Security Archives - B2B Payment Gateway | Level 3 Data

Just weeks after Target revealed its security systems were breached, the upscale department store Neiman Marcus confirms thieves have stolen their customer’s credit and debit card information during the holiday season.

Ginger Reeder, a Neiman Marcus spokesperson, confirmed that the retailer had been notified as early as mid-December of suspicious activity. Their credit card processor stated fraudulent charges have actively been occurring following customer purchases. A forensics firm conducted further research on January 1st and confirmed that Neiman Marcus was the victim of cyber security intrusion resulting in their customer’s credit and debit card information being compromised. Neiman_Marcus_breach

Reeder is now working with the Secret Service Neiman_Marcus_breach to amend the issue but stopped short of stating just how many consumers were affected. Although the numbers were not released, she has stated that the customers affected are being contacted.

“We have begun to contain the intrusion and have taken significant steps to further enhance information security,” Reeder said in an email. “The security of our customer’s information is always a priority and we sincerely regret any inconvenience.”

Neiman Marcus is just one example of the dwindling security around credit card information in the US for the past 10 years. Target’s breach last month has been estimated to affect around 40 million of their consumers resulting in the theft of credit and debit card information along with addresses, names, and security codes.

The ongoing investigation has also shown that as many as 70 million customers using Target’s customer service line and online store had their information, including phone numbers and emails, stolen as well. Reports show that some of these numbers intertwined. If these numbers are correct, Target’s breach would be the largest in US history, surpassing TJX’s breach of 90 million in 2007.

How this can been avoided in the future.

The highly anticipated EMV Smartcard, which secures data in an embedded chip, could be the answer to retail credit card theft in the US. Most of the cards in US circulation right now use a magnetic strip to hold consumer data, an outdated technology that has made the US a top target for cyber criminals around the world. The EMV Smartcard has already been widely adopted in most of Europe and could’ve easily stopped Neiman Marcus or Target’s retail breach. The EMV Smartcard is anticipated to be in full circulation in the US by late 2015.

How do these retail breaches relate to B2B Payments?

Although the EMV Smartcard may fix face to face transactions, the issue of online or MOTO (mail order/telephone order) fraud would still remain, which is typically how business to business transactions are done. This is why it’s extremely important for companies accepting B2B Payments to consider the lesser known concept of level 2 data & level 3 data.

The advantage of Level 2 and level 3 credit card processing is that it makes committing fraud extremely more difficult for criminals and it decreases the cost to accept a business, corporate or government purchasing card by as much as 39%.

The idea behind this concept is simple, the more information provided, the lower the chances are for fraud. This due diligence is rewarded by Visa and MasterCard through a significant discount on the interchange rates and fees associated with accepting a credit card.

Any business that is serious about protecting itself and its customers from fraud should use a B2B payment gateway that is level 3 data capable. It will give business owners peace of mind knowing they are accepting payments in the most secure methods available in addition to paying the lowest processing fees allowed by Visa & Mastercard.

The US is slacking in credit card data security.

Because of a malware attack on Target’s computer systems, over 40 million customers now have their credit card numbers, expiration dates, and security codes floating around on the internet’s black market. This has not been the first case of a mass security breach of a large retailer.

In July of 2005, T.J. MAX had a breach that resulted in data stolen from at least 47 million of their customers. These instances of mass theft should serve as a wakeup call for the US to increase the security of credit and debit cards. target_data_security

Instead of the widely adopted ‘smart card’ that carries data in an embedded chip, Credit Card Data Security the US still uses the less secure, magnetic strip. Smart card technology isn’t new. In fact, the majority Europe uses smart card technology, and has been doing so for the past decade. The embedded chip allows for more data encryption and could’ve easily stopped Target’s breach. With more and more countries adopting smart card technology, the US has become a top target.

Credit card information can be very lucrative on the black market. The credit card number alone might sell for a dollar or less. However, like in the recent Target case, having the name, number, expiration dates, and security codes can sell for $10 or more. Multiply that by 40 million, and it’s easy to see why this type of theft isn’t going away.

This is exactly why understanding the concept of level 2 or level 3 credit card processing is so important. The requirement for additional data is much deeper and makes it nearly impossible for a thief to commit fraud. This is mostly true for business to business and business to government companies who tend to key in customer purchasing or procurement credit card numbers.

Including these data points with a transaction significantly increases the security of a payment and in turn that due diligence is rewarded with much lower interchange rates and credit card processing fees.

Over 80 counties now use smart card technology and it’s easy to see why it’s been embraced so well. It’s much easier to steal information of a magnetic strip than it is an encrypted chip. As a result, the US has been a huge target for hackers.

So why hasn’t the US done something?

The answer is a bit complicated. To start, these type of cards do exist in the US, there’s just not a lot of them. Credit Card issuers might give them to traveling clients because very little places abroad still use magnetic strips. Still, only about 1% of cards in the US have this type of technology.

Lack of political push for greater security measures is a big reason why smart cards have not been embraced. Businesses need more regulation and if there’s no push for it things are likely to remain stagnant.

Another reason is the sheer scale of the transition. Credit card issuers, banks, merchants, and consumers would all have to make the switch to smart cards from the existing 1 billion magnetic strip cards in circulation. Making such a huge scale transition would be extremely expensive and is unlikely to happen without some sort of government reform.

The good news is that it does look like the US is slowly moving towards smart cards. Many credit card issuers have publicly stated that they plan on making the transition by late 2015. By October 2015, if a merchant or acquirer’s equipment does not support smart cards, otherwise known as EMV cards, they will be liable for any instances of counterfeit fraud instead of the issuers.

What can I do to increase security?

Merchants looking to swipe cards should ask if their machine is EMV compatible. For those Merchants doing business to business and business to government transactions you need to make sure you are setup properly with level 2 and level 3 credit card processing capabilities. It’s going to protect your business and significantly decrease the fees you pay to accept cards.

How another recent credit card data breach at Neiman Marcus applies to B2B payments

Target’s Data Breach Indicates Level 2 and Level 3 Credit Card Processing Can be Critical to Your Business.