Apple
January 7th, 2016 by Elma Jane

National Transaction is now offering Apple Pay to Canadian Merchants.

Apple Pay works with NTC’s EMV-contactless point of sale terminals in Canada.

Security and privacy is at the core of Apple Pay, and when a consumer adds a credit card to Apple’s mobile wallet, the actual card numbers are not stored on the device, or on Apple servers.

Apple Pay will create a unique Device Account Number that is assigned, encrypted and securely stored in the secure element on the device, the same way it operates in the U.S. Each transaction is authorized with a one-time unique dynamic security code.

To pay, consumers simply hold their mobile device near the contactless reader, exactly as they would a contactless card today. The payment information is then passed to the POS system once the consumer confirms the transaction using Touch ID on their device.

Bringing Apple Pay to NTC terminals addresses an increasing consumer demand for contactless payments, while also allowing Canadian businesses to offer customers the convenience of paying through an iPhone, iPad or Apple Watch.

American Express  is Apple’s issuing partner in Canada.

 

 

 

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , ,

Risk
September 8th, 2015 by Elma Jane

card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant’s visual examination at the time that an order is given and payment effected, such as for mail-order transactions by mail or fax, or over the telephone or Internet.

The Card Associations created this term to help identify these Transactions, because CNP situations tend to be where the majority of fraudulent activity occurs; it is difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase.

The card security code system has been set up to reduce the incidence of credit card fraud arising from CNP.

Types of Security codes:

CVC1 or CVV1, encoded on track 2 of the magnetic stripe of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.

The most cited, is CVV2 or CVC2. This code is often sought by merchants for Card Not Present Transactions occurring by mail, fax, telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.

Contactless cards and chip cards may supply their own electronically-generated codes, such as iCVV or Dynamic CVV.

Code Location

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card.

American Express Cards have a four-digit code printed on the front side of the card above the number.

Diners Club, Discover, JCB, MasterCard, and Visa Credit and Debit Cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.

For Merchant Account Setup give us a call at 888-996-2273 or visit our website www.nationaltransaction.com

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , ,

May 8th, 2015 by Admin

 

 

 

 

 

 

 

 

 

All merchants that accepts, transmit or stores cardholder data are required to be PCI (Payment Card Industry) Compliant. Most believe that because they do not charge the credit cards themselves, they are exempt. Why all agencies are required to be complaint even when they don’t charge credit cards themselves, and some steps to ensure your agency is PCI compliant.

What is PCI compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI applies to all organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Travel agents accepting, storing and transmitting credit card information to suppliers, are required to be compliant too. Suppliers reinforce this through their travel agent guidelines/contracts. Travel Agency must adhere to the applicable credit card company’s procedures for credit card transactions.

Consequences of Not Being PCI Compliant

If an agency is not PCI compliant, the agency can lose the ability to process credit card payments with that supplier. Not being able to pay with client credit cards can be a serious roadblock for agencies, and an inconvenience for clients.

If you have a merchant account and are found to be out of compliance, you can be fined.

How to be PCI Compliant

Don’t store the CCV security code from the client’s credit card. The client does not have the authority to grant you permission to store their CCV code. The credit card company explicitly forbid storage of the CCV code.

Make sure you securely store any client information, including their credit card number and expiration date. If you use a CRM, ensure that you have a strong password. If your CRM database is stored on your computer hard drive, encrypt it (there is a great encryption software that is free of charge). If you have an IT resource, talk to them about installing a firewall on your network, installing anti-virus and anti-malware protection, and any other steps that you can take to secure your client data even further.

If you keep paper copies of client information, keep it in a locked filing cabinet or desk drawer. When you no longer need their credit card information, cross shred it.

Home based businesses are arguably the most vulnerable simply because they are usually not well protected, according to the PCI Compliance Guide. Having strong passwords, encryption, a firewall, anti-virus and anti-malware protection are all inexpensive steps that you can take to protect your business and your clients’ sensitive data.

If you receive a courtesy call reminding you about PCI Compliance, don’t ignore it.

 

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

October 29th, 2013 by Elma Jane

In addition to my article about Credit Card Purchases give way to Tap and Go.

I would like to add an example of contactless payments which was introduced in 1997 called Speedpass.

Speedpass is a keychain RFID (Radio Frequency Identification Device) introduced in 1997 by Mobil Oil Corp. (which merged with Exxon to become ExxonMobil in 1999) for electronic payment. It was originally developed byVerifone. As of 2004, more than seven million people possess Speedpass tags, which can be used at approximately 10,000 Exxon, Mobil and Esso gas stations worldwide. Speedpass has also been previously available through a Speedpass Car Tag and Speedpass-enabled Timex watch.

Speedpass is another example of “contactless” payment system that provides members with a quick and easy way to pay for purchases at participating Exxon and Mobil stations nation-wide. Speedpass is similar to the electronic toll technology successfully used on subway, bus, and highway systems around the world.

Speedpass key tag has a built-in chip and radio frequency antenna that allows it to communicate with Speedpass readers at gasoline pumps, convenience store terminals, and car wash kiosks at Exxon and Mobil locations.

A quick wave of your Speedpass key tag in front of the reader initiates the automatic transmission of a unique identification and security code to the Speedpass payment system so your account can be located. Your payment is instantly processed using the credit/debit card that is linked to your Speedpass. If the transaction is approved, you will receive a payment confirmation and you can be quickly on your way.

You can securely access your Speedpass account and change the credit/debit card that is linked to your device. You can also specify whether or not you would like to receive a receipt for gasoline purchases made at the pump using your Speedpass. Even if you change your receipt settings to specify that you don’t want a printed receipt, you can always view your complete Speedpass transaction history and all electronic receipts online by logging into your account at any time.

Speedpass is safe and secure. Your card information, preferences, and personal details are not stored in your Speedpass device, so your information is protected from unauthorized use.

Speedpass is a cool payment method for people on the go! You can use your Speedpass to pay for gasoline, food, merchandise, and car washes at participating Exxon and Mobil locations nation-wide.

Speedpass Benefits:

Fast and Convenient 
Simply wave your Speedpass key tag across the area of the gasoline pump, convenience store terminal, or car wash kiosk that says “Place Speedpass Here”. 

Free
There are no fees to acquire or use Speedpass key tags.

Easy and Simple
When you use Speedpass, there is no need to sign a receipt.

Online Account Access 
If you are an existing Speedpass member, you can login to speedpass.com to access your account 24/7. You can review your purchase history, access electronic receipts, update your contact information, change the credit/debit card that is linked to your device, and more! If you are an existing member, but don’t yet have a username and password, setup your online profile today by clicking on the My Account button on this site.

Safe and Secure
Your credit/debit card number and personal information are not stored in
your Speedpass device.

Posted in Electronic Payments, Mobile Point of Sale, Near Field Communication Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,