Say Good Bye To Your Credit / Debit Card As You Know It

Perhaps you can remember back when you got your first computer let’s say around 20 years ago?  How about your first cell phone?  Was it a flip phone just making phone calls?  How well would your old computer work today assuming it was still available?  Of course it could not do much in the world today.  In a similar way this is the problem with the credit / debit cards we are using today.  It is a technology from the 20^th century, operating in a much advanced 21^st century.   The magnetic stripe card we use today: the technology was developed back in the 1960’s and the ability to apply it to a plastic card came about in mass production in the 1970’s.  The data from these cards can be easily copied and reproduced to another plastic counterfeit card.  Until the “owner” of the card realizes the card data was stolen, the card can be used to purchase items.  Typically the fraudsters will resale these items for cash.

Since then new technology has been developed to make it much harder, if not impossible to replicate cards that can used in advanced credit card device readers.  It is known as EMV.  This payment security standard was developed by Europay, MasterCard, and Visa in 1994, hence “EMV”.  In the mid-1990s, EMV-compliant payment cards began to be issued and EMV-compliant POS terminals began to be installed in countries around the world. While different markets have migrated to the EMV standard at different speeds, the U.S. has been the one major international country not adopting the standard. Since 2011, however, the global card networks that first created EMV have renewed their push to bring the EMV standard to the United States.  Some ask why has it taken the US so long to adopt this or any new standard with a more secure technology than we use today?  The answer is not clear, however, in my opinion; the best reason is until recently it was less costly for the banks to absorb the fraud losses than to pay for the new more costly technology.  What seldom gets mention if at all about fraud loses is much of theses cost can ultimately hit the original accepting merchant that unknowingly took the counterfeit card.

An EMV card resembles the current magnetic-stripe cards with one significant difference, the EMV “chip” or microprocessor that is embedded in the card. EMV protect against duplicate card fraud. Unlike a magnetic-stripe card, an EMV card is not swiped through a reader. Rather, it is inserted into a slot on the terminal.  When the EMV card is inserted, a metal contact on its face connects the card to the terminal and the two devices are then able to communicate.  While the EMV card is used for a transaction and during the communication process for an approval response from the issuing bank, there is new dynamic CVV code used in the authorization request.  This dynamic CVV changes for each transaction.  It is validated against what is expected at the host.  The result is the primary account number is static yet data changes on each transaction.   The problem that EMV will not help against fraud is in a card not present environment such as goods sold on a website. 

Although EMV it is not a magic bullet, it is far better then what we have today.  For example card fraud in the U.K. began to drop following EMV implementation. But in 2008 and 2009 fraud losses began to rise, driven mostly by card not present transactions and cross-border fraud initiated with counterfeit cards using information captured from legitimate cards’ magnetic-stripe. After more countries had adopted EMV, card not present transactions and cross-border fraud losses fell. During the first six months of 2010 the same period the previous year.  Since its adoption in the European countries, and the U.K. in particular, EMV has effectively eradicated face-to-face counterfeit card fraud in card payments. Consequently, the U.K. case study has significant implications for U.S. merchants since it highlights the tangible reduction in fraud witnessed in a country following EMV migration.

Although many merchants may be skeptical of EMV migration given the significant upfront costs of upgrading payment acceptance terminals, over the long run merchants and the industry as a whole will benefit from a reduction in fraud. The magnetic-stripe is no longer able to fend off fraudsters armed with low-cost magnetic-stripe readers, card-duplication gear, and Internet-sourced card data that can be entered into the payments system without strong account holder authentication. The result has been an outbreak of card skimming that has cost the payments industry and merchants millions of dollars.

The fact that merchants in both Canada and Mexico are mostly compliant with EMV standards makes merchants in the U.S. very vulnerable to fraud. As the rest of the world moves toward EMV, merchants in the United States will be at greater risk of fraud until they install EMV-compliant POS terminals and banks issue EMV cards.

If you have any question about this, please feel free to contact us at info@tampabaymerchantservices.com or call 727-916-7294

Is Imprinting A Card A Thing of the Past?

In the program guide that every merchant signs and agrees to states, “IF THE TERMINAL FAILS TO READ THE MAGNETIC STRIPE OR IF YOU ARE

REQUIRED TO OBTAIN A VOICE AUTHORIZATION, THEN YOU MUST IMPRINT THE CARD.” 

When an account is approved a “merchant metal plate: is mailed out.  Not only should you have an imprint of the card, but the merchant info from the “plate” should also be included.  Now is a good time to pull this back out and be sure you have an imprinter and imprinter slips. If you need help with this let me know.  Let me know if you want a full copy of the guide.

I would like to add about the new cards will be issued soon to consumers called EMV cards with an embedded chip, also referred to as smart cards.  These cards are reported nearly impossible to counterfeit because the chip stores unique info that is constantly changing as the card is used.  Cards in use today use a magnetic strip that can be easily replicated and counterfeited.  Merchants will need to have the proper equipment to accept these new cards no later than October 2015.

I urge you to take the time to review the following:

IF THE TERMINAL FAILS TO READ THE MAGNETIC STRIPE OR IF YOU ARE

REQUIRED TO OBTAIN A VOICE AUTHORIZATION, THEN YOU MUST IMPRINT THE CARD. IN ADDITION, THE SALES DRAFT MUST HAVE THE CARD HOLDER’S SIGNATURE. FAILURE TO FOLLOW THESE PROCEDURES WILL PREVENT YOU FROM DEFENDING A TRANSACTION IN THE EVENT THAT IT IS CHARGED BACK UNDER A CLAIM THAT THE RIGHTFUL CARDHOLDER DID NOT AUTHORIZE THE PURCHASE. ENTERING IN INFORMATION INTO A TERMINAL MANUALLY WILL NOT PREVENT THIS TYPE OF CHARGEBACK.

Why we are at, I wanted to share the portion addressing businesses that do not accept a card in person.

Mail/Telephone/Internet (Ecommerce) Orders and Other Card Not Present Sales.

You may only engage in mail/telephone/Internet orders provided they do not exceed the percentage of your total payment Card volume reflected on your application. Failure to adhere to this requirement may result in cancellation of your Agreement. Merchants conducting Internet transactions using MasterCard or Visa Cards must have special codes (an “Electronic Commerce Indicator”) added to their authorization and settlement records. Discover Network does not use an Electronic Commerce Indicator. Failure to register as a merchant conducting Internet transaction can result in fines imposed by the Associations. Mail/Telephone/Internet and other Card Not Present transactions have a sub statically higher risk of Chargeback. Since you will not have an imprinted or magnetically swiped transaction and you will not have the Cardholder’s signature on the Sales Draft as you would in a face-to-face transaction, you will assume all risk associated with accepting a mail/telephone/Internet or other Card Not Present transaction. The following procedures, while they will not eliminate Chargebacks, are useful in reducing them and should be followed by you:

• Obtain the expiration date of Card.

• On the Sales Draft, clearly print the Cardholder’s account number; effective and expiration dates; date of transaction; description of the goods and services; amount of the transaction (including shipping, handling, insurance, etc.); Cardholder’s name, billing address and shipping address; authorization code; and merchant’s name and address (city and state required).

• For mail orders, write “MO”; for telephone orders, write “TO” on the Cardholder’s signature line.

• If feasible, obtain and keep a copy of the Cardholder’s signature on file on a form authorizing you to submit telephone and mail order transactions.

• You should utilize the Address Verification Service for all Card Not Present Transactions (see note below). Address Verification is specifically required for all

Discover Network Card Not Present Transactions, and if you do not receive a positive match through AVS, you may not process the Discover Network Card

Not Present Transaction. If you do not have AVS, contact us immediately.

• You should obtain the 3-digit Card Validation Code number and include it with each authorization request. Discover Network Association Rules specifically require that you submit the Card Validation Code with the authorization request for all Discover Network Card Not Present Transactions.

• For telephone orders, it is recommended that written verification of the sale be requested from the Cardholder (sent by mail or fax).

• You may not submit a transaction for processing until after the merchandise has been shipped or the service has been provided to the customer. (The Associations will permit the immediate billing of merchandise manufactured to the customer’s specifications [i.e., special / custom orders] provided the Cardholder has been advised of the billing details.)

• You should provide a copy of the Sales Draft to the Cardholder at the time of delivery. You must also obtain proof of delivery of the goods or services to the address designated by the Cardholder (i.e., by getting a signature of the Cardholder or person designated by the Cardholder through the delivery carrier). If the Card holder visits one of your locations to receive the goods or services purchased, obtain an imprint of the card and the Cardholder’s signature.

• Notify the Cardholder of delivery time frames and special handling and/or cancellation policies. Merchandise shipping dates must be within seven (7) days of the date authorization was obtained. If, after the order has been taken, additional delays will be incurred (e.g., out of stock), notify the Cardholder and reauthorize the transaction.

• You may not require a Cardholder to complete a postcard or other document that displays the Cardholder’s account number in clear view when mailed.

• If you accept orders via the Internet, your web site must include the following information in a prominent manner:

– Complete description of the goods or services offered;

– Merchandise return and refund policy;

– Customer service contact, including email address and/or telephone number;

– Transaction currency (U.S. dollars, unless permission is otherwise received from Servicers);

– Any applicable export or legal restrictions;

– Delivery policy;

– Consumer data privacy policy;

– A description of the transaction security used on your website; and

– The sale or disclosure of databases containing Cardholder account numbers, personal information, or other Card transaction information to third parties is prohibited.

• You may not accept Card Account Numbers through Electronic Mail over the Internet.

NOTE: Address Verification Service (“AVS”) does not guarantee against Chargebacks, but used properly, it assists you in reducing the risk of fraud by confirming whether certain elements of the billing address provided by your customer match the billing address maintained by the Issuer. AVS also may help you avoid incurring additional interchange expenses. AVS is a separate process from obtaining an Authorization and will provide a separate response. A transaction may not match addresses when submitted for AVS and still receive an Authorization. It is your responsibility to monitor the AVS responses and use the information provided to avoid high-risk transactions.

3.2.1. Discover Network Protocol for Internet Transactions. Each Internet

Discover Network Card transaction accepted by you and submitted to us shall comply with Discover Network standards, including, without limitation, Discover Network standards governing the formatting, transmission and encryption of data, referred to as the “designated protocol.” You shall accept only those Internet Discover Network

Card transactions that are encrypted in accordance with the designated protocol. As of the date of these Operating Procedures, the designated protocol for the encryption of data is Secure Socket Layer (SSL). We may, at our discretion, withhold Settlement until security standards can be verified. However, the designated protocol, including any specifications with respect to data encryption, may change at any time upon thirty (30) days advance written notice. You shall not accept any Internet Discover Network Card transaction unless the transaction is sent by means of a browser which supports the designated protocol.

If you have any question about this, please feel free to contact us at  info@tampabaymerchantservices.com or call 727-916-7294

Mobile Payments, EMV & NFC

Mobile / smart phone, social and technologies are converging right now at a rapid pace.  As of January 2013 nearly 130 million Americans own smart phones.  It all started with the mobile phones, were now you can reach individual consumers on a person level to market your business and offer coupons and other incentives.  Those who hop on the mobile payments train early will not only find new customers, but will set themselves from the competition. 

Using smart phone technologies, sophisticated mobile apps are taking location based personalization to the next step.  For example some apps recognize individual devices and give customers offers based on frequency of visits and other loyalty-related data.  Others are building technology that traces consumer shopping habits to offer personalized recommendations and offers. Others can sync with your customer’s social media accounts to share offers to their friends.  This can help your business spread the word about deals and find new customers’ social networks.  Socially shared coupons can be a great way to spread excitement and brand awareness between friends online.  This is just the start and who know what the future holds for even better and more advanced than what is now available. Merchants must be equipped with technology solutions that extend far beyond payment processing, and broadens their value and ability to attract new customers and retain existing ones.

Now that you know the benefits, how do you take advantage of this?  We have a solution.  With the Genius Customer Engagement Platform from Merchant Warehouse will aggregate and integrate every conceivable transaction technology, payment type and customer program – both present and future – into a single platform.  It is engineered to eliminate other issues confronting merchant’s today, including security breaches, hardware limits and transaction fees.  With the uses of Genius will ready your business for the new EMV cards and NFC payments.  With Genius NEVER TURN AWAY A PAYING CUSTOMER!

If you have any question about this, please feel free to contact us at  info@tampabaymerchantservices.com or call 727-916-7294