Category: Payment Card Industry PCI Security

October 9th, 2020 by Admin

When you are first setting up a retail or an eCommerce endeavor, few decisions will be of as much importance as the payment provider that you choose. Your payment provider will handle each and every card transaction your online company makes, and if it doesn’t function properly, or if it has a lot of hidden fees, such as old legacy systems with long term contracts, you can be setting your business up to fail before you ever get started.

So, we are going to explain to you what you should be looking for when you reach this crucial decision in the setup phase of your business, and we will help you find a payment provider that meets your needs perfectly and sets you up to succeed in the business world.

As a general rule of thumb, there are three main factors that you really need to consider when you go to choose who you will be working with: The people involved in the transaction, the fees associated with each transaction, and how the transaction is handled behind the scenes. There are some smaller tidbits that can make a specific provider a better or worse choice, but those three factors will allow you to narrow your search down to a select few of top competitors that will truly help your company succeed.

The Parties Involved

Besides your bank and the customer’s bank, there are three different factors that go into every single one of your transactions, and a payment provider works with all three of them. There’s you, your customer, and the technology acting as a bridge between the two of you. We’ll go into more detail about all that, now.

The Customer

With this part of the transaction, we are really talking about the “issuing bank”. That’s your customer’s bank, and they handle lending the customer the money to make a purchase on your site, and they issue the card that the customer uses to make that purchase. This is your customer’s main form of interaction with the transaction process, and it’s one of the most important factors since it’s what starts the transaction in the first place. However, you have no control over this factor, and you can simply ensure that the technology, which we’ll talk about soon, makes their part of the transaction as smooth as possible.

The Merchant

This is you and your part in the transaction. You function as the merchant that the customer is engaging with, and in order to do that, you need a merchant bank to partner with and work as your company’s bank. A merchant bank functions differently than the bank you use in your day to day life. Instead of issuing you funds in advance for credit purchases and managing your checking and savings accounts, a merchant bank takes in your customers’ payments for you, and then puts those payments into a special merchant account that is a lot like a business’s checking account. Without a merchant bank, you won’t be able to succeed in the long-term with eCommerce.

The Technology Solution

Your technology, and the company handling it, is what makes a transaction possible in the first place, and there are two parts to this imperative factor: The payment processor and the payment gateway.

Processor

The payment processor is what actually handles the transaction. It moves the money between the different parties and delivers it to the banks and accounts involved. If your processor is subpar, your customer’s transaction experience will be, too. You need an up-to-date payment processor that functions smoothly and without any hassle placed on you or your customer to ensure that each customer enjoys a seamless transaction.

Gateway

The payment gateway is essentially what sends the transaction information to the payment processor. It links to your site’s shopping cart feature, and when a customer buys something, it connects to the payment processor and begins the transaction. In order to ensure that your transactions are smooth and effortless, this technological asset needs to be competent and able to easily satisfy your customers without being apparent.

How the Transaction Process Happens

The transaction process is fairly complicated, but it all takes place in a matter of seconds. In fact, it’s usually seemingly instantaneous.

Once a purchase is made, the payment gateway encrypts the transaction data to protect your customer and your business, and then it asks the customer’s bank if it will advance the funds for the customer’s purchase. If yes, the payment will be sent to your merchant account, and if not, the transaction will be denied and ended until a resolution can be found.

Once that step is completed, the funds typically end up being accessible by you the second your merchant bank acquires them and places them in your account, but you may be forced to keep a certain amount in the account to make sure you can cover any returns that pop up.

This part is not instantaneous. It can take a couple days to complete this part of the process.

Transaction Fees

This is easily the factor that you’ll want to pay attention to the most, because a lot of merchant service providers are downright misleading when they quote your rates, and you need to get a firm understanding of how a company sets up its fees to know what to actually expect from your bill.

Most often, companies will quote something like 1.8% rates to interest you and appeal to your more frugal side, but then they’ll apply all sorts of hidden fees that raise that rate as high as 11% without notifying you properly. As you can imagine, that can make your bill a bit more than what you thought it would be.

There are three rate models that are most often used:

Flat-Rate

You’re given a specific amount to pay, and whether that covers your total fees or not, that’s what you pay. You could be overpaying tremendously if you accept a quite a few low cost cards vs. the higher cost cards. The processor is banking on your acceptance of these lower cards to ensure all costs are covered.

Interchange Plus Pricing

This takes the interchange fee you pay and adds a small fixed rate on top of it. It’s not as consistent as a flat-rate fee because of the sheer amount of interchange fees out there and the number of different credit cards with all of the various reward and incentive programs.

Tiered Pricing

This is when the provider creates a few tiers of fees and charges you based on the tier your fees are in rather than each individual fee. The only bad thing about this is that the provider decides which fees go into which tier.

Other Important Things to Consider

Does your processor provide Data Security/PCI protection? What about financial breach protection, in the event you are breached?

Any business or other entity that stores, processes or transmits cardholder data must ensure that their processes meet the Payment Card Industry / Data Security Standard (PCI/DSS). Failure to do so can result in heavy fines being levied.

Understanding PCI/DSS

The PCI/DSS is a global standard defining acceptable practice for any entity involved in the storage, transmission or processing of cardholder data.

In recognition of the sensitive, confidential and valuable nature of this data the standard imposes strict regulations which must be met in full. The full requirements are detailed but are covered by 12 broad requirements. These are grouped into 6 broad control objectives as follows:

1. Build and Maintain a Secure Network and Systems
– Install and maintain a firewall configuration to protect data
– Do not use vendor-supplied defaults for system passwords and other security parameters

2. Protect Cardholder Data
– Protect stored data (use encryption)
– Encrypt transmission of cardholder data and sensitive information across public networks

3. Maintain a Vulnerability Management Program
– Use and regularly update anti-virus software
– Develop and maintain secure systems and applications

4. Implement Strong Access Control Measures
-Restrict access to data by business need-to-know
-Assign a unique ID to each person with computer access
-Restrict physical access to cardholder data

5. Regularly Monitor and Test Networks
-Track and monitor all access to network resources and cardholder data
-Regularly test security systems and processes

6. Maintain an Information Security Policy
-Maintain a policy that addresses Information Security

Any entity handling card transactions must meet the standard and be able to demonstrate (certify) that it does so. The level of certification is flexible and depends on how transactions are processed and in what volume.

A Summary of Benefits

Achieving full compliance with PCI/DSS standards is more than an obligation. It delivers genuine benefits to businesses:

– Lessen the risk of fraudulent transactions

– Prevent security breaches

-Lessen the impact should a breach occur

– Reduce your business’ exposure to risk and liability

– Provide peace of mind for your customers

– Avoid the negative PR associated with data loss

Why are These Requirements in Place?

Card transactions have grown enormously in recent years as cards become the number 1 preferred form of payment. Since no physical money is handled or exchanged as part of these transactions they are dependent on the transfer of data.

That data therefore becomes sensitive and valuable and must be protected. Failure to protect this data can lead to fraud and theft. These crimes often impact both the card holder and the merchant directly. They can also damage or even destroy the reputation of businesses or organizations involved in hacks or data breaches.

More widely card fraud has the long-term detrimental effect of eroding consumer confidence and trust – both in the individual companies affected and in the card payment industry more widely.

Millions of consumers and organizations worldwide are choosing to pay by card. And millions of businesses, professionals, traders and organizations are accepting and handling these payments. Instead of allowing an ad-hoc approach where each business sets its own level of security the PCI / DSS was imposed. This ensures a uniformly high level of data security throughout the worldwide card payment industry.

Keep your Data Secure – Don’t get caught without PCI Data Breach Protection

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, e-commerce & m-commerce, Electronic Payments, Financial Services, Internet Payment Gateway, Mail Order Telephone Order, Merchant Account Services News Articles, Merchant Services Account, Mobile Payments, nationaltransaction.com, Payment Card Industry PCI Security, Uncategorized, Visa MasterCard American Express Tagged with: , , , , , , , , , ,

Tokenization
May 5th, 2017 by Elma Jane

Tokenization is a powerful security feature that allows a merchant to support all of their existing business processes that require card data without the risk of holding card data and without any security implications, because tokens are useless to criminals, they can be saved by the merchant as they do not represent any threat.

The liability and costs associated with PCI compliance is substantially reduced and the risk of storing sensitive data is eliminated.

Tokenization applies to credit card and gift card.

Merchants set up for the tokenization service receive responses that include a token.

The token generated is not linked to a specific transaction but to a specific card number and the token generated for that transaction will be identical for every use of that card number and merchant.

Furthermore, you can generate a token and save the token with associated information in the Card Manager.

For Electronic Payments with Tokenization call now 888-996-2273

or click here NationalTransaction.Com

 

 

Posted in Best Practices for Merchants, Credit Card Security, Electronic Payments, Payment Card Industry PCI Security Tagged with: , , , , , , , , ,

SECURITY PROTECTION
March 13th, 2017 by Elma Jane

SECURITY PROTECTION

Make smart decisions when it comes to protecting your business with five layers of protection.

 

 

Posted in Best Practices for Merchants, Payment Card Industry PCI Security Tagged with:

TOKENIZATION AND ENCRYPTION SECURITY
March 8th, 2017 by Elma Jane

TOKENIZATION AND ENCRYPTION SECURITY

Encryption is reversible. Encrypted data can be returned back to its original, unencrypted form. The encryption strength is based on the algorithm it uses. A more complex algorithm will create stronger encryption to secure the data. Encryption is most often “end-to-end.

PCI Security Standards Council and other governing compliance entities still view encrypted data as sensitive data.

Tokenization system replaces sensitive data and the token cannot be reversed into true data, it has no value. The real, sensitive information is stored in a secured offsite platform. An entirely different location. That means sensitive customer data does not enter or reside within your environment.

Unlike encryption, tokenization isn’t subject to issues with PCI compliance or other data security organizations, because tokens do not contain any real data.

If a hacker managed to steal your tokens they cannot be used for a fraudulent transaction.

Using tokens doesn’t change a merchant’s payment processing experience. Only they’re much safer for a merchant than actual credit cards.

For Electronic Payments call us now 888-996-2273 

 

Posted in Best Practices for Merchants, Payment Card Industry PCI Security Tagged with: , , , , ,

Smart Device for Lodging Transactions
February 13th, 2017 by Elma Jane

Smart Device for Lodging Transactions 

Function meets form with this latest payment terminal.

Accepts All Payments – Magstripe, Chip (EMV) Cards, Mobile Payments like Apple Pay (NFC) and Manual Keyed.

An All-In-One Smart terminal – simplified, single card slot for Magnetic Stripe and EMV. Customer display for PIN, signature, tipping, receipts and more. Interactive 7″ touchscreen. Connects to Wifi or Ethernet. With built-in printer.

Security – PCI certified, End-to-End Encryption. Data is protected by the latest technology.  

Supports Lodging Transactions – Check-In/Check-Out, Quick Stay, Incremental Authorization/Update. Sale, refunds, and voids.

Reporting (HQ) – a simple dashboard where you can monitor your sales, refund transactions, get business insights and alerts, and view settlements and transaction in real time. Accessible on the internet or from the HQ App on your Smartphone.

Robust Payment processing – access your funds within 24-48 hours, 24/7 customer service, convenient reporting, PCI program & data breach coverage.

For Electronic Payments call now 888-996-2273 or go to www.nationaltransaction.com and click get started.

 

 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Electronic Payments, EMV EuroPay MasterCard Visa, Near Field Communication, Payment Card Industry PCI Security Tagged with: , , , , , , ,

January 12th, 2017 by Elma Jane

Accepting non-cash payments from your customers are valuable. If you don’t, you will miss out on sales; because of the growing numbers of customers who only carry plastic or wish to pay online. Today, you have many payment solution options.

Credit Card Terminals – you might remember the beginning of the credit card era and i’ts evolution with today’s countertop terminals. From the traditional swipe of their credit, debit or even gift card to make a purchase to today’s modern terminals. Like accepting EMV chip cards (to be in compliance with a PCI mandate) and NFC payments like Apple Pay.

Beyond the basics; these systems are generally supported by reporting sites that can help you monitor sales, and assist you with maintaining customer loyalty programs.

E-Commerce Solutions – online sales are growing every year. If you are considering an expansion of your business online; you need a complete hosted payment solution for transactions in all payment environments. Including in-store, back office mail/telephone order (MO/TO), mobile and e-commerce, that make your customers’ experience as intuitive and efficient as possible.

Point of Sale Systems  – smart registers have evolved into high-tech point-of-sale (POS) systems due to technology advances. Not only taking customer payments; but it can transform your business with an advanced marketing programs, inventory management and sales and profitability tracking and reporting. Over the past years these advanced systems have become cost-effective and easy to use.

Wireless Terminals – in today’s hardware you have the option of accepting payments wirelessly, through a full-service terminal that is smaller than a countertop model, or through a mobile card reader plugin for a smartphone or tablet.

The advantage of a full-service wireless terminal is that it allows for receipt printing on the spot through the device and most modern full-service wireless terminals are EMV compliant and accept both EMV (chip card) and NFC payment types.

Call now 888-996-2273 and speak to our payment consultant to know which solution is best for you.

 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Mail Order Telephone Order, Near Field Communication, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , ,

Payment Card Industry
November 17th, 2016 by Elma Jane

Payment Card Industry

What is PCI DSS (Payment Card Industry Data Security Standards)? A set of requirements, founded by Amex, Discover, JCB, MasterCard and Visa; to facilitate industry-wide adoption of consistent data security measures on a global basis. Best practices for enhancing payment account data security.

Why does my business need to be PCI Compliant? You help protect your business
by reducing the risk of a costly breach of your customers’ payment card data. Payment card brands (Amex, Discover, JCB, MasterCard and Visa) mandate that all businesses processing payment cards must be compliant.

Once my business validates PCI-DSS compliance, does that prevent a security breach from happening? No. It helps prevent security breaches and loss of cardholder data but do not provide a guarantee to your business. Also, similar to the regularly required updates to anti-virus and firewall software; data security is also continually subject to new threats.

What happens to my business if I am not PCI Compliant? If you do not comply with the security requirements contained within PCI-DSS as mandated by the payment card networks; you put your organization at risk of a payment card compromise.

In the event that your business is compromised, you may also be subject to additional fines, fees, and assessments by the card brands. You may also lose your credit card acceptance privileges.

What am I required to do to validate PCI compliance? The minimum requirement for PCI Level 4 business is to complete a PCI-DSS Self-Assessment Questionnaire (SAQ) on an annual basis and achieve a passing status.

Posted in Best Practices for Merchants, Payment Card Industry PCI Security Tagged with: , , , , , ,

PCI COMPLIANCE
September 21st, 2016 by Elma Jane

PCI compliance applies to any company, organization or merchant of any size or transaction volume that either accepts, stores or transmits cardholder data.

Any merchant accepting payments directly from the customer via credit or debit card must be Compliant. The merchant themselves are therefore responsible for becoming Compliant, as the deadline for the merchant becomes overdue.

Understanding and knowing the details of Payment Card Industry Compliance can help you better prepare your business. Because failing and waiting to become compliant or ignoring them, could end up being an expensive mistake.

The VISA regulations have to adhere to the PCI standard forms as part of the operating regulations. The regulations signed when you open an account at the bank. The rules under which merchants are allowed to operate merchant accounts.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

 

 

 

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , ,

Monthly
August 9th, 2016 by Elma Jane

Businesses are discouraged from storing credit card data, but many feel the practice is necessary in order to facilitate recurring payments. Merchants that need to store credit card data are doing it for recurring billing.

Using a third party vault provider is the best way to store credit card data for recurring billing, it helps reduce or eliminate the need for electronically stored cardholder data while still maintaining current business processes. The risk of storing card data is removed from your possession and you are given back a token that can be used for the purpose of recurring billing, by utilizing a vault. Modern payment gateways allow card tokenization.

Any business that storing data via hard copy needs to review and follow PCI DSS requirement in order for the electronic storage of cardholder data to be PCI compliant.  Appropriate encryption must be applied to the PAN (primary account number). In this situation, the numbers in the electronic file should be encrypted either at the column level, file level or disk level.

 

Posted in Best Practices for Merchants, Payment Card Industry PCI Security, Travel Agency Agents Tagged with: , , , , , , , ,

PCI COMPLIANCE
April 26th, 2016 by Elma Jane

The PCI-DSS is a security standard for organizations that handle branded credit cards from the major card including Visa, MasterCard, Amex, Discover, and JCB. It is designed to ensure that ALL companies that process credit card information maintain a secure environment.

PCI applies to organization or merchant, that has a Merchant ID (MID), regardless of size or number of transactions, that accepts credit card.

Merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period.

 

Merchant Level Description
1 Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
2 Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year.
3 Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
4 Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.

 

Does is each location required to validate PCI Compliance for multiple business locations?

If a business locations process under the same Tax ID, then you are only required to validate once annually for all locations.

Penalties for non-compliance

The payment brands may fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will pass this fine along until it eventually hits the merchant. The bank will also terminate your relationship or increase transaction fees.

PCI Compliance Manager

To help you achieve and report compliance, we have Trustwave PCI Compliance Manager. It’s an online portal that enables you to understand requirements that apply to your business, and guides you through your self-assessment, step by step.

If you have any questions regarding your PCI Compliance please call our office at 888-996-2273. We would be more than happy to help.

 

 

 

 

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , ,