Paynetsecure Blog

Okay, get your mind back on track here.  We’re talking about front and back ends in payment processing.

Certainly not as interesting as your original thoughts, I’m sure.

These terms are tossed about by merchant account providers.  If you want to impress, mention them yourself.  If you want to embarrass, ask a new merchant account representative what the front and back ends are.

Front-Ends.  The processing network aka platform that the credit card terminal communicates with for authorizations and capture of transactions. Common front ends are Paymentech, Global, and Vital.

Back-Ends.  Grabs the captured transactions, runs them through the interchange system and generates an ACH file for merchant settlement. Back ends also handle chargebacks retrieval requests, and monthly statements provided to the merchant.  In some instances, like Vital and Global Payments, a front-end also owns a back-end network. In other instances, front-ends require a separate back-end.  For example, a Paymentech front-end with the FNBO back-end.

For more information, see paynetsecure

In the expanding world of ecommerce credit card fraud, here’s an interesting scam.

You might have seen sites offering gift cards for a discount.  You probably figured it was way for folks to pocket some money by simply by selling a gift card they did not want.  Sounds innocent, right?

Instead, a cybercriminal using stolen credit card information, buys a gift card.  The gift card is then sold through a gift card site, auction sites, Craig’s List or other sites.

As a result, the cybercriminal has successfully launders or fences the stolen money, which was in the form of the stolen credit card information.

Billions of dollars of gift cards are sold every year.  Gift cards outsold regular merchandise during last year’s Christmas season.  Gift cards are a perfect vehicle for laundering money because the cards are anonymous and are not traceable to a particular person.

Certainly there are some gift cards that are legitimately resold.  But lots of the resold cards represent quick cash for internet criminals who move quickly from victim to victim and escape with no trail into cyberspace.

For more information on payment processing security, go to paynetsecure

Everyone has read about the rise in cross border payments.  And the growth is real.  Yet, international payments usually make up less than 2% of a country’s total transaction volume.  Banks in most countries have long focused on the immediate and largest market, which are payments inside national borders.

A bank must decide how much money to put into developing international payment options.  At what point is it worthwhile to bear the cost?  Or does it make more sense simply to outsource the function?

Adding international options is technically challenging.  Is really worth the time and effort to process what are, in essence, a small number of transactions compared with the total transaction processing volume?

There are other obstacles standing in the way that make smooth international payments challenging.  For instance, a bank in one country cannot clear ACH transactions in other countries.  Therefore, banks need to have banking partners in different countries.  Each link in the chain must understand the differences between world banking systems

For instance:

1. When should payment be released so it is received on the desired date?
2. What are the country currency holidays?
3. Is there time to settle the FX transaction to eliminate risk?
4. Are the payments compliant with international regulations?  For instance, sanctions from the US Treasury or other regulators.
5. How are FX currency conversions to be handled?  Does the bank have a trading desk and skilled personnel to handle the transactions?

Does every company have to comply with PCI DSS security regulations which protect cardholder information?

You bet they do.

Any merchant or payment provider which stores, processes, and/or transmits cardholder data must be PCI DSS compliant.  Regardless of how big or small the company is or the number or volume of payment processed.  No payment or cardholder information can be retained by merchants unless incredibly strict compliance is achieved and maintained.

But wait, there’s more.

PCI security requirements apply to more than cardholder information in a digital form.  Companies also must get rid of printed material that contains payment or cardholder information.  Disposal must be done in a responsible way which includes complete shredding of documents.

Entities that handle payment card transactions are categorized into 4 distinct levels.  The levels determine the validation processes that must be performed and maintained to ensure compliance.

• Level 1: Merchants with more than 6 million card transactions.  Merchants which have had cardholder data compromised, regardless of size of merchant, are also included in Level 1.
• Level 2: Merchants with card transactions between 1 and 6 million
• Level 3: Merchants with card transaction between 20,000 and 1 million
• Level 4: All other merchants

For more information about PCI security in a payment gateway go to paynetsecure

Most internet merchants are now requiring consumers to enter the three or four digit number on the back of the credit card as part of the checkout process.  The three digit code is known by several names:  Card Verification Value (CVV); Card Validation Code (CVC); and Card ID (CID).

The theory is that the cardholder must physically have the card in hand in order to know what the code is.  Therefore, the risk of fraud is reduced.

Remember, though, that fraudsters can acquire the numbers as well.  For instance, a hacker can break into a database where credit card information is stored.  The credit card information, including the code, is stolen.

AVS and code verification are a simple method of fraud protection.  Yet, both can easily be compromised by a savvy fraudster.  By all means, merchants ought to use both.  But, realize that used alone, AVS and codes will not protect you.  Combine them with a sophisticated fraud prevention program from your payment gateway provider for added protection.

Contactless card payments have been touted as the next big opportunity in payment processing.  With a contactless card, a consumer simply waves a card at a reader rather than swiping the card.  The best applications for contactless payments are high volume, relatively low ticket environments such as fast food restaurants.  In these situations, every second saved moves the line along faster and result in more potential sales.

Will consumers embrace the new technology?  It’s certainly been slow to catch on.  Most consumers still fear that personal data can be captured more easily with a contactless reader rather than a swipe machine.   Although the fear may be an overreaction, ID theft is still a big problem in the US with 8 million new cases of comprised identify data every year.

It’s a slow upward battle for bank agents selling contactless payments.  The technology seems to make sense but convincing merchants to buy is another story.  The extra few seconds saved at point of sale is not a big deal to most merchants.  In fact, some prefer to have the buyer spend some time at checkout because it is a good place to sell additional impulse items.

New technology is always fun and exciting.  But there must be a compelling business case to capture the attention of most business owners.  Contactless payments may be a nice to have item but not a have to have item in the mind of most merchants.

Put contactless card technology in your sales kit.  You’ll sell some occasionally.  But don’t expect it to add much money to your bottom line.

Here’s more information about payment processing.

Ah, chargebacks.  The bane of any merchant accepting credit cards.

How can a merchant cope?

Here are 5 quick tips that every high risk merchant account can immediately implement.

1. Use address verification.  Internet payment gateways, whether integrated directly through a website or used for manual order entry, have fields for addresses.  Fill them in.
2. Get the 3 digit security code on the back of the credit card.  Also called the CVV code, CVV adds and extra level of ecommerce merchant security.  As an added benefit, CVV helps avoid the transaction downgrading into a higher interchange category.
3. Make sure credits or returns are made to the same card that was originally used for the purchase.
4. Batch all sales daily.
5. When a retrieval request is received, answer it immediately and provide the requested documentation to the bank.  A surprising number of chargebacks could be avoided if the merchants answer retrieval requests in a timely manner.

Everyone knows that when buying online, an ecommerce merchant asks for a billing address.  In the merchant processing world, this is called address verification service (AVS).  AVS is a method used to determine whether or not the purchase is legitimate.

It makes financial sense for a merchant to use AVS.  Without AVS, the merchant is surcharged on credit card transaction fees.  The banks consider lack of AVS an additional risk.

If there is no AVS match, the merchant can decide what to do.  For a large ticket order, the merchant may find it is worthwhile to make a call or contact the consumer and ask for alternative proof of identity.

For smaller ticket purchases, the merchant may decide not to get additional information and simply allow the transaction to be completed.  The merchant may decide that the cost of verifying an order by phone does not justify the amount of the purchase.

AVS has limitations.  It works only with US addresses, not internationally.  Even in the US the system is not always reliable.  For example, there may not be an AVS match because the consumer has moved and did not report a change of address to the issuing bank.  Or the consumer may simply make a mistake in entering a street number or zip code.

AVS should be used in conjunction with other fraud protection protocols offered on a payment gateway.  The goal for any ecommerce merchant is to get as many orders as possible with the least risk.