REPOST: How to Safeguard Online Shopping Transactions

Security issues needn't interfere with accepting credit cards in online transactions. Riva Richmond of Entrepreneur.com discusses the ways that businesses can improve their online security.

Image source: Entrepreneur.com

Security should be a top priority for every online entrepreneur with a shopping cart or an e-commerce ambition.

Giving shoppers confidence that their credit-card information and personal details will be safe in your hands can make them more apt to make a purchase and become a regular customer. Conversely, shoppers’ deep-seated worries about fraud mean that if you give them reason for concern, they could back out of a purchase and stay away for good.

Security precautions also can save you money -- and maybe even preserve your business. The costs of a hack can be steep if credit-card information is stolen and you are at fault. Not only could you face huge clean-up expenses, angry customers and scary lawsuits, you also would likely face the wrath of the credit-card companies, which require merchants to abide by what’s known as the Payment Card Industry (PCI) Data Security Standard. The card companies could fine you, force you to undergo expensive security audits or even bar you from accepting any plastic.

To both instill customer confidence and avoid the horrors of a data breach, experts say a locked down shopping cart system is essential. What’s more, that system should not store any cardholder data. Hacks of these complex software programs are common, and you are a target even if you’re tiny. For example, more than 80 percent of card data compromises investigated by Visa affect merchants that process fewer than 20,000 transactions a year.

"Secure shopping-cart systems are essential for maintaining the integrity of the payment process," says Ella Nevill, a spokeswoman for the PCI Security Standards Council, an organization formed by the five top credit card companies to develop the standards and educate the public about them. "Our mantra is, if you don’t need it, don’t store it. Small merchants should ensure that they or their service provider protect themselves and their customers by using software that does not store cardholder data or jeopardize their PCI security efforts."

Merchants who are not large enough to have their own technology staffs typically use "hosted" shopping carts, which offer built-in security, technical support, and automatic, free software updates and upgrades.

"They are easy to manage, so they are good for entry-level stores," says Kerry Watson, an author of books on e-commerce software.

There are hundreds of such managed service providers that can help you start using a shopping cart in which they, not you, take responsibility for security. Services popular with small businesses include Volusion, BigCommerce and Shopify, Watson says. Prices can range from $20 to several hundred dollars a month, depending on the volume of business you do.

When selecting a company, weigh security features carefully. The provider should not store any sensitive cardholder data and should provide defenses against hacker attacks and encryption of sensitive data as it travels across the Internet to your site and the credit-card payment processor.

If you have large numbers of items for sale and need more control and customization than a hosted service can offer, you may want to use licensed proprietary software or open-source software to set up your own cart. Some popular makers include OpenCart, CubeCart, xt:Commerce and OXID eSales, but there are many others. Prices can be as low as zero for open-source software or reach into the hundreds and beyond, Watson says. You will also need a technology staff or a service plan to handle the maintenance and security of your system.

Whatever type of shopping cart you use, it’s wise to retain a third-party credit-card processor, rather than handle sensitive card data yourself. This means that when customers make purchases, they will temporarily leave your website and enter their card information on the processor’s site. Then they will return to your site to finish their transaction.

If you don’t have a crackerjack tech staff, "the best thing is to let somebody else process your credit-card transactions for you," says Edward S. Ferrara, a security and risk analyst at Forrester Research. Then, "you don’t have to be an IT professional -- you can just be a merchant."

Many small e-tailers use services from Amazon, PayPal and Google Checkout to handle their transactions. Other services popular with small companies include CRE Secure, 2Checkout.com and Skrill Holdings, formerly known as Moneybookers.

If you want to process credit cards yourself, be prepared to spend significant amounts of time and money to jump through numerous PCI-standards hoops and maintain dedicated server equipment.

Whichever approach you take, make sure the software and services you use have been validated as PCI compliant and ask for evidence annually that they remain so.

"There’s no one-size-fits-all approach here," Nevill says. "The most important thing is to be aware of the risks to cardholder data and to ask the right questions of your vendor or service provider."

After all, your business could depend on it.
  
For more on how secure transaction processing can help your business, visit the Securus Payments website. 

A POS on your tablet? Possible.

Tap-and-swipe inventory seems to be the "in" thing these days.

Image Source: ipadenclosures.com

Not too long ago, computer terminals with automatic point of sale (POS) systems replaced "ka-ching"-ing cash registers in store kiosks. Now, cafés and other shops record checkouts and monitor cash flows with just a tap on sleek, portable iPads and other tablets.

Brick and mortar businesses may now choose from a wide range of apps and specialized devices that combine the efficiency of seamless, real-time inventory tracking and mobility.

 

Image Source: pointofsale.com

It pays to do research. Getting in touch with payment system services like Securus Payments expands the search and narrows it down to the best options among mobile and wireless POS systems.

Meanwhile, all over the App Store are cloud-based POS applications that offer real-time inventory reports, accessibility online and offline, and processors for credit cards and PayPal. Virus protection is way better than Windows-based POS systems.

Most of them, like ShopKeep POS, also boast a sleek, user-friendly and customizable interface, which employees can be easily taught to handle, and leave customers impressed.

Image Source: ipadenclosures.com

And the price? These multitasking apps like ShopKeep charge at least $50 a month per register, plus a 30-day free trial.

Recently, Amazon.com revealed it is joining the mobile POS bandwagon by announcing its plans to offer Kindle tablets that can do checkout, credit card scanning, inventory, and even website development for e-commerce.

Similar apps like the TabShop can also be found on Google Play. Having mostly the same features and a host of new ones like QR code scanning using the tablet's camera, these apps can be downloaded free.

Securus Payments is an Oregon-based provider of POS solutions for businesses big and small. Visit this website for information on products and services.

Sales experience: Simple ways to increase online sales

These days, more people are buying online. While the previous decade has stigmatized online purchases with the many instances of identity theft, online shopping has had a remarkable, non-nefarious rebirth. In fact, predictions all over the world are seeing nothing but a brighter future for online shopping, with an added emphasis on today’s vast advances in the field of mobile technology.

Image Source: ecampus.boisestate.edu

That said, it is more important than ever to ride this growing e-commerce wave, either by setting up an online component to your business, or by improving your present online portal to make it more attractive to customers and more competitive against other businesses with similar products and services.

Stumped how? Here are a few simple, yet overwhelmingly effective ways to get the ball e-rolling:

Get only what you pay for – These days, widgets, feeds, and trackers of every sort are available for your online business for free. However, these free services can get pretty clunky at times, which may reduce traffic and engagement at your business during critical periods. The following are a few things you may think twice about scrimping on: graphic design, hosting, and project management.

Make sure you are found – One acronym is all you need to understand: SEO. With the right number of tags and keywords scattered all over your business site, traffic will arrive organically—that is, without all the forced methods some websites use nowadays, just to create fake traffic (misleading backlinks, hidden code, pop-ups, etc.).

Image Source: jrswab.com

Go mobile, too – This 2014, mobile use is predicted to cover around a fourth of total Internet usage. Take advantage of this by having a website that is friendly to mobile surfers as well.
 

Image Source: primeconcepts.com

Securus Payments is a trusted provider of payment systems among businesses. Visit this page for more information about online business optimization.

REPOST: The economics of credit card security

How are credit cards made? In the following article from The Washington Post, Todd Zywicki discusses the cost of the credit card system and explains why the US has not yet switched from traditional and less secure magnetic stripe cards to the chip-and-PIN versions.

(Stockbyte, Getty Images) Image Source: usatoday.com

The WSJ has an interesting article today on the Target credit card security breach. As the article notes, the US card system is less secure than elsewhere in the world, most notably Europe, which has a “chip and PIN” system, which has a computer chip embedded in the card and requires the purchaser to insert a PIN as well to make a transaction. The Target security breach has led many to wonder–and implicitly the WSJ–why the US has lagged on adopting this more secure technology.

Well it turns out that the economics of credit card security is more complicated than it appears at first glance. But first, an important thing to keep in mind: historically the United States has been a high-trust, low-fraud country when it comes to payment card usage. For example, the conventional practice of handing over your credit card (or debit card) to a waiter in a restaurant and having him disappear into a back room with it is something that must strike people in other countries as somewhat bizarre. Nevertheless, we do it all the time and rarely does anything go wrong in this process. So, this makes a difference–in a high-trust, low-fraud country it generally is not necessary to invest in as elaborate security protections as elsewhere. As an analogy, consider that in the U.S. very few restaurants, stores, or hotels routinely post visible armed guards at their front door, whereas this precaution is not uncommon in other countries.

With that background in mind, the WSJ article contains some interesting numbers relative to the optimal level of credit card security.

First, consider the size of the potential dollar size:

But if the chip cards were used in the U.S., fraud losses could be halved, Aite Group estimates. U.S. merchants and banks had 2012 losses of $11.3 billion due to credit-card fraud, or 5 cents on every $100 spent, according to the Nilson Report, a payment-industry newsletter based in Carpinteria, Calif.

So, if that is correct, this obviously means that card issuers would save about $5.65 billion per year from adopting more secure technologies. So there is a strong incentive there to do so. According to the Washington Post, however, the amount saved from adopting more secure payments technologies is only $1.1 billion.

But this doesn’t include a whole bunch of excluded costs, especially the costs to consumers in the time, aggravation, and any out-of-pocket expense of dealing with security breaches and potential follow-on effects such as identity theft.

But there are costs on the other side as well:

A typical large issuer will spend about $1.30 to buy a chip card, compared with 10 cents for a traditional magnetic-stripe card, according to Aite Group.

And according to the article there are ”5.6 billion credit and debit cards in circulation in the U.S., only an estimated 15 million to 20 million are chip cards–issued mainly to people who travel overseas frequently.” So, holding all else constant, this would mean that the card issuers would have to replace some 5.4 billion cards at an increased cost of $1.20 per card for a one-time cost of $6.48 billion. So, in the short-run, this is a one-time $6.48 billion expenditure to save some $5.65 billion per year. And so it seems like it would be recovered in a year and a half. The Post story estimates the cost at $8 billion to switch over.

A Moneo Resto smart card from French group Moneo is shown. The United States will soon adopt pin-and-chip technology used in Canadian and European credit cards, which could have prevented the recent cyberheist that hit New York City and other cities around the world. (ERIC PIERMONT/AFP/Getty Images) Image Source: theepochtimes.com

But according to this article by Bankrate, these the cost to produce and distribute a traditional magnetic card to a customer is “under $2.” By contrast, the “cost to make and distribute a chip card to a customer is between $15 and $20,” according to Andi Coleman, a member of the Accredited Standards Committee X9, “which determines the standards for the financial industry in the U.S.”

So, the numbers vary–a lot. But they are big numbers.

But that’s incomplete as well. First, that’s just the cost of issuing the cards. There is a whole other group of costs of upgrading all the technology to accept the cards. As Bankrate also notes:

And don’t expect retailers to be too eager to pay for a switch either, he says.

“You’re telling the merchant that they have to buy a new machine,” says Abagnale. “They’ve already purchased this one machine for $450. If you’re a Kroger store or a Safeway or someone, and you have thousands of these machines, they’re telling you now to go get a new machine.”

Because U.S. laws put most of the onus for paying for fraud on card issuers rather than retailers, says Abagnale, retailers have little incentive to make the steep investment required to implement the change.

So we are talking about huge network costs on all sides of the equation to transition from traditional magnetic stripe cards to chip and PIN. This isn’t to say that the cost and network effects are insurmountable. But it isn’t easy either.

But there is still another factor to consider–traditionally card issuers have essentially issued their cards for free to customers, in the sense that they do not charge you for actually producing, distributing, and activating the card for you. That makes sense if the cost of the card is relatively trivial (a dime or $2 or however we measure it). But what if the cost is higher, as with chip and PIN? Then it is going to be harder to easily absorb those costs.

Moreover, people often use cards for awhile and then switch or they lose their cards and they need to be physically replaced. According to Federal Reserve data that I summarize in this article, in 2009 16.5% of credit card users discarded their cards and 29% of prepaid card users did so. Customer churn is especially high for prepaid card users, who often use their cards for only a short period or for a specified purpose. Churn is lowest for debit cards, because they are linked to bank accounts. But if the cost of issuing cards increases this will mean that issuers will need to recoup these higher fees in some way or another. In fact, one reason why general-purpose prepaid cards cost more to use than other payment systems is because of the need to recoup these fixed costs across a shorter time period and lower transaction volume. If chip and PIN becomes standard, it would be foreseeable that card issuers will begin charging a fee for card issuance or certainly for replacement cards.

Finally, this whole issue of new technology adoption becomes much more complicated when you move from credit cards to debit and prepaid cards. In particular, although the Durbin Amendment to Dodd-Frank supposedly permits a price allowance for “fraud,” it is unclear whether it would permit recovery for the costs of a recall and reissue of new cards with the technology. As Judge Leon emphasized in his opinion invalidating the Federal Reserve’s cost-recovery rule, the Durbin Amendment ties allowable recovery costs very closely to the cost of particular transactions, and it is not clear to what extent it would permit recovery of increased costs from issuing new cards. Moreover, even if investments in card security are recoverable, they are capped under the Durbin Amendment at one cent per transaction under 12 CFR 235.4(a). Indeed, I argued some time ago that one unintended consequence of the Durbin Amendment became effective that it would likely discourage investments in card security and other features (such as processing speed) by making it more difficult for issuers to recoup those costs.

So in the wake of the Target debacle, there appears to be an emerging belief that merchants and issuers have dragged their feet on increasing card security. In fact, the issue is much more complicated than that and has to do not only with whether the benefits of the transition (in the U.S.) exceed the costs, but also who bears the transitional and going-concern costs. Not to mention a healthy dose of special-interest politics involving the Durbin Amendment.

Image Source: prlog.org

Securus Payments is a leading provider of various payment processing tools, including credit card machines, point-of-sale (POS) systems, and e-Commerce software. Check out the latest and most cost-effective business payment solutions on this website.

REPOST: India’s debit card safety rule boosts sales of payment processing firms

In India, the number of point-of-sale (POS) terminals in the market is growing exponentially every passing year. As of third quarter, there were 965,000 terminals in use across the subcontinent—46 percent higher than the 661,000 devices in March 2012.

Image source: Reuters

Companies that help in processing card payments look set to benefit from rising demand for portable card swipe machines after the Reserve Bank of India adopted new rules to prevent fraud and enhance security.

Merchants in India usually swipe cards through a reader to generate receipts that customers sign, but the new rule, effective Dec. 1, adds another layer of security by making debit card holders enter their personal identification numbers to validate transactions via these machines, also referred to as point-of-sale (POS) terminals.

Businesses such as fuel stations, hotels and restaurants that normally keep their card machines out of the customer’s reach will have to buy the portable, GPRS-enabled devices to offer convenience to clients.

Sunith Menon, India’s managing director for France-based Ingenico S.A., which manufactures such devices and supplies them to various banks, expects revenue to rise by 20 percent as demand for the wireless POS terminals rises after the new RBI mandate.

“We are seeing an increased requirement coming in from banks,” he said, adding that ICICI-First Data, Bank of Baroda and Axis Bank were among those who have placed orders for GPRS-enabled POS terminals.

Of the 20,000 POS terminals sold every month by Ingenico in the country, 10 percent were GPRS-enabled models. Menon now expects such devices to account for a 30 percent share in his near-term sales.

The new PIN mandate would affect more than 350 million debit card holders in the country. A recent study by industry body ASSOCHAM showed that the debit card users, growing at an annual rate of 18 percent, were clocking sales of 69 billion rupees using POS terminals every month.

The number of POS terminals in the market has grown significantly in the recent years. As of the end of September, there were 965,000 terminals in use across the country, 46 percent higher than the 661,000 devices in March 2012, according to data provided by e-payment services provider Worldline India.


Image source: Reuters

Pine Labs India, which counts Starbucks, Future Group and Pantaloon Retail among its clients, has installed about 4,000 GPRS swipe machines since November, higher than the monthly average of 200 to 300. In the next month, the company expects to install another 2,000 such machines.

“Somebody like a premium restaurant chain will never like to call the customer, neither would the customer like to go behind the counter,” said Kush Mehra, vice president of payment solutions at Pine Labs. ”They have become the newest recipients of this technology along with a very large network of fuel stations.”

One of their clients, Speciality Restaurants, which operates brands such as Mainland China and Oh! Calcutta, have placed orders for 50 GPRS machines and plan to buy at least one machine for each of their 74 restaurants in India.

Over the years, Indians have increasingly started using plastic as their payment method. But fraudulent transactions on credit and debit cards have also become common. The central bank earlier this year directed banks to put in place certain security and risk control measures to safeguard customers’ interest.

“It will take a short bit of time for customers to get a little acclimatized with this change … having said that, this is for the benefit for the entire industry,” said Mehra of Pine Labs.

Securus Payments is a company that provides efficient, dependable, and cost-effective payment processing services for small and large businesses. For inquiries, visit this website.

REPOST: Credit cards that promise the lowest prices

Credit card companies are offering a new way to customers to buy items at cheaper prices.  Find out what it is in this article from The Wall Street Journal.

Some call it price protection. Others call it a price rewind. But whatever the name, many credit-card companies—including Discover, Citi and MasterCard MA +0.14%  —are offering to refund consumers the difference in price should they buy an item and then find it cheaper later on.

Discover says it will refund the difference up to $500 if a customer makes a card purchase, then finds the item at a lower price within 90 days.

Citi says it will refund the difference in price up to $250 per item within 30 days of the purchase. And MasterCard says it will also refund up to $250—but within 60 days.Companies say they are offering this perk because it is a draw for consumers. Experts say many consumers already have cards with this feature and don't even realize it.Cardmembers "rarely if ever make claims," says Ben Woolsey, the director of marketing and consumer research for CreditCards.com.

For the card companies, that makes price-matching a relatively low-risk perk, he says. "They're hoping this benefit just increases people's willingness to buy things—without worrying about prices being lower in the near future or at another retailer." Citi, MasterCard and Discover declined to say how many consumers use this perk.

These programs do have a lot of exclusions, says Jelena Ewart, a senior associate at card-comparison site NerdWallet.com. She notes that many popular gift items are typically not covered, including jewelry, art, antiques, motorized vehicles, food and animals and many types of travel.

Image Source: www.wsj.com

In addition, items sold at a business-closeout sale, in very limited quantities (like some door-buster deals) or on online auction sites are also often excluded.

The programs also have monetary limits. The Discover program has an annual limit of $2,500 and both the MasterCard and Citi programs, $1,000.

To fulfill the refund, companies require that cardholders provide proof of their case. The Discover program asks consumers to submit a Discover-card statement showing the entire original purchase price, along with the sales receipt and either a copy of the dated, printed, lower-price ad, or a statement, signed by the store manager on store stationery, documenting the details of the lower price of the identical item. The MasterCard program works in a similar way.

With the Citi program, cardholders must register the purchases they want price-checked on Citi's site, but then the company does that price checking itself.

"There is not a big downside to the programs other than the time it takes to do them," says Eric Adamowsky, the co-founder of card-comparison site Credit Card Insider. Citi's program may be a good option for people who don't want to do their own price-comparison legwork, Ms. Ewart of Nerdwallet.com says.

For those willing to do the research, Discover's program is potentially the most lucrative, since its annual limit is $2,500, vs. $1,000 for Citi and MasterCard. It also has the longest period over which it will honor a price match (90 days).

People thinking about getting a new card with a price-matching feature might want to compare the value of the price match to that of other card perks, like sign-up bonuses. "Some cards have a bonus that's worth the price match," says Ms. Ewart, "and you don't have to jump through as many hoops" to get it.

Securus Payments is the nation's fastest growing payment processing service with specialties in credit card processing, merchant services, merchant cash advance, check processing, and more.  Find out what the company offers in this website.

REPOST: How sick are Europe's banks? Wait and see

Europe's economy has breathed life earlier this year, hinting a possible end of the prolonged recession. However, growth remains very slow, and countries with high lending record in major banks are still at risk of sovereign debt crises.

Eurozone bankers will be flying into Frankfurt shortly to meet with the ECB as part of a year-long health check announced Wednesday.

Image source: CNN

Five years since the collapse of Lehman Brothers, a lack of confidence in Europe's banks is still acting as a brake on the region's tentative recovery.


An ambitious health check announced Wednesday by the European Central Bank is the first serious attempt to tackle the problem, but it won't produce results for at least a year, and could perversely make things worse before they get better.


European leaders agreed in 2012 to give the ECB responsibility for supervising the eurozone's biggest lenders, the first step towards creating a banking union they hope will reduce the risk of future bank failures triggering sovereign debt crises.


Before it begins that task in late 2014, the ECB will review risks and asset quality at 128 banks across 18 countries, including major players such as Deutsche Bank (DB), Santander (SAN) and Unicredit (UNCFF), culminating in a series of stress tests next year.


Eurozone banks have raised 500 billion euros from investors and governments over the past five years, equivalent to about 5% of annual GDP. The ECB will have the power to order banks to raise more cash if deemed necessary by the review.


Analysts said the scope of the tests was more extensive than expected, and European banking stocks fell. Banks in weaker eurozone economies such as Italy and Spain were under most pressure on concern the review will reveal new holes in their finances.


The eurozone emerged from a prolonged recession earlier this year. Yet growth remains anaemic, and lending and investment in some of countries hobbled by uncertainty over how much risk banks are carrying on their books.


Bailouts, austerity, economic reforms and ECB support have prevented the eurozone falling apart but economists believe a return to healthy growth will only happen once the cloud hanging over the banking sector is lifted.


ECB President Mario Draghi said transparency was the primary goal of the review, which will cover 85% of the eurozone's banking assets.


"We expect that this assessment will strengthen private sector confidence in the soundness of euro area banks and in the quality of their balance sheets," he said.


Analysts say the ECB will have to walk a fine line between making the health check tough enough to be credible to investors and depositors, and not so tough it prompts banks to rein in lending even further as the review drags on.


"Some major European banks may still have a reason to grant few new loans and hence incur new risks until sometime in 2015," said Christian Schulz, senior economist at Berenberg bank.


And eurozone governments still have much more work to do if they're to realize their goal of a banking union. There's still no agreement on how to recapitalize weak banks if they're unable to raise enough funds from the private sector, nor on common rules for winding up a failing bank.

Securus Payments offers a range of products and services to help large and small businesses improve their payment acceptance and reduce operational costs of payment processing. For more information, click here.