Blog

The EMV Standard

In the UK, the migration to EMV technology has reduced fraud in face-to-face transactions since EMV adoption in 2003.  The EMV standard operates with EMV-compliant cards (which have embedded chips instead of magnetic stripes) and EMV-compliant POS terminals.  The chips require a PIN entry for a secure EMV transaction.  The acronym EMV is derived from the initial letters of Europay, MasterCard, and Visa, all of whom cooperated to create the technology standard.  MasterCard merged with Europay in 2002.  JCB and American Express have since joined the organization as well.

EMV is a perfect example of two-factor authentication, where two different factors are required to complete a transaction, and has been referenced as a key solution for secure, fraud-resistant transactions.   Continue reading "Where Are We With Payment Security?"

Password security is important and knowing the different types of identity theft is great, but what are the best ways to prevent identity theft? Many believe that PCI compliance does not affect them because they are not a payment processor or don’t run a gateway. This is a common mistake and can cost online businesses a lot of money. This doesn’t mean you need to be paranoid about being a company that is going to be the victim of identity theft. Use common sense and ask yourself if strangers are able to access your personal information.

Here are some tips to help prevent identity theft:

Continue reading "Online Network Security Must Haves – Part 3"

Part one of this series talked about identity thieves wanting your password, and we discussed ways to protect against having your passwords compromised. Securing your password seems to be only 25 percent of the battle these days. Many network security breaches, like the Heartland Breach, occurred from within. So it is important to be PCI Compliant internally and know who is working for you.

I wish there were a specific set of characteristics I could post to detect an identity thief, but unfortunately they are as broad as the criminal population itself.  I like to divide attacks by criminals into two categories: internal attacks and external attacks.

Internal attacks are usually traced back to disgruntled, dishonest, and/or careless employees. Some common characteristics of an internal attack are:

Continue reading "Online & Network Security Must Haves – Part 2"

The word “hacker” is often associated with the terms crime and fraud. However, hackers can be a good defense against online fraud, such as the “white hat” hackers that work to prevent fraud and fight identity theft. Unfortunately, white hat hackers aren’t as common as criminal hackers. 

It is important to first understand what different types of identity theft occur, and then you can find out how to get protection.

The easiest item for a criminal or hacker to obtain is your password. Some common mistakes made when setting up passwords is using names of kids, birthdates, or hometowns. Spelling your child’s name backwards is another frequent mistake. I have even seen people write their passwords on a sticky note, in a notebook or in your PDA. Do not give office assistants your passwords. Remember passwords are used in more than 90 percent of all online network security practices. People use passwords for online banking, shopping, stock trading, and network logons. It is imperative to create a strong password. 

Continue reading "Online & Network Security Must Haves – Part 1"

The Federal Trade Commission announced that “creditors” will not have to worry about fines associated with non compliance with Red Flag Rules until May 1^st 2009. A creditor is defined as any entity that extends, renews, or continues credit and any entity that regularly arranges for the extension, renewal, or continuation of credit. For example, mortgage brokers, utility companies and automobile dealers are classified as creditors.

This decision to extend is said to be largely due to complaints from creditors that they were unaware of the existence of the new regulation and some say they only found out after the deadline had passed. This deadline according to the official press release only applies to organizations that are not under the jurisdiction of any of the other regulatory agencies other than the Federal Trade Commission. FACTA requires financial institutions and creditors to implement a written identity theft prevention program that should help detect identity theft, hopefully before any damage is done. If identity theft is not detected, the regulation calls for the financial institution or the creditor to reduce the risk to the consumer and the organization.

Continue reading "Red Flag Compliance Deadline Extended"

It used to be that if you got a faulty product, poor service or were simply double charged, you decided to chargeback the purchase. With today’s economy and fraud on the rise, chargebacks are becoming more main stream and more purchases are being made with stolen cards. Losses of jobs cause people to simply think twice about their purchases, or people simply keep the product and claim they never received it.

Illegitimate chargebacks are costing business owners, and it’s time to fight back against dishonest customers and fraud. I have surveyed 50 of my online merchants and found that most of their chargebacks come from people who order items online, and then in an attempt to keep the product without paying for it, dispute it. I consider this shoplifting.

Part of the problem seems to stem largely from regulations put in place stating anyone can dispute any charge for any reason. Naturally, crooks will use these regulations to their full advantage.

Many online merchants are losing the battle against chargebacks and feel there is nothing they can do. Online merchants should not give up; not all chargebacks are final. The best option is to respond to the chargeback letter immediately. Keep in mind that if your bank still honors the chargeback, you have the right to go after the consumer plus any costs you incur as a result.

Some key tips for combating against chargebacks are:

Continue reading "Can Chargebacks Set your Business Back?"

The sales associates at retail outlets following proper security guidelines is a good start to protecting against fraud this holiday season. But what if you are an online business, or the magnetic strip on a card does not work? In Part 1 of this topic, we talked about proper procedure for accepting cards in a card present environment. Transactions that don’t involve swiping a card are considered “hand-keyed” transactions.

With hand-keyed transactions you run a greater risk of fraud because the magnetic strip information is not available. If you are in a retail environment you can do the following:

Continue reading "Tis the Season for Fraud – How Is Your Business Helping? (Part 2)"

According to the Bureau of Labor and Statistics of the U.S Department of Labor, the unemployment rate is currently 6.7 percent. With these staggering unemployment numbers, fraud is even more prevalent than ever. It is now even more important for business owners to maintain strict guidelines for retail purchases made with credit cards. Retail business owners in a card-present environment have just as much at risk as online retailers.

Visa requires that every sales associate check card security features, request an authorization, and obtain a signature.  Below are some steps to follow so you can minimize fraudulent purchases:

Continue reading "Tis the Season for Fraud – How is Your Business Helping? (Part 1)"

Viruses come in all different forms, from the common cold to life threatening plagues. Computers are no different. Hackers try to break into banks at least once a day. RSA, a security division of EMC, is a premier provider of security solutions for Fortune 500 companies. Since February 2006, RSA has been tracking the Windows Sinowal Trojan. This virus has single handedly stolen the details of over 500,000 online bank accounts and credit and debit cards. This Trojan Virus installs itself on a user’s computer and steals all the information. RSA says “Sinowal Trojan is one of the most advanced pieces of crimeware ever created.”

More than 240,000 credit and debit cards have been compromised. This affects ecommerce businesses every day, as well as banking institutions all over the world. Most companies think they are safe because they have anti-virus software, but just having anti-virus software many not help stop this virus. The Sinowal virus uses a method known as “drive-by downloads.” Users can get infected without knowing if they visit a website that has been setup with the Sinowal code. Common websites include community sites such as Facebook or Myspace. Do you know what websites your employees are visiting? It only takes one person surfing the web. This virus has been around for over two years, and is maintained by a group of obviously very savvy hackers who would have had to create a very solid infrastructure to house the mass information collected. The software is hard to catch because new variations are constantly released.

Continue reading "The Sinowal Trojan Still Plagues Our Systems"

We all frequently read about various types of scams to look out for, warnings of Packet Sniffing, and stolen card numbers. The real scams to look for are the ones that are directly on your merchant account application. Fees seem to suddenly pop up after you have signed your agreement.

One of the most interesting scams that has come up frequently is related to hidden merchant fees. This scam entices merchants to apply for accounts at low rates with a brief quote. They conceal fees, rates, and many various extra charges. When applying for a merchant account, is important to stay away from advertisements that claim to have the lowest rates around. Some key fees to ask for are: discount rates, mid qualified rates (keyed rates), non qualified rates (rewards card and purchase card rates), transaction fees, setup fees, annual fees, statement fees, services fees, PCI Compliance fees, merchant club fees, and early termination fees.

Continue reading "What Hidden Merchant Account Fees Should You Watch Out For?"