What is interchange?

Grant @ myposdepot

Visa, MasterCard, and Discover do not issue any credit cards. Rather, they license their payment brands to Issuers and Acquirers. Issuing banks are the entities that provide the consumer, with the credit cards in their pocket. Acquirers are the entities that process the transactions. We are part of the acquiring side. As a registered Independent Sales Organization (ISO) of Visa and MasterCard, we pay them thousands of dollars a year for the privilege of using those brands.

Transaction Process

As shown in the Transaction Process above, Visa, MasterCard, and Discover do not approve transactions. The bank that issued your credit card approves the transaction. The issuing bank takes on the risk that the consumer will pay them back for the items they purchase. In turn, the issuing bank gets paid Interchange-not Visa and MasterCard

The cost of interchange depends on the card type that is presented. A check card, which is tied to your checking account, is a low risk, low cost interchange. If you don’t have money in your checking account, the transaction is declined.

Corporate, government and foreign credit cards are high risk. They have the highest interchange rates. You may ask why. Simply, if someone from a foreign country buys an item here but refuses to pay for it later, perhaps because of a dispute, it is very difficult, sometimes almost impossible to get that money back. Also, people in corporations and government make purchases that are not authorized by higher management. If they quit or are terminated, these entities will often dispute the charges as unauthorized. This makes these three card types high risk.

Grant Rowlands
National Account Executive
P: (866) 480-2433

Follow MyPOSDepot & Receive Exclusive Offers!

             

PCI compliance checklist-

Grant @ myposdepot

The issue of merchants becoming “PCI Compliant” has raised a lot of questions surrounding what a merchant must do to become compliant in the payment card industry.  Compliance rules and regulations have a lot to do with the type of business a merchant has and how they accept credit cards. Some of the benefits of following the standards set by PCI compliance include the following:

• Being compliant with the PCI DSS demonstrates that your customers’ private information is protected, so they can entrust their credit card payments to you without needing to worry about the security of their data.
• Compliance with PCI DSS enhances your business reputation and is held in high regard by banks and credit card companies — the very same corporations that help you do business and help you to gain customers trust.
• Following the PCI security standards helps you to demonstrate an ongoing commitment to enhance the shopping experience for your customers – and a genuine desire to protect their data by preventing security breaches.

The following 12 components form part of the PCI compliance checklist outlined by the PCI Security Standards Council. This checklist aims to establish and maintain a secure, impenetrable network focusing on security of payment brands users.

• Install and keep updated a firewall between the public network and the payment card data
• Change vendor-supplied passwords that come with network and payment processing equipment
• Protect any customer data stored for business purposes or regulatory purposes
• Encrypt all transmissions of customer data over any public network
• Maintain antivirus software in all of your computers
• Deploy only secure card processing applications and systems
• Limit access to the customer payment data to as few people as possible on the “need-to-know” basis within your business
• Use building entry authentication such as visitor and employees badges with identification to limit access to stored data
• Keep restricted physical access to business computers and customer data
• Regularly test security applications and any PCI security processes that you have in place
• Keep all employees informed about your information security policies

Generally, a merchant will implement what is necessary to ensure these requirements are adhered to. Evaluation of the PCI security processes and the compliance checklist will help to ensure that your business is providing a secure environment and protecting customer data efficiently.

Grant Rowlands
National Account Executive
P: (866) 480-2433

Follow MyPOSDepot & Receive Exclusive Offers!

             

http://www.myposdepot.com

Are digital receipts and mobile card processing the next evolution of commerce?

Grant @ MyPOSDepot

How often have you waited in line at the local home improvement store for the one clerk to checkout 20 patrons; often with tired, screaming children running through the aisles?  Perhaps you’ve enjoyed a long meal at a Zagat-rated restaurant, and you’ve been waiting for over a ½ hour for your server to process your check.  You know the story; its wait, wait, and wait some more!  Waiting is what we seem to do best these days.  If you’re like me, when you purchase a product or service, you want to get in and out of the retail environment as soon as possible, with no complications at the register.

Recently, an increasing number of retailers and restaurants are offering mobile credit card processing as a solution to alleviate these long checkout queues, as well as enjoy other benefits to the merchant and consumers.  In a nutshell, the merchant utilizes a placement reader or card swiper that attaches directly to a smartphone, such as the iPhone, Android or Blackberry.  A smartphone app downloaded by the merchant provides the technology for credit card processing, digital signatures and electronic receipt transmission to the customer.  The merchant swipes the customer’s card through the placement reader, the card transaction processes in the background, the customer signs the smartphone screen and a receipt is emailed to the customer’s email inbox.

Beyond the obvious convenience factor of reducing retail checkout queues and the efficiency of emailing a receipt directly to a customer email inbox, merchants are starting to tout the other benefits that accompany mobile credit card processing.  Merchants that are migrating towards paperless, digital receipts are finding that expensive to maintain receipt printers are no longer necessary.  This in turn reduces the merchant’s receipt paper and printer ink costs.  With a reduction of paper usage, merchants can now champion the environmentally friendly aspect of paperless receipts in their green marketing campaigns.  Customers also appreciate the green alternative to a crumbled receipt that often gets misplaced.

Cardholder security is a major concern for both merchants and customers alike.  Most mobile processing systems are equipped with rigorous encryption standards that meet or exceed conventional processing terminals.  For example, Alpha Card Service’s QwickPAY mobile processing device surpasses current PCI DSS standards by combining multi-layered MagneSafe™ security, in addition to encrypting card data from the point-of-swipe.  The QwickPAY service enables merchants to use their existing mobile devices to make secure, card present transactions anytime and anywhere, without the concerns of storing sensitive card data.

Smartphone with QwickPAY

QwickPAY digital receipt

For merchants, there are clear opportunities for direct marketing with obtaining the customer’s email address.  Special offers, coupons, newsletters and social media outreach are all possible with this direct relationship with the customer.  However, some privacy advocates have expressed concern that obtaining customer email accounts constitute an intrusion into personal information.  As electronic receipts have been optional for consumers thus far, most of these concerns are unfounded.

As a person who is frequently impatient with long lines and slow checkout staff, I fully embrace this transformation to digital receipts and mobile credit card processing.

Grant Rowlands
National Account Executive
P: (866) 480-2433
C: (215) 421-3333
F: (215) 494-0368

http://www.myposdepot.com

Follow MyPOSDepot & Receive Exclusive Offers!

             

The true cost of Credit Card Data Breaches

The true cost of Credit Card Data Breaches

The most recent study conducted by the Ponemon Institute on Data Breach in the United States indicates that the cost of credit card data breaches continues to rise.  Most merchants think Data Breach is a fee associated with the protection of the credit card processing company if a merchant has a breach of personal information.

A data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill. Incidents range from concerted attack by black hats with the backing of organized crime or national governments to careless disposal of used computer equipment or data storage media. Definition “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.” Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets of corporations or intellectual property.

Dr. Ponemon draws out some highlights from the study, including:

·         Rapid response to data breaches costs more. This could be because customers are being notified when no risk is present – companies that use forensics to narrow the customers to those only at risk will lower costs

·         Malicious criminal attacks are causing more breaches (31% in 2010, up from 24% in 2009 and 12% in 2008)

·         Malicious attacks are the most expensive because they are harder to detect and remediate

·         Negligence is the leading cause of data breaches (41%)

In addition to the cost of data breach that can be measured financially there are also cost associated with the company’s reputation and consumer brand perceptions the measurable financial costs associated with a breach, there are inevitably costs associated with the impact on company trust when data breaches occur.  Some experts predict that consumers are becoming more immune to data breaches because large brands like Sony & Citi Group have been affected. Another study done by the Ponemon Institute disputes that assumption.  The study found that 63 percent of consumers were not satisfied with data breach notification and response methods.  Thirty one percent of consumers polled said they terminated their relationship with the organization.  Twenty-six percent said they took no action after being notified, while 57 percent said they lost trust and confidence in the organization that suffered the security breach.

The study supports the argument that consumers are not immune to data breach and it can have a lot more than a short term financial strain on the brand. Consumers are becoming more knowledgeable on data security and proactive with researching brands before they provide them with vital information.

Gartner Research predicts the following regarding the cost and security related to data breach and protection:

·         By 2012, 3% of enterprise customers’ desktops will be infected with financially targeted malware, leading to dramatic enterprise security upgrades.

·         By 2015, all G8 member nations will have created a linked network of “walled garden” domestic Internets.

·         Through 2015, mitigating data breaches will cost 10 times more than installing data protection mechanisms on mobile devices.

·         By 2015, 40% of the security controls used within enterprise data centers will be virtualized.

·         Through 2013, 80% of enterprises that adopt “bring your own PC to work” programs will see their botnet compromise rates increase by 100% or more.

Gartner Research did a case study on data breach specifically in the credit card industry and the cost is projected to increase.

·         In 2007 it was $197 per breached record;

·         In 2008 it was $202; in 2009 it was $204.

The cost per breached record in 2010 was $214, a significant increase over the $2 – $3 increase per record seen in each year past. With the information provided in these study’s and the major brands who have been effected by data compromise the future of data breach security will be very interesting and most likely expensive.

 

Grant @ myposdepot

Grant Rowlands
National Account Executive
P: (866) 480-2433
C: (215) 421-3333
F: (215) 494-0368

  

Follow MyPOSDepot & Receive Exclusive Offers!