Mobile payments coming to a phone near you.

Now showing on cell phones — movie tickets, gift cards, coupons and airline tickets.
Retailers and technology companies nationwide are increasingly making commerce mobile, embracing the cell phone as an electronic replacement for paper coupons or plastic gift cards. It’s moving the world ever closer toward the “mobile wallet,” in which most transactions are conducted on wireless phones. more...

Desktop Application PCI Compliance

As PCI rules and regulations get tougher and tougher desktop applications that accept credit card payments are finding it difficult to comply. Lately we have worked with several clients to bring their desktop application up to PCI DSS standards. There are a couple of options to consider when faced with this problem.



Option 1

Rewrite the software in accordance with the PCI DSS rules and regulations. This usually entails going through the cost of an audit, and then making the necessary changes to the software. By the way this will have to be repeated every year. Usually the changes are not minor, but are time consuming, invasive changes, that require manpower and know how to complete.



Option 2

Divorce the credit card payments section of the application and have it use a vendor service. For example gym membership software that has three sections, Payments, Members, and Reports. The Payments tab allows payments to be made for members. This Payments section would actually load an SSL encrypted web page that is already PCI secured. See the screen shot below, the area within the red box is actually a web page embedded into the desktop application.

The best part about this solution is that after the transaction is complete a token is sent back to the desktop application which can be used in place of a credit card number for next time. When the customer needs to make another payment simply send the token (saved in the desktop application) along with the amount.

Since the desktop application no longer stores or transmits credit card data directly PCI scope is greatly reduced, allowing for a easy way to comply. This is a great service that saves software companies large and small a great deal of money and headache. This service should be included (free!) with your credit card processor, if not we can recommend a provider. Fill out the Questions/Comments section on the right.

Amazons PayPhrase

Amazon has introduced a new service called Amazon PayPhrase that lets you the customer use stored payment information without a credit card number. The customer will store the credit card number and shipping address on Amazon's servers. When they are ready to check out all they need to do is provide a pin number and phrase.

Sounds like an interesting take on tokenized payments. It can be done in a similar manner by simply using a payment processor that accepts tokenized payments. It really isn't that difficult and will save you a ton of money when compared to Amazon's high processing fees.

How to Encrypt Credit Card Data the Visa Way

Visa has released a best practices for data encryption to keep cardholder data safe. It should be used along with the existing PCI DSS security standards. If your not going to be using tokenized payments this will help you encrypt sensitive cardholder data in an industry approved fashion.

Visa's best practices are designed to help organizations:

• Limit cleartext availability of cardholder data and sensitive authentication data to the point of encryption and the point of decryption.
• Use robust key management solutions consistent with international and/or regional standards.
• Use key-lengths and cryptographic algorithms consistent with international and/or regional standards.
• Protect devices used to perform cryptographic operations against physical/logical compromises.
• Use an alternate account or transaction identifier for business processes that requires the primary account number to be utilized after authorization, such as processing of recurring payments, customer loyalty programs or fraud management.

Read the entire press release here.

What is the Payment Card Industry Security Standards Council

PCI refers to the Payment Card Industry, this is shortened from Payment Card Industry Security Standards Council. We'll just call it PCI. Visa, MasterCard, Discover, American Express formed the PCI council to protect cardholder data.

The PCI council developed the Payment Card Industry Data Security Standard. This helps organizations that processing credit card transactions to prevent credit card fraud by increased controls over the data. This standard applies to all organizations with hold, process or transmit cardholder data.

To be in compliance the merchant must have annual compliance reviews. Reviews can be done internally or externally depending on the volume of credit card transactions. Larger volume merchants will have an independent assessor or a Qualified Security Assessor do the review. Smaller ones can use the Self Assessment Questionnaire.

There are ways to remove or lower your PCI compliance level.

• Accept eCheck only
• Use tokenization instead of credit card numbers
• Use your providers web payment page

Merchants should already be accepting eChecks just for the cost savings, but it also removes the need for PCI compliance. Tokenizaton turns credit card numbers into a token that is useless to hackers. Finally using your solution providers web payment page will have the credit card information entered on their PCI complaint site, not yours.

If you have more questions about becoming PCI compliant use the contact us form on the right.

Sick and Tired of Paying High Credit Card Fees?

There are a lot of advantages to accepting eChecks or ACH transactions. The most important is cost. You'll save money because there is a simple per transaction fee applied. Unlike credit cards where you have the per transaction, and a percentage of the transaction as a fee.

There are many ways to increase loyalty with the money saved by accepting ACH as compared to credit cards. Some companies pass this savings along to their customers directly by offering a small discount when paying by check. Others use the money to develop frequent buyer programs, etc.

There are other things to note when accepting ACH transactions.

• Already integrated into most shopping carts.
• If you can't find a shopping cart, it is easy to develop custom applications.
• Reduction of administration costs.
• Clerical account reconciliation costs reduced.
• Improve relationships with your customers.
• eChecks eliminate the overhead of processing checks manually.
• Accelerated availability of funds directly into your account.
• Elimination of stop payment charges and check reissue costs.
• Reduced remittance processing costs
• Reduction of bank service charges.
• Better cash management forecasting.

Do an audit of your current merchant statement and see how much you could save. If your doing many transactions the savings could be significant.

The Man Who Stole 130M Credit Cards

Credit card theft on a massive scale. Please do not store your customers credit cards have your provider do it for you. Here is a recent news item out the man who stole 40 million credit card records.

"After his first arrest he bought his freedom from the Secret Service by becoming a confidential informant. Later he was charged with stealing 40 million credit-card records, and his latest caper pushed that number up to 130 million. He's 28, has a high-school education, and his motto is "operation get rich or die tryin' ". And he's your worst nightmare. more..."