Massive Travel Industry Data Leak

Posted on by
Reply

Prestige Software’s main product Cloud Hospitality, the channel management software to the travel industries biggest consumer buying web sites, including Expedia, Hotels.com, and booking.com left data exposed for over 10 million log files, dating all the way back to 2013. At the November 6, 2020 breaking news, it was not yet known whether the data left open on a server was stolen or not. However, we know that criminals run scripts looking for data all the time so it won’t be a surprise if there was a breach.

A channel manager is used to manage bookings across multiple webs sites, including hotels and restaurants. For example with vacancy management, if there is one room left and someone buys it on booking.com, it will show unavailable on hotels.com. With millions of records exposed around the globe, there is sure to be fall out.

Because both personal and credit card data was exposed, I recommend consumers change their travel web site passwords, email passwords, and keep an on on credit card usage or set up alerts.

The data contained full card data and the security code. It’s a PCI Compliance and card network violation to store sensitive cardholder data, therefore, they could lose the ability to store, transmit, and handle all credit card data. While the booking platforms did not expose the data, there is certainly a weakness. For more information from the team that broke the news, see https://www.websiteplanet.com/blog/prestige-soft-breach-report/.

This incident demonstrates your security is only as good as your weakest link. What actions have you taken to remediate deletion of old records both paper and digital? What about your partners? I know of multiple solutions providers that enable merchants to create their own digital credit card authorization forms. This form is then reviewed or downloaded by an employee, with card data key entered then into some other system by the employee. There are so many things wrong with this, including the signature is not even a valid form of defense for card not present. 3-D Secure is the way to go.

  1. If your company uses a 3rd party for billing and or collections, ask questions.
  2. If you’re not using updated tools to keep card numbers out of employee hands, hardware and software, you’re at risk.
  3. Remember, if cardholder data can be decrypted and viewed, you’re at risk.
  4. If you can see the full card number and security code after authorization, that is not compliant.

Contact me for a FREE checkup for common problems IT and security professionals might miss.

If your company has card data that can be retrieved and viewed, you’re at risk too. I fix that.

Christine Speedy, Founder 3D Merchant Services, QIR certified, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified by the PCI Council. Christine is an authorized independent sales agent for a variety of merchant services and payment technology solutions.

2020 Referral Compensation Holiday Cheer

Posted on by
Reply

Refer a business for a new merchant account and get paid $150 per new merchant account. If the business has multiple locations, you get the referral money for each location, no limits! Valid for USA merchants only and account must be approved by 12/31/2020.

What happens if the merchant is not approved by the end of 2020? The promotion is only valid in 2020, however, it will be reviewed on a case by case basis. If you refer a sizeable account, then you’ll likely get compensated, but depending on the number of locations, there may be a delay.

What happens if the merchant doesn’t sign by the end of 2020, but does sign in January or later? The promotion is only valid in 2020, however, it will be reviewed on a case by case basis. If you refer a sizeable account, then you’ll likely get compensated, but depending on the number of locations, there may be a delay.

Do you pay the referral to a person or to a company? That’s up to whomever does the referral.

Christine Speedy, Founder 3D Merchant Services, QIR certified, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified by the PCI Council. Christine is an authorized independent sales agent for a variety of merchant services and payment techology solutions.

3-D Secure 2.0 Merchant Overview 2020 2021

Posted on by
Reply

3-D Secure is a protocol providing an additional layer of security for eCommerce transactions prior to authorization. It enables the exchange of data between the merchant, card issuer and, when necessary, the consumer, to validate that the transaction is being initiated by the actual cardholder. Ecommerce transactions includes traditional shopping cart as well as any digital payment where the cardholder initiates and completes the payment process. For example, einvoicing or electronic bill presentment and payment are ecommerce transactions.

Each card network has a name for their product that uses 3-D secure, also referred to as 3D Secure, 3DS, 3-D Secure authentication or EMV 3-D Secure. Visa rebranded Verified by Visa to Visa Secure. MasterCard SecureCode (3DS 1.0) merchants are being encouraged to migrate to Mastercard Identity Check which uses EMV 3-D Secure 2.0. American Express SafeKey 2.0 is also available now. 3-D Secure 2.x helps reduce fraud and minimize the need for one-time passcodes, improving the user experience and reducing shopping cart abandonment.

What are merchant benefits for using 3-D Secure?

  • More authorization approvals. False declines are a significant source of lost revenue.
  • Some cards have reduced interchange rates when the authentication is invoked, which are usually over 90% of fees. American Express does reduce rates.
  • Less friction for customers at checkout.
  • Reduced risk of chargeback losses. Fraud liability for “it wasn’t me” automatically shifts to the issuer; Merchants do not have to defend those chargebacks, they never even see them.

How do merchants get started using 3-D Secure?

There are two elements- the payment gateway and the merchant account. Contact your payment gateway company to see if they support it and how to set it up. In most cases, this is simply a back office set up process. Merchants may also need to sign acceptance of pricing. The transaction fees are minimal and typically more than offset by the 11 to 20 basis point reduction in merchant fees on applicable cards.

Christine Speedy, Founder 3D Merchant Services, QIR certified, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified by the PCI Council. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions.

Express checkout via email or text

Posted on by
Reply

Express checkout enables customers to pay for invoices, bills, products and services from an email or text message. During the Covid crisis, many businesses have searched for solutions, but not nearly enough have implemented solutions. As a customer, I’m still stuck trying to reach people in different time zones that are not in the office, or solutions that are frequently down or not compliant with card acceptance rules, which puts my card security at risk.

Checklist for B2B card not present express checkout:

  1. Must offer the ability to store a card (which will be managed by the third party provider).
  2. Storing cards must comply with current rules for storing and managing stored cards, including the ability for the customer to manage on demand which cards are on file, delete on demand, etc. See Visa stored credential mandate.
  3. The process to store a card should include a checkbox to opt-in to store the card.
  4. Merchant should secure the transaction with 3-D Secure to ensure lowest fees and chargeback protection.
  5. If not using an integrated solution, it should include the ability to attach invoice on demand to send with payment request.
  6. Solution must support level 3 processing, again to reduce merchant fees and maximize profits.
  7. Optional: partial payments. Some merchants may want to allow partial payment so at least collecting some money while other portion is in dispute or for other reasons.
  8. If omnichannel, the ability to use the same gateway for all services simplifies security management and accounting.
  9. Solution should be compatible with any merchant account so if you make a change, it does not disrupt consumer or merchant.

eipp payment requestIf merchants follow all the above rules, they will get paid faster, increase customer satisfaction, and incremental sales and profits.

Both EIPP and EBPP refer to electronic bill presentment and payment and the term can be used interchangeably. E-invoicing and Ebilling started out as a way to electronically deliver invoices. But now merchants can simply send a payment request, send an invoice, or send an account sign up for the customer to self-input their card on file so the merchant never, ever inputs cardholder data.

Don’t wait. Your customers will walk away when it’s easier to do business with someone else, especially for product lines available from multiple distributors.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions and is QIR certified by the PCI Council. Call Christine for all merchant services related needs.