TSYS Host Capture – VeriFone’s VX 520 Class A

The VX 520 is a new payment device that is powerful and offers services for existing technologies, including future technologies. It possesses advanced security features and accepts mobile wallets and future technologies such as NFC and EMV. Since the device is certified on the TSYS Host Capture it is able to process transaction data, batch creation, payment acceptance logic, and transaction data, all through TSYS host. Significant reductions in PCI scope is achieved through this device since through the above process no sensitive data is stored on the POS device. The VC 520 also has leading performance features. It possesses a powerful processor and memory that can be upgraded. This allows it to process transactions at very fast speeds. The device can also accept loyalty cards and gift cards. New features are offered with TSYS Host Capture including the ability to deactivate the terminal through the system and circumvent adjusts, reprints, prompts on voids, and prompt for batch numbers when reports are printed out. Certain processes can be done automatically such as report printing without the need for user’s input.

Authorize.Net Verified Merchant Seal Sweepstakes – You could win $5,000!

Over at Authorize.net they are doing a contest for 6 months and a winner for every month. All they want you to do is properly display the Authorize.net badge on your Website (that you use an Authorize.net gateway with to process payments). All MSI Merchants who have a online credit card processing merchant account with the Authorize.net gateway are qualified. Check out the official announcement here. They include helpful videos to show you how to do it as well on the page. Contest runs through March 31, 2013.

Might be a good idea also to show them your site is there by sending them a Tweet after to @AuthorizeNet (https://twitter.com/AuthorizeNet) 😉

EMV Coalition Created

Over at Verifone they had a post about the creation of a coalition to help spread the EMV standard.

Smart Card Alliance has formed a collaborative environment around chip-enabled payments – a neutral, independent, forum to aid in the industry-wide adoption of EMV in the US. The goal of the EMV Migration Forum is to align the EMV implementation steps required for all payments players to successfully move from magnetic stripe to secure EMV contact and contactless technology in the US. Sucessfully move from magnetic stripe to secure EMV contact and contactless technology in the US.

They are also holding a few Webex meetings to help you integrate EMV, what it is and why it’s important. Here is the information:

Let VeriFone Be Your Guide to EMV Migration
An introduction to EMV discussing the benefits of EMV, why it’s time to migrate, and the solutions, training and support VeriFone can provide to help you through this process.

Wednesday, October 3, 2012 2:00 pm
Register Now!

EMV Implementation Tools for Success

Learn about the critical tools necessary to successfully implement EMV. Discover how things will change in payments, what the new requirements and certifications will be, if you will you have to replace existing hardware and software and more.

Wednesday, October 3, 2012 4:00 pm
Register Now!

Report Your Processing!

Business owners do a lot to prepare for tax time. Figuring income, deductions, and other things took the majority of the day to decipher, among other things. One thing that business owners never had to calculate is their credit card processing to the last penny. Processors have never been required to hand over their reports to the Internal Revenue Service for review.

Beginning next year, that will all change. There was a part of the Housing Assistance Tax Act that made it a requirement for processors to disclose this information. A 1099-k will allow the IRS to see your gross processing volume.

For you, this means that if you haven’t been reporting all of your credit card processing volume, the IRS will find out and you may be questioned. Play it safe and report all of your earnings!

Choosing an Account

MSI Merchant Service is a leader in the credit card processing industry, and provides many different options for merchants that are looking to accept credit cards as a form of payment. With their free terminal program, MSI Merchant Service makes it easy for even the smallest businesses to begin taking credit cards quickly and easily. MSI Merchant Service has different types of terminals for businesses of all expertise. Wireless terminals, virtual terminals, landline terminals, iPhone terminals, and internet shopping carts are offered by MSI Merchant Service, in an effort to serve all businesses properly. Representatives are there to assist you in making the right choice when it comes to your processing needs. They will guide you through the process to determine what type of account and terminal is best for you.  The goal is to have minimal costs, while maximizing growth and profit for the businesses that choose to accept credit cards.

In most situations, a normal landline terminal is used to process cards at retail locations. These terminals typically have a screen, keypad, and printer for automatic approval and receipt printing.

For businesses on the go, we have a “MoTo” account for keying in transactions at a later date, along with iPhone, wireless, and virtual terminal options. With a standard MoTo account, the representative would take an impression of the customer’s card and key it in a later date. This does not offer instant approval. A virtual terminal MoTo account would allow you to key transactions in at the time of sale through a laptop or any other secure internet connection. MoTo accounts have higher rates than standard retail accounts. If you choose to purchase a wireless or iPhone terminal, retail rates and instant approval would apply.

Other options may be available and be better suited for your business, which is why it is imperative to discuss your needs with a representative that is there to assist you. All offers are fully PCI compliant, and information is held to the highest security standards. Give us a call to see what our company can do for you!

Take Caution with Online Transactions

1. Display fraud notices in obvious places on your website. You can defer most fraudulent charges this way, because the scammer will realize that you are aware. IP and email addresses can be tracked to find out who made the purchases.
2. Check over your orders. If someone places and order with your company and you gut tells you that it’s suspicious… use your judgement! Multiple products and expensive next day shipping are something to watch out for. Make sure all information is filled out correctly.
3. Use the AVS system. All cards should be checked to make sure that the information entered matches the information on file with the credit card company. You can’t exclude orders with mismatched information, but it is still wise to check if you are suspicious about a transaction. You can always call or email the customer if you have questions about their order.
4. Get security codes. On the back of most cards, there is a three digit security code. For American Express, this code is on the front. Getting this code ensures that the card was in hand at the time of purchase.
5. Be aware of international purchases. A large amount of fraudulent transactions come from Asia and Africa. Be extra careful when accepting payment from these locations. It may be beneficial to only accept US based orders.
6. Check the email addresses. Free email addresses can be easy to get, making them a prime source for fraudulent activity. People trying to make a purchase will hide their identity with them.
7. Check to make sure your customers aren’t on any negative lists for past fraudulent activity and chargebacks.
8. Utilize fraud prevention software. Merchants can check their orders with the click of a mouse to ensure that their transactions are valid.
9. Keep your records! Save emails, voicemails, and receipts from your transactions. Recorded calls are also beneficial. This will help if you need to fight a chargeback in the future.
10. Contact your customers. By speaking directly with the purchaser, you are able to confirm the order. If they don’t answer your calls or emails, take it as a warning that the charge may not be valid. Sending a letter to the address provided may also help confirm orders.

Merchant Services

It doesn’t matter what type of business you are, but there are different credit card processing options available. You just need to look into which account type and provider fit your needs the best. A merchant account will allow you to easily accept payments from customers that would like to use a credit card. Once you decide on the type of account you need, the next step is to choose the provider.

There are tons of merchant service companies out there. But, selecting the right one is very important. Making a list of percentage rates, cancellation fees, monthly minimums, statement fees, and annual fees will allow you to choose a provider that best matches what you are looking for.

Ask to see a copy of the application and contract before signing up, and make sure all of the information quoted matches these documents. Make sure you are confident in the sales representative, company, and the terms that you are agreeing to before you sign and documents or give any personal information. Some companies will bind you through a verbal contract if you give your personal information by phone.

Store owners, restaurants and service business benefit greatly by accepting credit cards. It makes it easy for the customers, and is a simple process for the business owner.

Heartland Hacker to Plead Guilty

Albert Gonzalez, the TJX intruder, has accepted a plea agreement on charges that he faces. The charges are that he hacked into Hannaford Brothers, Heartland Payment Systems, 7-Eleven, and two other retailers that remain unnamed in the nation.

The attorney representing Gonzalez filed documents in the New Jersey US District Court, where charges were filed by Heartland Payment Systems this past August.

On Tuesday, a federal judge transferred the case to Massachusetts, where Gonzalez has pleaded guilty to two other cases.

Gonzalez is a former informant for the Secret Service known by the online aliases “Cumbajohhny” and “segvec.” He was charges in August with two hackers from Russia. The accusations are that they stole over 130 million credit and debit cards from Heartland Payment Systems, a credit card processing company, and the other companies mentioned above.

In May 2008, Gonzalez was charged with ten other people in NY and in August 2008 in MA with intrusions onto the security of OfficeMax, TJX, Dave and Busters, and other unmentioned companies. He pleaded guilty and in both cases, he was scheduled to be sentenced December 21.

It was expected that he receive 15 to 20 years in prison for his actions. The sentencing will probably now be delayed to allow him to plead guilty to the new charges against him. To account for the NJ charges, the government and its offices need time to recalibrate their sentencing positions.

Visa PCI DSS Plans

When Visa speaks, the industry listens. As a necessary add on to PCI DSS, Visa says that all merchants who accept cards electronically consider upgrading their networks to have data-field technology installed.

Visa has written a paper that makes five important recommendations to merchants.

1. Protect devices that are cryptographic against software and firmware compromises.
2. Given a merchants geographical location, use key management that is consistent with security standards.
3. Use cryptographic algorithms that are consistent with security standards based on geographical locations.
4. Limit clear text (unencrypted) to “point of encryption and point of decryption.”
5. In lieu of the complete card number, use an alternate transaction identifier for business practices.

The Senior Business Leader of Visa’s Risk Department, Eduardo Perez, believes merchants are currently looking for guidance in what should be done to protect card data.

He says, “…the intent of these best practices is to provide a foundation, or a primer, for merchants considering these solutions on how to implement them and then how to evaluate them… So the goal here is to support merchants and ultimately to effectively deploy the use of encryption solutions within their payment card environment.”

Data Field Encryption

End-to-end encryption is another name for data-field encryption. Many in the industry feel that it is necessary in order to safeguard data. Data that is encrypted cannot be decryption without the correct key.

When the card is swiped, end-to-end encryption begins. The encrypted data is taken from the merchants’ private network, and then goes through the public network to the acquirers system. That is where the information is decrypted in order to process.

Not Mandated

The guidelines of Visa do not mandate merchants to have end-to-end technology, or to have providers that use end-to-end technology. But it is an important way to protect cardholder data.

PCI DSS strives to have complete data security, which includes data at rest (stored) and data in motion (transmitted). End-to-end encryption focuses mainly on data as it is transmitted, or is in motion.

Data that is in motion is attacked by malware, which is malicious software that finds cardholder data and transmits if back to people committing fraud.

Along with PCI DSS, Data-field encryption can help keep the data of your cardholders safe.

Public Vs. Private

Tim Cranny, the Chief Executive Officer of Panoptic Security Incorporated, says that the most current version of PCI DSS is mainly focused on the security of stored data and data transmitted publicly, not the security of private networks.

The best approach to security is a layered one, according to Bob Russo, the GM of the PCI Security Standards Council, also known as PCI SSC. He says, “Which specific technologies an organization chooses to implement to meet the requirements of DSS is discretionary. Organizations seeking to deploy security technologies must recognize that secure implementation is as important as the decision to implement itself.”

He goes on to say that PCI SSC is in the feedback process. They want opinions on how the PCI DSS will evolve.