Optimal Payments data breach

(Reuters) – British mobile payments company Optimal Payments Plc said it was investigating allegations that personal data belonging to some of its customers had been compromised and was available in the public domain.

Optimal shares fell 11 percent to 309.5 pence, their sharpest fall in a day this year and lowest since Sept. 16.

The company said the allegations were that the data breaches had occurred at two of its units in 2012 or earlier.

The data consists of names and email addresses of customers and is available for purchase on the “dark web”, a source with knowledge of the hack told Reuters.

The dark web is an area of the Internet that can only be accessed through software that makes web browsing anonymous.

Optimal’s NETELLER and Moneybookers Ltd units had suffered data breaches as a result of cyber attacks in 2009 and 2010, but none of its customers lost any money as a result, the company said.

Optimal said it had informed the Information Commissioner and the Financial Conduct Authority (FCA) about the matter.

The company said it came to know about the allegations following media enquiries.

(Reporting By Mamidipudi Soumithri in Bengaluru; Editing by Anupama Dwivedi and Gopakumar Warrier)

What’s the difference between EIPP and EBPP?

Both EIPP and EBPP refer to electronic bill presentment and payment and the term can be used interchangeably. E-invoicing and Ebilling started out as a way to electronically deliver invoices; They’re interchangeable as well. The next phase in payment technology included a way collect payment in addition to electronic invoice delivery. EIPP is sometimes used to describe business to business, or B2B, invoicing and EBPP business to consumer, or B2C, but there’s no hard rule. In fact, historically, you may find more references to EBPP vs EIPP.

Companies that primarily deliver B2B electronic bill presentment and payment solutions to businesses include CenPOS, 3Delta, and Billtrust. The differences in solutions is huge. Contact Christine Speedy for insights.

 

 

CenPOS Certifies EMV with Chase Paymentech

CenPOS certifies to process chip-card transactions with Chase Paymentech, including Level 3 Data for corporate and purchasing cards.

MIAMI, FL (PRWEB) OCTOBER 26, 2015
CenPOS, a payment technology provider, announced today that it has certified EMV, including the processing of level 3 data, to all the card brands with Chase Paymentech. CenPOS continues to certify its payment-processing platform with world-class providers like Chase Paymentech at lightning speed. CenPOS has dedicated extensive resources to ensuring that it was EMV ready in the US and making sure it certified with as many networks as possible; therefore, giving its customers with many choices to choose from. Level III processing helps businesses reduce their cost of card acceptance on all commercial/purchasing cards accepted at their place of business. CenPOS provides level III processing capabilities to Card-present as well as card not present merchants.
“It has been our sheer determination and commitment to be the first provider to be EMV ready in the US. More importantly, we are equally passionate in making sure we bring differentiated value to our valued software partners and customers”, commented German Gonzalez Co-founder and Chief Technology Officer. “We understand the importance for our software integrators to bring an EMV certified solution to their customers and avoid the reputational and legal risk associated with a non-compliant payment solution. While others are still struggling with EMV, we are ready with various acquirers in the US like Chase Paymentech, TSYS and First Data”, added Gonzalez.
About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. For additional information please call 877.630.7960.

### CenPOS global sales and integrations, Christine Speedy 954-942-0483.

B2B Credit Card Payments And EMV Technology

What’s the best EMV payment technology for business to business (B2B) merchants? Once the requirements are defined for non-EDI payments, the options are limited. Whether card not present only, or a mix of retail, phone, and ecommerce, B2B payments are different.

B2B Credit Card Payment Minimum Requirements.

  • Tokenization to store credit card, and possibly check and wire data
  • Level 3 processing (significantly reduces merchant fees through lower qualified interchange rates)
  • Payment optimization to qualify transactions properly. For example, if merchant does a pre-authorization, and captures at a later date, certain rules need to be met to avoid higher non-qualified interchange rates.
  • 24/7 payment options for customers to serve multi-time zone and increase security

EMV Terminals for B2B.

There are no desktop or countertop terminals that support level III processing, and that won’t change. These terminals are programmed with the acquirer instructions via download, and less frequently, may be connected to Point of Sale (POS) software.

To meet the minimum B2B requirements, a payment gateway is required. Merchants process transactions by accessing a virtual terminal via a secure web page, or with an integrated software solution. The gateway must certify level III processing for each card brand, and EMV, and the specific terminal, for each acquirer.

For example, CenPOS has certified the Verifone MX915 to TSYS, with P2P encryption, level III processing. Most acquirers and banks support TSYS as a way to connect to their platfor; for example, First Data, Chase Paymentech, and Bank of America Merchant Services. To date, no other gateway has certified level 3 processing for retail and EMV. The difference for distributors is huge; it’s not uncommon to reduce merchant fees an average of 30%.

Pending Certifications

Exercise caution on claims of pending certifications, if the solutions provider:

  • Doesn’t have any certifications to date, after a year or more to prepare.
  • Has never had level III processing for retail certification
  • Does not offer a way to automate interchange management in a mixed retail & card not present environment, or for card not present only

 

 

 

EMV chip and pin liability shift hidden merchant risk

EMV terminal and EMV technology selection can impact merchant liability depending on chip and pin capabilities and management of them. Use this information to ask key questions before selecting an EMV solution.

Liability shift for stolen cards for MasterCard, American Express, and Discover

  • If the card is chip & sign, and the terminal is EMV only, the card issuer is liable
  • If the card is chip & pin, and the terminal is EMV only, the merchant is liable
  • If the card is chip & pin, and the terminal is EMV with pin, the issuer is liable

What if the terminal supports EMV & pin, but the customer does chip & sign? The merchant is liable.  Acquirers generally support chip and pin bypass to chip and signature. The only way to effectively manage liability is to steer customers to the action protecting the merchant.

emv fraud liabilityTerminals may be able to be programmed to disable pin bypass; First Data ships terminals with PIN bypass disabled.

  • Integrated payment gateways and and standalone virtual terminals can also drive terminals; because the terminals have no programming, the payment technology must have the capability to dynamically determine the best way to process, and prompt the consumer to the actions allowed. This is a tall order for most gateways, as they do not have that type of dynamic capability, and or, the gateway may not have the needed EMV certification. CenPOS disables the consumers ability to select signature over pin at the POS.

The entire EMV transaction process is certified. If an EMV certified terminal, including integrated or non-integrated payment gateway with terminal, doesn’t support the option to require chip and pin when the card issuer supports it, merchants need to weigh the associated financial risks.