How another recent credit card data breach at Neiman Marcus applies to B2B payments

Just weeks after Target revealed its security systems were breached, the upscale department store Neiman Marcus confirms thieves have stolen their customer’s credit and debit card information during the holiday season.

Ginger Reeder, a Neiman Marcus spokesperson, confirmed that the retailer had been notified as early as mid-December of suspicious activity. Their credit card processor stated fraudulent charges have actively been occurring following customer purchases. A forensics firm conducted further research on January 1st and confirmed that Neiman Marcus was the victim of cyber security intrusion resulting in their customer’s credit and debit card information being compromised. Neiman_Marcus_breach

Reeder is now working with the Secret ServiceNeiman_Marcus_breach to amend the issue but stopped short of stating just how many consumers were affected. Although the numbers were not released, she has stated that the customers affected are being contacted.

“We have begun to contain the intrusion and have taken significant steps to further enhance information security,” Reeder said in an email. “The security of our customer’s information is always a priority and we sincerely regret any inconvenience.”

Neiman Marcus is just one example of the dwindling security around credit card information in the US for the past 10 years. Target’s breach last month has been estimated to affect around 40 million of their consumers resulting in the theft of credit and debit card information along with addresses, names, and security codes.

The ongoing investigation has also shown that as many as 70 million customers using Target’s customer service line and online store had their information, including phone numbers and emails, stolen as well. Reports show that some of these numbers intertwined. If these numbers are correct, Target’s breach would be the largest in US history, surpassing TJX’s breach of 90 million in 2007.

How this can been avoided in the future.

The highly anticipated EMV Smartcard, which secures data in an embedded chip, could be the answer to retail credit card theft in the US. Most of the cards in US circulation right now use a magnetic strip to hold consumer data, an outdated technology that has made the US a top target for cyber criminals around the world. The EMV Smartcard has already been widely adopted in most of Europe and could’ve easily stopped Neiman Marcus or Target’s retail breach. The EMV Smartcard is anticipated to be in full circulation in the US by late 2015.

How do these retail breaches relate to B2B Payments?

Although the EMV Smartcard may fix face to face transactions, the issue of online or MOTO (mail order/telephone order) fraud would still remain, which is typically how business to business transactions are done. This is why it’s extremely important for companies accepting B2B Payments to consider the lesser known concept of level 2 data & level 3 data.

The advantage of Level 2 and level 3 credit card processing is that it makes committing fraud extremely more difficult for criminals and it decreases the cost to accept a business, corporate or government purchasing card by as much as 39%.

The idea behind this concept is simple, the more information provided, the lower the chances are for fraud. This due diligence is rewarded by Visa and MasterCard through a significant discount on the interchange rates and fees associated with accepting a credit card.

Any business that is serious about protecting itself and its customers from fraud should use a B2B payment gateway that is level 3 data capable. It will give business owners peace of mind knowing they are accepting payments in the most secure methods available in addition to paying the lowest processing fees allowed by Visa & Mastercard.

Get a free demo of level 2 and level 3 data capable payment processing software today

5 New Payment Technology Trends to Look Out For in 2014

2014 looks like a promising year in payment technology. There have been several new technologies introduced that will change the way the average consumer makes day-to-day purchases. Some might be fads that will come and go, but there are some payment technologies on the horizon that look quite promising.

New Payment Processing Technologies

1. EMV Smart Cards

First, look out for a rapid increase in EMV smart cards in 2014. Many major credit card companies have already announced that they will fully switch to EMV smart cards by late 2015. EMV smart cards will replace the outdated magnetic strip cards that consumers in the USA use daily. These new type of cards will provide more security with an encrypted chip embedded inside the card that stores all the payment information. Hopefully the transition will significantly cut down on data theft and identity fraud when a consumer swipes their card at a POS system. Most European countries have already adopted EMV technology so expect 2014 to be the year of EMV in the US.

2. Coin

Another promising payment trend that will make a lot of headway in 2014 will be Coin. Coin is a credit card sized device that stores all of your credit card, debit card, and gift card information allowing you to swap from card to card whenever you want. Their “one card to rule them all” motto seems to be catching on very quickly. They launched a pre-order campaign in November of last year and reached their $50,000 goal in just 40 minutes. The device is just as thin as a regular credit card and can hold up to 8 credit cards making it perfect for anyone with a cluttered wallet. Coin can even connect to your iOS device via Bluetooth.

3. Mobile Payment Technologies

Mobile payment technologies gained a lot of traction in 2013 and will only get bigger in 2014. Google Wallet and LevelUp have already became very popular and now other merchant service providers are trying to catch up. For example, PayPal introduced their own mobile wallet payment platform earlier this month, and many companies are following suit. Retailers are taking note too. In fact, companies like 7-11, Best Buy, CVS, Gap, K Mart, and many more have announced they will offer mobile payment solutions for their stores by late 2014. Whether it’s NFC or QR codes, mobile payments are not going away and expect to see a dramatic increase in contactless POS systems in 2014.

4. Bitcoin

Although the Bitcoin market has been less than stable, it’s not stopping major retailers from hopping on board. Even with Bitcoin losing half of its value in November, major retailers like Overstock.com have announced they will accept Bitcoin by the 2nd half of 2014. Overstock isn’t alone. Other companies like Virgin Galactic, Baidu, Zynga, and more have all announced they will accept Bitcoin this year. Although the currency is extremely new, expect to see a lot more companies jump on board, especially if it proves to be lucrative for the early adopters. Whether Bitcoin succeeds or fails remains to be seen, but at the rate it’s going now, more and more retailers will be testing the waters.

5. B2B Payment Gateways

Merchants that do a good amount of business to business and government contracting are using payment gateways tailored specifically for their business type. This is mostly due to the fact that they need a technology that enables them the ability to process level 2 & level 3 data. These data points not only create a more secure transaction but offer the merchant the opportunity to save up to 39% on their credit card processing fees. There are many level 2 data capable payment gateways out there however there are only a few that offer both level 2 & level 3 data capabilities. This is extremely important to those merchants who work with government agencies the require vendors to process level 3 data or merchants who simply want to experiences the deepest savings available.

Get a free demo of level 2 and level 3 data capable payment processing software today

Target’s Data Breach Indicates Level 2 and Level 3 Credit Card Processing Can be Critical to Your Business.

The US is slacking in credit card data security.

Because of a malware attack on Target’s computer systems, over 40 million customers now have their credit card numbers, expiration dates, and security codes floating around on the internet’s black market. This has not been the first case of a mass security breach of a large retailer.

In July of 2005, T.J. MAX had a breach that resulted in data stolen from at least 47 million of their customers. These instances of mass theft should serve as a wakeup call for the US to increase the security of credit and debit cards. target_data_security

Instead of the widely adopted ‘smart card’ that carries data in an embedded chip,Credit Card Data Security the US still uses the less secure, magnetic strip. Smart card technology isn’t new. In fact, the majority Europe uses smart card technology, and has been doing so for the past decade. The embedded chip allows for more data encryption and could’ve easily stopped Target’s breach. With more and more countries adopting smart card technology, the US has become a top target.

Credit card information can be very lucrative on the black market. The credit card number alone might sell for a dollar or less. However, like in the recent Target case, having the name, number, expiration dates, and security codes can sell for $10 or more. Multiply that by 40 million, and it’s easy to see why this type of theft isn’t going away.

This is exactly why understanding the concept of level 2 or level 3 credit card processing is so important. The requirement for additional data is much deeper and makes it nearly impossible for a thief to commit fraud. This is mostly true for business to business and business to government companies who tend to key in customer purchasing or procurement credit card numbers.

Including these data points with a transaction significantly increases the security of a payment and in turn that due diligence is rewarded with much lower interchange rates and credit card processing fees.

Over 80 counties now use smart card technology and it’s easy to see why it’s been embraced so well. It’s much easier to steal information of a magnetic strip than it is an encrypted chip. As a result, the US has been a huge target for hackers.

So why hasn’t the US done something?

The answer is a bit complicated. To start, these type of cards do exist in the US, there’s just not a lot of them. Credit Card issuers might give them to traveling clients because very little places abroad still use magnetic strips. Still, only about 1% of cards in the US have this type of technology.

Lack of political push for greater security measures is a big reason why smart cards have not been embraced. Businesses need more regulation and if there’s no push for it things are likely to remain stagnant.

Another reason is the sheer scale of the transition. Credit card issuers, banks, merchants, and consumers would all have to make the switch to smart cards from the existing 1 billion magnetic strip cards in circulation. Making such a huge scale transition would be extremely expensive and is unlikely to happen without some sort of government reform.

The good news is that it does look like the US is slowly moving towards smart cards. Many credit card issuers have publicly stated that they plan on making the transition by late 2015. By October 2015, if a merchant or acquirer’s equipment does not support smart cards, otherwise known as EMV cards, they will be liable for any instances of counterfeit fraud instead of the issuers.

What can I do to increase security?

Merchants looking to swipe cards should ask if their machine is EMV compatible. For those Merchants doing business to business and business to government transactions you need to make sure you are setup properly with level 2 and level 3 credit card processing capabilities. It’s going to protect your business and significantly decrease the fees you pay to accept cards.

Get a free demo of level 2 and level 3 data capable payment processing software today

Lower The Cost to Accept Government Credit Cards

State and government agencies are switching over to using purchasing and procurement credit cards with their vendors for many reasons. It streamlines how front-line managers can access products and services; and the card providers (banks) rebate the government a percentage on the amount purchased. It makes the procurement easier for the federal cardholder and the vendor. Agencies have more control and restrictions around what the cardholder can purchase.visa_purchasing_card

If your business involves government contracts,Visa Purchasing you may wonder why there is such a push to accept credit card payments. Although credit card payments might cost you more than accepting checks, it’s better than running the risk of losing a contract because your customer went with a vendor that accepts cards.

The first step any business should look into when considering accepting government cards is a level 3 payment portal. In fact, the U.S. General Services Administration (GSA) mandates that a vendor is able to processes level 3 data before signing a contract. Level 3 data includes product codes, freight information like duty, postal codes from both the products destination as well as origin, any discounts that may apply, the country code, tax information, and more.

There are many merchant service providers that offer level 3 data processing so make sure you use one that does. Luckily, with the advancement of recent technology, accepting level 3 data is easier than ever. Some level 3 payment gateways are very intuitive and may even warn you if there is any missing line item detail necessary to qualify for the lowest rate.

The ability to process level 3 data will not only better a business’s chance of winning a government contract but will also lower their processing fees up to 40%. The savings are even more significant if a vendor is still using a tiered structure. Entering in level 3 data will eliminate any non-qualified surcharges as well as lower the overall percentage of accepting government cards.

Government agencies have big incentive to use government purchasing and procurement credit cards. Tthe Department of Commerce, estimated that the use of procurement cards saved them over $22 million per year on administrative costs and the reduction in purchasing processing time. The use of these cards has allowed purchasing departments to concentrate its efforts into the 15% of the total procurement spend that accounts for 98% of the total expenditure.

The Visa Purchase Card is the most widely procurement card in the Federal government. Government financial reports indicate that in FY10, approximately 98.9M transactions were made and $30.2B were charged using the GSA SmartPay charge cards, creating $325.9M in refunds.

There are currently over 350 agencies/organizations participating in the program spending $30 billion annually, through 100 million transactions on over three million cards.

Another benefit for any business considering accepting government credit cards is they no longer have to wait an average of 30 days for a payment to arrive. The average processing time for accepting cards is 2-3 business days. This reduces the overhead cost of any floating funds while waiting for the payment to be processed.

In summary, as government agencies make the transition to using purchase cards, many businesses looking to accept government payments need the ability to process level 3 data or get left behind. With an 84% adoption rate, purchasing cards will only get bigger.

Get a free demo of level 2 and level 3 data capable payment processing software today

Online Credit Card Processing Advice: Save on B2B Processing Fees

New to online credit card processing? Not sure how to get started? Accepting cards online can be a daunting experience. However, if you’re prepared it doesn’t have to be. Knowing exactly what you need ahead of time can save you a lot of headaches down the road. Here’s a few things you need to know before getting started. processing_cards_online

It’s Not Just A Merchant Account

Processing cards online involves a lot more than just acquiring a merchant account. processing_cards_onlineUnless you’re a skilled programer, you’re going to need software for your website that allows you to process transactions. Obviously your customer needs an area to enter their name and credit card information online, but it doesn’t stop there.

The website needs to be secure, meaning Hypertext Transfer Protocol Secure (HTTPS), so make sure your Merchant Service Provider will be able to provide that security protocol. Failure to do so will result in being non-PCI compliant and you will be fined, even worse it runs the risk of your website being susceptible to fraud.

There are a lot of Merchant Service Providers that mostly focus on brick and mortar accounts and treat online credit card processing as an afterthought. It would be advisable to consider a Merchant Service Provider that focuses solely on online credit card processing as they are the ones that will be able to make sure you have everything you need.

Beyond just getting your client’s name, card number, and making sure your website is secure, there might be more information needed. For example, if you’re shipping a physical product you’ll need their address. But there’s even more information that needs to be considered.

Is age verification required? If so, that might put your business into a ‘high risk’ category and additional software will be needed. Not all Merchant Service Providers are able to offer age verification, so if your business needs it, choose one that will be able to offer it.

Is Level 2 or 3 Data Required?

Now that card number, name, address, security measures, and age verification are addressed, it’s time to talk about level 2 and level 3 data. Level 2 and 3 data are mostly a requirement for businesses that process business-to-business or business-to-government transactions. There are Merchant Service Providers that strictly specialize in processing level 2 and 3 transactions.

If your business needs to process these type of transactions, it’s highly advised to go with a Merchant Service Provider that specializes in that field. Level 2 and 3 data includes tax information, customer codes if applicable, merchant postal codes, product codes, freight information, postal codes, any product discounts, country codes, tax information, and more.

Again, if your business needs this data, it’s highly advised to sign with a Merchant Service Provider that specializes in it. A lot of Merchant Service Providers will allow their merchants to process transactions online, but will fall short when it comes to processing transactions requiring level 2 or 3 data. Furthermore, even if you don’t think your business needs level 2 or 3 data, you need to look into it.

The more data you have from your clients, especially online, the lower your transaction fee will be. This is because the more data you have, the higher the chance the person using a credit card is actually the cardholder, thus decreasing the risk of fraud. Visa and MasterCard reward this due dilligence by discounting your cost to accept that transaction. In fact you will save up to 33%.

Download our free eBook