Friday, April 7, 2017

Security Threats Facing Online Payment Gateways


[Guest Post from Arthur Jones]
Most experts agree: it is a brave new world for payment gateway providers, which presents both opportunities and challenges. For nearly a decade, cyber security professionals have been warning about the ongoing rise of cybercrime. Agencies like the FBI regularly put out reports detailing the threats to the financial services industry, in particular. As outlets like TechRepublic have reported, this trend is only going to continue, and we may see record levels of cybercrime activity this year.
What kind of threats can we expect to face for online payment gateways? Let’s look at some major security challenges and how they may be addressed payment gateway providers as they continue to innovate and remain competitive in the marketplace.
Information Attacks
It is safe to say that a data breach is one of the most serious threats for payment gateways. Attacks like these can come in many different forms, and because they are smaller and require fewer resources, they are easier to carry out and occur much more frequently. If an attacker gets their hands on sensitive financial information, the losses can be catastrophic, putting companies at the risk of irreparable damage to customer trust.
There are many ways for attackers to breach a system. Phishing attacks consist of fake emails that can trick users into opening harmful links and installing malware or giving up sensitive information. Such attacks can open up system vulnerabilities, giving attackers access to valuable information.
Untrustworthy insiders can also get access to sensitive information and compromise security systems from within the business. Or hackers can gain access to sensitive systems through security breaches in compromised hardware and software.
Credit Card Fraud
Payment gateway providers may be concerned about threats to their internal data systems, but there are external threats to take into account as well. Attackers use skimming devices and other technologies all of the time, which can steal credit card information wherever a credit card is used. After this sensitive information is acquired, attackers can commit credit card fraud wherever they please, which can go undetected until banks or card holders notice suspicious activity related to any compromised accounts.
This is a sort of “death by a thousand cuts” threat for payment providers, as constant small attacks on credit card holders’ information can result in the gradual erosion of customer trust.
DDoS Attacks
Distributed denial of service (DDoS) attacks are a little trickier to deal with, as they can be very powerful and destructive on a systematic level. DDoS attacks are becoming more sophisticated, in that the attackers are finding specific structural weaknesses in internet infrastructure, and then exploiting those weaknesses to bring down large and powerful institutions. Additionally, the expanding internet of things (IoT) makes it much easier for attackers to use internet-connected devices like appliances, TVs, security cameras, and other machines to flood servers with requests, which crashes them.
Typically, only the largest financial institutions are targeted by these attacks. However, hackers are increasingly attacking broader internet structures like the DNS system, which can crash a wide range of businesses’ websites that are using the infrastructure. Fortunately, large attacks such as these have been less frequent, and most payment gateway companies will not have to deal with attacks like these as much. Nevertheless, a downed server poses a threat for payment gateway providers if they’re not able to process transactions in a timely manner.
Safer Transactions
It is important for cyber security professionals, payment gateway providers, and other financial services businesses to continue to develop secure technologies to protect their systems and data. The most promising avenues include advanced encryption, tokenization, and authentication methods, which go a long way towards cutting down on common cyber-attacks. The Payment Card Industry Data Security Standard (PCI DSS) is a powerful industry-wide tool to increase security with, and innovation in this field is welcome as well. Further, proper employee training can go a long way to reduce risk exposure. Ultimately, payment gateway providers and other tech and financial services businesses who innovate in these areas will come out stronger in the future.

Author Bio: Arthur Jones is a consultant for Allied Wallet. He is an innovator in eCommerce services and everything a company needs for success including a global payment gateway system, a prepaid affiliate debit card program, and much more. Arthur has extensive experience in the eCommerce and merchant services industry, and regularly writes about it for interested readers.

IMAGES:

Friday, November 25, 2016

Interchange Plus Benefits and Cost Savings

How Interchange Plus Saves Money When the Markup Becomes Too Expensive

When you have a business, whether it is a retail store, grocery cart or lawncare service, you have to be able to take payments. In today’s world, this means being able to take credit cards easily. Most of your customers are not likely to have cash or even a check on hand to make a payment for products or services. You must be ready to fulfill their need and accept a form of payment that is convenient for them. However, accepting credit cards comes with its own issues, like fees. How do you best handle these fees? Many businesses are finding that interchange plus is a solution to this problem.

What Is Interchange Plus?

Typically, you will have a few options on how your fees will be structured for credit card payments. Common options include bundled or tiered pricing. Interchange plus is another option. With this, you get a pricing structure that allows you to see the components of the costs. It is reported much more clearly and allows you to plan your costs much more easily. It is available for Visa, MasterCard and Discover. 

How Does It Work?

When you process a credit card, the credit card brand will set an interchange rate that you are charged for this transaction. You are also charged a processing fee by the processor. The amount of what you are charged for processing can vary by industry. 

How interchange plus works is it allows you to see the basic processing fees and interchange fees individually instead of bunching them into one basic fee, which is how other methods do it. It allows you to see exactly what you are being charged for every transaction, so you can optimize your credit card related expenses. This is compared to other systems that lump everything together so you do not get to see what is being charged where, so you may never really know what processing or interchange fees you are paying.

What Are the Benefits?

The main benefit here is that it is clearer than other options. You get to see what you are paying in a very easy to understand format. Because you are able to see all the fees, this opens doors to getting lower fees. Companies are more willing to lower costs, which passes the savings onto your business. In addition, you can better choose a processing company because you will know what they are charging you and immediately see the best offer. 

How Do I Find the Best Deal?

The rates you are offered can vary quite a bit. They are based upon many different factors. So, what may be great rates for one business may not be for another. You have to consider things like what industry you are in, how much risk your business poses and your average transaction amounts. There really is no one answer to the question of what is the best deal. The best thing you can do is choose a processing company that has your best interests in mind and who is willing to work with you. They should be open to the idea of interchange plus, too. If a company is used to this method, it will often be very happy to offer you the best possible rates. 


This guest post by Brian Thompson has been provided by our friends at Transaction Services.
Brian Thompson is a business man who means business.  He has helped several companies thrive in the business world, and in his spare time writes for several blogs.
Follow him on Twitter @Biz_Gab

Sunday, October 30, 2016

Troubleshooting Chip-Based Transaction Terminals

The following is a guest post from Brian Thompson at Transaction Services:

With the recent rollout of chip-based credit and debit cards with next-generation security precautions, many merchants have found themselves coping with the troubleshooting that comes with new technology alongside trying to educate customers about the transition to the new technology. Between that and the uneven nature of the upgrade, it can be very difficult to make transactions go smoothly and to keep your registers moving at a regular pace. Here are a few tips and tricks to help you get the most out of your terminal so that you can concentrate on helping your customer.

Connecting the Terminal


Most companies these days are opting for high-speed transaction terminals because they can piggyback on the data connection your company already pays for, and on top of that they also run much more quickly and with fewer dropped attempts. If you’re trying to make a new terminal work, it’s important to start by troubleshooting the basic connection and testing it before you open for the day. To do that, follow these steps:

  • Check to be sure that you have the data cable plugged into the appropriate port.
  • Look at the indicator lights for the model. If any are not lit, consult the owner’s manual to see what to do next.
  • If the terminal still does not work, reboot it by shutting it down and unplugging it for thirty seconds or so before powering it up and letting it initialize itself.
  • Last but not least, confirm that the internet connection itself is working correctly by checking to see if a connected PC or mobile device can access the internet through it.

Troubleshooting Your Digital Services


Sometimes, the connection and the hardware are both in great shape, but it is still impossible to get information through. This tends to happen when high-speed terminals are put on the same connection as a VOIP communication device. For technical reasons, VOIP tends to complicate the ability of the terminal to perform downloads. When that happens, you may need to connect the terminal to an analog phone line to let it download the new software it needs via dial-up.

To coexist well with VOIP services, it is important to know how to switch between VOIP and regular data connections on the device and to use the actual data connection for downloads and transactions. The reason is because the VOIP service will not provide the same kind of network connectivity that an analog phone uses, and the terminal is not able to make use of its analog data connection to send a signal along VOIP. Instead, it needs the regular data connection that other computers use.

The simplest way around this is to connect the high-speed terminal directly to the router instead of going through a VOIP device, but if that is not possible, then the next best choice is to remember to switch from voice to data when you are attempting to process transactions or downloads.

Wrap-Up



There are a variety of other issues that might pop up besides those with digital services, including problems stemming from needing to dial an outside line to use an analog phone system. To find out how to troubleshoot those specific problems, consult your terminal manufacturer’s literature. That way, you will have all the information you need to successfully implement your chip reader.


This guest post by Brian Thompson has been provided by our friends at Transaction Services.
Brian Thompson is a business man who means business.  He has helped several companies thrive in the business world, and in his spare time writes for several blogs.
Follow him on Twitter @Biz_Gab

Friday, October 16, 2015

How To Choose Your Merchant Services Provider

Below is an infographic provided by Leappayments.com -- they contacted me a long, long time ago about featuring this on my blog and it managed to get lost in my inbox for quite a while. Every now and again, I would pull it up and look at it and think to myself that, yes, it was a nice infographic.

And since it features information that, for the most part, I have already written about in various posts, I thought this might act as a handy reminder. So, here it is, compliments of Leap Payments, with whom I have no working relationship, and therefore cannot vouch for the company beyond this excellent presentation.

I will caution only one thing with regard to the infographic. It suggests that you pay attention to online reviews, which you should -- but it does not go into detail about how a very small number of rather loud or disgruntled merchants might give very bad reviews of a company that are because of situations where the merchant was at fault. I've read enough such reviews to be able to recognize them, but most merchants and potential agents probably have not. Trusting bad reviews or outstanding reviews blindly is not a good thing -- always look for reviews that give a balanced view of the experience, back up the conclusion with good examples and otherwise tell something more about the company. Neither a few bad reviews nor a few good ones are likely to tell an accurate picture of a company. Additionally, negative reviews (especially on Rip Off Report) are much more common than positive reviews overall, because people having a good experience are less likely to feel the need to write a review in the first place. After all, why would anyone go out of their way to say, "Company X is doing exactly what they are paid to do," which is essentially what every good review would be saying. It's a service, people! Expect it to work properly and be a good value for the money!



Monday, September 28, 2015

The Chips Are Down

By now, most consumers who use credit cards have found that replacements for their old plastic have arrived with embedded chips in them. And most merchants have been receiving a barrage of calls for months from processing companies trying to convert them using the need for new chip-enhanced terminals as a selling point. A recent article in the NY Times highlighted the issue. This is a real thing that merchants and consumers alike need to pay attention to as the United States catches up to most of the rest of the world regarding the security of credit and debit payment systems.

Why This Is Important

Fraud protection is one of the main reasons that the chip is an important addition to the credit card. Stripes contain easily duplicated magnetically encoded information about the card and the card holder. For this reason, it has been very easy for criminals to steal this information using a small swiping mechanism and subject consumers to identity theft. These tiny devices have been embedded in the payment terminals built into gas station pumps, or used by waiters or waitresses at restaurants who take the card in order to swipe it in a payment station out of view. There are plenty of ways that the information can be stolen off of a magnetic stripe. But not so easily from a chip.

The main reason is that the chip is actually a small computer with encoded data that must communicate with a distant server in order to authorize the charge or debit. It does this by changing its code every time it is used. This may sound complicated, and it may take a second or two longer than swiping a magnetic stripe does, but it offers a nearly impossible to steal or duplicate transaction process. This is why card brands adopted the chip years ago virtually everywhere else. The USA is always a bit slow to catch up on this sort of technology due to the heavy regulations in place for all things financial and the reticence of major companies to engage in huge spending upgrades any earlier than they have to. But the benefits are going to be huge with regard to identity theft.

What This Means To Merchants

The basic thing that merchants need to be aware of is that they will now be responsible for identity theft issues that come from using duplicated magnetic stripes. If a cardholder provides a striped card, the merchant must verify the cardholder's identity or risk being liable for the transaction. This should be standard protocol anyway, but the processing companies are offering cheap or free upgrades to chip-enabled terminals to specifically avoid the costs associated with identity theft and they are going to be very serious about ensuring that merchants use this new tool. On the flip side, the protections involved with chip-based transactions should be higher than the old ones were with the stripe-based transactions.

Tuesday, September 22, 2015

Here is a useful guide to the essentially current Interchange Rates for those of you looking to assess actual hard costs of processing. Keep in mind that the rates do fluctuate several times per year, and that these are the hard costs from the card brands themselves, not including the costs of processing as added by the actual processor or bank you are doing business with (either in the form of markup percentages, fees or a combination of some sort).


For a complete list of US interchange rates, please visit the Visa and MasterCard websites below:
http://usa.visa.com/download/merchants/Visa-USA-Interchange-Reimbursement-Fees-2015-April-18.pdf

http://www.mastercard.com/us/merchant/pdf/MasterCard_Interchange_Rates_and_Criteria.pdf


Current Interchange Rates in the United States


Visa Debit MasterCard Debit
Debit Retail Swipe


Debit Retail Swipe


Visa Debit CPS 0.800 % + 15¢ MC Debit 1.050 % + 15¢
Visa Debit CPS Regulated 0.050 % + 22¢ MC Debit Regulated 0.050 % + 22¢
Visa Debit Prepaid 1.150 % + 15¢ MC Debit Prepaid 1.050 % + 15¢
Visa Debit Business 1.650 % + 15¢
Visa Debit Business Regulated 0.050 % + 22¢


Debit Keyed

Debit Keyed
Visa Debit Keyed CPS 1.650 % + 15¢ MC Debit Keyed 1.600 % + 15¢
Visa Debit Keyed CPS Regulated 0.050 % + 22¢ MC Debit Keyed Regulated 0.050 % + 22¢
Visa Debit Keyed Prepaid 1.750 % + 20¢ MC Debit Keyed Prepaid 1.760 % + 20¢
Visa Debit Keyed Business 2.450 % + 10¢
Visa Debit Keyed Business Regulated 0.050 % + 22¢






Visa Credit Retail Swipe
MasterCard Credit Retail Swipe

Visa CPS Retail 1.510 % + 10¢ MC Consumer 1.580 % + 10¢
Visa Rewards Traditional 1.650 % + 10¢ MC Enhanced 1.730 % + 10¢
Visa Rewards Signature 2.300 % + 10¢ MC World 1.770 % + 10¢
Visa Rewards Signature Preferred 2.100 % + 10¢ MC World Elite 2.300 % + 10¢
Visa Corporate 2.100 % + 10¢ MC Corporate 1.900 % + 10¢
Visa Business 2.200 % + 10¢
Visa Purchasing 2.400 % + 10¢


Visa Keyed


MasterCard Keyed
Visa Keyed CPS Retail 1.800 % + 10¢ MC Keyed Consumer 1.890 % + 10¢
Visa Keyed Rewards Traditional 1.950 % + 10¢ MC Keyed Enhanced 2.040 % + 10¢
Visa Keyed Rewards Signature 2.700 % + 10¢ MC Keyed World 2.050 % + 10¢
Visa Keyed Rewards Signature Preferred 2.300 % + 10¢ MC Keyed World Elite 2.950 % + 10¢
Visa Keyed Corporate 2.950 % + 10¢ MC Keyed Corporate 2.650 % + 10¢
Visa Keyed Business 2.950 % + 20¢
Visa Keyed Purchasing 2.950 % + 10¢
Real Estate & Property Management
MC Real Estate Consumer 1.100 %
MC Real Estate Enhanced 1.100 %
MC Real Estate World 1.100 %
MC Real Estate World Elite 2.200 %
MC Real Estate Corporate 2.650 % + 10¢
Charities
MC Charity Debit (non-regulated) 1.450 % + 15¢
MC Charity Credit 2.000 % + 10¢
International International
Visa International 1.100 % MC International 1.100 %
Visa International Premium 1.100 % MC International Keyed 1.600 %
Visa International Corporate 2.000 %
Visa International Keyed 1.600 %

Association Fees

Association Fees

Visa Card-Brand 0.1300 % MC Card-Brand (Under $1000) 0.1100 %
Visa NAPF (Network Acquirer Processing Fee) 1.95¢ MC Card-Brand (Over $1000) 0.1300 %
Visa Clearing Access 0.25¢ MC ALF (Acquirer License Fee) 0.0045 %
MC NABU (Network Brand Usage Fee) 0.185¢
MC Account Status Inquiry (on $0 auth) 2.500¢
Visa International Cross-Border 0.8000 % MC CVC 2 Authorization Fee 0.250¢
Visa Intl Acquirer Service Fee 0.4500 % MC AVS Authorization Fee 1.000¢
Visa FANF (Fixed Acquirer Network Fee) MasterCard Intl Cross-Border Support 0.4000 %
Visa FANF - Card-Present Per Location $2/mth MasterCard International Cross-Border 0.8500 %
Visa FANF - Keyed Volume $1,000 - $3,999 $7/mth
Visa FANF - Keyed Volume $4,000 - $7,999 $9/mth
Visa FANF - Keyed Volume $8,000 - $39,999 $15/mth
Visa FANF - Keyed Volume $40,000 - $199,999 $45/mth

Tuesday, October 21, 2014

Update to Harbortouch POS Terms Improves the Best Full POS Deal On the Market

The Harbortouch POS systems have always been a good economic choice for small or medium size businesses that want a fully-featured POS system without having to spend thousands (or tens of thousands) of dollars out of pocket just to get set up. But many merchants have balked at the lengthy five-year agreement required to qualify for the "free" equipment placement. Even though the monthly fee was comparable to the requirements of other system providers who charged for their equipment, nobody likes being locked into a service for an extended period.

Good News for New Harbortouch Accounts


Harbortouch has now begun implementing two significant improvements in their agreements for new POS systems. First, on their lower-end POS, there is an automatic trial period of 30 days. While many companies offer 45 days, which is what you need to ensure that a full statement period is covered, this is still an important announcement from Harbortouch. This way, there is a chance to ensure that all the reports work properly and that all deposits happen as they are supposed to.

The really exciting part, however, is that their Elite II system now comes with only a three year commitment. And this is at the same monthly rate that they charged for the service before. This is a significant potential savings when the hard costs of ownership are considered. Of course, the reality is that most merchants will likely continue with the service and the payments well past the three years, but it is good to know that if cheaper and better technology is available, nothing will prevent a merchant from being able to adopt it.


Wednesday, August 6, 2014

Working on a new book

Faithful readers, this is an announcement that my book, tentatively titled The Ultimate Guide to Merchant Processing or some similarly engaging name, is in the works. I'll be releasing info about it here as it gets closer to publication.

The book will be designed as a portable consultant to assist business owners with the process of vetting merchant services companies, working with agents (or avoiding them altogether), choosing their POS system (or sticking with a terminal or mobile app) and more.

Essentially, the book will be an inexpensive alternative to a full analysis and consultation that walks the merchant through the steps of breaking down his or her needs and then arranging the easiest and least expensive solution. Designed to save business owners time and money while increasing profits down the road, the guide will answer the questions that most merchants don't think to ask until it is too late.

If there is anything that YOU would like to see addressed, please don't hesitate to email me with topic suggestions. If I don't get them in the first edition, there is always room to add them to a later revision.

Many thanks!

Wednesday, July 16, 2014

AMEX at the Same Rate as Visa and MasterCard -- Is it True?

Merchants may have been hearing over the past few months that some agents are claiming they can provide American Express transactions at the same low Qualified Rate as swiped Visa and MasterCard transactions. Well, yes and no. It had a lot to do with which network is handling the transactions, at least at the moment, and also what platform the transactions are being processed on.

Let me simplify this a bit. The first thing merchants should know is that only Global Payments affiliated providers are offering this low rate option for AMEX, not First Data network affiliates and probably not Paymentech, either. Merchants with a POS system that requires a First Data connection are currently out of luck unless they change systems. The good news is that merchant services providers like North American Bancard, Total Merchant Services and other processors that use the Global Payments network are already offering the reduced American Express rates to their new clients and rolling them out to existing clients.

For users of mobile "pay as you go" apps like Phone Swipe, PayAnywhere or Square, which use a simple swipe rate for all their card transactions, AMEX is already going through at the lower rate, which is 2.69% for NAB's Phone Swipe or 2.75% for Square. That is already less than most merchants had been paying for AMEX charges. But what of the promised 1.69% (or less) Qualified Rate for merchants on tiered processing?

This is where it gets muddy, but don't worry: it is still a lot cheaper than before. When a merchant has a standard contract and all its monthly fees, they also get much lower rates to offset those fees and, if they are processing over $3,000 each month, ought to see a net savings that improves as volume offsets the monthly fees. Such merchants may have a Qualified credit card rate of anywhere from 1.08% (plus dues and assessments and network fees) on up to around 1.79% or even more, depending on how the account was set up. What is happening now is that American Express is being priced at the same percentage as the other cards, but with a small catch.
The catch is that the other associated charges are slightly higher than the other card brands. Visa, MasterCard and Discover (and also the new PayPal card) all have additional little fees sneakily tacked on and passed through to merchants for things like "brand usage," "network access," "assessments," and more. And these tiny amounts add up. The fact is, each brand of card determines its own fees and to make it possible to sell lower rates, the processing companies take those out of their Qualified Rate and just pass the cost along to the merchant at the end of each statement, all lumped together. This is where merchants will notice that, yes, while their AMEX transactions have the same low rates, they still end up costing slightly more.

The bottom line, though, is that for merchants who take a lot of American Express cards, this new program can lead to a significant savings on the bottom line. Need another bonus? Turns out that the AMEX charges will also post along with the other card brands now, as well, which could be next day or within 48 hours, no longer requiring the additional day or two that American Express sometimes takes to make the deposits. All told, this is a lot of good news for merchants who are set up with the right plan and the right company. 

Consultations are always available, no pressure and no obligation.

Tuesday, July 15, 2014

PayAnywhere Storefront POS-Lite Updates to Version 2.2

The Most Affordable POS System Just Got Upgraded

North American Bancard's PayAnywhere Storefront payment application for Android just got a major tweak. While it still is not a replacement for a full-POS system like Groovv or ShopKeep, it remains a perfect solution for small retail businesses that do not need the system to control the stock of hundreds of inventory items, maintain open checks or log employee hours. PayAnywhere Storefront still allows the input of inventory items for quick checkout (it just doesn't keep track of what is in stock) and offers a wide array of sales reports. But mostly it offers one of the most cost-effective checkout systems for merchants who want to keep low rates and low fees while still tapping into the most-wanted features of the higher-priced systems and taking advantage of added mobility.

New Features in PayAnywhere Storefront 2.2

  • Faster checkout! Merchants no longer have to press an extra button before swiping -- just run the card through the card reader and get that transaction going. There is also a novel new feature to

Thursday, July 10, 2014

Affordable Tablet POS Systems That Support Open Checks and Tips from Groovv and ShopKeep POS

Android and iOS based POS Systems perfect for small and mid-size restaurants, coffee shops, bars or any business that accepts tips or open tabs.

Most mobile credit card processing solutions are not able to handle tips or open checks (tabs) at all, acting strictly as the equivalent of a counter-top terminal for swiping or key-entering a single transaction. This works well enough for most people, who rarely will need modifiers of any sort. However, business owners wishing to move away from or avoid altogether the high-priced POS systems now are seeing viable options appear in the affordable tablet-based solutions entering the market.

While affordable solutions such as Harbortouch have begun presenting themselves in the market for full POS systems required for high-inventory merchants who need extensive employee tracking and reporting for the accountant, the mobile marketplace has seen an explosion recently with excellent retail solutions like

Sunday, April 6, 2014

Time Again for Increases in Interchange Costs

April Interchange Increases

It happens at least twice each year: the credit card processing companies all send out notices regarding unavoidable pricing increases for their merchants. Like clockwork, April brings the news, usually overlooked by merchants who are used to glancing past the fine print on their monthly statements (if they read them at all). In case you missed it, here is a brief rundown of some current increases in interchange cost associated with the major credit card brands.

Not surprisingly, processing companies use this excuse to cry poor, and in addition to merely passing the additional costs on to merchants, they will mostly tack on across the board increases to compensate for the new expenses while also generating more income.