7 Reasons Your B2B Business Should Accept American Express

Posted on by
Reply

Many business to business merchants don’t accept American Express because of the real or perceived high cost of merchant fees and risk of dispute losses vs. the negative impact on profit margins. Here’s a fresh look at the reality of accepting American Express cards in 2019, including as compared to other card brands.

Top Reasons To Accept Accept American Express

  1. Average higher order. Your best customers are also using American Express for corporate purchasing. You may be losing business by not accepting the cards. For example, an actual merchant 1.7X higher average order than other cards.
  2. Higher annual spend. For example, an actual merchant has 3.0 X higher annual spend from American Express buyers than other cards.
  3. Merchants can completely offset the cost of acceptance, usually by surcharging as explained in this article Credit card surcharge rules and laws 2019.
  4. Amex SafeKey provides card not present fraud liability shift as do other card brands. If merchants support it for customer initiated payments, whether online pay portal, invoice click and pay, or ecommerce, they’re protected from friendly fraud ‘it wasn’t me, I didn’t authorize it’ chargeback losses. Rather than defend the chargeback, prevent it from happening and fighting to get your money back.
  5. Customers can take advantage of your early pay discounts and also use the The Pay Over Time option from American Express to extend their cash flow. You get paid on time to improve your cash flow, and customers extend their credit with someone else to manage their cash flow.
  6. Free business promotion. It depends on your business, but in some cases, especially small businesses, American Express does a lot to promote your business online and via other methods. How valuable is that?
  7. Rates may be lower than you think. Fees have broadened into more categories by card type over the years so it’s not just one rate for everything. You may be able to negotiate if you’re a very large business. The biggest expense for other card brands is interchange; if not managed properly, fees may be the same or higher than American Express depending on the card type.
  8. The Christine Speedy difference. Managing credit card fees is critical, and so is understanding the nuances of credit card processing that impacts all merchant fees. The reality is most players in the payments and consulting industries are not familiar with rules that impact your profit and risk. Call 954-942-0483, 9-5 ET for expert advice about all things credit card processing.

Microsoft Dynamics AX ERP Verifone EMV Connector

Posted on by
Reply

Want to accept EMV chip cards with a Verifone MX 915 in your Microsoft Dynamics AX ERP? Ask me about best alternative to Payware for B2B and B2G sales. No Retail MPOS is needed. With our module you’ll be live in no time with all the protections you need to maximize profits, mitigating fraud risk and reducing merchant fees with your existing merchant account.

All transaction types are supported for all your sales channels, and you can accept payments via free text invoices, CRM and more.

The Christine Speedy difference. PCI compliance is important to mitigate data breach risk, but equally important is compliance with complicated card network rules. Have you read any of the 1,000+ pages of Visa Rules? Or 300+ Mastercard transaction processing rules? Have any of the people you rely on? I’ve spent countless hours educating myself on them and learning about the nuances that impact your profit and risk. Technology directly impacts compliance. It doesn’t matter how big or how old a company is; the reality is most players in the payments industry fall behind with every new rule that comes out, even though these rules are usually announced years in advance so that they can prepare. Call 954-942-0483, 9-5 ET for expert advice about all things payments for Microsoft Dynamics AX and D365.


C-Suite Beware: You are the latest targets of cybercrime, warns Verizon 2019 Data Breach Investigations Report

Posted on by
Reply
  • C-level executives increasingly and proactively targeted by social breaches – correlating to a rise of social-engineering attacks with financial motivation.
  • Compromise of web-based email accounts using stolen credentials (98 percent) rising -seen in 60 percent of attacks involving hacking a web application.
  • One quarter of all breaches still associated with espionage.
  • Ransomware attacks still strong, accounting for 24 percent of the malware incidents analyzed and ranking #2 in most-used malware varieties.
  • 12th edition of the DBIR includes data from 73 contributors, the highest number since launch.
  • Analyzes 41,686 security incidents, and 2,013 confirmed breaches from 86 countries.

NEW YORK, May 08, 2019 (GLOBE NEWSWIRE) — C-level executives – who have access to a company’s most sensitive information, are now the major focus for social engineering attacks, alerts the Verizon 2019 Data Breach Investigations Report. Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key driver. Financially-motivated social engineering attacks (12 percent of all data breaches analyzed) are a key topic in this year’s report, highlighting the critical need to ensure ALL levels of employees are made aware of the potential impact of cybercrime.

“Enterprises are increasingly using edge-based applications to deliver credible insights and experience. Supply chain data, video, and other critical – often personal – data WILL be assembled and analyzed at eye-blink speed, changing how applications utilize secure network capabilities” comments George Fischer, president of Verizon Global Enterprise. “Security must remain front and center when implementing these new applications and architectures.

“Technical IT hygiene and network security are table stakes when it comes to reducing risk. It all begins with understanding your risk posture and the threat landscape, so you can develop and action a solid plan to protect your business against the reality of cybercrime. Knowledge is power, and Verizon’s DBIR offers organizations large and small a comprehensive overview of the cyber threat landscape today so they can quickly develop effective defense strategies.”

A successful pretexting attack on senior executives can reap large dividends as a result of their – often unchallenged – approval authority, and privileged access into critical systems. Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through. The increasing success of social attacks such as business email compromises (BECs -which represent 370 incidents or 248 confirmed breaches of those analyzed), can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime.

This year’s findings also highlight how the growing trend to share and store information within cost-effective cloud based solutions is exposing companies to additional security risks. Analysis found that there was a substantial shift towards compromise of cloud-based email accounts via the use of stolen credentials. In addition, publishing errors in the cloud are increasing year-over-year. Misconfiguration (“Miscellaneous Errors”) led to a number of massive, cloud-based file storage breaches, exposing at least 60 million records analyzed in the DBIR dataset. This accounts for 21 percent of breaches caused by errors.

Bryan Sartin, executive director of security professional services at Verizon comments, “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed. They really need access to cyber detection tools to gain access to a daily view of their security posture, supported with statistics on the latest cyber threats. Security needs to be seen as a flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.”

Major findings in summary

The DBIR continues to deliver comprehensive data-driven analysis of the cyber threat landscape. Major findings of the 2019 report include:

  • New analysis from FBI Internet Crime Complaint Center (IC3): Provides insightful analysis of the impact of Business Email Compromises (BECs) and Computer Data Breaches (CDBs). The findings highlight how BECs can be remedied. When the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all US-based business email compromises had 99 percent of the money recovered or frozen; and only 9 percent had nothing recovered.
  • Attacks on Human Resource personnel have decreased from last year: Findings saw 6x fewer Human Resource personnel being impacted this year compared to last, correlating with W-2 tax form scams almost disappearing from the DBIR dataset.
  • Chip and Pin payment technology has started delivering security dividends: The number of physical terminal compromises in payment card related breaches is decreasing compared to web application compromises.
  • Ransomware attacks are still going strong: They account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high profile target.
  • Media-hyped crypto-mining attacks were hardly existent: These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents.
  • Outsider threats remain dominant: External threat actors are still the primary force behind attacks (69 percent of breaches) with insiders accounting for 34 percent.       

Putting business sectors under the microscope

Once again, this year’s report highlights the biggest threats faced by individual industries, and also offers guidance on what companies can do to mitigate against these risks.

“Every year we analyze data and alert companies as to the latest cybercriminal trends in order for them to refocus their security strategies and proactively protect their businesses from cyber threats. However, even though we see specific targets and attack locations change, ultimately the tactics used by the criminals remain the same. There is an urgent need for businesses – large and small – to put the security of their business and protection of customer data first. Often even basic security practices and common sense deter cybercrime,” comments Sartin.

Industry findings of note include:

  • Educational Services: There was a noticeable shift towards financially motivated crime (80 percent). 35 percent of all breaches were due to human error and approximately a quarter of breaches arose from web application attacks, most of which were attributable to the use of stolen credentials used to access cloud-based email.
  • Healthcare: This business sector continues to be the only industry to show a greater number of insider compared to external attacks (60 versus 42 percent respectively). Unsurprisingly, medical data is 18x more likely to be compromised in this industry, and when an internal actor is involved, is it 14x more likely to be a medical professional such as a doctor or nurse.
  • Manufacturing: For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in manufacturing, and this year by a more significant percentage (68 percent).
  • Public Sector: Cyber-espionage rose this year – however, nearly 47 percent of breaches were only discovered years after the initial attack.
  • Retail: Since 2015, Point of Sale (PoS) breaches have decreased by a factor of 10, while Web Application breaches are now 13x more likely.

(More findings on all individual industries may be located in the full report.) 

More data from highest number of contributors ever means deeper insights

“We are privileged to include data from more contributors this year than ever before, and had the pleasure of welcoming the FBI into our fold for the very first time,” adds Sartin. “We are able to provide the valuable insights from our DBIR research as a result of the participation of our renowned contributors. We would like to thank them all for their continued support and welcome other organizations from around the world to join us in our forthcoming editions.”

This is the 12th edition of the DBIR and boosts the highest number of global contributors so far – 73 contributors since its launch in 2008. It contains analysis of 41,686 security incidents, which includes 2,013 confirmed breaches. With this increase of contributors Verizon saw a substantial increase of data to be analyzed, totaling approximately 1.5 billion data points of non-incident data.

This year’s report also debuts new metrics and reasoning which helps identify which services are seen as the most lucrative for attackers to both scan for and attack at scale. This analysis is based on honeypot and internet scan data.

The complete Verizon 2019 Data Breach Investigations Report as well as Executive summary is available on the DBIR resource page. Any organization wishing to become a DBIR contributor should contact dbir@verizon.com for further information.

About Verizon’s security services and solutions
Verizon is a leader in delivering global managed security solutions to enterprises in the financial services, retail, government, technology, healthcare, manufacturing, and energy and transportation sectors. Verizon combines powerful intelligence and analytics with an expansive breadth of professional and managed services, including customizable advanced security operations and managed threat protection services, next-generation commercial technology monitoring and analytics, threat intel and response service and forensics investigations and identity management. Verizon brings the strength and expert knowledge of more than 550 consultants across the globe to proactively reduce security threats and lower information risks to organizations.

Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York City, generated revenues of $130.9 billion in 2018. The company operates America’s most reliable wireless network and the nation’s premier all-fiber network, and delivers integrated solutions to businesses worldwide. With brands like Yahoo, TechCrunch and HuffPost, the company’s media group helps consumers stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. Verizon’s corporate responsibility prioritizes the environmental, social and governance issues most relevant to its business and impact to society.

VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at www.verizon.com/about/news/. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.

D365 ERP F&O credit card processing

Posted on by
Reply

Need a credit card processing solution for D365? What you used in Microsoft Dynamics AX is probably not what you want for Microsoft D365 F&O. That’s because most payment gateways are horribly outdated with current payment processing requirements. Aside from PCI compliance, equally critical is compliance with the card network rules.

Three things you need to ask before selecting a payment gateway for D365:

  • Does the payment gateway support Unscheduled Credential On File?
  • How will you identify expired authorizations and update them?
  • If the initial authorization and final settlement are different, how does the payment gateway manage the authorization so that you can meet requirements for level 3 processing?

D365, ERP, and ecommerce consultants are generally not great resources for the last mile- getting paid, because it’s not their core expertise. If anyone tells you here are two or three options, you choose whichever you want, RUN! Each payment gateway has unique attributes. You need a consultant that not only knows payment processing, but also knows differences between payment gateways and how each will help or hurt your goals.

How can you find a good D365 payment gateway consultant?

While there is not a specific certification that is critical, it helps to have some type of certification vs just experience. The PCI Council offers a few different options, all of which are expensive which is why most people won’t bother getting them. However, because level 4 merchants are required to use only PCI QIR certified individuals, the PCI Council has lowered the cost (as well as the complexity, but that’s another story) to increase the number certified.

Since you’re reading this article, you’re looking for expert help. You’ve found it. I’ve been blogging about payment processing for years. I have used, sold and implemented solutions for authorize.net, PayPal, Payflow Pro, CenPOS, First Data, Chase Paymentech and many, many others. I’ve analyzed merchant statements, ecommerce shopping carts, ERP’s, merchant processors / acquirers, and a host of solutions that interact to impact merchant security, fraud risk, processing fees, and efficiency. Because I’ve seen what happens after the sale, including non-qualified transactions, chargebacks, risky security practices that often go against company policy but employees do it anyway, and more, I’m in a better position than most to give you the best advice for business to business, business to government, large transactions, card not present sales and specialty retail. If I don’t know it, I research everything and ask lots of questions that consultants and merchants don’t know to ask.

The Christine Speedy difference. PCI compliance is important to mitigate data breach risk, but equally important is compliance with complicated card network rules. Have you read any of the 1,000+ pages of Visa Rules? Or 300+ Mastercard transaction processing rules? Have any of the people you rely on? I’ve spent countless hours educating myself on them and learning about the nuances that impact your profit and risk. Technology directly impacts compliance. It doesn’t matter how big or how old a company is; the reality is most players in the payments industry fall behind with every new rule that comes out, even though these rules are usually announced years in advance so that they can prepare. Call 954-942-0483, 9-5 ET for expert advice about all things payments.

Magento Security Alert requires action to maintain PCI Compliance

Posted on by
Reply

Magento 2.3.1, 2.2.8 and 2.1.17 Security Update

A SQL injection vulnerability has been identified in pre-2.3.1 Magento code. To quickly protect your store from this vulnerability only, install patch PRODSECBUG-2198. However, to protect against this vulnerability and others, you must upgrade to Magento Commerce or Open Source 2.3.1 or 2.2.8. We strongly suggest that you install these full patches as soon as you can.

PCI Compliance Requirement 6: Develop and maintain secure systems and applications. All critical systems must have the most recently released software patches to prevent exploitation. The average merchant relies upon third party developers for web site maintenance, but unless specifically contracted to update the e-commerce software and add-on modules, don’t count on it.

Only 16.4% of organizations that had suffered a data breach were compliant with Requirement 6, compared to an average of 64% of organizations assessed by our QSAs in 2014- Verizon 2015 PCI Compliance Report.

Payment gateway implementation requirements have changed over time as a result of cross-site scripting and cross-site request forgery (CSRF) to meet current PCI Compliance standards. Merchants should verify all components of their ecommerce ecosystem are current, and have a system for ongoing monitoring and updating.

RESOURCES

  • Magento Security Center
  • MAGENTO SECURITY ALERT, March 26, 2019
  • Christine Speedy, 3D Merchant Services, offers a Magento payment gateway module for merchants to improve their omnichannel customer experience and mitigate fraud and vulnerability risk. Special B2B customer benefits include friction-less payments across all sales channels; text and email Express Checkout, customer invoice portal for 24/7 ACH, credit card, wire and more payment types, and US EMV with level 3 processing. Magento and ERP modules combine to provide a powerful array of solutions to improve cash flow and profits while maximizing security. 954-942-0483.