Tag Archives: credit card processing

NRF Says Overturning Dodd-Frank Would Reinstitute Price Fixing by Card Companies

Posted on by
Reply

June 7, 2016 WASHINGTON – The National Retail Federation today released the following statement after Rep. Jeb Hensarling, chairman of the House Financial Services Committee, announced plans to repeal swipe-fee reform and the Dodd-Frank Wall Street Reform Act.

“Today Jeb Hensarling announced that he wants to repeal an important competitive change in Dodd-Frank reform and return to the bad old days when card companies and banks freely picked the public’s pocket,” NRF Senior Vice President and General Counsel Mallory Duncan said.

 

“Protecting bank profit margins at the expense of competition is not sound public policy and it will harm merchants and consumers. The financial services industry attempted to get Congress to reject transparency and competition in 2010 and again in 2011. Both efforts failed. On behalf of retailers and their customers, NRF will fight for free and open markets.”

Swipe fees on debit and credit cards are many retailers’ second-largest operating cost, behind labor. These fees threaten small retailers with failure and keep merchants from hiring and expanding, slowing the entire economy. Exorbitant swipe fees also mean consumers pay higher prices. American merchants and consumers still pay the highest swipe fees in the world on debit and credit cards, according to the Federal Reserve Bank of Kansas City.

Under the Dodd-Frank Consumer Protection and Wall Street Reform Act of 2010, the Federal Reserve was required to adopt regulations that would result in debit swipe fees that were “reasonable and proportional” to the actual cost of processing a transaction. Federal Reserve staff calculated the average cost at 4 cents per transaction and proposed a cap no higher than 12 cents. Nonetheless, after heavy lobbying from banks the Federal Reserve Board of Governors eventually settled on 21 cents plus 0.05 percent of the transaction for fraud recovery and allowed another 1 cent for fraud prevention in most cases. The cap, which applies only to financial institutions with $10 billion or more in assets, took effect in 2011 and totals about 24 cents on a typical debit card transaction.

NRF is the world’s largest retail trade association, representing discount and department stores, home goods and specialty stores, Main Street merchants, grocers, wholesalers, chain restaurants and Internet retailers from the United States and more than 45 countries. Retail is the nation’s largest private sector employer, supporting one in four U.S. jobs – 42 million working Americans. Contributing $2.6 trillion to annual GDP, retail is a daily barometer for the nation’s economy. NRF’s This is Retail campaign highlights the industry’s opportunities for life-long careers, how retailers strengthen communities, and the critical role that retail plays in driving innovation. nrf.com

###

6 Ways To Increase Omnichannel Payment Security & PCI Compliance

Posted on by
Reply

Chip card acceptance has propelled companies to rethink how EMV compliance impacts overall PCI Compliance strategies. According to the Verizon 2015 PCI COMPLIANCE REPORT, 80% of companies fail an interim Payment Card Industry Data Security Standards (PCI-DSS) audit. CenPOS deploys multiple cloud solutions to reduce data security risk, and comply with EMV, while meeting top business priorities like improving customer engagement and the customer experience.

Point-to-Point Encryption (P2PE) – Working with Verifone and Ingenico, CenPOS Enterprise Payments Suite encrypts card data at the point of card swipe or insertion to prevent clear text information from traversing the network thereby protecting data in transit.

Electronic Bill Presentment and Payment (EBPP) – Key entering cardholder data into a computer without the use on an encrypting keypad introduces vulnerabilities that can be exploited by key logging malware.  EBPP allows you to push final invoices to consumer mobile devices via text and email so that they can complete the transaction—eliminating your staff’s need to enter data and reducing vulnerabilities.

Consumer Validation – As chip cards proliferate the United States, counterfeit card fraud rapidly migrates to online channels.  CenPOS Consumer Validation shifts risk to the consumer’s bank, reduces acceptance costs, and increases the approval rate for higher sales.

Chip Card Acceptance (EMV) – The deadline to avoid shifting liability associated with EMV acceptance was October 1, 2015.  Chip card transactions processed using legacy magnetic stripes could result in a chargeback to the merchant with no possibility of reversal.  CenPOS has certified the Verifone MX915 to all processing platforms to protect businesses from the liability shift. CenPOS has been processing chip transactions on multi-lane terminals since January 2015.

Tokenization – Sensitive cardholder data is replaced by a surrogate number, called a token, that eliminates the risk of storing customer information on internal systems.  Subsequent transactions and adjustments can be processed safely using the token to facilitate a transaction.  This service is automatically deployed.  Any attempt to store sensitive cardholder data evokes the tokenization system.

Encrypted Virtual Keypad (EVK) – In some instances, it is desirable to manually enter cardholder information into a system, but this increases data breach, including from key logger malware, on site, from call centers and remote employees.  The CenPOS EVK uses advanced technology to secure data entry by clicking the numbers on an encrypted screen-based keypad, segregating sensitive cardholder data from local hardware and networks.

encrypted virtual keyboard evk cenpos

The combination of these solutions reduces the risk of data loss along with the financial and brand damage associated with security breaches. Additionally, merchants also benefit from increased efficiency, cash flow and EBITDA.

Contact Christine Speedy for P2PE, EBPP, EMV and Customer Validation options, including integrated solutions,

4 Credit Card Processing Tips for Consultants & Accountants

Posted on by
Reply

profits Following several years of regulatory and technology credit card processing changes, 2015 has been another big year of changes. As we close out 2015, what are you advising clients to maximize profits? Every consultant to distributors, especially for building materials, including lumber and millwork, electrical, marble & stone, and plumbing supply, needs to update their merchant services knowledge. These businesses tend to have both a retail and a ‘to the trade’ component, making old solutions potentially outdated, risky, and costly.

  1. EMV liability shift October 2015, shifted liability for counterfeit card, and sometimes lost and stolen card, transaction losses from the issuer to the merchant, if the merchant does not support EMV chip card acceptance. Since businesses never saw this fraud, the financial risk is unknown, but guesses put it in the 1-2% of sales range. The first acquirer (Vantiv) announced penalties effective January 1 if a retail operation does not support EMV chip card transactions. These fees will grow throughout the payment chain in 2016, and be passed down to the merchant. If profit margins are important, EMV compliance is not optional. Between growth in credit card fraud losses and new penalties, distributors need to make the change ASAP.
  2. EMV terminal selection. Retail Distributors fall into two categories: Those who use countertop terminals, and those who use anything else, including mag swipe reader or signature capture terminal. Only the latter are even capable of supporting level 3 data, critical for qualifying for level 3 interchange rates, which makes up more than 95% of credit card processing, or merchant, fees. Yet, the vast majority of recommended EMV solutions are incapable of level 3, and or there is no certification for it. While updating, add NFC for ApplePay and newer payment methods, and P2PE, which encrypts at the terminal head, further mitigating data breach risk.  The best EMV terminal selection for distributors may reduce merchant fees an average of 32% and mitigate data breach risk. Conversely, the wrong choice will directly reduce profit margins. 
  3. PCI Compliance. Internal and external data breaches are a serious growing problem (Lowes and Home Depot both admitted), and best practices are being shared among peers that are ‘risky’ at best. Top areas of concern are paper credit card authorization forms and electronically storing card data (without certified compliant tokenization such as a payment gateway). Both should be eliminated. Online pay pages and other technology solutions have negated the need for employees to ever have access to credit card data, not even for a minute. Has your own company eliminated them?
  4. Quickbooks. For operations that used Intuit Merchant Services because there was no other integrated choice, that’s no longer an issue. Third party integrations empower businesses to use any acquirer. Look for one that supports all payment methods needed (ACH, check, wire, credit card etc). If processing more than $500k annually, fees may drop up to 50%.

CHRISTINE’S RECOMMENDATIONS FOR CLIENT ADVICE TO DISTRIBUTORS:

  • Implement EMV ASAP to avoid penalties and fraud losses.
  • Only implement an EMV solution certified for level 3 processing to maximize profit margins.
  • Get PCI 3.0 Compliant to mitigate risk of financial losses from a data breach- Replace all practices that include credit card access by any employee, even for a minute, with a technology solution.
  • Replace Intuit Merchant Services to maximize profit margins.

Note: this advice is applicable to any business that has a customer base which includes some business to business and retail, even if retail is a small part of the overall payment types accepted.

Credit Card Processing and EMV For Business to Business

Posted on by
Reply

Are business to business merchants being steered to expensive EMV credit card processing solutions? Yes. Too many banks, acquirers and software companies have limited EMV terminal solutions, and none of them are the best solution for business to business (b2b) companies that have a retail component.

Critical Credit Card Processing Needs for Business to Business

  1. Level 3 processing to reduce merchant fees. level 3 interchange rates
  2. Card not present risk mitigation for key entered and online payments, including securing card data collection, and preventing fraud.
  3. Token billing to securely store card data for variable recurring billing.
  4. Flexibility to collect payments from multiple sources and multiple payment types.

Common B2B EMV terminal solutions

There are two types of terminals. The most common type has software loaded on the terminal. For example, the Verifone VX520 with Vx820 EMV & NFC pinpad.

Verifone VX520 VX805 EMV terminal

Verifone VX520 with VX805 EMV terminal

The second type requires an internet connection to a payment gateway. The gateway  manages the terminal, which is essentially a slave to the gateway.

ingenico isc250 signature capture terminal

ingenico isc250 touch signature capture terminal with EMV and NFC.

The first option above doesn’t meet any of the critical B2B needs, yet is the most common solution offered to every company, without regard to business type. The second option is capable of meeting critical B2B needs, but only if the payment gateway supports them.  The only payment gateway with EMV certified terminal and level III processing retail certification is CenPOS. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’s secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. 3D Merchant Services is an authorized CenPOS reseller.

Business to business merchants with a retail business element are advised to consult with a payments expert who offers level III processing for retail. The rest doesn’t matter if this need cannot be met, so it’s an easy way to differentiate those who are selling whatever they have to offer and those who are solving problems to make your business more profitable.

EMV handbook for merchants by Verifone

Posted on by
Reply

emv guide verifone merchant terminalVerifone’s EMV handbook is a comprehensive guide for both retail and card not present merchants. It’s hardware agnostic and the Question and Answer section is especially useful.

Two questions on page 17 about hardware need to be read together. To clarify the liability shift going into effect October 1, the merchant’s hardware (terminal) needs to be more than capable of processing chip card transactions.  It needs to be certified on the processor platform and EMV must be enabled on the merchant account. This is an important distinction.

There may be thousands of terminals in use technically capable of accepting chip cards, but either the terminal is not yet certified for EMV chip card transactions, or the processor has not certified the terminal to their platform.

Beware purchasing terminals that will ‘get you ready’ to be EMV compliant. Will the seller guarantee the terminal will be certified for the acquirer platform you need? For example, acquirers usually have multiple platforms but not all merchants can switch between them. With the liability shift just weeks away, merchants wanting to be EMV compliant should not wait another minute:

  • Buy only EMV certified terminals acquirer confirms can be enabled.
  • Verify firmware and or software is current before buying
  • Request an EMV TID from acquirer
  • Download file, usually required for countertop terminals
  • Install new software driver, if applicable, for virtual terminals

Christine SpeedyThanks for reading! If your business needs EMV certified terminals or Card Not Present risk mitigation solutions today, contact me at 954-942-0483 or 3Dmerchant.com/contact. I specialize in business to business and mid-market payment solutions.