Archive for August, 2014

EMV Credit Card Technology | Embedded IC Smart Chip Card

Monday, August 25th, 2014

Have you heard of EMV technology in the credit card industry? You may even have an EMV credit card in your wallet and not know it. Although it’s not brand new, it’s a technology that is starting to generate a buzz.

EMV credit cards have been in use in Europe for quite awhile, but have not been issued as widely in the United States. However, this is soon to change due to a fraud liability shift away from the party that has EMV technology in place.

emv chip cardThe push for the migration to the mainstream use of this technology in the United States is to prevent fraud in the industry.

EMV, which stands for Europay, MasterCard, Visa, formed in the early 2000’s as a joint effort among those credit card associations to provide secure processing and universal operability for “chip cards” around the world. Since then, the Japan Credit Bureau, American Express, Discover and China UnionPay have come on board.

EMV is a technology in which integrated circuit (IC) chips are embedded into credit cards. These cards, known as “chip cards” and sometimes “smart cards”, use this imbedded chip technology as an advanced security feature when authorizing and processing card-present (customer facing) transactions.

In traditional card-present transactions, credit cards are swiped through a terminal that reads the magnetic strip on the back and captures the data before forwarding it for authorization and approving or declining the transaction.

The magnetic strips on credit cards contain data that is static, meaning that if a security breach were to happen, all information on a credit card can be easily obtained. Once the credit card data is stolen, criminals can use the information to create an identical physical credit card.

EMV cards are processed through modern terminals that may look very similar to traditional terminals; however, EMV credit cards are not swiped through the magnetic strip reader. EMV terminals have a special EMV chip reader or port, in which the credit card is inserted. The terminal collects the card data and encrypts it differently for every transaction.

For the authorization process, typically the cardholder has to enter a PIN (personal identification number). The unique encryption method paired with a cardholder PIN verification, makes it extremely difficult for credit card data to be stolen by criminals and used for non-authorized transactions via a duplicated credit card.

Credit card fraud is on the rise. The fact that the US has been slow to adopt EMV technology provides an opportunity for fraudsters to continue to take advantage of the antiquated magnetic strip technology.

In 2012, the major credit card associations that make up EMV announced their plans to migrate the technology to the U.S. Although many banks and card issuers were immediately on board and began to issue EMV chip cards, merchants weren’t as quick to adopt the changes in the industry.

In order to enforce compliance to the use of EMV, Visa, MasterCard, Discover and American Express have implemented a liability shift date of October 2015. Any party that is not thereafter using secure EMV processing may be liable for fraudulent transactions that take place.

This means that all parties involved in face-to-face card-present transaction process, including merchants, must accept the migration, or accept the liability consequences.

The requirement for all parties, especially merchants, to migrate to EMV smart card technology will not only protect them from liability, but also make credit card processing more secure and interoperable worldwide.

 

What does PCI Compliance mean in Credit Card Processing?

Wednesday, August 13th, 2014

Have you ever heard the term PCI compliant and wondered what it means? Okay, it’s not a term you come across everyday. Perhaps you’ve been speaking with a credit card processing company and heard the merchant account agent mention it.

Like it sounds, it has to do with being in check, or good standing. But what, why and with whom?

Origin

PCI Compliance is also known as PCI DSS, or Payment Card Industry Data Security Standard. PCI DSS originated with 5 separate security and compliance programs put in place by 5 major credit card associations. Each program was intended to offer an added level of protection for credit card issuers in which merchants (or businesses) that accept credit cards were required to adhere to specific security guidelines when storing, processing and transmitting customer credit card data.

In 2004, these five companies meshed their programs together and created the Payment Card Industry Security Standards Council (PCI SSC). Since its creation, the new PCI Standards have been updated several times in order to meet changes in the industry and in some cases, to clarify specific points.

PCI Data Security Standards Requirements

There are 6 “control objectives” with a total of 12 requirements that merchants must comply with:

PCI dss requirements

Why PCI Compliance?

After reading (or skimming) those requirements above, it’s pretty evident that the sole purpose of  PCI Compliance is to ensure that merchants take every precaution to prevent customer credit card information from being stolen and credit card fraud from occurring.

Who Must Comply?

All businesses that are set up to take payments via a merchant account (credit card processing services) must follow the PCI DSS requirements.

PCI DSS compliance is not mandated under federal law in the United States, but merchants that choose not to comply will be subject to penalties and/or may have their merchant account terminated.

Some states have enacted their own laws relating to PCI DSS. Minnesota’s law prohibits the retention of credit card information by merchants, and Nevada and Washington have laws in place shielding merchants from liability if a security breach were to happen.

While it’s important for all merchants to follow the PCI DSS compliance requirements, it’s extremely important for online merchants to not only follow those requirements, but also to always be wary of credit card fraud.

Most credit card fraud occurs with online credit card transactions (known as card-not-present transactions). In these transactions, it is more difficult for a merchant to verify that the actual cardholder has authorized the transaction.

Opening a Business?

If you’re starting a business and plan on setting up credit card processing services, your merchant account provider may or may not spend a lot of time going over these requirements. Yet it’s critical to know and practice them.

It goes without saying that as a business owner with products or services for sale, your customers are the lifeblood of your business. Your customers deserve to have the integrity of their information protected. Whether your store is online or in a brick-and-mortar location, go the extra mile to ensure you are always PCI DSS compliant.

If you have questions relating to PCI DSS compliance or credit card processing in general, give us a call at The Transaction Group. We’d be happy to help.

 

How Do Online Shopping Carts Work in E-commerce Stores

Monday, August 11th, 2014

Whether you own an ecommerce store, are a frequent online shopper or have never bought anything on the Internet, you may wonder about online shopping carts and how they work.

online shopping cartsWe are all familiar with shopping carts at brick-and-mortar stores. An online shopping cart is similar in that it is simply a basket to hold desired items until the buyer is ready to checkout and pay for the products or services. However, they are virtual, or not physically existing but made to appear through software.

Online shopping carts operate via software on a company’s website that allows a customer to add and remove items, and then adds any applicable tax and/or shipping costs before calculating the total payment. While some ecommerce shopping carts are very basic, some more advanced carts have additional functionality for the web store owner, or to enhance the user experience for the customer.

Two of the key components attached to the online shopping carts in the online checkout process in any ecommerce store are a merchant account and a payment gateway. Typically, these two pieces are offered together by credit card processing providers, ensuring compatibility between the two.

Put simply, a merchant account is an account held by the merchant or web store owner that enables the transaction to take place. This includes authorizing the credit card transaction, capturing the funds from the issuer, and depositing funds (minus processing fees) into the merchant’s checking account. Funds are usually deposited to the merchant’s checking account within 48 hours of the completion of the sale.

A payment gateway is an ecommerce service that securely facilitates the transfer of information between the online store and the credit card processing company over the Internet via a secure browser interface.

Generally, online shopping carts and the checkout process are safe due to the fact that the payment gateway encrypts the data, rendering it nearly impossible to decipher if it is somehow intercepted along its route.

For online store owners that are just getting their website set up on the Internet, an all-in-one ecommerce solution is recommended. An all-in-one solution will include the merchant account, online payment gateway and shopping cart making the entire set up process very simple.

Established online stores will sometimes already have merchant account and payment gateway and simply want a new shopping cart system; either basic, or more advanced system with additional features. These features can include inventory management tools, shipping confirmation, and merchandising and marketing tools.

Determining which type of online shopping cart is best for an online store owner is dependent upon what type of functionality is desired as well as the amount of money the merchant wants to spend.

Regardless of the type of online shopping cart, it is an essential feature needed for any online store. If you have any questions about online shopping carts, give us a call at The Transaction Group. We can even recommend online shopping cart providers to meet the needs of any online business.