Merchant Link SecurityCents

Your customer purchased your product or service and paid for it with a credit card. You correctly entered the charge, authorized the payment and closed the transaction. Within a couple of days the funds will be deposited into your account. Or will it?

Like a ship disappearing mysteriously into the fog, from time to time transactions go missing. A merchant will call our support team wondering why they haven’t received deposits for transactions paid by credit card. In some cases, the missing transactions are simply too old to settle (15, 30, 60 days old or more), so they become a loss to the merchant.

There are a number of reasons why a settlement from a point-of-sale (POS) system can fail. The most common are:

• An erroneous or corrupt transaction in the batch. On some POS systems this will not only stop the current batch from settling, but also prevent any subsequent batch from settling.
• Errors in the programming of the credit card tenders or credit card drivers (usually following a new installation or change of service), and resulting in rejection of settlement attempts.
• Incorrect configuration of the merchant account for settlement at the credit card processor in a way that allows credit card authorization but rejects settlement.

Fortunately, once the cause is pinpointed, settlement problems are usually easy to correct. It is important however, that you have the right practices in place to detect settlement issues as soon as possible.

1. WATCH FOR SIGNALS:  Make sure you are taking advantage of any warnings or alerts your POS system has available. For example, some systems print a batch detail report after a successful settlement or a failed batch report if a settlement fails. If you do not know how your system reports batch settlement problems, contact the dealership or vendor help desk for your system.
2. DESIGNATE A LOOKOUT:  Once you have a warning system in place, make sure that someone has responsibility for constantly checking it.
3. SHORE UP THE FUNDS:  As a back up to the POS system warning, a person with access to your company’s bank accounts should monitor deposits to all accounts, making sure that all expected funds are received.

Awareness of the issues and careful monitoring of the settlement process can help you steer clear of potential hazards, leading to quick resolution and more money in your pocket.
.

It seems Retail’s BIG show gets bigger every year. With more than 27,000 attendees, it’s the place to be to find out what’s next in retail solutions and strategy.

When it comes to payments, retailers are seeking cloud-based solutions that are flexible enough to keep up with changing business, compliance and security needs. In these brief videos, we outline key advantages of moving to the cloud, and show off some of the cool new terminals our payment gateway is integrated to in our effort to connect retailers to all major point-of-sale systems and processors in the industry.

In case you missed it, we presented in Motion Computing’s booth Monday afternoon at the NRF show. We demonstrated how retailers using Windows can go mobile now with the innovative SlateMate tablet with magstripe reader and barcode scanner, with no change to workflow and without sacrificing the security they need to protect payment data and comply with PCI.

Learn more by clicking on the presentation below.

 

 
Lisa Anderson
Director, Product Management
Voltage Security

Here’s a prediction: enforcement of EMV standards will shift even more fraudulent transactions and security breaches to e-commerce. EMV is designed to add an additional layer of security to prevent fraudulent card-present transactions by embedding a chip in the card and requiring a PIN to authorize transaction. With these new security measures, it’s hard to use stolen credit cards on POS terminals – you’d need to either know the PIN or hack the terminal at time of swipe.  As of today, e-commerce doesn’t support EMV and it doesn’t seem like it’s happening any time soon. Existing security vulnerabilities that haven’t been resolved mean that breaches will continue to happen, making e-commerce the easier target for siphoning credit card numbers as well as using them to make fraudulent transactions and for card testing.

We see three major points of focus across the retail payments landscape in the U.S.:

1. Security and evolving payment methods – ensuring  a  payment solution conforms to the latest Payment Card Industry (PCI) standards and includes a plan to support the upcoming EMV requirements for Chip and PIN or Chip and Signature acceptance.

2. A single solution across multiple form factors – the next generation payment solution will operate  on various cross-channel platforms,  including traditional stationary in-lane, portable throughout store, consumer phone, out of store both e-commerce and m-commerce.

3. Integration of the point of sale with the point of service – across the multiple form factors, payment solutions will continue to integrate across point of service and marketing systems, including:

• Advertising
• Loyalty
• Couponing
• CRM
• Surveys

Forward-looking retailers are interconnecting data across consumer touch points, which will lead to more efficient, targeted marketing and a more pleasant shopping experience for consumers.

 
Nick Wislocki
VP of R&D
MICROS-Retail

Mobile is continuing to be a major focus in the retail space, including the emergence of  more mobile payment options. Consumers are seeking the convenience of simply carrying their phone for all their needs, including commerce. Consumers are driving the market in this space and retailers are seeking innovative ways to keep up with demand. Additionally, there is a continued shift toward global commerce, offering options to all corners of the world in the applicable currencies. These tendencies will continue throughout 2013 and the foreseeable future.

We’ve all heard of flash mobs, or groups of people that meet in a particular place and do something fun, creative or unique, such as break out in dance or song. These flash mobs are an interesting phenomenon that have even broken into the mainstream, being parodied in advertisements and featured in TV shows.

But have you heard of flash attacks? They’re not nearly as innocuous and fun as flash mobs, and they can directly result in loss of money and damage to retailers’ brand reputation.

Flash attacks are what Gartner analyst, Avivah Litan, calls credit card skimming schemes, something we’ve discussed previously on the blog.  Essentially, credit card skimming involves individuals either tampering with, or otherwise replacing, credit card readers on point-of-sale (POS) devices within retail establishments. These tampered or replaced devices then compromise the credit card data of the cards that pass through them.

As described by Avivah in her latest blog post, these credit card skimming schemes, or flash attacks, are extremely sophisticated. More than simple acts of vandalism by random data thieves, these are highly-targeted, well-planned attacks by organized groups.

So how do these criminal operations work? Group ringleaders hire individuals to install skimmers into the POS devices or replace the equipment. From there, counterfeiters take the data and create cards, complete with pin numbers taped right on.

More individuals are recruited to then hit up ATM machines and other retail establishments where they can get cash or products that are easily resold (electronics, etc.). The attacks occur quickly and can take place in the country where the theft occurred or in other countries. The individuals withdrawing money or making purchases are instructed to pace themselves and otherwise avoid fraud detection systems.

Avivah’s blog post is an eye-opener and really highlights just how dubious and organized the people running these credit card skimming scams truly are. It’s frightening just how calculated, educated and efficient these attacks can be.

With the National Retail Federation (NRF) annual convention coming up next month, data theft and security issues facing retailers and merchants will be taking center stage. It’s important that retailers educate themselves about the attacks that are occurring, and familiarize themselves with the technologies and solutions available to help eliminate their risk. As the cost of a data breach continues to rise, no retailer can afford to be caught by surprise.

Joe Sharkey of the New York Times didn’t mean to give you a sinking feeling in your stomach at the end of the holiday weekend. But chances are if you checked into a hotel this weekend, your credit card might be at risk if the hotel you stayed at isn’t thinking about all aspects of its security.

Hotels do a very good job protecting your physical security with safeguards in place from guards on the doors at big city hotels to limiting elevator access to those with room keys. However, it seems that hotels are also a prime target for cyber-criminals looking for a quick hit on millions of credit card records.

One of the experts cited by Mr. Sharkey suggests that “[m]ost of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data.”

The Trustwave report said that “organizations large and small…[are] leaving basic security threats overlooked.”

So what can merchants do to assure their customers that they’ve got their security interests taken care of? Check back tomorrow, when we’ll post our top 5 essential tips to secure credit card data.