cybercriminals are using to target electronic payment systems. This will raise awareness of the dangers they present.

Most dangerous financial malware threats of 2015:

Zeus – Since debuting in 2007, this malware has infected tens of millions of computers worldwide. Financial service professionals consider it to be the most severe threat to online banking.

SpyEye – This Trojan horse has infected 1.4 million computers worldwide. Banking information is stolen using a keylogger application, and the bot can take screenshots of a victim’s machine.

Torpig – This botnet is spread using a Trojan horse called Mebroot. Torpig steals targeted login credentials to access bank accounts. It is difficult to detect because it hides its files and encrypts its logs.

Vawtrak – This a relatively new Trojan that can spread itself via social media, email and file transfer protocols. Its unique feature is that it can hide evidence by changing the balance shown to the victim.

Bebloh – This malware targets login credentials to intercept online transactions and breach financial systems.

Shylock – Attacks European banks via Man-in-the-Browser exploits. Worldwide, it has infected 60,000 computers using Microsoft Windows.

Dridex – Malicious code is executed via email attachments and Microsoft Word documents that contain macros that can download a second-stage payload, which can then download and execute the Trojan.

Dyre – Relies on malicious PDF attachments that can exploit unpatched versions of Adobe Reader. The email subject line will be misspelled and read “Unpaid invoic” or contain the attachment “Invoice621785.pdf.” Once the document is opened, Dyre can obtain bank account credentials. 

Financial malware has been around for more than a decade, it is quickly evolving in sophistication, to make sure your organization is protected from financial malware, Cyphort recommends the following: 

  1. Keep system and applications patched.
  2. Educate employees to be careful when visiting websites with popups. If a person does need to go to such a site, do so from a non-Windows platform.
  3. Adopt a new defense paradigm that continually monitors, diagnoses and mitigates attacks.

Posted in Best Practices for Merchants Tagged with: , , , , , , ,

Contactless
September 25th, 2015 by Elma Jane

National Transaction Terminals with NFC (near field communication) Capability to accept Apple Pay, Android Pay and other NFC payment transactions at your business. You will need to adopt point-of-sale devices with NFC/Contactless readers.

apple android samsung pay

National Transaction offer a range of options to suite your specific needs.  

Give us a call now! 1-888-996-2273 or go to www.nationaltransaction.com

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, Mobile Point of Sale, Near Field Communication, Point of Sale, Smartphone Tagged with: , , , , , ,

Ingenico iCT220 PIN Privacy
August 24th, 2015 by Elma Jane

How can you protect your business if its card-not-present or keyed-in transactions?

Get to know your customer – Before processing large card-not-present transactions, make sure you know your customer. Be sure to check their ID and make sure the information on it matches the payment information they give you.

Have delivery confirmation – If shipping your product, make sure to request tracking information and a delivery receipt. If you are sending a large order, you will want to request a signature confirmation at delivery.

Match the billing and shipping zip codes – When shipping your product, you want to check to see if the billing zip code given for the payment matches the shipping address zip code. If the zip codes don’t match, ask your customer why. If their answer doesn’t make sense to you, or sound plausible – don’t accept the payment.

Obtain a signature – This is especially important for large transactions. Make your customer sign an invoice, a contract that states your refund policies and gives you authorization to take the payment or a credit card authorization form. Once signed, keep this document on file.

Request card information – Make sure customers can give you the name on the credit card, the card number, the expiration date, the CVV2 security code and the correct billing address if you are keying in a payment without a card.

A tip from National Transaction Corporation 888-996-2273 www.nationaltransaction.com

 

 

Posted in Best Practices for Merchants Tagged with: , , ,

Get the lowest credit card transaction rates & fees
August 17th, 2015 by Elma Jane

 

It can be hard to see the benefits of accepting credit cards for some startups and small business merchants – especially if the business has been cash only since opening day. However, there is a big downside to being cash only and you could really be limiting the customers you bring in.

While cash is the simplest form of payment, but it’s not always the best form of payment for small businesses.

Some consequences of accepting cash only.

  • Being cash only can mean you will need to do additional paperwork come tax time. You must file Form 8300, Report of Cash Payments over $10,000 Received in a Trade or Business, if your business receives more than $10,000 in cash from one buyer as a result of a single transaction or two or more related transactions. This same rule applies to cash equivalents including traveler’s checks, bank drafts, cashier’s checks and money orders. The form does require that you have your customer’s name, address and social security number.
  • Credit cards and debit cards are very popular; in fact, most people only carry a small amount of cash or no cash at all. Because of this, being cash only can cause your business to lose both existing and potential customers. A cash only policy can make them feel inconvenienced and cause them to take their business elsewhere.
  • If your customers don’t have the cash to purchase an item they want from your business, then they are more likely to walk away from the purchase.
  • Keeping a large sum of cash at your business can put you at an increased security risk. It can also increase the amount of time you will spend at your business managing finances because of the time it can take to count cash and change.

If your Business is ready to accept credit cards give us a call 888-996-2273 or go to our website www.nationaltransaction.com

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , ,

June 25th, 2015 by Elma Jane

A product or service using a credit card or debit card should be efficient, fast and most importantly safe. There are a lot of regulations in place to make sure that the processing of payments using a card is safe and secure. One of the way is the EMV (Europay, MasterCard and Visa) technology, where payment cards used in an ATM and POS Terminals have been embedded with microchips. This form of payment technology has long been in use and is widely accepted in many regions such as Europe, Canada and Asia Pacific. The US, which is considered to be the largest number of plastic card users is one of the countries that have not yet fully optimized this otherwise global standard.

Advantages Of EMV  – EMV embedded chip is a lot more secure than the traditional magnetic stripe, especially when it comes to face-to-face credit/debit card transactions. Credit card fraud is rampant, but using this embedded chip has added another layer of protection against consumer fraud. Once the card has been inserted into a terminal, the payment will then be authenticated and processed using the EMV network. The chip within the card is hard to duplicate.

What Does This Mean For Your Business? – You will create more credibility and garner more customers in the market place by utilizing this more safe and secure payment method. There will be increased in consumer confidence.

What Happens When You Don’t Upgrade? – There is a Liability Shift. Currently, If a payment processing transaction has been approved and it turns out to be fraud, it’s the card issuer loss. With the new rule, liability shifts to merchants who has not implemented the EMV technology. When fraud happens, the responsibility falls on the business owner who makes the transaction.

How To Prepare Your Business For EMV? – Upgrade your terminal. Contact National transaction and we’ll help you prepare your business for the EMV migration.

Upgrading your current payment processing system is easy with NTC.

Give Us A Call Now! 888-996-2273

Check our website http://nationaltransaction.com click Demos and Videos to learn more!

          

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , ,

May 14th, 2015 by Elma Jane

The way customers Pay In Stores Is Changing.

Chip cards are here to provide advanced security with every transaction. Accepting chip cards could be as simple as changing your payment terminal.

What do you need to know about Chip Card and EMV? Chip cards are payment cards that have an embedded chip, which offers advanced security when you use the card to pay in store. Chip cards are based on a global card payment standard called EMV (Europay, MasterCard and VISA) currently used in more than 80 countries.

Why Is it More Secured? Chip card transactions offer you advanced security for in store payments by making every transaction unique,  and, more difficult to counterfeit or copy. If the card data and the one-time code are stolen, the information cannot be used to create counterfeit cards and commit fraud.

How do you know if a customer has a Chip Card? The customer’s card will have chip on the front of it, magnetic stripe remains on the back.

How to use Chip Card at the POS? Swipe the card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. The customer should insert their card with chip toward terminal, facing up. The chip card should not be removed until the customer is prompted.

Customer will provide their signature or PIN as prompted by the terminal.

Some transactions may not require either.

When the terminal says the transaction is complete, the customer can remove their card.

Chip-enabled terminals will still accept magnetic stripe card payments for customers who do not have a chip card.

What does a chip-enabled terminal look  like? They have all of the features you are used to with a payment terminal, with the addition of a slot for the customer to insert their card. The slot is typically located at the bottom or the top of the payment terminal.

How will you know if a terminal accepts chip card? During the transition to chip, customers are being told to swipe their card as they normally would and follow the prompts. If the terminal is chip-enabled, it will prompt them to insert it instead. If you have chip-enabled terminals, you can tell your customer to insert their card for a chip transaction, if a customer has a chip card.

How can you get a chip-enabled terminal? Contact your acquirer or merchant service provider.

Show your customers that you care about their information security by making the move to chip. This will ensure that your business and your customers are protected from fraud. Start accepting chip cards!

You may be liable for fraud if you don’t make the change from chip terminal. Starting October 2015, rules are changing. Merchants that accept chip will be protected from fraud losses resulting from in store counterfeit magnetic stripe card transactions just as you are today. However, liability will shift from issuers to merchants if their payment terminals are not chip-enabled for in store transactions. Fraud liability for lost or stolen cards varies by payment network. Contact your acquirer or payment services providers for more information.

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , ,

May 5th, 2015 by Admin

With the EMV migration just a few months away, Visa is stepping up its merchant education efforts, by launching an online portal for merchants featuring a background on chip cards, demonstrations on proper usage, and tips for implementation.

Visa also kicked off its 20-City Small Business Chip Education Tour expounding on the benefits and necessity of chip cards to local small businesses.

 

 

Visa is bringing payment industry experts to connect directly with merchants to answer their questions on the transition across the United States.

Merchant education will be a herculean task, but payments industry stakeholders should make every effort to make sure chip cards are adopted and used effectively by both merchants and consumers.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , ,

April 21st, 2015 by Elma Jane

An advanced strain of malware called “Punkey,” is capable of attacking Windows point of sale terminals, stealing cardholder data and upgrading itself while hiding in plain sight.

Researchers from Security vendor Trustwave discovered the new strain. The investigation found compromised payment card information and more than 75 infected, and active, Internet Protocol addresses for Windows POS terminals.

 

 

Punkey poses a unique threat to payment networks, particularly because it also can download updates for itself.

If the malware author has a new feature it wants to add or updates to get rid of bugs, it actually pushes the malware down from the command and control server, revealed by Trustwave’s SpiderLabs research center. Punkey operates like a typical Botnet.

The malware hides inside of the Explorer process, which exists on every Windows device and manages the opening of individual program windows. Punkey scans other processes on the terminal to find cardholder data, which it sends to the control server.

The malware performs key logging, capturing 200 keystrokes at a time. It sends the information back to its server to store passwords and other private information.

A year ago, security vendors warned retailers against using Windows XP at the point of sale, since Microsoft stopped supporting Windows XP security patches. However, even Punkey is not attacking Windows due to any vulnerability in the systems, so even merchants with newer versions of Windows are at risk.

Punkey just runs like any Windows binary would. Even if the system is upgraded or a new system is put in place, criminals are still getting malware on the POS in other ways.

Many retailers use remote desktop support software, which fraudsters take advantage of, they steal a password and install malware like a technician would install any software.

While Punkey represents a more sophisticated POS malware than Trustwave has seen previously, merchants can still protect themselves through attention to basic security best practices.

Merchants should update antivirus and firewall protections, monitor the remote access software, establish two-factor authentication and check network activity daily for anything out of the ordinary. Unfortunately, many organizations have neither the expertise nor the manpower to perform these tasks.

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Reader Terminal, Credit Card Security, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , ,

April 13th, 2015 by Elma Jane

With only six months to go before the EMV chip-card liability shift takes effect, many U.S. merchants are not yet aware of the EMV migration.

When the Oct. 1 liability shift takes hold, merchants not accepting the new chip-card technology will become liable for any losses resulting from payment card fraud at the point of sale. Some merchants have stated that they would rather trust their existing security measures than pay for the upgrade to EMV, but others still need to educate themselves on the benefits and drawbacks of EMV – and it’s not even clear how many are out of the loop.

The challenge is that no one really knows about the level of EMV readiness because there is no single, common way to reach all of the merchants of all different levels and sizes at the same time.

Instead, various organizations are picking bits and pieces of the market they can reach and do everything they can to inform and help merchants to determine if they are moving toward chip-based technology or not.

EMV cards improve security at the point of sale by including technology that makes them resistant to counterfeiting. They can also be used with a PIN to address stolen card fraud. Though the card networks set an October deadline for conversion to EMV technology, it is not a mandate; companies will still be able to handle credit card transactions even if they do not have EMV technology in place.

And even the merchants that have the right technology installed may not be using it properly. During the EMV preparedness process, it has become apparent that installed EMV terminals had not been turned on or otherwise were not fully capable of accepting EMV transactions.

The confusion extends to the banks as well. Not all issuers will be ready for EMV, and some have outright stated that they do not think it will be possible to meet this year’s deadline.

In a move designed to get more small-business merchants on board with EMV, Visa Inc. introduced a 20-city small business chip education tour last month.

The real measurement of the implementation will be in transaction volumes, or actual chip-on-chip transactions.

Even though the liability shift is just six months away, still really early to make a determination on all of this.

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , ,