Cannabis Payment Processing

Posted on by
Reply

Recreational shop and medical marijuana dispensaries both face challenges because major banks and the federal government present financial roadblocks. Cannabis is a controlled substance on a federal level, so many financial organizations make it extremely difficult for businesses selling marijuana products to safeguard their profits. This article provides the tips you need to maximize profits while mitigating risk.

Cannabis Payment Processing Current Laws

Cannabis is still part of the Controlled Substances Act, so major banks typically won’t process payments for businesses participating in federally prohibited activities, including cannabis and any cannabis-related activities, regardless of state laws. Banks put themselves at risk of being seized by the Federal Deposit Insurance Corporation (FDIC), which is a risk the big financial institutions won’t take. Independent banks are more flexible and willing to cooperate with those related to the legal cannabis market.

In 2014, the Financial Crimes Enforcement Network (FinCen) issued guidance to financial institutions for providing financial services to marijuana related businesses. Banks can provide services to legal cannabis companies, provided they comply fully with anti money-laundering regulations. Regardless, most of the big banks choose to stay clear of the industry. While it’s technically legal for a bank to support a legal marijuana business, many simply choose not to because it’s not worth the risk of more federal government oversight.

The Secure and Fair Enforcement (SAFE) Banking Act creates protections for depository institutions that provide financial services to cannabis-related legitimate businesses and service providers for such businesses, and for other purposes. This bill has moved forward under the premise that the American people have already spoken about legalizing marijuana and the government must enable the commerce required to support it. It’s winding its way through Congress, with a major step forward in March 2019; the House Committee on Financial Services voted to issue a report to the full chamber recommending that the bill be considered further. Only about 1 in 4 bills are reported out of committee. Track the progress of H.R. 1595 SAFE Banking Act here.

The bill prohibits a federal banking regulator from: (1) terminating or limiting the deposit insurance or share insurance of a depository institution solely because the institution provides financial services to a legitimate marijuana-related business; (2) prohibiting or otherwise discouraging a depository institution from offering financial services to such a business; (3) recommending, incentivizing, or encouraging a depository institution not to offer financial services to an account holder solely because the account holder is affiliated with such a business; or (4) taking any adverse or corrective supervisory action on a loan made to a person solely because the person either owns such a business or owns real estate or equipment leased to such a business.

Cash Only Risks and How to Avoid Them

Cash is great until it isn’t. Gobs of cash require lots of security. Businesses are at higher risk of internal theft, and higher risk of robberies. Any cannabis payment processing solution must include tools to mitigate risk of internal theft. At a minimum, that means a cash drawer that opens and closes based on transaction need, and full tracking by employee of cash sales. With the imminent change in banking laws, businesses need a solution that supports cash and credit cards, in addition to other payment methods.

Accepting Credit Cards for Cannabis

Can merchants accept credit cards for marijuana? No. Any company offering cannabis credit card processing is doing some type of hack that could get your business services shut down instantly if the card networks are fully informed of the activity. It’s only a matter of time and how will that disrupt daily operations? For example, here’s the stated rule in Visa Core Rules, April 2019:

An Acquirer must ensure that a Merchant, Marketplace, Payment Facilitator, Sponsored Merchant, or Staged Digital Wallet Operator does not accept Visa Cards for, or display a Visa-Owned Mark on a website and/or application that is used in relation to, the purchase or trade of photographs, video imagery, computer-generated images, cartoons, simulation, products that claim or imply a similar efficacy as prescription drugs, controlled substances, or recreational/street drugs, irrespective of claims of legality or any other media or activities including, but not limited to, activities listed in Section X.

Tips for Legal Payment Processing in 2019

  • Branded re-loadable stored value cards are the simplest way to provide customers with a cashless experience.
  • Accepting cash, have a solution you can remotely audit, including by cashier details. For example, some lower cost solutions let you delete transactions after the sale; that’s not acceptable. A cloud solution that enables businesses to view all transaction types across multiple locations in or near real-time is best.
  • Be ready to accept EMV chip and pin. New laws are likely to be enacted. With a plug an play solution, add an EMV terminal either standalone or integrated. Note, semi-integrated has inherently greater risk of data breach.
  • Choose a cloud solution that supports all current and future sales channels. This means a payment gateway for in-store and online. Get your advice from a payment professional, not a developer as only the former has the financial expertise to help you understand consequences of choices.
  • Maximize customer fraud protection with in-store EMV chip and pin plus 3-D Secure for online purchases; both shift fraud liability, ‘it wasn’t me, I didn’t authorize’ to the issuer.
  • If you want to surcharge for credit cards to offset the fees, then only choose a solution that supports the proper rules, including the surcharge amount as a separate line item on the receipt.

In my opinion, it’s only a matter of time before the flood gates open for cannabis credit card processing, Congress moves slowly, but there’s enough money and American will to get this done sooner or later. In the interim, a cloud solution that supports other payment methods, with full cashier transparency, and will support future needs like EMV chip and pin, is the best payment processing solution.

The Christine Speedy difference. Don’t get suckered by misleading guidance. Call someone who knows the rules. 954-942-0483, 9-5 ET.

2018 OCCUPATIONAL FRAUD AND ABUSE REPORT

Posted on by
Reply

The 2018 Report to the Nations by the Association of Certified Fraud Examiners (ACFE) is the most comprehensive and widely quoted source of occupational fraud data in the world. Based on information from real fraud cases as reported by global CFE’s the occupational fraud is a resource for those interested in how occupational fraud is committed, how it is detected, who commits it, and how organizations can protect themselves from it.

Get the report FREE 2018 Fraud Report here. I recommend reading the case studies. The stories and methods may change, but ‘trusted’ employees as perpetrators is common both in the reports any my real life experiences.

Looking for solutions to mitigate employee fraud risk? Call for free consultation.

The Christine Speedy difference. Fraud is growing internally and externally. Learn about tools to help your company mitigate risk. Call 954-942-0483, 9-5 ET.

7 Reasons Your B2B Business Should Accept American Express

Posted on by
Reply

Many business to business merchants don’t accept American Express because of the real or perceived high cost of merchant fees and risk of dispute losses vs. the negative impact on profit margins. Here’s a fresh look at the reality of accepting American Express cards in 2019, including as compared to other card brands.

Top Reasons To Accept Accept American Express

  1. Average higher order. Your best customers are also using American Express for corporate purchasing. You may be losing business by not accepting the cards. For example, an actual merchant 1.7X higher average order than other cards.
  2. Higher annual spend. For example, an actual merchant has 3.0 X higher annual spend from American Express buyers than other cards.
  3. Merchants can completely offset the cost of acceptance, usually by surcharging as explained in this article Credit card surcharge rules and laws 2019.
  4. Amex SafeKey provides card not present fraud liability shift as do other card brands. If merchants support it for customer initiated payments, whether online pay portal, invoice click and pay, or ecommerce, they’re protected from friendly fraud ‘it wasn’t me, I didn’t authorize it’ chargeback losses. Rather than defend the chargeback, prevent it from happening and fighting to get your money back.
  5. Customers can take advantage of your early pay discounts and also use the The Pay Over Time option from American Express to extend their cash flow. You get paid on time to improve your cash flow, and customers extend their credit with someone else to manage their cash flow.
  6. Free business promotion. It depends on your business, but in some cases, especially small businesses, American Express does a lot to promote your business online and via other methods. How valuable is that?
  7. Rates may be lower than you think. Fees have broadened into more categories by card type over the years so it’s not just one rate for everything. You may be able to negotiate if you’re a very large business. The biggest expense for other card brands is interchange; if not managed properly, fees may be the same or higher than American Express depending on the card type.
  8. The Christine Speedy difference. Managing credit card fees is critical, and so is understanding the nuances of credit card processing that impacts all merchant fees. The reality is most players in the payments and consulting industries are not familiar with rules that impact your profit and risk. Call 954-942-0483, 9-5 ET for expert advice about all things credit card processing.

Microsoft Dynamics AX ERP Verifone EMV Connector

Posted on by
Reply

Want to accept EMV chip cards with a Verifone MX 915 in your Microsoft Dynamics AX ERP? Ask me about best alternative to Payware for B2B and B2G sales. No Retail MPOS is needed. With our module you’ll be live in no time with all the protections you need to maximize profits, mitigating fraud risk and reducing merchant fees with your existing merchant account.

All transaction types are supported for all your sales channels, and you can accept payments via free text invoices, CRM and more.

The Christine Speedy difference. PCI compliance is important to mitigate data breach risk, but equally important is compliance with complicated card network rules. Have you read any of the 1,000+ pages of Visa Rules? Or 300+ Mastercard transaction processing rules? Have any of the people you rely on? I’ve spent countless hours educating myself on them and learning about the nuances that impact your profit and risk. Technology directly impacts compliance. It doesn’t matter how big or how old a company is; the reality is most players in the payments industry fall behind with every new rule that comes out, even though these rules are usually announced years in advance so that they can prepare. Call 954-942-0483, 9-5 ET for expert advice about all things payments for Microsoft Dynamics AX and D365.


C-Suite Beware: You are the latest targets of cybercrime, warns Verizon 2019 Data Breach Investigations Report

Posted on by
Reply
  • C-level executives increasingly and proactively targeted by social breaches – correlating to a rise of social-engineering attacks with financial motivation.
  • Compromise of web-based email accounts using stolen credentials (98 percent) rising -seen in 60 percent of attacks involving hacking a web application.
  • One quarter of all breaches still associated with espionage.
  • Ransomware attacks still strong, accounting for 24 percent of the malware incidents analyzed and ranking #2 in most-used malware varieties.
  • 12th edition of the DBIR includes data from 73 contributors, the highest number since launch.
  • Analyzes 41,686 security incidents, and 2,013 confirmed breaches from 86 countries.

NEW YORK, May 08, 2019 (GLOBE NEWSWIRE) — C-level executives – who have access to a company’s most sensitive information, are now the major focus for social engineering attacks, alerts the Verizon 2019 Data Breach Investigations Report. Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key driver. Financially-motivated social engineering attacks (12 percent of all data breaches analyzed) are a key topic in this year’s report, highlighting the critical need to ensure ALL levels of employees are made aware of the potential impact of cybercrime.

“Enterprises are increasingly using edge-based applications to deliver credible insights and experience. Supply chain data, video, and other critical – often personal – data WILL be assembled and analyzed at eye-blink speed, changing how applications utilize secure network capabilities” comments George Fischer, president of Verizon Global Enterprise. “Security must remain front and center when implementing these new applications and architectures.

“Technical IT hygiene and network security are table stakes when it comes to reducing risk. It all begins with understanding your risk posture and the threat landscape, so you can develop and action a solid plan to protect your business against the reality of cybercrime. Knowledge is power, and Verizon’s DBIR offers organizations large and small a comprehensive overview of the cyber threat landscape today so they can quickly develop effective defense strategies.”

A successful pretexting attack on senior executives can reap large dividends as a result of their – often unchallenged – approval authority, and privileged access into critical systems. Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through. The increasing success of social attacks such as business email compromises (BECs -which represent 370 incidents or 248 confirmed breaches of those analyzed), can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime.

This year’s findings also highlight how the growing trend to share and store information within cost-effective cloud based solutions is exposing companies to additional security risks. Analysis found that there was a substantial shift towards compromise of cloud-based email accounts via the use of stolen credentials. In addition, publishing errors in the cloud are increasing year-over-year. Misconfiguration (“Miscellaneous Errors”) led to a number of massive, cloud-based file storage breaches, exposing at least 60 million records analyzed in the DBIR dataset. This accounts for 21 percent of breaches caused by errors.

Bryan Sartin, executive director of security professional services at Verizon comments, “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed. They really need access to cyber detection tools to gain access to a daily view of their security posture, supported with statistics on the latest cyber threats. Security needs to be seen as a flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.”

Major findings in summary

The DBIR continues to deliver comprehensive data-driven analysis of the cyber threat landscape. Major findings of the 2019 report include:

  • New analysis from FBI Internet Crime Complaint Center (IC3): Provides insightful analysis of the impact of Business Email Compromises (BECs) and Computer Data Breaches (CDBs). The findings highlight how BECs can be remedied. When the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all US-based business email compromises had 99 percent of the money recovered or frozen; and only 9 percent had nothing recovered.
  • Attacks on Human Resource personnel have decreased from last year: Findings saw 6x fewer Human Resource personnel being impacted this year compared to last, correlating with W-2 tax form scams almost disappearing from the DBIR dataset.
  • Chip and Pin payment technology has started delivering security dividends: The number of physical terminal compromises in payment card related breaches is decreasing compared to web application compromises.
  • Ransomware attacks are still going strong: They account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high profile target.
  • Media-hyped crypto-mining attacks were hardly existent: These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents.
  • Outsider threats remain dominant: External threat actors are still the primary force behind attacks (69 percent of breaches) with insiders accounting for 34 percent.       

Putting business sectors under the microscope

Once again, this year’s report highlights the biggest threats faced by individual industries, and also offers guidance on what companies can do to mitigate against these risks.

“Every year we analyze data and alert companies as to the latest cybercriminal trends in order for them to refocus their security strategies and proactively protect their businesses from cyber threats. However, even though we see specific targets and attack locations change, ultimately the tactics used by the criminals remain the same. There is an urgent need for businesses – large and small – to put the security of their business and protection of customer data first. Often even basic security practices and common sense deter cybercrime,” comments Sartin.

Industry findings of note include:

  • Educational Services: There was a noticeable shift towards financially motivated crime (80 percent). 35 percent of all breaches were due to human error and approximately a quarter of breaches arose from web application attacks, most of which were attributable to the use of stolen credentials used to access cloud-based email.
  • Healthcare: This business sector continues to be the only industry to show a greater number of insider compared to external attacks (60 versus 42 percent respectively). Unsurprisingly, medical data is 18x more likely to be compromised in this industry, and when an internal actor is involved, is it 14x more likely to be a medical professional such as a doctor or nurse.
  • Manufacturing: For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in manufacturing, and this year by a more significant percentage (68 percent).
  • Public Sector: Cyber-espionage rose this year – however, nearly 47 percent of breaches were only discovered years after the initial attack.
  • Retail: Since 2015, Point of Sale (PoS) breaches have decreased by a factor of 10, while Web Application breaches are now 13x more likely.

(More findings on all individual industries may be located in the full report.) 

More data from highest number of contributors ever means deeper insights

“We are privileged to include data from more contributors this year than ever before, and had the pleasure of welcoming the FBI into our fold for the very first time,” adds Sartin. “We are able to provide the valuable insights from our DBIR research as a result of the participation of our renowned contributors. We would like to thank them all for their continued support and welcome other organizations from around the world to join us in our forthcoming editions.”

This is the 12th edition of the DBIR and boosts the highest number of global contributors so far – 73 contributors since its launch in 2008. It contains analysis of 41,686 security incidents, which includes 2,013 confirmed breaches. With this increase of contributors Verizon saw a substantial increase of data to be analyzed, totaling approximately 1.5 billion data points of non-incident data.

This year’s report also debuts new metrics and reasoning which helps identify which services are seen as the most lucrative for attackers to both scan for and attack at scale. This analysis is based on honeypot and internet scan data.

The complete Verizon 2019 Data Breach Investigations Report as well as Executive summary is available on the DBIR resource page. Any organization wishing to become a DBIR contributor should contact dbir@verizon.com for further information.

About Verizon’s security services and solutions
Verizon is a leader in delivering global managed security solutions to enterprises in the financial services, retail, government, technology, healthcare, manufacturing, and energy and transportation sectors. Verizon combines powerful intelligence and analytics with an expansive breadth of professional and managed services, including customizable advanced security operations and managed threat protection services, next-generation commercial technology monitoring and analytics, threat intel and response service and forensics investigations and identity management. Verizon brings the strength and expert knowledge of more than 550 consultants across the globe to proactively reduce security threats and lower information risks to organizations.

Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York City, generated revenues of $130.9 billion in 2018. The company operates America’s most reliable wireless network and the nation’s premier all-fiber network, and delivers integrated solutions to businesses worldwide. With brands like Yahoo, TechCrunch and HuffPost, the company’s media group helps consumers stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. Verizon’s corporate responsibility prioritizes the environmental, social and governance issues most relevant to its business and impact to society.

VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at www.verizon.com/about/news/. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.