Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

Posts Tagged ‘ Credit Card Fraud ’

…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web.  Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….
Why Credit Card Fraud Grows 
Missing the Mark on Secure Card Tech Will Haunt Any Issuer
<Tweet this article>
by Tracy Kitten
Payments card fraud is a growing concern for U.S. card issuers, yet few have taken dramatic steps to fight it.  Last week’s announcement that major card brands and domestic issuers are joining forces to create an EMV Migration Forum reflects at least some interest in enhancing payment-card security…….Click here to read more

Starbucks/Square partnership: what does it mean? <Tweet this article>
by Javelin Strategy & Research
The Starbucks/Square partnership certainly is among the major recent announcements related to in-store mobile payments, and has the potential to significantly help jump start adoption. While I don’t agree with some of the more euphoric comments that this one move is the singular event that ushers in mobile payments, it is a big deal……. Click here to read more

RetailNOW: The High Cost of POS Security Failures <Tweet this article>         
by Vertical Systems Reseller
Solution providers were given a wake up call about the perils of point-of-sale security breaches, on Monday, at RSPA’s RetailNOW convention. Secret Services Agent Jason Berryhill, a POS fraud specialist, addressed the packed audience and dropped some very serious statistics……. Click here to read more

…………………………………………………………………………………………………………………………………

What other interesting content have you come across? Leave a comment below and join the discussion!
……………………………………………………………………………………………..………………………………….

…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web.  Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….
New PCI Rules Will Force Retailers To Set The Risk Level <Tweet this article>
by Walter Conway
PCI version 2.0 changed July, 1. Even though there are actually no new requirements, per se, as of this date, the stated “best practices” for identifying and ranking risk vulnerabilities in Requirement 6.2 became mandatory.  Ignore this change and you may see yourself up a PCI tree later this year……. Click here to read more

Not All Merchants Are Happy with the $7-Billion-Plus Credit Card Settlement <Tweet this article>
by Digital Transactions
No sooner had the ink dried on a proposed settlement of a massive credit card suit than cracks began to appear in what had been an edifice of merchant solidarity. The NACS, a national trade group for  convenience-store operators, on Friday said its board of directors had unanimously rejected the settlement, and on Monday its attorney told Digital Transactions News more merchant dissenters will emerge. “A lot of merchants are very upset about this [settlement],” says Douglas Kantor, a Washington, D.C.-based partner at Steptoe & Johnson LLP……. Click here to read more

Small Kentucky town latest victim of credit card fraud affecting 25% of police force <Tweet this article>
by Avivah Litan
I’ve been hearing from U.S. banks that card fraud continues to be a major issue for them, while online bank account takeover and trojan-based attacks have flattened out. The new trend, they say, is ‘micro-attacks’ that are localized, small in nature and which stay under the radar longer, giving the crooks more time to rack up unauthorized charges.…….Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion!
……………………………………………………………………………………………..………………………………….

The big day is just around the corner.  With only days left, how can you show your significant other how much you care?

According to New Online Spending Index conducted by Javelin Strategy & Research, 19 percent of shoppers will spend more money on gifts.

The National Retailer Federation’s (NRF) conducts an annual Valentine’s Day Consumer Intentions and Actions survey and this year found that the average person will spend more than they have over the past 10 years, reaching a spending total of $17.6 billion.

Shopping surges happen throughout the year and it often makes us wonder if merchants are prepared to secure all that consumer payment data.  Both of these recent surveys indicate that safe and secure shopping is critical for both online and traditional brick and mortar merchants.  Flowers and chocolates are always favorite gifts around this time of year, but according to Roxbury Bankcard Consulting, 60 percent of those surveyed plan on purchasing something else.

Jewelry merchants should be especially vigilant. Last year, the day after Valentine’s Day, several jewelry stores were under attack from hackers.  Day’s Jewelers, with five stores across Maine and New Hampshire, suffered a breach from outside hackers and nearly 1,000 customers who purchased items from Day’s reported fraudulent activity on their cards.

So don’t let the big day break any hearts or wallets.  Retailers must protect that trust of their customers and can do so by following a few simple tips that we often talk about on this blog:

  • It’s all in the heart — of the network that is. Every retailer should understand where cardholder data is stored on the network. Are there proper security controls in place to protect this data? Ensure data is properly protected according to PCI standards.
  • Focus on the relationship. It’s not just technology, its people and processes, and how they all connect and work together. Merchants must educate and train staff to understand network security policies and procedures.
  • Know when it’s time to move on. As in every relationship, there are times when you need to take stock of things and let go.  The same holds true for information stored on the network. Merchants tend to hold on to data when in reality, this information can be easily removed from the system which in turn minimizes the cardholder data environment and security risk.

We hope that merchants take these tips to heart to maintain strong relationships the loyalty of their customers.

These days, merchants are being told they can save money by using a client-to-processor connection or “direct driver” vs. a hosted payment gateway in the cloud. Are these claims really true? What do merchants stand to lose by sending transaction data directly from their point-of-sale system to a processor?

A hosted payment gateway facilitates the secure transfer of information between a point of payment (your POS) and the payment processor or bank. The gateway acts as a translator, traffic cop and bodyguard – interpreting and directing data streams through a secure route to the appropriate destination, quickly and accurately.

Merchants considering both options should keep in mind:

  1. Choice: A gateway connects merchants to a variety of processors and often offers the flexibility to switch payment providers quickly and efficiently, enabling a merchant to best manage its payment acceptance fees. Merchants with franchisees can offer them the choice of processor services and maintain a secure and consistent payments acceptance process across their brand.  Merchants can also use the gateway to route different card types to specified hosts, saving them money by reducing processor’s switching fees.  A quality gateway assures that a merchant is not locked in to a particular processor’s technology that is hard to “unravel” if they decide to change.
  2. Support: A quality gateway provider has the unique ability to track down and efficiently resolve problems no matter where an issue occurs within the life cycle of a transaction; saving merchant’s time and money by eliminating “finger pointing” between POS providers and payment processors.  The more complex the merchant environment, the more a gateway is needed.  A gateway can help a merchant quickly resolve payments hassles and get back to managing their business.
  3. Cost: While most gateway providers charge a subscription or per-transaction fee, merchants should take into account the ongoing investment they will have to make in new software and/or a POS upgrades when considering a client-to-processor connection. The merchant is then locked in to technology that will soon be dated.  In contrast, a cloud-based payment gateway is easily implemented and maintained.  Configuration changes are usually performed at the gateway without interrupting business at the site when software and payment scheme updates are required.

Savvy business owners know that the only way to separate claims from reality and determine what’s best for their business is to educate themselves, talk to other merchants who are utilizing similar solutions, and ask a whole lot of questions. Check out this informative presentation and let us know what you think by leaving a comment below.

The Value of a Payment Gateway
View more presentations from Merchant Link

Avivah Litan is a vice president and distinguished analyst in Gartner Research and is a renowned expert in the area of payments security.   She regularly publishes key industry research reports with regards to PCI compliance, has a well-read blog and is often quoted in the media discussing PCI compliance and payment security – among other things. Following is an exclusive podcast with Avivah Litan who discusses key payment security trends and highlights the value of end-to-end encryption and tokenization.


By Beth McGarrity

Recently, Javelin Strategy & Research released a study that analyzes how consumers’ credit details are secure.  The Seventh Annual Card Issuer’s Safety Scorecard dives into existing trends related to card fraud, mitigation against these threats and evaluation of card issuers that have consumer-facing prevention, detection and resolution capabilities.

The study focused on the top 20 card issuers such as American Express, MasterCard, Visa, Bank of America, JP Morgan Chase, Capital One and more. The results found that card issuers do a good job resolving fraud problems once they occur, but ultimately fall short on prevention and detection.

In light of the number of recent breaches that have impacted big brands, as well as financial institutions like Citigroup, consumers need to be aware of how their payment information is protected and take proactive steps to ensure their own credit protection.

With more than 25,000 guests visiting each month, Fantasy Springs Resort Casino, owned by the Cabazon Band of Mission Indians, is known for providing luxurious accommodations, the finest cuisine, exciting entertainment, and a world-class casino.

Fantasy Springs is also on the cutting-edge when it comes to payments and transaction security.  Following is an exclusive podcast with Don Lindsey, Fantasy Springs Resort Casino’s Director of Information Technology, who discusses transaction security trends and their use of tokenization.


It’s not very often that you get to hear direct insights from members of the Department of Justice when it comes to prosecuting the most notorious hacker in the U.S.  Following is a podcast from the Identity Theft Assistance Center with Kim Peretti, director in the PricewaterhouseCoopers Forensic Services practice and former Senior Counsel at the Criminal Division’s Computer Crime and Intellectual Property Section at the Department of Justice (DOJ). Ms. Peretti played a key role in bringing down Albert Gonzalez, the accused hacker who masterminded the combined credit card theft  and subsequent reselling of more than 170 million card and ATM numbers — the biggest such fraud in history.

You can listen to the podcast here:

Listen to internet radio with ITAC on Blog Talk Radio

While we hear a great deal about the threats to consumer credit card security, we don’t hear that much about the issues facing merchants, just criticism and finger pointing when they suffer a breach.

At Merchant Link we understand how complicated it is for merchants to navigate their way through the payment processing system to ensure the safety and security of their customers’ personal information.

Our CTO, Dan Lane, spends a lot of time thinking about these problems and devising solutions for merchants who are confronted with a lack of resources and too many vendors touting too many products.

In the video below Dan outlines his top tips and suggestions for merchants looking to protect their brand and their customers against ever-evolving threats.