US Retailers push for PIN on credit cards as EMV rolls out

Posted on by
Reply

By Jim Finkle

BOSTON (Reuters) – Some big U.S. retailers are stepping up efforts to use personal identification numbers, or PINs, with new credit cards embedded with computer chips in a bid to prevent counterfeit card fraud.

But they are being resisted by the banking industry, which sees no need to invest further in PIN technology, already used with debit cards, resulting in halting adoption and widespread confusion.

A small band of retailers with the clout to call the shots on their branded credit cards is leading the charge. Target Corp is moving ahead with a chip-and-PIN rollout, and Wal-Mart Stores Inc plans to do the same.

But Wal-Mart said it faces obstacles because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Synchrony declined comment.

Broadly, U.S. banks are unprepared or resisting the change.

The impasse comes after many consumers got their hands on new credit cards embedded with so-called EMV chips in advance of an Oct. 1 deadline that required retailers to accept chip cards or be liable for fraud losses. EMV stands for EuroPay, MasterCard and Visa.

But only about a third of merchants are actually using the chip technology, according to analyst estimates. The number may not pick up until early next year, if at all, because the retail industry typically halts upgrades during the crucial holiday shopping season.

“PIN issuance will remain a niche,” said Julie Conroy, credit-card analyst with Aite Group.

Banks favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere.

“The PIN is definitely a must,” said Lance James, chief scientist with cyber intelligence firm Flashpoint. “It’s one extra step that provides true two-factor authentication.”

But bankers say PINs provide little benefit beyond the advantage of using chips in combating the estimated $7 billion-plus in annual U.S. card fraud.

EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite estimates accounts for 37 percent of that fraud. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite estimates accounts for only 14 percent of fraud.

Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers.

“PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens.

PINs are also expensive to implement. Gartner analyst Avivah Litan estimates that banks would have to invest hundreds of millions of dollars in network improvements to support them.

Most retailers have yet to begin using any form of chip technology on credit cards, instead relying on the magnetic strips that are still part of the new cards, even though it now puts them on the hook for fraud losses.

But some are pushing recalcitrant banks, arguing that it is absurd to require them to spend billions of dollars to upgrade their point-of-sale terminals if they are not going to get the added security of chip-and-PIN technology.

“If they really cared about security, it would be a no-brainer,” to use PINs, said National Retail Federation General Counsel Mallory Duncan.

CONFUSION REIGNS

The issue has caused some confusion, even among experts.

A Chase credit card representative this month wrongly tweeted that the firm would soon issue chip and PIN credit cards. A company spokeswoman later said the tweet was a mistake.

The U.S. Federal Bureau of Investigation this month released a public service announcement incorrectly suggesting that all EMV credit cards use PINs, saying “Consumers should use the PIN, instead of a signature, to verify the transaction.” The agency updated the announcement to remove the error.

So far only one PIN credit card is available through a major U.S. retailer, a MasterCard that Target issues through Toronto Dominion Bank.

Target spokeswoman Molly Snyder said her company recently began distributing PIN cards through a rollout that should be completed in the spring.

“We believe that it is the most secure form of payment that is currently available,” Snyder said.

Even though demands for PIN cards are being made by groups representing large retailers, some big merchants say they have no plans to offer PINs.

“Our approach is chip and signature,” said Macy’s Inc spokesman Jim Sluzewski.

JC Penney Co Inc said it has no plans to introduce PINs and has yet to begin processing any chip transactions.

An industry executive said that some retailers have privately confided that they fear widespread PIN adoption could result in slower lines and lost sales from shoppers who forget PINs.

“They don’t want PINs because it clogs up transactions,” said the executive who declined to be named because the discussions were private.

(Reporting by Jim Finkle; Additional reporting by Sruthi Ramakrishnan, John Tilak and David Henry; Editing by Jonathan Weber and Bill Rigby)

Optimal Payments data breach

Posted on by
Reply

(Reuters) – British mobile payments company Optimal Payments Plc said it was investigating allegations that personal data belonging to some of its customers had been compromised and was available in the public domain.

Optimal shares fell 11 percent to 309.5 pence, their sharpest fall in a day this year and lowest since Sept. 16.

The company said the allegations were that the data breaches had occurred at two of its units in 2012 or earlier.

The data consists of names and email addresses of customers and is available for purchase on the “dark web”, a source with knowledge of the hack told Reuters.

The dark web is an area of the Internet that can only be accessed through software that makes web browsing anonymous.

Optimal’s NETELLER and Moneybookers Ltd units had suffered data breaches as a result of cyber attacks in 2009 and 2010, but none of its customers lost any money as a result, the company said.

Optimal said it had informed the Information Commissioner and the Financial Conduct Authority (FCA) about the matter.

The company said it came to know about the allegations following media enquiries.

(Reporting By Mamidipudi Soumithri in Bengaluru; Editing by Anupama Dwivedi and Gopakumar Warrier)

What’s the difference between EIPP and EBPP?

Posted on by
Reply

Both EIPP and EBPP refer to electronic bill presentment and payment and the term can be used interchangeably. E-invoicing and Ebilling started out as a way to electronically deliver invoices; They’re interchangeable as well. The next phase in payment technology included a way collect payment in addition to electronic invoice delivery. EIPP is sometimes used to describe business to business, or B2B, invoicing and EBPP business to consumer, or B2C, but there’s no hard rule. In fact, historically, you may find more references to EBPP vs EIPP.

Companies that primarily deliver B2B electronic bill presentment and payment solutions to businesses include CenPOS, 3Delta, and Billtrust. The differences in solutions is huge. Contact Christine Speedy for insights.

 

 

CenPOS Certifies EMV with Chase Paymentech

Posted on by
Reply

CenPOS certifies to process chip-card transactions with Chase Paymentech, including Level 3 Data for corporate and purchasing cards.

MIAMI, FL (PRWEB) OCTOBER 26, 2015
CenPOS, a payment technology provider, announced today that it has certified EMV, including the processing of level 3 data, to all the card brands with Chase Paymentech. CenPOS continues to certify its payment-processing platform with world-class providers like Chase Paymentech at lightning speed. CenPOS has dedicated extensive resources to ensuring that it was EMV ready in the US and making sure it certified with as many networks as possible; therefore, giving its customers with many choices to choose from. Level III processing helps businesses reduce their cost of card acceptance on all commercial/purchasing cards accepted at their place of business. CenPOS provides level III processing capabilities to Card-present as well as card not present merchants.
“It has been our sheer determination and commitment to be the first provider to be EMV ready in the US. More importantly, we are equally passionate in making sure we bring differentiated value to our valued software partners and customers”, commented German Gonzalez Co-founder and Chief Technology Officer. “We understand the importance for our software integrators to bring an EMV certified solution to their customers and avoid the reputational and legal risk associated with a non-compliant payment solution. While others are still struggling with EMV, we are ready with various acquirers in the US like Chase Paymentech, TSYS and First Data”, added Gonzalez.
About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. For additional information please call 877.630.7960.

### CenPOS global sales and integrations, Christine Speedy 954-942-0483.

B2B Credit Card Payments And EMV Technology

Posted on by
Reply

What’s the best EMV payment technology for business to business (B2B) merchants? Once the requirements are defined for non-EDI payments, the options are limited. Whether card not present only, or a mix of retail, phone, and ecommerce, B2B payments are different.

B2B Credit Card Payment Minimum Requirements.

  • Tokenization to store credit card, and possibly check and wire data
  • Level 3 processing (significantly reduces merchant fees through lower qualified interchange rates)
  • Payment optimization to qualify transactions properly. For example, if merchant does a pre-authorization, and captures at a later date, certain rules need to be met to avoid higher non-qualified interchange rates.
  • 24/7 payment options for customers to serve multi-time zone and increase security

EMV Terminals for B2B.

There are no desktop or countertop terminals that support level III processing, and that won’t change. These terminals are programmed with the acquirer instructions via download, and less frequently, may be connected to Point of Sale (POS) software.

To meet the minimum B2B requirements, a payment gateway is required. Merchants process transactions by accessing a virtual terminal via a secure web page, or with an integrated software solution. The gateway must certify level III processing for each card brand, and EMV, and the specific terminal, for each acquirer.

For example, CenPOS has certified the Verifone MX915 to TSYS, with P2P encryption, level III processing. Most acquirers and banks support TSYS as a way to connect to their platfor; for example, First Data, Chase Paymentech, and Bank of America Merchant Services. To date, no other gateway has certified level 3 processing for retail and EMV. The difference for distributors is huge; it’s not uncommon to reduce merchant fees an average of 30%.

Pending Certifications

Exercise caution on claims of pending certifications, if the solutions provider:

  • Doesn’t have any certifications to date, after a year or more to prepare.
  • Has never had level III processing for retail certification
  • Does not offer a way to automate interchange management in a mixed retail & card not present environment, or for card not present only