August 7th, 2014 by Elma Jane

8706521946_cfbc9e0e6f_o

Recent high-profile cyberattacks at retail giants like Target and Neiman Marcus have highlighted the importance of protecting your business against point-of-sale (POS) security breaches. Often, the smallest merchants are the most vulnerable to these types of cyberthreats. The latest of these POS attacks is known as Backoff, a malware with such brute force that the U.S. Department of Homeland Security (DHS) has gotten involved. The DHS recently released a 10-page advisory that warns retailers about the dangers of Backoff and tells them how they can protect their systems. Backoff and its variants are virtually undetectable low to zero percent by most antivirus software, thus making it more critical for retailers to make sure their networks and POS systems are secure.

How Backoff works

Backoff infiltrates merchant computer systems by exploiting remote desktop applications, such as Microsoft’s Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2 and LogMeIn, among others. Attackers then use these vulnerabilities to gain administrator and privileged access to retailer networks. Using these compromised accounts, attackers are able to launch and execute the Backoff malware on POS systems. The malware then makes its way into computer and network systems, gathers information and then sends the stolen data to cybercriminals. The advisory warns that Backoff has four capabilities that enable it to steal consumer credit card information and other sensitive data: scraping POS and computer memory, logging keystrokes, Command & Control (C2) communication, and injecting the malware into explorer.exe. Although Backoff is a newly detected malware, forensic investigations show that Backoff and its variants have already struck retailers three times since 2013, the advisory revealed. Its known variants include goo, MAY, net  and LAST.

Prevent a Backoff attack

To mitigate and prevent Backoff malware attacks, the DHS’ recommendations include the following:

Configure network security. Reevaluate IP restrictions and allowances, isolate payment networks from other networks, use data leakage and compromised account detection tools, and review unauthorized traffic rules.

Control remote desktop access. Limit the number of users and administrative privileges, require complex passwords and two-factor authentication, and automatically lock out users after inactivity and failed login attempts.

Implement an incident response system. Use a Security Information and Event Management (SIEM) system to aggregate and analyze events and have an established incident response team. All logged events should also be stored in a secure, dedicated server that cannot be accessed or altered by unauthorized users.

Manage cash register and POS security. Use hardware-based point-to-point encryption, use only compliant applications and systems, stay up-to-date with the latest security patches, log all events and require two-factor authentication.

 

Posted in Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

June 20th, 2014 by Elma Jane

A recent survey said, 82 percent of e-commerce merchants who currently do not employ a consumer authentication solution are afraid that such solutions will scare off online shoppers, but with more and more fraud expected to migrate online in the coming years, the payments industry needs to do a better job of informing merchants why authentication in the card-not-present realm is crucial to data security.

While a majority of payment service companies employ some type of 3-D Secure online authentication, and most large merchants do likewise, the rest of the merchant population, especially in North America, apparently do not. 55 percent of merchants surveyed, a majority of which are U.S.-based, do not use online authentication, noting that North America is the only world region where less than half of merchants use the technology. The reason so many U.S. merchants eschew consumer authentication is they see it as a sales killer.

The main reason appears to be fear, uncertainty and doubt (FUD) about how consumer authentication will impact sales conversion and user experience, 43 percent of merchant respondents are FUD-preoccupied, with 20 percent concerned about the effect of the technology on sales conversion, 13 percent worried about changing the user experience and 10 percent simply want nothing to do with consumer authentication. Beyond the FUD concerns, there is also a very real perception with merchants and service providers that integration is long and difficult, adding that 21 percent of merchants who do not employ authentication, citing the time and/or cost of integration as the barrier.

End to FUD

The solution to merchant adoption of some form of 3-D Secure technology is apparently education. Many FUD concerns are related to a hangover effect caused by bad experiences with previous iterations of consumer authentication. But the report provides evidence that the FUD factor can be overcome because of the happiness factor that authentication-using merchants express. 81 percent of merchant respondents showing satisfaction with the solutions they have employed.

The report said nearly half of merchants surveyed said authentication had no effect on sales conversion, either positive or negative; however, almost 20 percent believe it has had a positive effect on sales. The positive result seems to be related to merchants who use authentication selectively, on specific transactions rather than on all of them. Additionally, the technology results in many merchants experiencing lower numbers of chargebacks. Amongst merchants, 59 percent overall say the authentication program brought a decrease in chargebacks and this is true for more than half of merchants from each geographic region.

FYI on FUD

The adoption is very low because not many people understand it. Online verification does retard the checkout process as a second screen pops up that consumers must navigate in order to proceed with the purchase. However, these barriers can be overcome with education and simply getting people comfortable with the technology. If we had this solution from day one on all e-commerce sites today nobody would be complaining because people would be used to doing it. It is a question of achieving ubiquity rather than taking a piecemeal approach to implementation. It is a matter of if you do it at one place or every place. If you have to do it at only one location that makes that site really secure. If all sites ask the same question, you get used to it.

Consumer authentication is also something that requires buy-in from issuers, acquirers and merchants. It is a participation solution where the issuer and the acquirer have to be participating in it. If you are an e-commerce site and you are certified with Verified by Visa the card brands proprietary version of 3-D Secure, if the card issuer has not embraced that, then the security will not happen.

Increasing number and frequency of breaches is slowly eroding consumers’ trust in the safety of e-commerce It’s not good for the whole ecosystem. At some point people will come back ­­­­­­­­and say, this is too risky to do online transactions with cards. Before that point is reached, businesses should improve their online defenses, and consumer authentication is central to that defense. With the U.S. payments infrastructure in the process of transitioning to the Europay/MasterCard/Visa (EMV) chip card standard at the physical POS, fraud in the United States will sharpen its focus on the less secure online channel. EMV will do a lot of good in terms of card present security, but it does not do anything for card-not-present environments. So how are we going to contain the online fraud? We have to go to a 3-D Secure type solution

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

June 4th, 2014 by Elma Jane

Zavers, the online coupon program that was launched through Google 17 months ago, is just going to be one of those things that didn’t work out. Google announced yesterday that it is pulling the program, due to lack of interest. Zavers allowed users to clip coupons online and use them in-store. It was intended to help merchants’ build more targeted and effective loyalty and reward programs.

Zavers was basically a coupon program tied with the merchant point-of-sale system. The integration process with the POS systems were proving to be challenging and retailers were not too keen on sharing their data with Google.

Google has said it will continue to work closely with users through the transition away from Zavers and that it continues to move forward with greater focused on more successful areas of their initial entrance into payments such as product listing ads, Google Shopping Express and Google Wallet.

Posted in Uncategorized Tagged with: , , , , , , , , , , , , , ,

May 7th, 2014 by Elma Jane

NTC's Payment

NTC’s New Approach On Payment Processing brings Client Satisfaction

About NTC (National Transaction Corporation)
NTC is a credit card processing company that was built uniquely. Combining leading edge technology with passion for customer service, as well as service to help customers maximize the value of their merchant service program. NTC provides sales agents, financial institutions and merchants with benefits not available from other providers, such as next day funding with a late cut-off time and unparallel graphical and web-based reporting.
To learn more visit http://www.nationaltransaction.com or call 888-996-2273.
Marking a 65% increase over 2012 NTC now serves approximately 15,000 businesses.
This rapid growth was driven by the many unique benefits that NTC offers its merchants and sales partners, ranging from best technology to superior customer service.
The major differentiators made possible by NTC’s proprietary back-end processing system is the Next Day Funding Service. Because NTC connects directly to the following: Amex, Discover, MasterCard and VISA. This way sales partners and merchants are able to avoid the middleman and go straight to the source of all their processing needs. This also means that the merchants can batch out their terminal POS with one of the latest cut-off times in the industry by as late as 11:00 pm Eastern.
NTC’s another appealing factor to new sales partners and merchants is its merchant connect online reporting system. It provides 24/7 access to graphical account information through a system that is fast easy and secure. Merchants are now able to clearly see and understand their payment processing costs. ISO’s have access to sugar CRM to make notes and see Merchant Marketing Data. Card Numbers are secure on the banks server so our faculty has credentials to access the bank servers.
Independent sales organizations (ISOs) and Merchant sales professionals continue to choose NTC as their payment processing partner to obtain these unique benefits. In addition to industry-leading technology, NTC offers its merchants and sales partners a level of personalized support that is not easily found among other credit card processing companies. They get round the clock account and terminal support. Collective hard work and determination helped NTC grow faster in the industry, resulted in more loyal ISO sales partners who are submitting more applications. Looking forward for continued success for NTC, its sales partners and merchants.

 

Posted in Credit card Processing, EMV EuroPay MasterCard Visa, Financial Services, Merchant Account Services News Articles, nationaltransaction.com, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , ,

March 31st, 2014 by Elma Jane

A payment processor is a company often a third party appointed by a merchant to handle credit card transactions for merchant acquiring banks. They are usually broken down into two types: Back and Front-End.

Back-End Processors accept settlements from Front-End Processors and, via The Federal Reserve Bank, move the money from the issuing bank to the merchant bank.

Front-End Processors have connections to various card associations and supply authorization and settlement services to the merchant banks’ merchants. In an operation that will usually take a few seconds, the payment processor will both check the details received by forwarding them to the respective card’s issuing bank or card association for verification, and also carry out a series of anti-fraud measures against the transaction.

Additional parameters, including the card’s country of issue and its previous payment history, are also used to gauge the probability of the transaction being approved.

Once the payment processor has received confirmation that the credit card details have been verified, the information will be relayed back via the payment gateway to the merchant, who will then complete the payment transaction. If verification is denied by the card association, the payment processor will relay the information to the merchant, who will then decline the transaction.

Modern Payment Processing

Due to the many regulatory requirements levied on businesses, the modern payment processor is usually partnered with merchants through a concept known as software-as-a-service (SaaS). SaaS payment processors offer a single, regulatory-compliant electronic portal that enables a merchant to scan checks “often called remote deposit capture or RDC”, process single and recurring credit card payments (without the merchant storing the card data at the merchant site), process single and recurring ACH and cash transactions, process remittances and Web payments. These cloud-based features occur regardless of origination through the payment processor’s integrated receivables management platform. This results in cost reductions, accelerated time-to-market, and improved transaction processing quality.

Payment Processing Network Architecture

Typical network architecture for modern online payment systems is a chain of service providers, each providing unique value to the payment transaction, and each adding cost to the transaction. Merchant>Point-of-sale SaaS> Aggregator >Credit Card Network> Bank. The merchant can be a brick-and-mortar outlet or an online outlet. The Point-of-sale (POS) SaaS provider is usually a smaller company that provides customer support to the merchant and is the receiver of the merchant’s transactions. The POS provider represents the Aggregator to merchants. The POS provider transaction volumes are small compared to the Aggregator transaction volumes. The POS provider does not handle enough traffic to warrant a direct connection to the major credit card networks. The merchant also does not handle enough traffic to warrant a direct connection to the Aggregator. In this way, scope and responsibilities are divided among the various business partners to easily manage the technical issues that arise.

Transaction Processing Quality

Electronic payments are highly susceptible to fraud and abuse. Liability to merchants for misuse of credit card data creates a huge expense on merchants, if the business were to attempt mitigation on their own. One way to lower this cost and liability exposure is to segment the transaction of the sale from the payment of the amount due. Some merchants have a requirement to collect money from a customer every month. SaaS Payment Processors relieve the responsibility of the management of recurring payments from the merchant and maintain safe and secure the payment information, passing back to the merchant a payment token. Merchants use this token to actually process a charge which makes the merchant system fully PCI-compliant. Some payment processors also specialize in high-risk processing for industries that are subject to frequent chargebacks, such as adult video distribution.

 

Posted in Best Practices for Merchants, Credit card Processing, Electronic Check Services, Electronic Payments, Internet Payment Gateway, Merchant Services Account, Payment Card Industry PCI Security, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

February 14th, 2014 by Elma Jane

News from Target, increasing the number of cards compromised to 70 million and the expansion of data loss to mailing and email addresses, phone numbers and names, affirms that we are in a security crisis.

Card data is from a brand and business perspective, the new radioactive material. Add personally identifiable information (PII) to the list of toxic isotopes.

The depressing vulnerabilities these breaches reveal are a result of skilled hackers, the Internet’s lack of inherent security, inadequate protections through misapplied tools or their outright absence. Security is very very hard when it comes to playing defense.

There is a set of new technologies that could, in a combination produce a defense in depth that we have not enjoyed for some time.

Looking at the Age of Context (ACTs)

Age of Context released, a book based on the hundreds of interviews conducted with tech start-up and established company leaders. A wide-ranging survey. They examine what happens when our location and to whom we are connected are combined with the histories of where and when we shop. Result is a very clear picture of our needs, wants and even what we may do next.

Combining the smartphone and the cloud, five Age of Context technologies ACTs, will change how we live, interact, market, sell and navigate through our daily and transactional lives. The five technologies are:

1. Big Data. Ocean of data generated from mobile streams and our online activity, can be examined to develop rich behavioral data sets. This data enables merchants to mold individually targeted marketing messages or to let financial institutions improve risk management at an individual level.

2. Geolocation. Nearly every cell phone is equipped with GPS. Mobile network operators and an array of service providers can now take that data to predict travel patterns, improve advertising efficiency and more.

3. Mobile Devices and Communications. These are aggregation points for cloud-based services, sending to the cloud torrents of very specific data.

4. Sensors. Smartphones, wearables (think Fitbits, smart watches and Google Glass) and other devices are armed with accelerometers, cameras, fingerprint readers and other sensors. Sensors enable highly granular contextual placement. A merchant could know not only which building we are at and the checkout line we are standing in but even which stack of jeans we are perusing.

 

5. Social. Social networks map the relationships between people and the groups they belong to, becoming powerful predictors of behavior, affiliations, likes, dislikes and even health. Their role in risk assessment is already growing.

The many combinations and intersections of these technologies are raising expectations and concerns over what is to come. Everyone has a stake in the outcome: consumers, retailers, major CPG brands, watchdog organizations, regulators, politicians and the likes of Google, Apple, Microsoft, Amazon, eBay / PayPal and the entire payments industry.

We are at the beginning of the process. We should have misgivings about this and as an industry, individuals and as a society, we need to do better with respect to privacy and certainly with respect to relevance.

Provided we can manage privacy permissions we grant and the occasionally creepy sense that someone knows way too much about us, the intersections of these tools should provide more relevant information and services to us than what we have today. Anyone who has sighed at the sight of yet another web ad for a product long since purchased or completely inappropriate to you understands that personalized commerce has a long way to go. That’s part of what the Age of Context technologies promise to provide.

ACTs in Security    

ACTs role in commerce is one albeit essential application. They have the potential to power security services as well, specially authentication and identity-based approaches. We can combine data from two or more of these technologies to generate more accurate and timely risk assessments.

It doesn’t take the use of all five to make improvements. One firm have demonstrated that the correlation of just two data points is useful, it demonstrated that if you can show that a POS transaction took place in the same state as the cardholder’s location then you can improve risk assessment substantially. (based off of triangulated cell phone tower data).

Powerful questions of each technology that ACTs let us ask:

Data – What have I done in the past? Is there a pattern? How does that fit with what I’m doing now?

Geolocation – What building am I in? Is it where the transaction should be? Which direction am I going in or am I running away?

Mobile – Where does device typically operate? How’s the device configured? Is the current profile consistent with the past?

Sensors – Where am I standing? What am I looking at? Is this my typical walking gait? What is my heart rate and temperature?

 

Social – Am I a real person? Who am I connected to? What is their reputation?

Knowing just a fraction of the answers to these questions places the customer’s transaction origination, the profiles of the devices used to initiate that transaction and the merchant location into a precise context. The result should improve payment security.

More payments security firms are making use of data signals from non-payment sources, going beyond the traditional approach of assessing risk based primarily on payment data. One firm have added social data to improve fraud detection for ecommerce payment risk scoring. Another firm, calling its approach Social Biometrics, evaluates the authenticity of social profiles across multiple social networks including Facebook, Google+, LinkedIn, Twitter and email with the goal of identifying bogus profiles. These tools are of course attractive to ecommerce merchants and others employing social sign on to simplify site registration. That ability to ferret out bogus accounts supports payment fraud detection as well.

This triangulation of information is what creates notion of context. Apply it to security. If you can add the cardholder’s current location based on mobile GPS to the access device’s digital fingerprint to the payment card, to the time of the day when she typically shops, then the risk becomes negligible. Such precise contextual information could pave the way for the retirement of the distinction between card present and card-not-present transactions to generate a card-holder-present status to guide risk decision-making.

Sales First, Then Security        

The use of ACT generated and derived signals will be based on the anticipated return for the investment. Merchants and financial institutions are more willing to pay to increase sales than pay for potential cost savings from security services. As a result, the ACTs will impact commerce decision making first-who to display an ad to, who to provide an incentive to.

New Combinations  

Behind the scene, the impact of the ACTs on security will be fascinating and important to watch. From a privacy perspective, the use of the ACTs in security should prove less controversial because their application in security serves the individual, merchant and the community.

Determining the optimal mix of these tools will take time. How different are the risks for QR-code initiated transactions vs. a contactless NFC transaction? What’s the right set of tools to apply in that case? What sensor-generated data will prove useful? Is geolocation sufficient? Will we find social relationships to be strong predictor of payment risk or are these more relevant for lending? And what level of data sharing will the user allow-a question that grows in importance as data generation and consumption is shared more broadly and across organizational boundaries. It will be important for providers of security tools to identify the minimum data for the maximum result.

I expect the ACT’s to generate both a proliferation of tools to choose from and a period of intense competition. The ability to smoothly integrate these disparate tools sets will be a competitive differentiator because the difficulty of deployment for many merchants is as important as cost. Similar APIs would be a start.

Getting More from What We Already Have  

The relying parties in a transaction – consumers, merchants, banks, suppliers – have acquired their own tools to manage those relationships. Multi-factor authentication is one tool kit. Banks, of course issue payment credentials that represent an account and proxy for the card holder herself at the point of sale or online. Financial institutions at account opening perform know your customer work to assure identity and lower risk.

Those siloed efforts are now entering an era where the federated exchange of this user and transactional data is becoming practical. Firms are building tools and the economic models to leverage these novel combinations of established attributes and ACT generated data.

The ACTs are already impacting the evolution of the payments security market. Payment security incumbents, choose just two from the social side, find themselves in an innovation rich period. Done well, society’s security posture could strengthen.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, e-commerce & m-commerce, Electronic Payments, Internet Payment Gateway, Payment Card Industry PCI Security, Point of Sale, Smartphone, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

February 10th, 2014 by Elma Jane

Is traditional POS on its way out? Not so fast. It is likely to be an enhancement rather than a replacement to traditional POS.

Trending topic when it comes to POS is all about the mobile kind because Mobile Point of Sale (POS) systems have rocked the retail world. When one searches the term POS, nearly every article that comes up is all about mobile. Many seem to believe it will change the retail industry.

There is definitely a need and a place for both.

Retailers everywhere have incorporated the Internet into their business model by creating multi-channel sales strategies, such as e-commerce, digital marketing, social media marketing, online product information, specifications, reviews and online customer service.

In addition to their online presence, these same retailers have started to bring the Internet in-house by integrating such services as customer centric promotions at point of sale, introducing loyalty programs and member registration, facilitating digital signage, offering e-receipts via email, and self check out centers; all at the traditional POS kiosk. In fact, 95% of all sales transactions are conducted via traditional POS terminals.

 Why bother with mobile POS anyway?

While it’s true that traditional POS system won’t be going anywhere soon and with good reason, mobile POS systems have allowed retailers to make great strides when it comes to efficiency and customer service, as well as customer satisfaction.

Companies have made big changes in the way they handle customer transactions in-store, thus affording faster checkout, waiting line reduction, consultative selling and more.

List of mobile POS benefits goes on:

Email Receipts – Better for the environment, more convenient for customers and faster to process, a digital purchase receipts sent via email tells the customer that you care about the earth and about them.

Expanded Reach – With mobile POS, your sales are no longer confined within the four walls of your brick and mortar store. Sidewalk sales, seasonal mall kiosks, and special sponsorship events are just a few examples of all the places you can take your retail sales to, with a POS in hand.

Inventory and Price Search – When customers can be assisted with finding an item color, size or availability on the spot, rather than having to wait in line to do so, it makes them happier. The same can be said for pricing. POS in the hands of store reps can go a long way toward customer satisfaction.

Inventory Return Stations – There is always a certain volume of returns, but that volume increases for retailers particularly after the holidays. The implementation of mobile POS allows for retailers to set up additional return stations in order to avoid long lines and customer frustrations.

Mobile POS goes Mobile – Your investment in your company POS system doesn’t need to be one size fits all, regardless of store traffic volume in one location or another. Retailers may opt to have a blow out sale in one location, thus require additional checkout power for that location for a specific period of time. With mobile POS, devises and licensing can be utilized throughout different store locations on an as needed basis.

Optional Seasonal Subscription – The great thing about mobile POS is that you needn’t pay for a POS system year round if you’re not using it year around. Seasonal spikes in retail sales warrant the additional cost of extra POS licensing and hardware, but the rest of the year your budget shouldn’t need to encompass more than what is needed. Mobile lets you better manage your overall POS investment.

Storewide Promotion Opportunities – Mobile POS has allowed retailers to drive sales in various sections of the store by holding demonstrations or promotions in different departments to tout products or services. Customers can be marketed and sold to, on the spot.

The growing industry of mobile payments doesn’t stop at in-store mobile POS. Digital wallets like Google Wallet and Apple Passbook, mobile-to-mobile cell phone transfers, Near Field Communication (NFC) payments, mobile device credit card swipe and other emerging technologies are quickly changing our cash and credit card world.

 What about traditional POS?

Mobile payment systems are indeed terrific. So, when should you consider going with traditional POS? The reality is,  in addition to the aforementioned benefits of traditional checkout kiosk functions, there times when mobile POS simply will not suffice.

Mobile POS is great when a customer wants to choose and pay for one item while on the sales room floor, but what about when the customer has a multitude of items? Ringing up and bagging groceries, removing anti-theft mechanisms, neatly folding and bagging clothing items and managing the sales of numerous agents, stations or departments are just a few examples of situations that often require the traditional POS checkout station.

By combining traditional POS strategies with mobile POS flexibility, retailers can leverage the command of a complex, and multi-dimensional, marketing and retail sales management system.

Posted in Credit card Processing, e-commerce & m-commerce, Electronic Payments, Internet Payment Gateway, Mobile Payments, Mobile Point of Sale, Near Field Communication, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

December 19th, 2013 by Elma Jane

NTC’s BIG DATA

Improving Collection and Analytics tools to Create Value from Relevant Data.

Big data is a popular term used to describe the exponential growth and availability of data, both structured and unstructured. And big data may be as important to business…and society… as the Internet has become. Why? More data may lead to more accurate analyses. More accurate analyses may lead to more confident decision making, and better decisions can mean greater operational efficiencies, cost reductions and reduced risk.

With NTC Virtual Merchant product, it captures email addresses at the Point-of-Sale (POS) into a database to assist merchants and consumer stay connected, and for future Marketing.

In understanding Big Data For Merchants, NTC’s President Mark Fravel, provided a general overview of how online merchants can use Big Data. Large amounts of seemingly random data from many sources…can be used to create competitive advantages.

Necessity of Analytical Tools

Collecting Big Data is the easy part. Storing, organizing, and analyzing it is much more complex. One seam of data that several experts identify as a particularly rich, emerging source of information can be as diverse as CRM software, AdWords, and your own website. Mobile communications, including text messages and social media posts such as Facebook and Twitter. Making sense of it can be overwhelming without analytical tools. These tools facilitate the examination of large amounts of different types of data to reveal hidden patterns and correlations that are not otherwise easily discernible.

A good example is NTC, they could analyze data on visitor browsing patterns, login counts, phone calls, and responses to promotions…they can monitor to eliminate what isn’t working and focus on what does. Some of the off-the-shelf analytic solutions are so finely tuned, they can tell a vendor whether it needs to offer a 25 percent discount or if a 15 percent discount will suffice for a particular customer.

Association rule learning is another analytics method that is a good fit with Big Data. This could be, for example, a shopping cart analysis, in which a merchant can determine which products are frequently bought together and use this information for marketing purposes.

Uses of Big Data Analytics:

Big Data can be most useful in analyzing a customer’s shopping and purchasing experience, which can help a merchant in the following four ways.

Become more efficient by alerting you to merchandising efforts that are ineffective, and products that are not selling.

Encourage more purchases by presenting existing customers with complementary items to what they’ve purchased previously.

Enhance inventory management by eliminating slow-moving items and increasing the supply of fast-moving merchandise.

Example: A top marketing executive at a sizable U.S. retailer recently found herself perplexed by the sales reports she was getting. A major competitor was steadily gaining market share across a range of profitable segments. Despite a counterpunch that combined online promotions with merchandising improvements, her company kept losing ground….The competitor had made massive investments in its ability to collect, integrate, and analyze data from each store and every sales unit and had used this ability to run myriad real-world experiments. At the same time, it had linked this information to suppliers’ databases, making it possible to adjust prices in real time, to reorder hot-selling items automatically, and to shift items from store to store easily. By constantly testing, bundling, synthesizing, and making information instantly available across the organization…the rival company had become a different, far nimbler type of business.

Increase conversion rates by better identification of successful sales transactions.

Is Big Data Analysis Affordable?

NTC Data Storage is also a good alternative for small ecommerce merchants because it is relatively inexpensive and is scalable it can expand as data requirements grow.

Relying on data-driven decision-making is crucial in industries in which profit margins are slim. Amazon, which earns increasingly thin profit margins, is one of the most effective users of data analytics. As more Big Data solutions for small online businesses come to market and more online merchants incorporate Big Data into their business tool set, employing Big Data will become a necessity for all Merchants.

Using data wisely has the potential to boost margins and increase conversions for online merchants, and investors are banking on it.

This is Big Data for NTC we know WHO, WHAT,WHEN, AND WHERE a purchase took place. 

Posted in Best Practices for Merchants, Credit card Processing, e-commerce & m-commerce, Electronic Payments, Internet Payment Gateway, Mobile Payments, Mobile Point of Sale, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

December 5th, 2013 by Elma Jane

Three key benefits mPOS can provide PSPs. mPOS:

1. Maintains A Continuity Of Operations 
mPOS solutions also ease the process of accepting and approving payments, according to the white paper. By enabling face-to-face card present transactions, mPOS allows transactions to be conducted in a highly secure manner. Further, once the encrypted transaction data is decrypted securely by the PSP at the payment gateway (with no access granted to the merchant), the onward presentation of the data into the acquiring network is consistent with that used historically for traditional POS terminals.

2. Simplifies Merchant Support 
Thales suggests the biggest benefit to PSPs is that mPOS reduces the variety of costs PSPs need to cover to support merchants, cutting expenses related to equipment, security and PCI DSS compliance. This, the white paper says, allows PSPs that utilize mPOS to better allocate resources toward handling higher transaction volumes and acquiring business.

3. Supports Both Magnetic Stripe and EMV Cards 
Another benefit to PSPs is that mPOS, despite its recent entrance to the market, is already widely available. The white paper explains that since the mPOS revolution quickly migrated from the U.S. abroad, mPOS solutions now exist to serve the unique needs of both markets. While this means challenges for merchants operating globally, PSPs benefit from being able to address the needs of merchants who want to opt for any and all available market solutions.

Much has been said about the recent explosion of the mobile point-of-sale (mPOS) market and how micromerchants are driving this payments revolution. But, what this story doesn’t communicate effectively is that small merchants aren’t the only stakeholders benefiting from the ongoing mPOS migration.

Payment service providers (PSPs) are another member of the mPOS value chain that can gain flexibility and security through these solutions, new research from data protection solution provider Thales suggests.

“Both merchants and PSPs have operational and logistical issues with traditional POS terminals associated mainly with the highly controlled and certified environment in which they must be used,” Thales writes in its latest white paper on the topic, “mPOS: Secure Mobile Card Acceptance.”

The 27-page white paper provides an extensive overview of the ongoing POS revolution, explaining how mPOS can reduce friction and costs for merchants, illustrating how the technology works step-by-step and highlighting the roles that each stakeholder plays along the value chain.

Posted in Electronic Payments, Mobile Payments, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

November 15th, 2013 by Elma Jane

November 7, 2013 –  Payment Card Industry (PCI) Council’s recent acceptance of the world’s first Point-To-Point Encryption-validated solution is great news for both acquirers and merchants, and will aid in reducing merchant scope and increasing business security worldwide. If your P2PE know-how is a little spotty, here are the basics.

What is P2PE?

Point-To-Point Encryption (P2PE) is the combination of hardware and processes that encrypts customer credit/debit card data from the point of interaction until it reaches a merchant solution provider’s environment for processing. Because card data is immediately encrypted as the card is swiped (or dipped), it prevents clear-text information from residing on the payment environment. Encrypted card data is then transferred to, decrypted by, and processed through the solution provider processor who is the sole holder of the decryption key.

In a POS environment, merchants often store decryption keys on their backend servers. Bad idea. If a cybercriminal hacks into that environment, they not only have access to the encrypted card numbers, but the decryption key as well. Hacker jackpot. Many question the difference between P2PE and typical point of sale (POS) encryption.

The reason P2PE is arguably the most secure way to process is because merchants don’t have access to decryption keys. If a hacker breaches a merchant using a validated P2PE solution, he/she will only recover a long string of useless encrypted card numbers with no way to decode them.

Why use P2PE?

Basically, P2PE increases data security and has the ability to make a merchant’s job of reaching PCI compliance easier. The main point of using a P2PE-valiated solution is to significantly lessen the scope of security efforts through PCI Data Security Standard (DSS) requirement and P2PE Self-Assessment Questionnaire (SAQ) reduction. Compared to the 80+ questions required of mainstream merchant SAQs, the P2PE-HW SAQ only requires merchants to answer 18 questions.

Are all P2PE solutions created equal?

Answer is no. Many P2PE solution vendors claim their solution reduces scope, but in order for a merchant to qualify, they must select only P2PE-validated solutions listed on the PCI Council’s website.

To get P2PE solutions and applications listed on the approved website, solution provider processors must go through a rigorous testing process performed by a qualified P2PE Qualified Security Assessor (QSA). P2PE QSAs help entities thorough the 210-page document of P2PE requirements, testing procedures, and controls required to keep cardholder data secure – a task which only a few companies in the world can do.

As of this post, the only P2PE hardware solution approved by the PCI Council is European Payment Services’ (EPS) Total Care P2PE solution, validated by P2PE QSA SecurityMetrics. A number of other P2PE solutions are currently undergoing the review process and will be added to the list once approved.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Merchant Services Account, Payment Card Industry PCI Security, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,