E-Pay Security improves – but merchants remain cautious.
U.S. merchants are still reluctant to embrace 3D Secure technology in card-not-present transactions, even though it has vastly improved from the initial version.
3D secure technologies – namely Verified by Visa and SecureCode for MasterCard which offer an extra layer of protection for merchants and its customers. Merchant participation is mandatory to process certain cards in some countries.
Companies providing electronic money services, such as online or mobile payments accounts, have more than doubled since 2013.
This number has been on the rise over the past few years as consumer confidence in alternative payments methods has increased.
UK consumers and businesses are increasingly comfortable with the idea of a cashless economy, in which they might not be able to physically see or access money. More are embracing pre-paid cards, contactless and mobile payment systems for ease of use, efficiency and enhanced security.
According to a specialist financial services regulatory consultancy, there has been a significant increase in the number of electronic money providers registered with the Financial Conduct Authority (FCA).
E money providers must be authorized with the FCA under the Electronic Money Regulations 2011 and meet stringent consumer protection criteria, including adequate capital, the separation of customer’s money from the company’s funds.
The regulatory background is complex and electronic money providers need to ensure that systems, processes and controls are tight to ensure a high level of consumer protection. The FCA is not afraid to place these businesses under a microscope.
Many are concerned that this increase in alternative payments methods will lead to the death of the traditional bank, but only if they fail to innovate and adapt to market trends and consumer needs.
Businesses continue to struggle with the prohibited storage of unencrypted customer payment data. The Payment Card Industry Data Security Standard (PCI DSS), merchants are instructed that, Protection methods are critical components of cardholder data protection in PCI DSS Requirement.
PCI DSS applies to every company that stores, processes or transmits cardholder information. Regardless of the size or type of business you operate, the number of credit card transactions you process annually or the method you use to do so, you must be PCI compliant.
Data breach is not a limited, one-time occurrence. This is why PCI compliance is required across all systems used by merchants.
Encryption and Tokenization is a strong combination to protect cardholder at all points in the transaction lifecycle; in use, in transit and at rest.
National Transaction’s security solutions provide layers of protection, when used in combination with EMV and PCI-DSS compliance.
Encryption is ideally suited for any businesses that processes card transactions in a face to face or card present environment. From the moment a payment card is swiped or inserted at a terminal featuring a hardware-based, tamper resistant security module, encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at secure data center.
Tokenization can be used in card not present environments (travel merchants) such as e-commerce or mail order/telephone order (MOTO), or in conjunction with encryption in card present environments. Tokens can reside on your POS/PMS or within your e-commerce infrastructure at rest and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions in use. Tokenization protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions.
The sooner businesses implement encryption and tokenization the sooner stored unencrypted data will become a thing of the past.
The shift to EMV is helping to address vulnerabilities in the United States payments ecosystem. It has been shown that EMV can deliver benefits as a part of industry efforts to combat fraud.
EMV migration is a critical focus for enhancing payments security, which is why the current efforts around chip card deployment are greatly beneficial for consumers and merchants alike. EMV technology helps to reduce counterfeit card fraud, as it generates dynamic data with each payment to authenticate the card, after which the cardholder is prompted to sign or enter a PIN to confirm their identity.
The EMV rollout represents a dynamic time for card payments that promises great advances, among them is enhanced security for cardholders. It also presents an opportunity to consider other innovations such as mobile wallets and mobile POS to further engage your customers and drive customer loyalty. When merchants continue to invest in EMV and NFC (near field communications, used for tap-and-pay transactions), the purchases made at their EMV-enabled terminals are made more secure than magnetic stripe.
New mobile payment options such as mobile wallets support EMV and therefore offer this added layer of security. Ultimately, by enabling contactless payments, merchants can also enable more flexibility in addition to increasing security for their customers.
Additionally, industry players are backing major mobile wallets, such as Android Pay, Apple Pay, and Samsung Pay.
MasterPass To Make Booking Travel Experience Even Easier For JetBlue
MasterCard today added JetBlue as its latest merchant to accept digital payments with MasterPass. MasterPass will be available later this year on the airline’s website and mobile app, giving customers the opportunity to speed up their booking travel experience, according to a press release.
With MasterPass, shoppers can pay for the things they want at thousands of merchants with the security they demand, anywhere online or in app, using any device. The wallet securely stores shoppers’ preferred payment and shipping information which is readily accessible when they click on the “Buy with MasterPass” button and sign into their account.
U.S. consumers can sign up for a MasterPass account by visiting the MasterPass website or through a participating bank. Launched in 2013, MasterPass by MasterCard is free, easy to set up, and available anywhere you see the Buy with MasterPass button. It is currently available in 29 countries and is accepted at 250,000 merchants globally.
Accepting MasterPass by MasterCard on JetBlue’s online and in-app properties expands the relationship between the two companies. JetBlue announced in October 2015 that MasterCard would be its network partner for its co-brand portfolio.
The convenience, simplicity and security of Apple Pay are now available to customers who use U.S. Bank FlexPerks American Express Cards.
U.S. Bank which is the fifth-largest bank in the nation will add TouchID biometric capabilities to its mobile app in March.
The company made the disclosure as part of a notable iOS app update released last Friday. Release appears to include, among other enhancements, improvements such as easier navigation, quicker accessibility to account information, and the ability to search transactions from previous months.
U.S. Bank Minneapolis did not give many details about how TouchID will be used within its iOS app, other than to say for fingerprint authentication for enabled devices.
Many major banks already have TouchID implemented in their mobile apps, including Citibank, Wells Fargo and Bank of America. Citibank, for example, implemented TouchID last July. Apple introduced TouchID in mid-2013.
Last week, U.S. Bank enabled for Apple Pay use the last of its debit and credit cards that had not been Apple Pay-capable. Apple Pay relies on TouchID for security and authentication.
Apple Pay is now available with the:
U.S. Bank FlexPerks Reserve American Express Card.
U.S. Bank FlexPerks Travel Rewards American Express Card.
U.S. Bank FlexPerks Select+ American Express Card.
Hyatt hotel company noted that the breach that occurred over the course of almost four months hit 250 different hotels over the span of about 50 countries.
The breach covered payment card data from the cards used at various Hyatt hotels in that range of dates, reports note, and most of the breaches seem to have hit at hotel restaurants. Those who also hit the spas at Hyatt, along with front desks, gold shops, and even parking structures may also have been impacted by the breach.
The company couldn’t confirm how long the network was vulnerable nor if any payment card data had actually been stolen.
Perimeter Defense where data is protected with passwords and firewalls and the like is fine and well, but more needs to be put into protecting the data in the event someone clears security.
Encrypting Data is a great step to take, assuming someone manages to clear the perimeter, the encryption makes the data itself much more difficult to access and use. So while perimeter defense keeps unauthorized users away from data, encryption keeps those who reach the data from being able to readily read it.
Data Security is something none of us can take for granted, so doing what we can to protect that data being vigilant about statements, putting up proper security, encrypting data all of these contribute to better protected data and a safer time online.
The business is already making upgrades, so If you’re a merchant, business owner who’s still on the fence about upgrading your payment processing equipment to accept EMV cards why not take that upgrade a step further and add NFC while adding EMV systems?
Not only will the upgrade help prevent potential financial responsibility for fraudulent transactions, but you can also realize the added benefit of being able to process NFC transactions at the same time.
Customers want the ability to pay with a mobile device, and NFC will allow for such transactions to go on.
Having NFC tools in place will help provide a valuable note of future-proofing to systems in place, being ready for it will be to the business’ benefit.
EMV and NFC technology is just good business sense for three important reasons Added Security, Economic Sense and Staying Current.
For more information about terminal upgrade and features that suits best for your business give us a call at 888-996-2273.
Can we securely store card data for recurring billing?
PCI DSS discourages businesses from storing credit card data, Merchants feel the practice is necessary in order to facilitate recurring payments.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
In order for the electronic storage of cardholder data to be PCI Compliant, appropriate encryption must be applied to the primary account number (PAN). In this situation, the numbers in the electronic file should be encrypted.
All PCI controls would apply to the environment in which the cardholder data is transmitted and stored. Tokenization can be implemented for recurring and/or delayed transactions. Travel Merchants and or Storage Facility could use this feature to help reduce the need for electronically stored cardholder data while still maintaining current business processes.
The best thing you can do for your business is to not store any cardholder data or personally identifiable information.
Tomorrow let’s tackle Encryption and Tokenization a strong combination to protect card data while reducing the cost of compliance!
Users need to take personal responsibility for their passwords, people tend to stick with simple, easy to remember passwords, but these are the passwords that are easy to hack.
There are many ways that a hacker can get into your online account.
Force attack is one way to gain access to information, and is generally done when a hacker writes a special code to log into a site using specific usernames and passwords.
Hacker instructs the code to try thousands of different username and password combinations on the target site, such as your bank.
Hacker usually focuses on websites that are not known for security and if you are like most people, the same password and username you use on your favorite site is the same you use at your bank is not a good idea.
What makes this easier? Your computer stores cookies, which have information on your login credentials, in a neat, orderly unencrypted folder on the cache of your web browser. As soon as this is accessed, it can be used to get into online accounts.
How to Improve Your Passwords
Consider using a password manager to keep track of all of your account credentials. This way, you won’t have to worry about remembering all of the symbols and letters.
Have a different username and password combination for every account.
Substitute numbers for letters, such as @ for O.
Test your password strength with an online tester, but make sure it is from a reputable source.
Throw in a random capital letter.
Don’t learn a hard lesson when it comes to your passwords, update your log in credentials and have a safer tomorrow.
