CenPOS Completes EMV Certification

emv smart card

Miami, FL (PRWEB) January 5, 2015 CenPOS announced today that it has successfully completed its EMV (Europay, MasterCard & Visa) certification with Visa, American Express, Discover and MasterCard. The Card Association announced in August 2011 its EMV migration plan for the US as well as the benefits of EMV compliance, including a liability shift for merchants. Under the current migration plan, merchants processing 75 percent or more of their transactions captured by EMV terminals will be relieved 100 percent from Account Data Compromise compliance. Merchants that do not migrate to EMV and/or are utilizing providers that are not EMV certified will assume 100 percent of the POS fraud liability and retain 100 percent of the PCI burden and related costs.
Currently, POS fraud in the US is estimated in the billions of dollars annually. CenPOS provides merchants with a unified payment platform, a single solution for businesses regardless of the industry type: Retail, Mail Order, eCommerce with VbyV, Mobility, Recurring Billing and Electronic Bill Presentment and Payment. CenPOS also offers additional services at no additional cost to merchants such as Point-to-Point encryption, tokenization, electronic signature capture and BIN management. As a single point provider the platform drives a myriad of payment types like PayPal, ACH, Remote Deposit Capture, Gift cards, Cash, and the typical debit, credit card transactions.
“We are very pleased to have completed this very important certification well ahead of schedule and ahead of most of the other providers. Our merchants now have a sigh of relief in knowing that they will be EMV ready by the current mandated date of October 1st 2015”, remarked Jorge Fernandez Co-Founder and Chairman of CenPOS. “Under the current Card Association mandates the weakest link in the payment ecosystem will bear 100 percent of the POS fraud liability, which is currently assumed by the card issuing banks. CenPOS merchants can now be early adopters of EMV and avoid the risk of being ‘late to the game’ and possibly not meeting the current deadline,” added Fernandez
About CenPOS: CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. For additional information please call 877.630.7960.
### For global sales,  integrations and more information, contact Christine Speedy, 954-942-0483, 8-6 ET. 

First Data Merchant Services phishing scam warning

Because many merchants are on high alert for data breaches, I’m afraid some might be fooled by this phishing scam, which affects many merchants.I received this Flash news for First Data Retail merchants on the North platform.

“First Data has learned of a widespread phishing attack telling recipients that their merchant ID has been locked.

Unsolicited email containing errors should always raise a red flag, especially if combined with a call to action, such as calling a toll-free number or clicking on a link. If you receive an email similar to the one below, immediately delete it from your inbox and deleted items folder.  Do not open any attachments. No further action is required on your part.

If you are a merchant who called the toll-free number below and gave your merchant ID, please call the contact center number on your statement so that First Data can help you monitor for fraudulent activity on your account.”

Below is a copy of the current message.  Note indicators that this is a phishing scam email in red font.

From: FirstData [mailto:verifyaccount@firstdata.com]

Sent: Monday, February 10, 2014 9:58 AM

To: XXXXXXXXXX

Subject: Notification

Dear customer, ß not personalized with merchant contact information

We regret to inform you that your merchant account has been locked. ß no specific account number provided

To continue using our services please call our tool free number +18664103984 and update your information.  ß misspelling and no specific merchant services listed

Please be ready with your Merchant ID and Terminal ID number.  ß no description of process to unlock account

FirstData 2014

### End of phishing scam notice###

For your convenience, I’ve also included an image of what a typical  real newsflash includes. NOTE: The yelllow highlights were from my email program, not from First Data’s actual email footer.

As always, merchants need to be vigilant and follow these tips for account security:

  1. Never give out information to someone who calls you.
  2. Always refer to the phone number on your merchant statement, not something in an email.
  3. Never click on an unsolicited email link to modify passwords, always go direct to the site.
  4. Read the newsflashes that are in the first part of merchant statements.
  5. Segment access to merchant data and permissions by job role.

Prevent theft with Visa tips on merchant security at the point of sale

Increasingly, criminals with sophisticated tools are actively targeting vulnerable merchant  point-of-sale (POS) terminals to steal payment card data and PINs for counterfeit fraud purposes. Criminal gangs worldwide are illegally accessing active POS terminals and modifying them by inserting an undetectable electronic “bug” that captures cardholder data and PINs during normal transaction processing.

Visa has released an excellent bulletin all brick and mortar merchants should read.

Point-of-Sale Terminal Tampering (pdf download)
Is a Crime . . .
and You Can Stop It

 

What is Safe Harbor for PCI Compliance?

Safe Harbor is a term used to describe the protection of business entities from significant financial liability related to payment processing and data breaches. The law and specific Safe Harbor Protection rules are continually evolving. What’s most important for MERCHANTS to understand is that by maintaining Payment Card Industry Data Security Standards (PCI DSS), also known as PCI Compliance for short, and being able to prove it, you are protecting not only your customer data and reputation, but the financial health of your company.

What is Safe Harbor?
Safe harbor is the outcome of the PCI certification process and provides members protection from fines and compliance exposure in the event of a data compromise. To attain safe harbor status:

  • A member, merchant, or service provider must maintain full compliance at all times, including at the time of breach as demonstrated during a forensic investigation.
  • A member, merchant, or service provider must demonstrate that prior to the compromise their merchant had already met the compliance validation requirements, demonstrating full compliance. Note: It is important to note that the submission of compliance validation documentation, in and of itself, does not provide the member safe harbor status. The entity must have adhered to all the requirements at the time of the compromise.

Below are links to more information on the subject:
Posted on March 10, 2010 by David Navetta A Closer Look at the PCI Compliance and Encryption Requirements of Nevada’s Security of Personal Information Law

Per 2006, this is a published MasterCard statement regarding Safe Harbor: MasterCard will fully exempt acquirers from data security-related noncompliance assessments,  investigative costs, and issuer reimbursement costs if the compromised entity:

  • Is found to have been compliant with the Payment Card Industry (PCI) Data Security Standard at the time of the compromise, and
  • Was registered on MOL (in the MRP system) as compliant at the time of the compromise.

Visa defines safe harbor as the following:
“Safe harbor provides members protection from Visa fines and compliance exposure in the event its merchant or service provider experiences a data compromise.”

Visa Compliance Fines

If a member, merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may fine the responsible member. Visa may waive fines in the event of a data compromise if there is no evidence of non-compliance with PCI DSS and Visa rules. To prevent fines a member, merchant, or service provider must maintain full compliance at all times, including at the time of breach as demonstrated during a forensic investigation. Additionally, a member must demonstrate that prior to the compromise the compromised entity had already met the compliance validation requirements, demonstrating full compliance.

Here’s what’s on our North Carolina Government State Comptroller web site:

What is a Safe Harbor? Safe harbor is an element of Visa’s CISP that provides member banks a potential protection from Visa fines and compliance exposure in the event their merchant experiences a data compromise. MasterCard’s SDP has a similar program called SDP Program Registration. Since a merchant must maintain full compliance at all times, including at the time of breach as demonstrated during a forensic investigation, the safe harbor provision offers little protection.

Visa Cardholder Information Security Program (CISP)
Links to general Visa information, non-specific about Safe Harbor
PCI Security Standards – the official organization with everything you need to know to become compliant, non-specific about Safe Harbor.

3D Merchant security links

Visa’s Top Five Data Security Vulnerabilities PDF download