About Christine Speedy

B2B cloud payment acceptance solutions and CenPOS enterprise cloud payment solutions global sales.

Magento mandatory upgrade for PCI Compliance

Merchants must replace Magento version 2.1.x summer 2019. The Magento 2.1.18 software release marks the final supported software release for Magento version 2.1.x. As of June 30 2019, Magento 2.1.x will no longer receive security updates or product quality fixes now that its support window has expired.

PCI compliance requires the installation of critical software security patches within 30 days. When a software or related service provider no longer offers security patches, then merchants must replace or upgrade within 30 days. This is the same reason merchants using Microsoft Windows XP would not be PCI compliant.

I previously reported the Magento vulnerabilities and patch requirements in April 2019. Merchants should not rely on their business partners to automatically perform updates. Here’s a handy web site to check your Magento version now.

Now is a great time to also do a payment gateway checkup.

Call Christine Speedy, PCI Council QIR certified, to reduce merchant fees with new or existing merchant account at 954-942-0483, 9-5 ET.

Visa Prevents Approximately $25 Billion in Fraud Using Artificial Intelligence

Since pioneering AI in payments, continuous evolution of the technology in Visa Advanced Authorization helps drive commerce and consumer confidence

SAN FRANCISCO–(BUSINESS WIRE)–Visa Inc. (NYSE: V) today announced new analysis showing Visa Advanced Authorization (VAA) using artificial intelligence (AI) helped financial institutions prevent an estimated $25 billion in annual fraud—making the global payment ecosystem safer for retailers and consumers.i VAA is a comprehensive risk management tool that monitors and evaluates transaction authorizations on the Visa global payment network, VisaNet, in real time to help financial institutions promptly identify and respond to emerging fraud patterns and trends. Visa processed more than 127 billion transactions between merchants and financial institutions on VisaNet last year, and employed AI to analyze 100 percent of the transactions—each in about one millisecond—so financial institutions can approve legitimate purchases while quickly identifying and preventing fraudulent transactions.

“One of the toughest challenges in payments is separating good transactions made by account holders from bad ones attempted by fraudsters without adding friction to the process,” said Melissa McSherry, senior vice president and global head of Data, Risk and Identity Products and Solutions, Visa. “Visa was the first payment network to apply neural network-based AI in 1993 to analyze the riskiness of transactions in real time, and the impact on fraud was immediate. By striking the right balance between human expertise and technology innovation, we continue to evolve our capabilities as new AI breakthroughs expand the realm of what’s possible.”

For financial institutions, friction in the payment process can lead to the abandonment of a payment card. A study by Javelin Strategy & Research revealed more than half of cardholders affected by false declines (51 percent) used a secondary payment card to complete the purchase at the same merchant, which can push a competitor’s card to the top of wallet.ii However, removing friction cannot come at the expense of identifying and preventing fraud. As a survey by the National Retail Federation and Forrester discovered, the top payment-related challenge faced by retailers is fraud, cited by 55 percent of those surveyed.

Visa Advanced Authorization is a layer of fraud prevention that can help drive down risk and fraud for financial institutions and retailers, and help reduce friction due to false declines for payment account holders. More than 8,000 financial institutions in 129 countries use Visa Advanced Authorization.

Preventing fraud near the speed of light

Visa pioneered using neural networks modeled after the human brain to power its AI platform to identify possible fraud. This delivers faster and deeper insights through previously unknown correlations. Delivered through Visa Advanced Authorization, retailers and financial institutions benefit from:
• Machine Learning models used for real-time examination of each transaction for indicators of fraud—looking at activities, patterns and more than 500 risk attributes—all in about one millisecond.
• Risk scoring, which Visa shares with the account holder’s financial institution, where the decision is made to either approve or decline the transaction, or flag the transactions for follow up with the account holder.
• The ability to identify good transactions even when made by new or infrequent shoppers, reducing the likelihood of false declines.
• Real-time authorization using integrated, global predictive analytics to identify and prevent fraud.
Visa has kept global fraud rates at historic lows—less than 0.1 percent—through a multi-layered approach of investing in human intelligence and technology like A.I.; empowering consumers and clients with tools, resources and control to manage risk; and setting governance processes to help businesses and regulators stay nimble.iv
“Consumers identified Visa as the most trusted company to provide financial services or payments among all payment networks and we believe it is due to Visa’s unrelenting focus on eliminating fraud and protecting the payment ecosystem,” said McSherry.v

Additional Risk Solutions Using AI
Visa champions security every day to protect the payment ecosystem and offers a portfolio of risk products and services that can help consumers, merchants and financial institutions prevent fraud. This includes Visa Risk Manager (VRM), Visa Consumer Authentication Services (VCAS) and CyberSource Decision Manager (DM), among others. For more information about Visa’s Risk solution portfolio, visit Visa Security.

Additional Resources

About Visa Inc.

Visa Inc. (NYSE: V) is the world’s leader in digital payments. Our mission is to connect the world through the most innovative, reliable and secure payment network – enabling individuals, businesses and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s relentless focus on innovation is a catalyst for the rapid growth of digital commerce on any device for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce. For more information, visit About Visa,visa.com/blog and @VisaNews.

i For the 12 months ended April 30, 2019.

ii “Addressing the Threat of False Positive Declines” by Kyle Marchini and Al Pascual, Javelin Strategy & Research, October 17, 2018.

iii “The State of Retail Payments Report – Outlook for 2019” by Brendan Miller, principal analyst, Forrester, November 2018.

iv Visa Global Fraud Data, Visa Inc., April 2019.

v “Omnichannel and Branch: The Current U.S. Consumer Banking Environment,” by Peter Reville, Director of Primary Data, Mercator Advisory Group, March 2019.

Source: Visa Inc.

Verifone VX terminal reboot: urgent update

All Verifone VX terminals must be updated by June 25, 2019 or merchants risk problems where the terminal is stuck in a reboot and cannot accept credit cards. Verifone posted an advisory on their support web site June 3. Hopefully owners will be notified by their acquirers before they have hard failure. The VX series is very popular so it could be problematic if many thousands of VX terminal owners try and download the update at the same time.

Action is required for all customers using VX (all VX) or e-Series Devices (limited to e315, e315m and e355) on any version of CommServer prior to 544 or 5441 who have not downloaded the recovery utility. This action is for both customers who have successfully recovered their devices from a reboot loop, those who may be in a reboot loop, and those that did not experience issues at all on or around May 25, 2019. Read the entire alert on the Verifone support web page here.

The advisory impacts all Verifone VX terminals, so per my search, that would include the VX 520, VX 680, VX 805, and VX 670. Are you in need of a new or replacement terminal?

The Christine Speedy difference. Find out what terminal is best for your credit card processing situation. Call someone who knows the rules and can help you optimize for the lowest interchange rate qualification. Terminal choice matters! B2B expert. 954-942-0483, 9-5 ET.

Cannabis Payment Processing

Recreational shop and medical marijuana dispensaries both face challenges because major banks and the federal government present financial roadblocks. Cannabis is a controlled substance on a federal level, so many financial organizations make it extremely difficult for businesses selling marijuana products to safeguard their profits. This article provides the tips you need to maximize profits while mitigating risk.

Cannabis Payment Processing Current Laws

Cannabis is still part of the Controlled Substances Act, so major banks typically won’t process payments for businesses participating in federally prohibited activities, including cannabis and any cannabis-related activities, regardless of state laws. Banks put themselves at risk of being seized by the Federal Deposit Insurance Corporation (FDIC), which is a risk the big financial institutions won’t take. Independent banks are more flexible and willing to cooperate with those related to the legal cannabis market.

In 2014, the Financial Crimes Enforcement Network (FinCen) issued guidance to financial institutions for providing financial services to marijuana related businesses. Banks can provide services to legal cannabis companies, provided they comply fully with anti money-laundering regulations. Regardless, most of the big banks choose to stay clear of the industry. While it’s technically legal for a bank to support a legal marijuana business, many simply choose not to because it’s not worth the risk of more federal government oversight.

The Secure and Fair Enforcement (SAFE) Banking Act creates protections for depository institutions that provide financial services to cannabis-related legitimate businesses and service providers for such businesses, and for other purposes. This bill has moved forward under the premise that the American people have already spoken about legalizing marijuana and the government must enable the commerce required to support it. It’s winding its way through Congress, with a major step forward in March 2019; the House Committee on Financial Services voted to issue a report to the full chamber recommending that the bill be considered further. Only about 1 in 4 bills are reported out of committee. Track the progress of H.R. 1595 SAFE Banking Act here.

The bill prohibits a federal banking regulator from: (1) terminating or limiting the deposit insurance or share insurance of a depository institution solely because the institution provides financial services to a legitimate marijuana-related business; (2) prohibiting or otherwise discouraging a depository institution from offering financial services to such a business; (3) recommending, incentivizing, or encouraging a depository institution not to offer financial services to an account holder solely because the account holder is affiliated with such a business; or (4) taking any adverse or corrective supervisory action on a loan made to a person solely because the person either owns such a business or owns real estate or equipment leased to such a business.

Cash Only Risks and How to Avoid Them

Cash is great until it isn’t. Gobs of cash require lots of security. Businesses are at higher risk of internal theft, and higher risk of robberies. Any cannabis payment processing solution must include tools to mitigate risk of internal theft. At a minimum, that means a cash drawer that opens and closes based on transaction need, and full tracking by employee of cash sales. With the imminent change in banking laws, businesses need a solution that supports cash and credit cards, in addition to other payment methods.

Accepting Credit Cards for Cannabis

Can merchants accept credit cards for marijuana? No. Any company offering cannabis credit card processing is doing some type of hack that could get your business services shut down instantly if the card networks are fully informed of the activity. It’s only a matter of time and how will that disrupt daily operations? For example, here’s the stated rule in Visa Core Rules, April 2019:

An Acquirer must ensure that a Merchant, Marketplace, Payment Facilitator, Sponsored Merchant, or Staged Digital Wallet Operator does not accept Visa Cards for, or display a Visa-Owned Mark on a website and/or application that is used in relation to, the purchase or trade of photographs, video imagery, computer-generated images, cartoons, simulation, products that claim or imply a similar efficacy as prescription drugs, controlled substances, or recreational/street drugs, irrespective of claims of legality or any other media or activities including, but not limited to, activities listed in Section X.

Tips for Legal Payment Processing in 2019

  • Branded re-loadable stored value cards are the simplest way to provide customers with a cashless experience.
  • Accepting cash, have a solution you can remotely audit, including by cashier details. For example, some lower cost solutions let you delete transactions after the sale; that’s not acceptable. A cloud solution that enables businesses to view all transaction types across multiple locations in or near real-time is best.
  • Be ready to accept EMV chip and pin. New laws are likely to be enacted. With a plug an play solution, add an EMV terminal either standalone or integrated. Note, semi-integrated has inherently greater risk of data breach.
  • Choose a cloud solution that supports all current and future sales channels. This means a payment gateway for in-store and online. Get your advice from a payment professional, not a developer as only the former has the financial expertise to help you understand consequences of choices.
  • Maximize customer fraud protection with in-store EMV chip and pin plus 3-D Secure for online purchases; both shift fraud liability, ‘it wasn’t me, I didn’t authorize’ to the issuer.
  • If you want to surcharge for credit cards to offset the fees, then only choose a solution that supports the proper rules, including the surcharge amount as a separate line item on the receipt.

In my opinion, it’s only a matter of time before the flood gates open for cannabis credit card processing, Congress moves slowly, but there’s enough money and American will to get this done sooner or later. In the interim, a cloud solution that supports other payment methods, with full cashier transparency, and will support future needs like EMV chip and pin, is the best payment processing solution.

The Christine Speedy difference. Don’t get suckered by misleading guidance. Call someone who knows the rules. 954-942-0483, 9-5 ET.