The internet has opened up a world of possibilities. The power of this virtual world has been discovered by innovative entrepreneurs, and now anyone with initiative can start a business with the least capital possible-time, computer, internet connection and a great product idea. These are categorized as small businesses online and as with all e-commerce systems, they require credit card processing for the payments of online buyers. This is where the merchant service providers come in.
What are Merchant Services?
Merchant services allow the business owners to process credit card payments for their online buyers. The core of the service is the merchant account, a commercial bank account with which you can route payment from the customer's bank to your bank account, through a credit card processor. Merchant accounts are also offered by financial institutions such as banks but these accounts are too costly, with expensive monthly fees.
The best services for small businesses are third-party payment processors and the Independent Service Organizations (ISO). The former are companies that already have merchant accounts. They send your credit card processing through it, taking care of the whole purchasing process from choosing the right shopping cart (with which the buyers can put the items they want to purchase) for the merchant payment gateway (a complex "passageway" wherein the credit card transaction is verified through the buyer's bank and card association authentication before the final approval of the purchase). Third-party processors also provide customer and billing inquiry services, all at a relatively small fee.
ISOs, meanwhile, are representatives of one or several of these third-party payment processors, offering credit card processing services through their established bank card relationship with card association members such as Visa and MasterCard, among others.
What Makes a Good Merchant Service Provider?
If you want to start your own online business, you have to shop for the right service provider that addresses every need of your business. The following are just some of the factors that you have to consider:
• How long has the company been in the field? Longer experience is always the best gauge of quality service.
• Does the merchant service provider dedicate itself to ensuring the privacy and security of the transactions and information? It is best to ask what measures the company goes through, to protect the delicate information they handle. Most of qualified and better-known companies, for example, use iSpyFraud, a fraud-detection software.
• How much is the monthly rate? Do not just take the rates and fees listed on company websites at face value. Research deeper, and you might unearth hidden fees. A good credit card processing company charges a low monthly fee and is transparent with its fees and costs as the service progresses. This is especially vital for small businesses that already have small capital to start with.
Currently, there is a myriad of merchant service providers eager to help online entrepreneurs. Hidden among them are scammers and frauds, eager to pilfer money from the not-too-well-informed such as newcomers in the small business arena. The best way to ward them off is to research and continuously educate oneself on the ever-changing dynamic geography of e-commerce.
Sunday, June 12, 2011
Saturday, June 11, 2011
Why you need a PCI compliant credit card machine
Because we live in an insecure world
In January 2009, Heartland Payment Systems announced a data breach that may have compromised tens of millions of credit and debit card transactions. This breach was one of the largest in history, and came on the heels of another large breach in December 2008 of RBS Worldplay (a susidiary of Citizens Financial Group Inc.) which compromised 1.5 million credit card numbers. Other large breaches include Hannaford Brothers Co. in March 2008 (4.2 million numbers), and TJX Companies, Inc. (Marshalls and TJ Maxx) in 2007, who reported 45 million numbers had been compromised over a 3-year period.
Closer to home, I received new Discover Cards in the mail last week with a short explanation that our account had been compromised.
What are PCI standards?
PCI (Payment Card Industry) standards are provided by the PCI Security Standards Council, an organization founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. to promote security through strict guidelines and education. In order for a processing terminal to be deemed "PCI compliant", it must meet the high security standards of the Council which have been put in place to prevent cardholder information from being stolen or tampered with. For instance, a PCI compliant credit card machine will not retain transaction information after a daily batch has been submitted to a payment processor.
Will your credit card machine become a dinosaur?
In 2008, Visa/Mastercard began a 5-phase process that would phase out insecure credit card processing equipment by requiring that payment processors only offer PCI compliant credit card terminals to NEW merchant account customers. The fifth phase will be implemented in July, 2010. At that point payment processors will require ALL merchants to use PCI compliant terminal. What will it cost to replace my card processing equipment with a PCI compliant terminal?
Many merchants are finding that the cost to replace their current credit card processing equipment can be quite expensive. A recent post at the Small Business Ideas Forum stated:
I recently received a letter from my merchant services provider saying that the device I have been using to accept credit cards for the last eight years needs to be replaced because of new regulations that are being put into place by Visa and MasterCard. They say I could be fined if i don't replace it with a new state of the art terminal! I looked into it, and it is true that they are implementing new security standards that are phasing out a lot of the older credit card terminals effective on 7/1/2010.
In my opinion it's just a scam by Visa and MasterCard to sell credit card terminals! But what do I know? The bad part is that the credit card terminal my provider is offering to replace my old one costs $600!!!
While this poster is definitely wrong about the new guidelines being used as a means for Visa/MasterCard to increase their profits, I'm sure the cost of replacing his equipment was a shock. Thankfully, there is cost-effective solution when it comes to terminal replacement. Merchant service providers, such as Money Tree Merchant Services include free credit card machines or wireless terminals as part of their merchant account packages. When you become a new retail customer, your equipment is automatically be upgraded to a PCI compliant terminal at no additional cost.
PCI compliance is a matter of security and safety not just for you as a merchant, but for your customers as well. Security should be viewed as a benefit, a benefit that your company can promote. In the end it will bring in more income and the cost does not have to be prohibitive.
Article Source: http://EzineArticles.com/3375815
In January 2009, Heartland Payment Systems announced a data breach that may have compromised tens of millions of credit and debit card transactions. This breach was one of the largest in history, and came on the heels of another large breach in December 2008 of RBS Worldplay (a susidiary of Citizens Financial Group Inc.) which compromised 1.5 million credit card numbers. Other large breaches include Hannaford Brothers Co. in March 2008 (4.2 million numbers), and TJX Companies, Inc. (Marshalls and TJ Maxx) in 2007, who reported 45 million numbers had been compromised over a 3-year period.
Closer to home, I received new Discover Cards in the mail last week with a short explanation that our account had been compromised.
What are PCI standards?
PCI (Payment Card Industry) standards are provided by the PCI Security Standards Council, an organization founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. to promote security through strict guidelines and education. In order for a processing terminal to be deemed "PCI compliant", it must meet the high security standards of the Council which have been put in place to prevent cardholder information from being stolen or tampered with. For instance, a PCI compliant credit card machine will not retain transaction information after a daily batch has been submitted to a payment processor.
Will your credit card machine become a dinosaur?
In 2008, Visa/Mastercard began a 5-phase process that would phase out insecure credit card processing equipment by requiring that payment processors only offer PCI compliant credit card terminals to NEW merchant account customers. The fifth phase will be implemented in July, 2010. At that point payment processors will require ALL merchants to use PCI compliant terminal. What will it cost to replace my card processing equipment with a PCI compliant terminal?
Many merchants are finding that the cost to replace their current credit card processing equipment can be quite expensive. A recent post at the Small Business Ideas Forum stated:
I recently received a letter from my merchant services provider saying that the device I have been using to accept credit cards for the last eight years needs to be replaced because of new regulations that are being put into place by Visa and MasterCard. They say I could be fined if i don't replace it with a new state of the art terminal! I looked into it, and it is true that they are implementing new security standards that are phasing out a lot of the older credit card terminals effective on 7/1/2010.
In my opinion it's just a scam by Visa and MasterCard to sell credit card terminals! But what do I know? The bad part is that the credit card terminal my provider is offering to replace my old one costs $600!!!
While this poster is definitely wrong about the new guidelines being used as a means for Visa/MasterCard to increase their profits, I'm sure the cost of replacing his equipment was a shock. Thankfully, there is cost-effective solution when it comes to terminal replacement. Merchant service providers, such as Money Tree Merchant Services include free credit card machines or wireless terminals as part of their merchant account packages. When you become a new retail customer, your equipment is automatically be upgraded to a PCI compliant terminal at no additional cost.
PCI compliance is a matter of security and safety not just for you as a merchant, but for your customers as well. Security should be viewed as a benefit, a benefit that your company can promote. In the end it will bring in more income and the cost does not have to be prohibitive.
Article Source: http://EzineArticles.com/3375815
Reviewing the Two Types of Credit Card Merchant Service Providers in the Market
Online payment systems haven't been as simple as they are today. With a credit card and a click of a button, a purchase can be created. Card merchant services provide businesses with the ability to accept payments through credit and debit cards, the preferred method of payment around the world today.
In the early 2000s, merchants had to make an application for special accounts with banks. Once the accounts had been created, banks accepted the transactions from the consumers on behalf of the organization, transferring the cash from the bank that issued the credit card into the bank from the company.
Critiquing Merchant Services: The Two Types
Today, the selection is no longer that limited. There are now two kinds of these services: processors and resellers.
Processors, also called acquirers, are banks that receive transaction details from the merchant, communicate with financial institutions in approving the transaction, and deposit funds into the merchant's banking account whenever a purchase has been completed.
Resellers, also called Independent Sales Organizations (ISOs), are third-party organizations that resell the offered products and services of 1 or even more processors for a higher fee, as these institutions aren't restricted to the rules and regulations that most banks have. Regarded as middlemen because they do not perform the actual services sold, these entities have an agreement to sell the services of the bank or the bank/processor alliance.
Merchants stick with their existing banks directly for credit card processing since:
banks will waive service fees for letting them pick the provider
they tend to be more convenient
they cut out middleman costs
they possess a feeling of loyalty to the bank
The main disadvantage of choosing a processor is the fact that because this industry is not their priority, banks may have a far more limited knowledge of credit card processing. Because of this, customer support will be compromised, processing equipment costs higher or ISOs might be hired anyway.
ISOs offer all the products that processors have because these organizations can resell for multiple processors and could contract along with other providers for support. Some studies have shown that ISOs are the more commonly chosen providers, handling roughly 80% of all merchant services, with less than 200 from the 700 to several thousand organizations providing legitimate operations. This reason to be concerned was reported because a lot of companies filed complaints against ISOs that advertised reduced rates but charged excessive fees for processing and equipment once the contracts had been signed.
Ultimately, processors will be the safer bet for startup companies that continue to be getting a feel of the industry. Businesses with a little more experience can venture into researching for the best ISO in the market to meet all the needs of the business, the fees, rates and conditions of all the major companies, the specializations the company provides and the new trends in the payment processing industry. This could take a great deal of time and energy on the part of the company but ultimately might be a better option over time.
In the early 2000s, merchants had to make an application for special accounts with banks. Once the accounts had been created, banks accepted the transactions from the consumers on behalf of the organization, transferring the cash from the bank that issued the credit card into the bank from the company.
Critiquing Merchant Services: The Two Types
Today, the selection is no longer that limited. There are now two kinds of these services: processors and resellers.
Processors, also called acquirers, are banks that receive transaction details from the merchant, communicate with financial institutions in approving the transaction, and deposit funds into the merchant's banking account whenever a purchase has been completed.
Resellers, also called Independent Sales Organizations (ISOs), are third-party organizations that resell the offered products and services of 1 or even more processors for a higher fee, as these institutions aren't restricted to the rules and regulations that most banks have. Regarded as middlemen because they do not perform the actual services sold, these entities have an agreement to sell the services of the bank or the bank/processor alliance.
Merchants stick with their existing banks directly for credit card processing since:
banks will waive service fees for letting them pick the provider
they tend to be more convenient
they cut out middleman costs
they possess a feeling of loyalty to the bank
The main disadvantage of choosing a processor is the fact that because this industry is not their priority, banks may have a far more limited knowledge of credit card processing. Because of this, customer support will be compromised, processing equipment costs higher or ISOs might be hired anyway.
ISOs offer all the products that processors have because these organizations can resell for multiple processors and could contract along with other providers for support. Some studies have shown that ISOs are the more commonly chosen providers, handling roughly 80% of all merchant services, with less than 200 from the 700 to several thousand organizations providing legitimate operations. This reason to be concerned was reported because a lot of companies filed complaints against ISOs that advertised reduced rates but charged excessive fees for processing and equipment once the contracts had been signed.
Ultimately, processors will be the safer bet for startup companies that continue to be getting a feel of the industry. Businesses with a little more experience can venture into researching for the best ISO in the market to meet all the needs of the business, the fees, rates and conditions of all the major companies, the specializations the company provides and the new trends in the payment processing industry. This could take a great deal of time and energy on the part of the company but ultimately might be a better option over time.
Do You Need Credit card Processing Services?
Are your customers requesting credit card processing services? If so, you may want to consider including this service to your company’s Website to be able to provide convenient payment systems that will bring back repeat business. Many companies today are moving more toward e-commerce, which means that if you want to refrain from getting left behind, you should get ready to join the throng of professionals who are marching into the electronic age of doing business.
Merchant Accounts
Although small businesses have historically been of little interest to criminals looking for valuable debit and credit card data, a recent Visa® analysis has found that small merchants account for more than 80 percent of data in security breaches. Because this is of obvious concern for businesses, Instamerchant.com, is proud to introduce a new Tokenization security product - a payment security solution that encrypts and tokenizes card holder data to actively prevent fraud and drastically reduce risk for merchants using an intermet merchant account.
Simply put, Tokenization is the process of creating a string of random characters called a token (or alias) that acts as a substitute for real data. The original value is maintained in an index database (the vault) and because there is no direct mathematical relationship between the original value and the resulting token, there is no key that can reverse the process to turn the token back into meaningful data - rendering crooks helpless.
"This Tokenization product is so powerful that it comes with a limited warranty that if the token is stolen by an unauthorized user it won't be able to be used fraudulently against the merchant," says David Standage, the owner of the credit card merchant account company - InstaMerchant.com.
While Tokenization and encryption aren't necessarily brand new technologies, they have recently become two of the leading technologies for the protection of sensitive payment card data. In fact, Tokenization has become such an important means for merchants to protect data post-authorization, that the Payment Card Industry (PCI) and the Security Standards Council are considering whether tokenization should be included in an upcoming version of the PCI Data Security Standards.
Rather than wait for Tokenization to be mandated, Instamerchant.com is proactively offering the technology in their new security solution because they believe the system is loaded with security benefits, will vastly reduce the risk of a data breach, as well as, lessen the scope and cost of their PCI security audits - all reasons to choose Instamerchant.com.
Every retailer, restaurant or Internet merchant that accepts debit and credit cards as a form of payment is at risk of hackers and thieves stealing their merchant data. However, Instamerchant.com, with their newly launched security solution, is proud to provide the peace of mind that these tokens, within their new system, cannot be monetized if exposed or stolen by an unauthorized user - an Instamerchant.com security solution that any small business can benefit from.
Instamerchant.com provides every type of electronic payment which includes credit card processing, check guarantee, debit cards and gift cards for both retail and Internet merchants. They work with all business types and sizes from home based Internet businesses to mom and pop retail stores, to large national chains. Instamerchant.com are experts when it comes to providing merchants with poor credit a bad credit merchant account.
Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2011/04/14/prweb8305755.DTL#ixzz1P2fJDOSO
Simply put, Tokenization is the process of creating a string of random characters called a token (or alias) that acts as a substitute for real data. The original value is maintained in an index database (the vault) and because there is no direct mathematical relationship between the original value and the resulting token, there is no key that can reverse the process to turn the token back into meaningful data - rendering crooks helpless.
"This Tokenization product is so powerful that it comes with a limited warranty that if the token is stolen by an unauthorized user it won't be able to be used fraudulently against the merchant," says David Standage, the owner of the credit card merchant account company - InstaMerchant.com.
While Tokenization and encryption aren't necessarily brand new technologies, they have recently become two of the leading technologies for the protection of sensitive payment card data. In fact, Tokenization has become such an important means for merchants to protect data post-authorization, that the Payment Card Industry (PCI) and the Security Standards Council are considering whether tokenization should be included in an upcoming version of the PCI Data Security Standards.
Rather than wait for Tokenization to be mandated, Instamerchant.com is proactively offering the technology in their new security solution because they believe the system is loaded with security benefits, will vastly reduce the risk of a data breach, as well as, lessen the scope and cost of their PCI security audits - all reasons to choose Instamerchant.com.
Every retailer, restaurant or Internet merchant that accepts debit and credit cards as a form of payment is at risk of hackers and thieves stealing their merchant data. However, Instamerchant.com, with their newly launched security solution, is proud to provide the peace of mind that these tokens, within their new system, cannot be monetized if exposed or stolen by an unauthorized user - an Instamerchant.com security solution that any small business can benefit from.
Instamerchant.com provides every type of electronic payment which includes credit card processing, check guarantee, debit cards and gift cards for both retail and Internet merchants. They work with all business types and sizes from home based Internet businesses to mom and pop retail stores, to large national chains. Instamerchant.com are experts when it comes to providing merchants with poor credit a bad credit merchant account.
Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2011/04/14/prweb8305755.DTL#ixzz1P2fJDOSO
Phishing Attack Targets Merchant Accounts
The point of many phishing scams is to gain access to bank or credit account information for financial gain. So, it makes sense to target users or accounts with the highest odds of containing substantial amounts of money. That explains a new phishing attack reported by AppRiver which takes aim at customers of Global Payments.
Similar Articles:
More than E-mail at Stake in Google Gmail Attack
4 Security Tips Spurred by Recent Phishing Attacks on Gmail, Hotmail, and Yahoo
LizaMoon Attack: What You Need To Know
Reports: 77 Million PlayStation Network Accounts Compromised
Hotmail Accounts Breached by Suspected Phishing Attack
Text Message of 'Death' Threatens Phone Security
Many phishing attacks simply cast as wide a net as possible and hope that at least some of the victims snared by the scam have funds to make it worthwhile. By specifically targeting a merchant services company--a provider that processes credit card payments for retail establishments--the attackers greatly enhance the chances that any compromised accounts will actually have money available--perhaps a lot of money.
Fred Touchette, a senior security analyst with AppRiver, explains in a blog post, "Global Payments is a company that handles merchant services for all sorts of businesses such as restaurants, retail stores, hotels, hospitals, you name it. Basically their service can be used by anyone that needs to process credit card transactions."
The best protection from phishing scams is a combination of common sense and healthy skepticism.Touchette describes how the phishing attack works as well. "These attacks arrive in email form, as is often the case, pretending to be from Global Payments, stating the usual "Your account has been blocked due to unusual activity". As is also usual, the email asks the recipients to click on the link provided and log-in to their accounts to correct the situation. Once victims provide the false sites with their credentials, they then give the attackers full access to their accounts."
As Touchette alludes to in the blog post, the targeting of a merchant services processor is particularly concerning for two reasons. First, for the business that uses Global Payments and falls unwitting victim to this attack, it means that funds could be redirected or stolen.
More importantly, though, a successful compromise from this phishing scam provides the attackers with the information necessary to access the merchant services account, and possibly much more sensitive data. Touchette says, "This attack carries a much larger weight than an attack against an individual as access to merchant processing accounts could lead to the breach of information and transaction details of all of the credit card holders that had done business with the Global Payments account holder. This could also lead to a major dent in the reputation of the company who was phished as the breach was disclosed."
As always--you should have security tools to protect your system, but avoiding phishing scams is part common sense and part cautious skepticism. Could your account be blocked due to suspicious activity? Absolutely. And, I would hope that a company like Global Payments would do just that--as quickly as possible--if, in fact, unusual account activity was detected.
However, in the event that such a thing actually occurs, a company like Global Payments will not ask you to click on a link in an e-mail and share or change your account credentials. Do not open file attachments or click on URLs in e-mail messages unless you are 110% sure you know what awaits you. If you are concerned that the phishing message might be legitimate, pick up the phone and call the customer service department to clarify.
Similar Articles:
More than E-mail at Stake in Google Gmail Attack
4 Security Tips Spurred by Recent Phishing Attacks on Gmail, Hotmail, and Yahoo
LizaMoon Attack: What You Need To Know
Reports: 77 Million PlayStation Network Accounts Compromised
Hotmail Accounts Breached by Suspected Phishing Attack
Text Message of 'Death' Threatens Phone Security
Many phishing attacks simply cast as wide a net as possible and hope that at least some of the victims snared by the scam have funds to make it worthwhile. By specifically targeting a merchant services company--a provider that processes credit card payments for retail establishments--the attackers greatly enhance the chances that any compromised accounts will actually have money available--perhaps a lot of money.
Fred Touchette, a senior security analyst with AppRiver, explains in a blog post, "Global Payments is a company that handles merchant services for all sorts of businesses such as restaurants, retail stores, hotels, hospitals, you name it. Basically their service can be used by anyone that needs to process credit card transactions."
The best protection from phishing scams is a combination of common sense and healthy skepticism.Touchette describes how the phishing attack works as well. "These attacks arrive in email form, as is often the case, pretending to be from Global Payments, stating the usual "Your account has been blocked due to unusual activity". As is also usual, the email asks the recipients to click on the link provided and log-in to their accounts to correct the situation. Once victims provide the false sites with their credentials, they then give the attackers full access to their accounts."
As Touchette alludes to in the blog post, the targeting of a merchant services processor is particularly concerning for two reasons. First, for the business that uses Global Payments and falls unwitting victim to this attack, it means that funds could be redirected or stolen.
More importantly, though, a successful compromise from this phishing scam provides the attackers with the information necessary to access the merchant services account, and possibly much more sensitive data. Touchette says, "This attack carries a much larger weight than an attack against an individual as access to merchant processing accounts could lead to the breach of information and transaction details of all of the credit card holders that had done business with the Global Payments account holder. This could also lead to a major dent in the reputation of the company who was phished as the breach was disclosed."
As always--you should have security tools to protect your system, but avoiding phishing scams is part common sense and part cautious skepticism. Could your account be blocked due to suspicious activity? Absolutely. And, I would hope that a company like Global Payments would do just that--as quickly as possible--if, in fact, unusual account activity was detected.
However, in the event that such a thing actually occurs, a company like Global Payments will not ask you to click on a link in an e-mail and share or change your account credentials. Do not open file attachments or click on URLs in e-mail messages unless you are 110% sure you know what awaits you. If you are concerned that the phishing message might be legitimate, pick up the phone and call the customer service department to clarify.
Subscribe to:
Posts (Atom)