Point of sale systems are ubiquitous today. Restaurants, retail stores, online merchants, and even independent vendors all use them. Why? POS systems reduce labor costs, improve transaction accuracy, and allow merchants to integrate many features into one customer relationship management (CRM) package. For example, they enable gift and loyalty cards and facilitate personalized advertising. The bottom line is that POS systems are critical. In the fast-paced retail world, you need to be able to process quickly, accurately, and efficiently.
Because POS is so important, it makes sense that business have a hard time balancing cost and service. What’s the right price to pay for POS? How many features should your business be getting for its money? What makes the most sense for your staff and customers? These are all pressing questions for merchants.
The good news is that affordable POS systems are becoming more accessible. Even the technology that powers high-end systems is becoming more common, so small businesses can have access to powerful hardware and software without enormous start-up costs. Big distributors are finding it harder and harder to charge you unaffordable prices for their systems.
Business owners also need to consider whether they want to buy POS systems on their own or as part of a package from a payment processing company. If you buy your own POS, you’ll have to pay up front for your system, and you’ll need to pay a company to process your transactions. If you buy a package from a processing company, you’ll often find yourself locked into contracts.
Host Merchant Services makes the choice easy. We roll the systems right into the processing package to provide you with an affordable POS that covers all of your bases for you, and we don’t lock you in with cancellation fees and contracts. We want our services and our systems to give your business the freedom to operate as you want it to. If you’re interested in taking the next steps with your business’s processing capability, contact us for a free quote and more information.
On Wednesday April 9, 2014 Bank of America settled a lawsuit and agreed to pay $772 million in penalties for deceiving millions of customers into buying costly and unneeded services when they signed up for credit cards.
The Crux of the Case
The Consumer Financial Protection Bureau said that Bank of America illegally deceived 2.9 million customers into buying extra credit card services those customers did not need and that Bank of America charged others for needless credit monitoring between 2000 and 2012.
“Bank of America both deceived consumers and unfairly billed consumers for services not performed,” Richard Cordray, director of CFPPB told the Associated Press. The settlement deal is the largest refund amount ordered to date by the CFPPB, and is the biggest settlement over credit card “add-on” services won by the federal government.
Bank of America will also have to pay an additional $20 million penalty to the Consumer Financial Protection Bureau and $25 million to the Office of the Comptroller of the Currency.
Delving into the details of the settlement, some of the misleading practices included Bank of America telemarketers telling customers that the first 30 days of a service were free when instead the customers were charged. Also, the bank led customers to believe that they were merely agreeing to receive additional information about add-on services, when in fact the bank was enrolling those customers into the services during calls.
Bank of America released a statement saying that the bank had already refunded money to a “majority” of the affected customers.
Bank of America’s Been to the Dance Before
This isn’t the first time Bank of America has been hit hard by its desire to charge customers fees. Back in 2011, when the Durbin Amendment going into effect was all the rage, Bank of America came up with a plan to charge their customers a fee for using their debit cards.
Bank of America stated its reason for this fee was to offset predicted losses the bank would incur because of the Durbin Amendment.
This went over like a lead balloon, and eventually Bank of America backed off this idea. It’s no mere coincidence that this fee and the resultant backlash heralds from the time period covered in the lawsuit. It seems back in those days, Bank of America was just really into adding fees for everything it could think of.
Transparent Pricing and No Fees
Host Merchant Services was hip to the pitfalls of fees right from its inception. HMS delivers personal service and clarity. The company promises no hidden fees. And a transparent pricing plan so that its customers are not saddled with all of these “add-ons” that Bank of America was so gung-ho about in 2011. HMS believes that when you get your statement every month, you should understand every item, and it should match what you were promised in the sales process.
Chargebacks are a headache for both merchants and credit card processing companies alike. They create problems with merchants getting money for the goods and services they provided, and can really cut into the profit for both small business owners and larger corporations.
Although chargebacks cannot be 100% gotten rid of, there are some steps that merchants can take to drastically reduce their occurrence. The more a merchant knows about processing procedures, the less likely it is a merchant will do something — or not do something — to prompt a chargeback. So let us help guide you through some very basic tips and guidelines for Chargebacks.
What is a Chargeback
Chargeback typically refers to the act of returning funds to a consumer. The action is forcibly initiated by the issuing bank of the card used by a consumer to settle a debt. Essentially what happens is a consumer disputes a transaction, and the credit card company’s bank responds by taking the money back from the Merchant and returning it to the consumer.
Customers dispute charges to their credit card usually when goods or services are not delivered within the specified time frame, goods received are damaged, or the purchase was not authorized by the credit card holder — the latter being the most common reason for a chargeback.
The chargeback mechanism exists primarily for consumer protection.
Why do Chargebacks Happen?
Here’s a roundup of the most common reasons a chargeback is filed:
The card was fraudulent.
The cardholder disputes the quality or receipt of merchandise.
Processing errors were made during the transaction.
Proper authorization was not obtained.
The merchant did not fulfill a retrieval request.
Tips for Dealing with Fraud Face-to-Face
So what can you do to prevent fraud and chargebacks when you find yourself face-to-face with a potential fraudster? The following tips are intended to keep you from being the victim of fraud and will you avoid chargebacks when conducting in-store transactions.
Never accept an expired credit card.
Always inspect the card. Keep the card throughout the transaction. Never accept a card that appears to have been altered.
Whenever possible, obtain a swipe of the card through the terminal and verify that the card number on the terminal matches the card number on the card.
When the card will not swipe and you must manually key in the card number to your terminal, you MUS also get an imprint of the card using an imprinter with your merchant plate and have the customer sign the imprinted sales draft.
In addition, if you are handwriting a sales draft, you need to fill out the draft completely with the transaction date and items purchased.
Compare the name printed on the electronic sales receipt to the name embossed on the card.
The embossing on the card should be clear and straight and the hologram should be smooth with the card and three-dimensional.
Make sure the signature panel has not been tampered with.
Compare the signature on the sales draft and the back of the card. The card must be signed. If the card is not signed, have the customer sign the card in front of you, and then check the signature on a picture ID. If the signature on the back of the card does not match the signature of the sales draft, do not continue with the sale.
Use the account number-verifying terminals or visually compare the last four digits of the embossed account number to the four digits printed on the sales receipt to determine they are the same numbers in the same sequence.
Also compare the four digits printed on the card with the first four numbers embossed on the card. The first four numbers should always match. If they do not, do not complete the transaction and notify the authorization center.
Obtain an authorization for the full amount of the sale (though hotels may authorize within 15% of the total).
If you receive a “call center” or “pick up card” message through your terminal, call the authorization center immediately and follow their instructions to the letter!
If you receive a “do not honor” or “decline” message through your terminal, do not proceed with the transaction. DO NOT try again for an authorization; there is no protection for a transaction after you have received a “decline” or “do not honor” message, even if you receive an approval code on a second or third or fourth attempt.
It Might be Time for Code 10!
If you are suspicious of a sale, ask for a Code 10 Authorization. A separate phone call to your authorization center asking for a Code 10 Authorization lets the center know you have concerns about a transaction. A Code 10 Authorization is a universal code (like a safe word) that provides merchants with a way to alert the authorization center that a suspicious transaction is occurring. The Code 10 Authorization Operator asks a series of questions that can be answered with yes or no responses, just to keep things on the down low during the encounter; just remain calm and follow the operator’s instructions. And NEVER put your life in danger.
Reminder: Although an authorization code is required on all transactions, it does not guarantee that it is a valid sale made by the legitimate cardholder! Even if you follow all of these tips to the letter, the card issuer and the bank are still capable of making you responsible for any faults or cracks in their system. An authorization code means that the account is open and has the available credit at that time, but it is not a guarantee of payment. In fact, many chargebacks are commonly triggered not by fraud — but by buyer’s remorse.
For More Information
To find out more about Chargebacks and to gain some Chargeback Tips, be sure to CLICK HERE and read The Official Merchant Services Blog entry from January 9, 2012.
EMV Smart Cards are an inevitability. They are coming, they will be standard, and the United States is going to have to adjust. The major credit card companies, in preparation for changing the standard have instituted a shift in liability. The fraud liability shift goes into effect on October 1, 2015 for Visa, MasterCard, American Express, and Discover. The shift is what’s key here as the credit card issues announced that on October 1, 2015 counterfeit fraud liability — which has traditionally been assumed by the card issuer — will be absorbed by the party that does not enable EMV during the fraudulent transaction.
By liability shift the payment networks mean that a non-EMV compliant party will be liable in the event that an EMV chip card is used at a non-EMV-capable terminal, and the resulting transaction is determined to be counterfeit fraud. In layman’s terms, this is going to affect chargebacks and fraud situations and has the chance to be bounced back onto the merchant.
Each acquirer must assess their situation to determine if and when it makes sense for them to migrate their customers to EMV. If, for example, cross-border transactions are an extremely small percentage of an ATM acquirer’s transaction volume, the acquirer may decide to defer upgrading their ATMs until a later date; they therefore accept the risk that they may accept a transaction initiated by a counterfeit EMV chip card and as a result they may be liable for that counterfeit fraud.
The Straw the Stirs the Drink
This has been in the works for quite some time now, but the issue is heating up in the U.S. media because of a recent spate of data breaches. The major hack of discount retailer of Target reported that hackers stole credit and debit card data from 40 million accounts right smack dab in the middle of the holiday shopping season. After that, more hacks came trickling in, including lodgers at Mariott hotels and customers of the Los Angeles DMV’s credit card processing services. Add this recent spate of data breaches to the larger historic ones, such as The Global Data Breach the Official Merchant Services Blog thoroughly covered, or in April of 2011, when the Playstation Network was hacked, compromising the vital information of 77 million accounts, and 24.5 million Sony Online Entertainment accounts. This has been touted as one of the largest personal data heistsrecorded in history, and prompted Sony to shut down its services for a month. And let’s not forget that in 2009, credit card processor Heartland Payment Systems disclosed that thieves had broken into is internal card processing network, and installed malicious software that allowed them to steal track data on more than 130 million cards.
Needless to say, the data breaches are pushing lawmakers, banks, acquirers and merchants to find safer transaction protocols — and EMV is the leading candidate.
What is EMV?
EMV is a worldwide standard for credit and debit card payments based around the use of chip card technology. The acronym stands for Europay, MasterCard, and Visa, who collaborated to create the technology. The goal of this project was to create a card that worked based off of a microprocessor chip that is read by the payment terminal. Because the U.S. has yet to widely deploy embedded chip technology, the nation has increasingly become the focus of hackers seeking to steal such information. The stolen data can easily be turned into phony credit cards that are sold on black markets around the world.
The transaction has a built in verification system that requires both the chip in the card and a PIN number the customer enters. This extra step verifies that the person with the card is in fact authorized to use it. This is just the first facet that makes these transactions more secure. Each chip contained in the card generates an original and unique code for each transaction. This unique identifier makes it easier to track transactions and identify fraud.
The Timeline
Here’s a brief overview of the changes that are coming to prepare for EMV adoption in the United States:
April 13, 2013: Visa, MasterCard, Amex, and Discover have mandated that acquirers and processors must be able to send and receive the additional data that is included in EMV transactions. This does not mean that all ATM and POS terminals must be upgraded to support EMV by April of 2013. It does mean that the payment networks expect any acquirer or processor that connects to their network to certify that they can send and receive EMV data in online transactions by that date. This mandate focuses on POS. In addition to the network readiness mandate, MasterCard also introduced aliability shift for cross-border Maestro ATM transactions: starting in April of 2013, if a transaction is initiated by an EMV chip card at a non-EMV U.S. ATM, and the transaction is later deemed to be counterfeit fraud, the non-EMV compliant party is liable for that fraud. This does not mean that all U.S. ATMs that accept cross-border Maestro transactions must be upgraded to support EMV by April 2013; however, acquirers must be aware that they may now be liable for counterfeit fraud in the scenario described above.
October 3, 2013: Various waivers are in effect for qualifying merchants. MasterCard begins to offer Account Data Compromise (ADC) relief, American Express offers PCI DSS reporting requirements relief, and Discover will grant annual PCI audit waivers.
April 1, 2015: Visa institutes a liability shift whereby U.S. third party ATM acquirer processors and sub-processors must be able to support EMV data.
October 1, 2015: Visa, MasterCard, Amex, and Discover institute a liability shift for all POS devices, excluding fuel pumps. A waiver by MasterCard extends ADC relief on this date.
October 1, 2016: MasterCard institutes a liability shift for all ATM transactions in the U.S. (all MasterCard-branded products).
October 1, 2017: Visa, MasterCard, Amex, and Discover institute a liability shift for fuel pumps. In addition, Visa institutes a liability shift for all U.S. ATM transactions across all Visa and/or PLUS-branded products.
The swipe fee antitrust lawsuit that The Official Merchant Services Blog has been covering for a few years now has an update: Wal-Mart, accusing Visa of excessively high card swipe fees, is suing Visa for $5 billion. The action by Wal-Mart is being taken because Wal Mart opted out of the settlement of the class action lawsuit between merchants and Visa and MasterCard.
This follows our previous report of the Minnesota Twins also opting out of the settlement. Wal-Mart filed the suit Tuesday, March 25, in the U.S. District Court for the Western District of Arkansas, where Wal-Mart is headquartered.
Wal-Mart’s Side of the Suit
Wal-Mart, the world’s largest retailer, is seeking damages from price fixing and other antitrust violations that it claims took place between January 1, 2004 and November 27, 2012.
In its lawsuit, Wal-Mart contends that Visa, in concert with banks, sought to prevent retailers from protecting themselves against those swipe fees, eventually hurting sales. Wal-Mart stated in court documents: “The anticompetitive conduct of Visa and the banks forced Wal-Mart to raise retail prices paid by its customers and/or reduce retail services provided to its customers as a means of offsetting some of the artificially inflated interchange fees. As a result, Wal-Mart’s retail sales were below what they would have been otherwise.”
Wal-Mart contends that that the way Visa set up the swipe fees violated antitrust regulations and generated more than $350 billion for card issuers over the time period in question, in part at the expense of the retailer and customers.
Case History
The antitrust case against Visa, MasterCard and several issuing banks stemmed from the dispute relating to the percentage of credit card transaction fees that retailers must remit to the credit card processing network. The fees generally range from 1.5 to 3 percent and are shared with the bank that issued the card. Also known as “swipe fees,” these charges serve to underwrite the supporting infrastructure that allows businesses to accept and process credit cards.
Large retailers and supporting associations have repeatedly complained about the costs associated with accepting credit cards and the fees for merchant services. These grievances resulted in a number of lawsuits filed in 2005, which were eventually consolidated into a single case known as the Payment Interchange Fee and Merchant Discount Antitrust Litigation.
There were 139 parties involved as plaintiffs, and the case was active for over eight years. In July 2012, a settlement was reached that provided $6 billion in damages to affected retailers and another $1.2 billion for a temporary reduction in interchange fees. As a further concession, Visa and MasterCard eliminated certain rules for merchant services that prohibited surcharging, which is a practice that allows retailers to recoup credit card costs by passing them on to the consumer.
After a settlement was reached in the case, major retailers such as Target, Nike, Home Depot, Lowes, Starbucks and Best Buy ultimately opted out of the settlement. Major trade organizations, including the National Restaurant Association (NRA), have voiced significant opposition to the agreement. In fact, the NRA strongly encouraged its constituent members to reject the settlement and highlighted the potential negative impact it could have on the emerging mobile payments market.
The Saga
To review the full extent of this ongoing saga, you can read our previous coverage of this settlement:
On Tuesday, February 25, 2014, Nevada and Delaware lawmakers signed a landmark agreement to join the states together in online poker ventures, potentially increasing payouts for residents who gamble online. The Multi-State Internet Gaming Agreement signed by Gov. Brian Sandoval of Nevada and Gov. Jack Markell of Delaware established a legal framework for the first authorized interstate Internet gambling.
The legislation opened up a landmark new initiative for the two states. Delaware officials supported this venture in the hope that revenues from online poker in Delaware, blackjack, and slots would help boost revenue in the state’s three brick-and-mortar casinos. Competition in those real-world casinos has risen significantly because of the appearance of new facilities in surrounding states. This increased competition has affected overall state revenues from gambling and prompted Delaware lawmakers to seek out other revenue streams like online gambling.
Nevada has three online poker websites: Ultimate Poker, which is owned by a subsidiary of Station Casinos; WSOP.com, which is aligned with the World Series of Poker; and Real Gaming, which is owned by South Point. Delaware’s websites are controlled by the state’s three racetrack casinos and run on 888’s platform.
The potential boost to Delaware’s economy from this move is unclear. Delaware officials predicted that online gambling would generate up to $5 million in state tax revenue in its first year. Those officials have since scaled back that forecast after some technical difficulties and slow take-up online.
Eilers Research gaming analyst Adam Krejcik told investors that Delaware’s current numbers “have been nothing short of a disaster.”
According to the Delaware Lottery, the state brought in $145,200 in revenue from online gaming in January, following $140,000 in December and $111,000 in November.
Nevada hasn’t broken out online poker revenues in the state’s monthly figures, but Union Gaming Group estimated the revenues were between $200,000 and $750,000 each month.
Online Poker in Delaware: Already Opposition
On top of the consternation over the economic impact of this partnership is mounting opposition to the law. On March 26, 2014 members of both parties in Congress supported a ban on online gambling. This bipartisan ban comes just mere months after Delaware’s online gambling system went live and a few short weeks after Delaware and Nevada signed The Multi-State Internet Gaming Agreement.
Both Republican and Democrat lawmakers introduced legislation in the House and Senate aimed at banning online gambling, setting the stage for a two-pronged battle in Congress. The measures are aimed at reversing a 2011 decision by Attorney General Eric Holder that a 1961 law used in recent years to curb Internet gaming only barred sports betting. The bills would broaden the prohibition to where it stood before Holder’s ruling.
The Other Shoe Drops
So after Delaware, New Jersey, and Nevada leaped into the space created by the Holder ruling, creating online gambling systems, both Delaware and Nevada teamed up to allow their customers to play against each other in a virtual environment. But before this entire endeavor really gets going, Congress is looking to ban it outright. One key component to why the customer interest is lackluster has to do with something extremely basic (and relevant to The Official Merchant Services Blog): Credit Card Acceptance!
According to uspoker.com, the lack of credit card acceptance is one of the biggest complaints about regulated online poker in Delaware, Nevada, and New Jersey. The Mastercard acceptance rate at regulated sites is higher than Visa, however, neither is high enough to be considered adequate for players and operators.
While this is all still new and getting off the ground, the trend in behavior shows at least one of the obstacles online gambling in Delaware faces. Regulated sites have higher fees, and that is there to help offset the risk of fraud. Essentially what happens with these kinds of sites is that they suffer from a much higher rate of chargebacks.
A chargeback typically refers to the act of returning funds to a consumer. The action is forcibly initiated by the issuing bank of the card used by a consumer to settle a debt. Essentially what happens is a consumer disputes a transaction, and the credit card company’s bank responds by taking the money back from the merchant and returning it to the consumer. Customers dispute charges to their credit card usually when goods or services are not delivered within the specified time frame, goods received are damaged, or the purchase was not authorized by the credit card holder — the latter being the most common reason for a chargeback. The chargeback mechanism exists primarily for consumer protection.
Now in online gambling, the risk of a chargeback happening is much higher. Customers who lose money will oftentimes initiate the chargeback instead of taking the loss.
Card issuers have the right to block any transaction that the company does not consider legitimate. Online gaming transactions, even if explicitly legal, sometimes fall into this category. Chargebacks are expensive for banks. These costs are passed onto merchants and processors in the form of penalties and higher processing fees. Banks loathe chargebacks and online gaming has been associated with too many of them over the years. This is one reason credit card companies are not quick to approve these transactions.
But regulation steps in and alleviates these fraud issues. All of the concern related to abusive chargebacks is resolved in regulated markets because players cannot easily charge back a credit card transaction. The transaction is coded as a legitimate, regulated purchase. Many are considered cash advances. The poker site can prove where the player was located at the time of the transaction and that the chips were received. Proper player verification also provides evidence that a charge was proper.
In Conclusion
The allure of online gambling is still high and Delaware is one of the states diving headfirst into the industry. But there are already obstacles facing the First State. A ban from Congress and all of the problems with chargebacks and fraud create a daunting road ahead for Delaware’s online gambling future. Teaming up with Nevada in a partnership to expand the competition was a good first step. But more states need to be involved if the fledgling endeavor is to really get going. That also helps with the fraud issues as it will take more states regulating online gaming to help make banks more comfortable with the industry. This will also help the profitability of processing these transactions.
Apparently the general disdain that people stereotypically have for the DMV is shared by the collective Hacker community. Or maybe local governments still haven’t caught up with the cutting edge of cyber crimes, leaving your sensitive credit card information in danger of virtual theft even while you stand in an agonizingly long line just to renew your tags or pass your eye test. Either way, the latest news of a big bad Data Breach isn’t a retailer. It isn’t a video game company. It isn’t even a hotel chain. Nope. It’s the DMV!
Police suggested someone may have breached the credit card processing services at the California Department of Motor Vehicles, according to the DMV’s website.
The agency “has been alerted by law enforcement authorities to a potential security issue,” a DMV spokesman said in a statement. The state DMV advised anyone who has renewed their driver’s license in California using a credit card to keep a close eye on their statements for unusual activity. “There is no evidence at this time of a direct breach of the DMV’s computer system,” the statement said. “However, out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement.”
As is usual in these data breach news breaks, it was security blogger Brian Krebs out in front of everyone. Krebs — who broke the story of the blockbuster breach of Target customers’ credit card data last year — cited several financial institutions that received private alerts this week from MasterCard about compromised cards used for charges marked “STATE OF CALIF DMV INT.”
MasterCard said it was aware of and investigating reports of a potential breach involving the DMV. The credit card company could not, however, provide any details on what information may have been compromised or how many cardholders may be affected.
It remains unclear how many people might be affected by a potential DMV breach, but Krebs reported that one bank received a list from MasterCard of more than 1,000 cards that were potentially exposed. Krebs reported that the information stolen included credit card numbers, expiration dates and three-digit security codes printed on the back and that the affected transactions were believed to have been made between Aug 2, 2013, and Jan. 31 of this year.
How Big is that Breach?
Something to keep in mind about this DMV breach is that the data breach is rather mundane when compared to breaches of the past. Last year’s massive Target hack, which dominated headlines, counted a reported 40 million Target customers’ credit and debit card accounts were illegally accessed from Nov. 27 to Dec. 15, while as many as 70 million shoppers may have had their names and home and email addresses stolen over an indeterminate amount of time.
In April of 2011, the Playstation Network was hacked, compromising the vital information of 77 million accounts, and 24.5 million Sony Online Entertainment accounts. This has been touted as one of the largest personal data heistsrecorded in history, and prompted Sony to shut down its services for a month.
In 2009, credit card processor Heartland Payment Systems disclosed that thieves had broken into is internal card processing network, and installed malicious software that allowed them to steal track data on more than 130 million cards.
So the 1,000 cards exposed by the Los Angeles DMV is a mere drop in the bucket of the overall data breach saga. That number may be a bit of a low estimate, however, as according to the latest information released by the DMV, more than 11.9 million online transactions were conducted with the agency in 2012, marking a 6% increase from the year before. Online services include transactions such as payment of registration fees and the purchase of specialized license plates. Still no matter what the actual number ends up being, it will fall short of the bigger hacks in cybercrime history.
Today marks the start of CoinSummit San Francisco, a two-day event ”connecting virtual currency entrepreneurs, angel and VC investors, hedge fund professionals and others who are looking to learn and network in the virtual currency industry.” CoinSummit will take place on March 25-26 2014 at the Yerba Buena Center for the Arts in San Francisco. Many in the bitcoin community have been waiting for this event for a while.
The event with feature notable entities in the virtual currency community that include Marc Andreessen of Andreessen Horowitz, Brian Armstrong of Coinbase, Nic Cary of Blockchain.info, and Tony Gallippi of BitPay.
The Official Merchant Services Blog has been tapped into the ongoing saga of Bitcoin since this article in November — delving into the fascinating gimmick of Bitcoin mining. Traversing the ups and downs of this unstable and chaotic currency led to the crazy month of February and then the fall of Mt. Gox. Since that fateful day, the virtual currency industry has been scrambling. And now we have this much anticipated summit of industry experts discussing the details and potential future of BitCoin and its competitors.
Don’t Miss a Moment of the Action
For those interested, a live stream of the event begins at 9 AM Eastern time today, and can be viewed here.
Points of Interest
So some of the things we’ll be hoping the Summit delves into are: The Mt. Gox crisis, its aftermath and the future of the currency exchange. Of course industry insiders are all going to be sharing their thoughts, rants and frustrations about MtGox. Many will be raging about the losses incurred by the public and so many bitcoiners, and how badly Mark Karpeles has handled this debacle. But more importantly the issue of malleability will be explained and also how the currency and its exchanges can survive well into the future.
Which leads right into the fact that the crisis didn’t imply a complete price crash for BTC, even after hundreds of millions of dollars in permanent losses. How will exchanges guaranty transparency? Audits? Open balance sheets? These are critical issues if Bitcoin is to be adopted by mass markets. So let’s hope the summit dives right into the answers for those questions.
And then there’s the heavyweight presence to consider. The “big 4″ (Coinbase, Blockchain.info, Bitstamp, and BitPay) will all be present at this summit through its founders. Let’s see if the industry leaders explain their current strategies and growth trends.
The competitors also have some spotlight. Ripple, DogeCoin, Litecoin, and Ethereum will be pitching the advantage of alternative options, but also talking about the future of Bitcoin through smart contracts and smart property, two functionalities many think will catapult BTC prices to new levels.
That’s a quick roundup of what to expect at CoinSummit San Francisco.
Following up on our recent blog about terminal of the future, the VX 520, today we’re going to let the other shoe drop. With the payment processing industry thrusting its spotlight onto security in the wake of the Target Data Breach, the PCI DSS and its upgraded protocols are getting a lot of attention.
Host Merchant Services has been ahead of the curve on PCI compliance, having instituted a PCI Compliance Initiative years ago. But the Payment Card Industry Security Standards Council is in a continuous state of refining their security requirements and best practices so we here at HMS have to remain agile and adept at navigating these changes.
EMV smart cards, a topic we’ve discussed in depth here, are prompting PCI DSS to reorganize large swaths of its standards, and as a result, retire various terminals. As more and more POS hardware adapts to support EMV chip cards and end to end encryption, manufacturers and software developers will have to put their older equipment out to pasture. With the release of EMV/Contactless terminal applications, many of the legacy terminal devices/applications do not have the memory capacity required in order to support the association mandates. As a result, TSYS has provided a preliminary end of life schedule for credit card terminal applications that will be fully retired.
This is something the PCI DSS has been preparing for, and as such they have a schedule implemented for the retirement of older equipment. Coming up next is the VX 510 Terminal and its VDID300 Application, scheduled for retirement on June 3, 2014. Also the VX 510 and VX 570 and its VXGFT02 Application will be retired that day.
Prior to this date, Host Merchant Services has terminal upgrades available for our merchants. While we will continue to honor merchant boarding for these devices until the effective end of life date, once that occurs these devices/applications will no longer be an option available within our internal systems and downloads will no longer be available for terminal updates, swaps or technical support. So upgrading should be a priority, and Host Merchant Services will make the process seamless and trouble-free.
Sometimes the future just sort of sneaks up on you. Even if you’ve given yourself reminders, sticky notes, calendar alarms, and the proverbial string tied around your finger, the future still has a way of creeping up on you unawares.
Which is why Host Merchant Services is happy to offer its customers a payment processing terminal that comes with a reminder built in. Verifone with its VX 520 Terminal is here to prevent any memory lapses about the future from happening to your business and its PCI compliance needs. The VX 520 is PCI PTS 3.0 compliant right out of the box and is a forward thinking terminal designed specifically to be prepared for the PCI compliance mandates that are changing the rules of the industry.
Verifone terminals use end-to-end encryption with SSL v3.0 and 3DES to maintain the highest levels of security. This encryption, coupled with Master/Session and DUKPT key management, provide maximum protection from fraud and misuse of the terminal. The VX 520 terminal is also certified with PCI PED 2.0 approval.
All About Security
Security and secure transactions have been a hot button issue in the payments processing industry for the past few years. Everything from the Global Data Breach to Bitcoin to the Target Breach has people wondering about how secure their payment information really is. This is the root of the creation of PCI and its standards. In the ten years since the PCI DSS emerged as a consensus industry standard for the major credit card vendors, PCI DSS succeeded wildly in some areas – such as the use of endpoint security, encryption and network monitoring technology.
The Clock is Ticking
However, the success of PCI DSS in some areas highlighted others in which the standard had little to say or created perverse incentives—rewarding “compliance” over real security. Subsequent updates have attempted to right those wrongs. And the VX 520 is on the cutting edge of those PCI updates.
In January 2012 the PCI DSS released version 2.0 of their standards. And the VX 520 was built to be compliant to those standards and more.
In November 2013, the PCI DSS released version 3.0 of their standards. And again the VX 520 was compliant.
The 520, offered by Host Merchant Services, is a nimble processor that is ahead of the curve on security standardization. This is helpful because by December 2014, changes are coming from the credit card companies where older terminals will no longer be valid. Host Merchant Services offers a free terminal to new customers that sign up and are available 24x7x365 to help upgrade existing customers to terminals that will be PCI compliant.
Getting Secure and Staying Secure
Host Merchant Services knows that your business needs secure transactions to function. And we’re here to make the process of PCI Compliance easy, understandable and consistent for you each year. We offer the lowest PCI Compliance fee in the industry, at just $4.95 per month. PCI Compliance is essentially the process of adhering to the standards set forth by the Payment Card Industry Data Security Standards Council (PCI DSS). Essentially the standards are a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.
Secure transactions are important for merchants and a key element of the customer service Host Merchant Services provides. As part of our commitment to our Merchants and their transaction security, HMS offers a PCI ComplianceInitiative to anyone interested in processing with us. We are happy to offer this initiative as well as our free resources to help our merchants see what needs to be done to become compliant … and stay PCI compliant.
Cookie Consent
We use cookies to enhance your browsing experience, analyze site traffic, and support our marketing.You can accept all cookies, reject non-essential ones, or manage your preferences below. Learn more in our Privacy Policy.
Cookie Preferences
Manage your cookie preferences below:
Essential cookies enable basic functions and are necessary for the proper function of the website.
Name
Description
Duration
Cookie Preferences
This cookie is used to store the user's cookie consent preferences.
180 days
These cookies are needed for adding comments on this website.
Name
Description
Duration
comment_author_email
Used to track the user across multiple sessions.
Session
comment_author_url
Used to track the user across multiple sessions.
Session
comment_author
Used to track the user across multiple sessions.
Session
Google Tag Manager simplifies the management of marketing tags on your website without code changes.
Name
Description
Duration
cookiePreferences
Registers cookie preferences of a user
2 years
td
Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
session
These cookies are used for managing login functionality on this website.
Name
Description
Duration
wordpress_logged_in
Used to store logged-in users.
Persistent
wordpress_sec
Used to track the user across multiple sessions.
15 days
wordpress_test_cookie
Used to determine if cookies are enabled.
Session
Statistics cookies collect information anonymously. This information helps us understand how visitors use our website.
Google Analytics is a powerful tool that tracks and analyzes website traffic for informed marketing decisions.
Contains information related to marketing campaigns of the user. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked together.
90 days
__utma
ID used to identify users and sessions
2 years after last activity
__utmt
Used to monitor number of Google Analytics server requests
10 minutes
__utmb
Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server.
30 minutes after last activity
__utmc
Used only with old Urchin versions of Google Analytics and not with GA.js. Was used to distinguish between new sessions and visits at the end of a session.
End of session (browser)
__utmz
Contains information about the traffic source or campaign that directed user to the website. The cookie is set when the GA.js javascript is loaded and updated when data is sent to the Google Anaytics server
6 months after last activity
__utmv
Contains custom information set by the web developer via the _setCustomVar method in Google Analytics. This cookie is updated every time new data is sent to the Google Analytics server.
2 years after last activity
__utmx
Used to determine whether a user is included in an A / B or Multivariate test.
18 months
_ga
ID used to identify users
2 years
_gali
Used by Google Analytics to determine which links on a page are being clicked
30 seconds
_ga_
ID used to identify users
2 years
_gid
ID used to identify users for 24 hours after last activity
24 hours
_gat
Used to monitor number of Google Analytics server requests when using Google Tag Manager
1 minute
Marketing cookies are used to follow visitors to websites. The intention is to show ads that are relevant and engaging to the individual user.
Facebook Pixel is a web analytics service that tracks and reports website traffic.