REPOST: How to Safeguard Online Shopping Transactions

Security issues needn't interfere with accepting credit cards in online transactions. Riva Richmond of Entrepreneur.com discusses the ways that businesses can improve their online security.

Image source: Entrepreneur.com

Security should be a top priority for every online entrepreneur with a shopping cart or an e-commerce ambition.

Giving shoppers confidence that their credit-card information and personal details will be safe in your hands can make them more apt to make a purchase and become a regular customer. Conversely, shoppers’ deep-seated worries about fraud mean that if you give them reason for concern, they could back out of a purchase and stay away for good.

Security precautions also can save you money -- and maybe even preserve your business. The costs of a hack can be steep if credit-card information is stolen and you are at fault. Not only could you face huge clean-up expenses, angry customers and scary lawsuits, you also would likely face the wrath of the credit-card companies, which require merchants to abide by what’s known as the Payment Card Industry (PCI) Data Security Standard. The card companies could fine you, force you to undergo expensive security audits or even bar you from accepting any plastic.

To both instill customer confidence and avoid the horrors of a data breach, experts say a locked down shopping cart system is essential. What’s more, that system should not store any cardholder data. Hacks of these complex software programs are common, and you are a target even if you’re tiny. For example, more than 80 percent of card data compromises investigated by Visa affect merchants that process fewer than 20,000 transactions a year.

"Secure shopping-cart systems are essential for maintaining the integrity of the payment process," says Ella Nevill, a spokeswoman for the PCI Security Standards Council, an organization formed by the five top credit card companies to develop the standards and educate the public about them. "Our mantra is, if you don’t need it, don’t store it. Small merchants should ensure that they or their service provider protect themselves and their customers by using software that does not store cardholder data or jeopardize their PCI security efforts."

Merchants who are not large enough to have their own technology staffs typically use "hosted" shopping carts, which offer built-in security, technical support, and automatic, free software updates and upgrades.

"They are easy to manage, so they are good for entry-level stores," says Kerry Watson, an author of books on e-commerce software.

There are hundreds of such managed service providers that can help you start using a shopping cart in which they, not you, take responsibility for security. Services popular with small businesses include Volusion, BigCommerce and Shopify, Watson says. Prices can range from $20 to several hundred dollars a month, depending on the volume of business you do.

When selecting a company, weigh security features carefully. The provider should not store any sensitive cardholder data and should provide defenses against hacker attacks and encryption of sensitive data as it travels across the Internet to your site and the credit-card payment processor.

If you have large numbers of items for sale and need more control and customization than a hosted service can offer, you may want to use licensed proprietary software or open-source software to set up your own cart. Some popular makers include OpenCart, CubeCart, xt:Commerce and OXID eSales, but there are many others. Prices can be as low as zero for open-source software or reach into the hundreds and beyond, Watson says. You will also need a technology staff or a service plan to handle the maintenance and security of your system.

Whatever type of shopping cart you use, it’s wise to retain a third-party credit-card processor, rather than handle sensitive card data yourself. This means that when customers make purchases, they will temporarily leave your website and enter their card information on the processor’s site. Then they will return to your site to finish their transaction.

If you don’t have a crackerjack tech staff, "the best thing is to let somebody else process your credit-card transactions for you," says Edward S. Ferrara, a security and risk analyst at Forrester Research. Then, "you don’t have to be an IT professional -- you can just be a merchant."

Many small e-tailers use services from Amazon, PayPal and Google Checkout to handle their transactions. Other services popular with small companies include CRE Secure, 2Checkout.com and Skrill Holdings, formerly known as Moneybookers.

If you want to process credit cards yourself, be prepared to spend significant amounts of time and money to jump through numerous PCI-standards hoops and maintain dedicated server equipment.

Whichever approach you take, make sure the software and services you use have been validated as PCI compliant and ask for evidence annually that they remain so.

"There’s no one-size-fits-all approach here," Nevill says. "The most important thing is to be aware of the risks to cardholder data and to ask the right questions of your vendor or service provider."

After all, your business could depend on it.
  
For more on how secure transaction processing can help your business, visit the Securus Payments website. 

A POS on your tablet? Possible.

Tap-and-swipe inventory seems to be the "in" thing these days.

Image Source: ipadenclosures.com

Not too long ago, computer terminals with automatic point of sale (POS) systems replaced "ka-ching"-ing cash registers in store kiosks. Now, cafés and other shops record checkouts and monitor cash flows with just a tap on sleek, portable iPads and other tablets.

Brick and mortar businesses may now choose from a wide range of apps and specialized devices that combine the efficiency of seamless, real-time inventory tracking and mobility.

 

Image Source: pointofsale.com

It pays to do research. Getting in touch with payment system services like Securus Payments expands the search and narrows it down to the best options among mobile and wireless POS systems.

Meanwhile, all over the App Store are cloud-based POS applications that offer real-time inventory reports, accessibility online and offline, and processors for credit cards and PayPal. Virus protection is way better than Windows-based POS systems.

Most of them, like ShopKeep POS, also boast a sleek, user-friendly and customizable interface, which employees can be easily taught to handle, and leave customers impressed.

Image Source: ipadenclosures.com

And the price? These multitasking apps like ShopKeep charge at least $50 a month per register, plus a 30-day free trial.

Recently, Amazon.com revealed it is joining the mobile POS bandwagon by announcing its plans to offer Kindle tablets that can do checkout, credit card scanning, inventory, and even website development for e-commerce.

Similar apps like the TabShop can also be found on Google Play. Having mostly the same features and a host of new ones like QR code scanning using the tablet's camera, these apps can be downloaded free.

Securus Payments is an Oregon-based provider of POS solutions for businesses big and small. Visit this website for information on products and services.

Sales experience: Simple ways to increase online sales

These days, more people are buying online. While the previous decade has stigmatized online purchases with the many instances of identity theft, online shopping has had a remarkable, non-nefarious rebirth. In fact, predictions all over the world are seeing nothing but a brighter future for online shopping, with an added emphasis on today’s vast advances in the field of mobile technology.

Image Source: ecampus.boisestate.edu

That said, it is more important than ever to ride this growing e-commerce wave, either by setting up an online component to your business, or by improving your present online portal to make it more attractive to customers and more competitive against other businesses with similar products and services.

Stumped how? Here are a few simple, yet overwhelmingly effective ways to get the ball e-rolling:

Get only what you pay for – These days, widgets, feeds, and trackers of every sort are available for your online business for free. However, these free services can get pretty clunky at times, which may reduce traffic and engagement at your business during critical periods. The following are a few things you may think twice about scrimping on: graphic design, hosting, and project management.

Make sure you are found – One acronym is all you need to understand: SEO. With the right number of tags and keywords scattered all over your business site, traffic will arrive organically—that is, without all the forced methods some websites use nowadays, just to create fake traffic (misleading backlinks, hidden code, pop-ups, etc.).

Image Source: jrswab.com

Go mobile, too – This 2014, mobile use is predicted to cover around a fourth of total Internet usage. Take advantage of this by having a website that is friendly to mobile surfers as well.
 

Image Source: primeconcepts.com

Securus Payments is a trusted provider of payment systems among businesses. Visit this page for more information about online business optimization.

REPOST: The economics of credit card security

How are credit cards made? In the following article from The Washington Post, Todd Zywicki discusses the cost of the credit card system and explains why the US has not yet switched from traditional and less secure magnetic stripe cards to the chip-and-PIN versions.

(Stockbyte, Getty Images) Image Source: usatoday.com

The WSJ has an interesting article today on the Target credit card security breach. As the article notes, the US card system is less secure than elsewhere in the world, most notably Europe, which has a “chip and PIN” system, which has a computer chip embedded in the card and requires the purchaser to insert a PIN as well to make a transaction. The Target security breach has led many to wonder–and implicitly the WSJ–why the US has lagged on adopting this more secure technology.

Well it turns out that the economics of credit card security is more complicated than it appears at first glance. But first, an important thing to keep in mind: historically the United States has been a high-trust, low-fraud country when it comes to payment card usage. For example, the conventional practice of handing over your credit card (or debit card) to a waiter in a restaurant and having him disappear into a back room with it is something that must strike people in other countries as somewhat bizarre. Nevertheless, we do it all the time and rarely does anything go wrong in this process. So, this makes a difference–in a high-trust, low-fraud country it generally is not necessary to invest in as elaborate security protections as elsewhere. As an analogy, consider that in the U.S. very few restaurants, stores, or hotels routinely post visible armed guards at their front door, whereas this precaution is not uncommon in other countries.

With that background in mind, the WSJ article contains some interesting numbers relative to the optimal level of credit card security.

First, consider the size of the potential dollar size:

But if the chip cards were used in the U.S., fraud losses could be halved, Aite Group estimates. U.S. merchants and banks had 2012 losses of $11.3 billion due to credit-card fraud, or 5 cents on every $100 spent, according to the Nilson Report, a payment-industry newsletter based in Carpinteria, Calif.

So, if that is correct, this obviously means that card issuers would save about $5.65 billion per year from adopting more secure technologies. So there is a strong incentive there to do so. According to the Washington Post, however, the amount saved from adopting more secure payments technologies is only $1.1 billion.

But this doesn’t include a whole bunch of excluded costs, especially the costs to consumers in the time, aggravation, and any out-of-pocket expense of dealing with security breaches and potential follow-on effects such as identity theft.

But there are costs on the other side as well:

A typical large issuer will spend about $1.30 to buy a chip card, compared with 10 cents for a traditional magnetic-stripe card, according to Aite Group.

And according to the article there are ”5.6 billion credit and debit cards in circulation in the U.S., only an estimated 15 million to 20 million are chip cards–issued mainly to people who travel overseas frequently.” So, holding all else constant, this would mean that the card issuers would have to replace some 5.4 billion cards at an increased cost of $1.20 per card for a one-time cost of $6.48 billion. So, in the short-run, this is a one-time $6.48 billion expenditure to save some $5.65 billion per year. And so it seems like it would be recovered in a year and a half. The Post story estimates the cost at $8 billion to switch over.

A Moneo Resto smart card from French group Moneo is shown. The United States will soon adopt pin-and-chip technology used in Canadian and European credit cards, which could have prevented the recent cyberheist that hit New York City and other cities around the world. (ERIC PIERMONT/AFP/Getty Images) Image Source: theepochtimes.com

But according to this article by Bankrate, these the cost to produce and distribute a traditional magnetic card to a customer is “under $2.” By contrast, the “cost to make and distribute a chip card to a customer is between $15 and $20,” according to Andi Coleman, a member of the Accredited Standards Committee X9, “which determines the standards for the financial industry in the U.S.”

So, the numbers vary–a lot. But they are big numbers.

But that’s incomplete as well. First, that’s just the cost of issuing the cards. There is a whole other group of costs of upgrading all the technology to accept the cards. As Bankrate also notes:

And don’t expect retailers to be too eager to pay for a switch either, he says.

“You’re telling the merchant that they have to buy a new machine,” says Abagnale. “They’ve already purchased this one machine for $450. If you’re a Kroger store or a Safeway or someone, and you have thousands of these machines, they’re telling you now to go get a new machine.”

Because U.S. laws put most of the onus for paying for fraud on card issuers rather than retailers, says Abagnale, retailers have little incentive to make the steep investment required to implement the change.

So we are talking about huge network costs on all sides of the equation to transition from traditional magnetic stripe cards to chip and PIN. This isn’t to say that the cost and network effects are insurmountable. But it isn’t easy either.

But there is still another factor to consider–traditionally card issuers have essentially issued their cards for free to customers, in the sense that they do not charge you for actually producing, distributing, and activating the card for you. That makes sense if the cost of the card is relatively trivial (a dime or $2 or however we measure it). But what if the cost is higher, as with chip and PIN? Then it is going to be harder to easily absorb those costs.

Moreover, people often use cards for awhile and then switch or they lose their cards and they need to be physically replaced. According to Federal Reserve data that I summarize in this article, in 2009 16.5% of credit card users discarded their cards and 29% of prepaid card users did so. Customer churn is especially high for prepaid card users, who often use their cards for only a short period or for a specified purpose. Churn is lowest for debit cards, because they are linked to bank accounts. But if the cost of issuing cards increases this will mean that issuers will need to recoup these higher fees in some way or another. In fact, one reason why general-purpose prepaid cards cost more to use than other payment systems is because of the need to recoup these fixed costs across a shorter time period and lower transaction volume. If chip and PIN becomes standard, it would be foreseeable that card issuers will begin charging a fee for card issuance or certainly for replacement cards.

Finally, this whole issue of new technology adoption becomes much more complicated when you move from credit cards to debit and prepaid cards. In particular, although the Durbin Amendment to Dodd-Frank supposedly permits a price allowance for “fraud,” it is unclear whether it would permit recovery for the costs of a recall and reissue of new cards with the technology. As Judge Leon emphasized in his opinion invalidating the Federal Reserve’s cost-recovery rule, the Durbin Amendment ties allowable recovery costs very closely to the cost of particular transactions, and it is not clear to what extent it would permit recovery of increased costs from issuing new cards. Moreover, even if investments in card security are recoverable, they are capped under the Durbin Amendment at one cent per transaction under 12 CFR 235.4(a). Indeed, I argued some time ago that one unintended consequence of the Durbin Amendment became effective that it would likely discourage investments in card security and other features (such as processing speed) by making it more difficult for issuers to recoup those costs.

So in the wake of the Target debacle, there appears to be an emerging belief that merchants and issuers have dragged their feet on increasing card security. In fact, the issue is much more complicated than that and has to do not only with whether the benefits of the transition (in the U.S.) exceed the costs, but also who bears the transitional and going-concern costs. Not to mention a healthy dose of special-interest politics involving the Durbin Amendment.

Image Source: prlog.org

Securus Payments is a leading provider of various payment processing tools, including credit card machines, point-of-sale (POS) systems, and e-Commerce software. Check out the latest and most cost-effective business payment solutions on this website.