Industry Terms: EBT

This is the latest installment in The Official Merchant Services Blog’s Knowledge Base effort. Well we want to make the payment processing industry’s terms and buzzwords clear. We want to remove any and all confusion merchants might have about how the industry works. Host Merchant Services promises: the company delivers personal service and clarity. So we’re going to take some time to explain how everything works. This ongoing series is where we define industry related terms and slowly build up a knowledge base and as we get more and more of these completed, we’ll collect them in our resource archive for quick and easy access. Today’s terms is Electronic Benefit Transfer (EBT).

Electronic Benefit Transfer (EBT)

Electronic Benefit Transfer (EBT) is an electronic system in the United States that allows government’s states benefits departments to issue money,accessible via a plastic debit card.

Common benefits (in the U.S of America) provided via EBT are typically of two general categories, food benefits and cash benefits.

  • Supplemental Nutrition Assistance Program (SNAP), formerly know as food stamps, provides funds via a payment card for recipients to purchase groceries.
  • Cash programs such as Temporary Aid for Needy Families (TANF) and general state-offered benefits provide funds via a payment card for recipients to make purchases and receive cash back at businesses that accept the cards.

To use these benefits: Through EBT, a recipient uses his/her EBT card to make purchases at participating retailers. Food-stamp benefits can only be used to purchase food items authorized by the USDA’s SNAP program. Cash benefits may be used to purchase any item at a participating retailer, as well as to obtain cash-back or make a cash withdrawal from a participating ATM.

As food stamps are being phased out in the United States, all SNAP benefits are now being issued via EBT.  So the way it works is in the SNAP program, recipients apply for their benefits in the usual way, by filling out a form at their local food stamp office. Once eligibility and level of benefits have been determined, information is transferred to the state’s EBT contractor and an account is established in the participant’s name, and SNAP benefits are deposited electronically in the account each month. A plastic debit card, similar to a bank card, is issued and a personal identification number (PIN) is assigned or chosen by the recipient to give access to the account. Recipients are offered the opportunity to change the PIN at any time, and are offered ongoing training if they have any problems accessing the system.

All states have systems that use magnetic stripe cards and “on-line” authorization of transactions. When paying for groceries, the SNAP customer’s card is run through an electronic reader or a point of sale terminal (POS), and the recipient enters the secret PIN to access the food stamp account. Then, electronically, the processor verifies the PIN and the account balance, and sends an authorization or denial back to the retailer. The recipient’s account is then debited for the amount of the purchase, and the retailer’s account is credited. No cash money changes hands. Payment is made to the retailer through a ACH settlement process at the end of the business day. Most states’ online EBT systems are interoperable through the Quest network, which is sponsored by the Electronic Benefits and Services Council (formerly the EBT Council) of NACHA-The Electronic Payments Association.

For More Information

global reveals more about data breach

Global Reveals More About Data Breach [2023 Update]

global reveals more about data breach

Today The Official Merchant Services Blog is updating its coverage of the Global Payments Data Breach. The big bomb Global just dropped is that apparently there was a second data breach.

The story, initially broken by Ellen Messmer at Network World stated that Global Payments itself revealed this latest news.

Data Breach II: Credit Card Boogaloo

From the Global Payments Website:  “The Company’s ongoing investigation recently revealed potential unauthorized access to servers containing personal information collected from a subset of merchant applicants.  It is unclear whether the intruders looked at or took any personal information from the Company’s systems; however, the Company will notify potentially-affected individuals in the coming days with helpful information and make available credit monitoring and identity protection insurance at no cost.  The notifications are unrelated to cardholder data and pertain to individuals associated with a subset of the Company’s U.S. merchant applicants.”

So What Was Compromised?

Host Merchant Services logo art for Blog Series on Global Payments Data BreachThis second breach compromised the personal information of a subset small merchants that applied to be clients of Global Payments — and the company stressed that this set of merchants was different than the ones exposed in the first breach. The exposed information includes the sort of personal information the Atlanta processor uses as part of its underwriting process. The company stressed that it does not have evidence that any fraudsters obtained or misused the merchant applicants’ information — but the servers that contained that information were possibly accessed by an unauthorized party. Last time we updated this story, we provided information from Brian Krebs about how information from the first data breach could have been used by fraudsters.

Something to keep in mind regarding Global’s claims that the second breach did not lead to fraud is that Global still maintains that the information that was compromised in its first breach was not involved in fraud — even after Krebs dug up examples of fraud happening to Global customers in his blog entry here.

Wait, What?

The author of the official updated statement released by Global — Jane Elliot from Investor Relations — added this caveat to the statement: “This announcement may contain certain forward-looking statements within the meaning of the ‘safe-harbor’ provisions of the Private Securities Litigation Reform Act of 1995.  Statements that are not historical facts, including management’s expectations regarding future events and developments, are forward-looking statements and are subject to significant risks and uncertainties.  Important factors that may cause actual events or results to differ materially from those anticipated by such forward-looking statements include the following: further results of the continuing investigation of the unauthorized access of our processing system, including the discovery of additional card data or information implicated in the incident; the effect of our remediation efforts on operations; the impact of fines or penalties from the card networks and state authorities on our results of operations; and other risks detailed in the company’s SEC filings, including the most recently filed Form 10-Q or Form 10-K, as applicable.  The company undertakes no obligation to revise any of these statements to reflect future circumstances or the occurrence of unanticipated events.”

That reads like a very wordy hedge against the way this story has evolved to date. To put it another way, much of what Global has already stated, including clinging to the claim that the breach is contained and the number of compromised cards was just 1.5 million, has already been contradicted by information revealed by Visa and MasterCard.

logo VisaVisa and MasterCard issued new alerts on May 15 suggesting the breach dated back to January 2011 — an exposure window significantly longer than what was originally reported by Global when news of the breach surfaced in late March. Visa’s alerts in March, which Brian Krebs used to break the story,  indicated the breach occurred sometime between Jan. 21, 2012, and Feb. 25, 2012. Global used those alerts to help underscore their assertion that the breach was small and contained. But on April 26, an updated advisory from Visa put the suspected intrusion date closer to June 7, 2011. Setting the length of exposure for compromised cards back six months. And then Visa and MasterCard released information that pushed the date back an entire year from the initial alert, to January 30, 2011. This vaults the figure of compromised cards to 7 million — much higher than the 1.5 million “or less” suggested by Global in their official statement.

All this contradiction over the length and severity of the breach had  been met with silence from Global Payments. They had offered no further comment other than to link to their website. But with this latest batch of statements, they’re now adding that very long caveat. And they apparently intend to clear matters up even further in June. The Company plans to provide additional information regarding the potential financial impact, the PCI compliance process and the status of the investigation not later than its July 26, 2012 year-end earnings call according to Paul R. Garcia, chairman and CEO of Global Payments.

The Official Merchant Services Blog will be following this story as close as ever now. It’s getting more complicated and convoluted. Hopefully that earnings call will clear the air a bit. But it still seems like the reporters digging into this, as well as Visa and MasterCard have a very different set of facts than the ones Global is sharing with people.

hms webinar reminder

HMS Webinar Reminder [2023 Update]

hms webinar reminder

Today we just want to remind all of our readers and subscribers of the upcoming Host Merchant Services webinar. On Tuesday June 12, 2012, at 10 a.m., CEO Lou Honick will be giving a 30-minute presentation on the Host Merchant Services Partnership Program as well as a quick introduction on how credit card processing works. After the presentation there will be a 10-minute Q&A period. The webinar is absolutely free to any and all interested in attending.

webinar button
You can find the
registration form here
AT THIS LINK.

As stated before this webinar focuses on the partnership program — a bold offering from Host Merchant Services where we help businesses make money by sharing revenues with them from referrals they bring to us. The system goes beyond the normal lead-referral system, giving the partners potential for a much larger share of the revenue. HMS does all the work on its own to set up the partner’s customers for credit card processing. Host Merchant Services provides the partner’s customers with a complete payment processing and financial transaction service quickly and easily. Once the customer has their merchant account set up and has begun processing, the partner then begins to earn a steady and consistent stream of shared revenue with each and every monthly processing statement.

For More Information

You can visit our Partnership FAQ Page HERE AT THIS LINK to get more information. Or contact the company at 1-877-571-4678.

Or you can Register for the Free Webinar and get walked through the entire process, see how the partnership works, and learn about how Host Merchant Services will make you money and keep your customers happy.

signupnow button

Industry Terms: Batch

This is the latest installment in The Official Merchant Services Blog’s Knowledge Base effort. Well we want to make the payment processing industry’s terms and buzzwords clear. We want to remove any and all confusion merchants might have about how the industry works. Host Merchant Services promises: the company delivers personal service and clarity. So we’re going to take some time to explain how everything works. This ongoing series is where we define industry related terms and slowly build up a knowledge base and as we get more and more of these completed, we’ll collect them in our resource archive for quick and easy access. Today’s terms is Batch.

Batch

A Batch is a group of approved credit card transactions, usually accumulated during one business day.

Batch Deposit

The electronic depositing of a batch file transmitted to the transaction processor for settlement.

Batch Processing

The authorization of transactions offline when immediate approval is not required. Transactions are collected in a batch and sent as one transmission for authorization and/or settlement. Batch processing is generally used with mail order/telephone order (MOTO) transactions.

Close Batch

The end-of-day or end-of-shift process in which the merchant balances and submits transactions for clearing and settlement.  This process occurs on a terminal-based capture system.  This process is automatic on host-based capture systems at a predetermined time of day. The automatic process is an optional setting.

Industry Terms: Revenue Share

This is the latest installment in The Official Merchant Services Blog’s Knowledge Base effort. Well we want to make the payment processing industry’s terms and buzzwords clear. We want to remove any and all confusion merchants might have about how the industry works. Host Merchant Services promises: the company delivers personal service and clarity. So we’re going to take some time to explain how everything works. This ongoing series is where we define industry related terms and slowly build up a knowledge base and as we get more and more of these completed, we’ll collect them in our resource archive for quick and easy access. Today’s terms are Revenue Share and Strategic Partnership.

Revenue Share

At its most general definition, Revenue Sharing refers to the sharing of profits among different groups. One form shares between the general partner(s) and limited partners in a limited partnership. Another form shares with a company’s employees, and another between companies in a business alliance.

When applied to the Payment Processing Industry, revenue sharing is a bit more specifically involved in a cost per sale sharing of profits and accounts for about 80% of affiliate compensation programs. E-commerce web site operators using revenue sharing pay affiliates a certain percentage of sales revenues generated by customers whom the affiliate refer via various advertising methods. Another form of online revenue sharing consists in people working together and registering online in a way similar to that of a corporation, and sharing the proceeds.

A third form of revenue sharing on the internet consists of enticing internet users to sign up and create content by offering a share of advertising revenue.

Strategic Partnership

A strategic partnership is a formal alliance between two commercial enterprises, usually formalized by one or more business contracts but falls short of forming a legal partnership or, agency, or corporate affiliate relationship. Typically two companies form a strategic partnership when each possesses one or more business assets that will help the other, but that each respective other does not wish to develop internally.

To Learn More …

To learn more about Revenue Sharing, you should: Register for Host Merchant Services Free Webinar on Tuesday June 12, 2012 at 10 a.m.
signupnow button

HMS Free Webinar!

The Official Merchant Services Blog has some breaking news to report. Host Merchant Services is offering its very first Webinar. On Tuesday June 12, 2012, at 10 a.m., CEO Lou Honick will be giving a 30-minute presentation on the Host Merchant Services Partnership Program as well as a quick introduction on how credit card processing works. After the presentation there will be a 10-minute Q&A period. The webinar is absolutely free to any and all interested in attending.

webinar button
You can find the
registration form here
AT THIS LINK.

What is the Partnership Program?

The Partnership Program that Host Merchant Services has devised is a way for businesses to expand their monthly revenue through referrals. It goes beyond the normal lead-referral system however, and as such gives the partners a larger share of the revenues. With the Host Merchant Services partnership program, HMS helps its potential partners earn monthly revenue through the business transactions of their very own customers. HMS does all the work on its own to set up the partner’s customers for credit card processing. The company provides the partner’s customers with a complete payment processing and financial transaction service quickly and easily. Once the customer has their merchant account set up and has begun processing, the partner then begins to earn a steady and consistent stream of shared revenue with each and every monthly processing statement.

Host Merchant Services image on partnership program webinar

Happy Customers are the Key

Host Merchant Services makes it easy for its partners to find leads and generate revenue. The company does this through the features of its HMS Guarantee. Each lead a partner brings to Host Merchant Services is offered these features:

  • Great Rate. HMS saves its customers money on their processing. The company pledges that if it can’t save one of its partner’s referrals money on processing, the company will give that referral a $100 Gift Card for their time.
  • Great Service. Host Merchant Services is about bringing trust to the payment processing industry and the company strives to go the extra mile with its commitment to superior customer service. The company has live people available 24x7x365 to take technical support and customer service calls. As company CEO Lou Honick says, “We pledge that if our customers have a problem, we will fix it.”
  • No Hidden Fees. Host Merchant Services offers a pricing model that has no annual fee, no application fee, no monthly minimums and the lowest PCI Fee in the industry.
  • Lifetime Rate. Host Merchant Services offers a straightforward “cost plus” pricing model and the rate is guaranteed. The company grandfathers that rate and will not raise it. The only time the rates change is when the card associations — MasterCard, Visa and Discover — raise the rates for everyone.
  • No Contracts. Host Merchant Services does not lock its customers into a term contract or charge them early termination fees. As CFO Dan Honick likes to say, “Our customers stay with us because they are happy with our service.”

Host Merchant Services Webinars are Free!

This combination of features adds plenty of enticement to a partner’s customer base to add Host Merchant Services as its credit card processor. Making Host Merchant Services a reliable company for the partner to refer to its customer base. Host Merchant Services does all of the work to set the referral up with a merchant account, to install a robust payment processing solution, and to keep the customer happy with superior customer service month after month. It’s a safe and easy way for a business to add more revenue to its bottom line each month.

For More Information

You can visit our Partnership FAQ Page HERE AT THIS LINK to get more information. Or contact the company at 1-877-571-4678.

Or you can Register for the Free Webinar and get walked through the entire process, see how the partnership works, and learn about how Host Merchant Services will make you money and keep your customers happy.

signupnow button

print media death knell

Print Media’s Death Knell [2023 Update]

Today The Official Merchant Services Blog is going to get a bit personal, for me at least. I’m going to take a moment to talk about print media, and its withering industry. Or, think of it this way: I’ll be talking about the rise to power of E-Commerce — the industry that has helped deliver excruciating body blows to print media over the past decade, knocking it to the mat time and time again.

My history with print media goes back. Way back. All the way back to the beginning of my own career. I’ve worked for four different newspapers, the most high profile being the Asian Edition of the Wall Street Journal at the turn of the millennium. I’ve illustrated various comic strips and published my own comic book. I’ve worked for a printing company in Delaware. Along the way I’ve essentially learned how to make a printed publication from beginning to end; the only skill I lack is the ability to actually push the buttons on a printing press. But every other step, from concept to creation to pre-production to layout and design to editorial to post production I’ve done during my career.

And all of these skills are endangered because of E-Commerce. (Well not really; most the skills translate easily into the virtual media world which is why I’ve been able to transition my career; but everything involving production kind of gets tossed out the window, replaced with skills revolving around web safe colors, pixel sizes and screen ratios).

e-commerce

A really vast, somewhat oversimplified recap of the internet’s impact on newspapers, comic books and book publishing can be summed up by my own career. One of the companies I used to work for, Gannett (publisher of the USA Today), used to have an empire built on small to mid-size suburban community newspapers. They were everywhere. Including Lansdale, PA — where I worked for a time. Gannett was slow to embrace online news though. And the transition from the late 1990s to the aughts left Gannet in a position to streamline and essentially drop a lot of those small and mid-size papers from its stable.

At the same time, I was trying my best to get some traction going in my quest to be a freelance illustrator for comic books. Things didn’t quite work out. I never became the regular artist on The Flash or Spider-man like I dreamed of doing when I was younger. I did however get paid for doing a few projects and got quite a bit of my art published.

Still, steady work was hard to find. And the comic book industry appeared to be dying because of the problems that all of print media now faced.

The major publishers (DC Comics and Marvel Comics) were no longer selling millions of copies of their books. In fact, sales these days are horribly low, with top books barely cracking 100k in sales volume. This reduction in volume can be linked to its distribution channel. Comics stopped appearing in mainstream outlets because the sole distributor of the material, Diamond, only catered to specialized direct market hobby shops (comic book shops). You couldn’t find them at the local supermarket or the local 7-11 anymore. The comic book “rack” was gone. I’d go so far as to make the claim that today, in 2012, the two major comic book companies are really just stables for intellectual properties. Disney and Time Warner wanted Marvel and DC not so much for their ability to publish millions of paper periodicals every month. Instead they wanted the comic book companies for the properties that could at any moment be turned into $100 million blockbuster movie franchises.

So the comic book industry ended up being sold as a niche hobby, and stopped being made as a mass medium periodical. Big companies bought the two biggest publishers of those comics just to keep the ideas and licensing on ice for future movie potential. Print media, it is dying.

And then then there was the issue with comic strips. Newspapers shrunk the comics section over decades. When Action Comics first appeared in newspaper print in thge 1940s, the comic strip took up half a broadsheet, which back then was much larger than the broadsheet sizes for newspapers of today. But by the time Bill Watterson and Gary Larson gave up on two of the most popular comic strips of all-time (Calvin and Hobbes and The Far Side), the newspaper strip had shrunk to 3 tiny postage stamp sized panels shoved into the back end of the feautres/lifestyle sections of most papers.

Then the internet hit newspapers big time, as people went online for their news. They got the stories for free. And newspapers could no longer compete. Comic strips were a casualty of that shift in media.

So right now, survival instinct is kicking in for the comic art form. The internet allows both the strip and the comic book format room to breathe, and easier distribution. Penny Arcade is what I feel to be the best example of the modern comic strip, giving renewed life to the art that newspapers were choking out of their shrinking pulp empire. Penny Arcade can publish in color (because it’s online), can publish unorthodox sizes (because it’s online) and offer their content for free (online). They then make a killing selling collected editions (many sales being made … online) of the same content daily readers get for free. They adapted and brought the art form onto a new stage. Meanwhile … print media continues to not adapt.

Host Merchant Services image for mobile comic book apps

Comic Books are starting to finally embrace the changing landscape. ComiXology offers Marvel, DC and independent publishers through their mobile application. You can purchase and download all of your favorite comic books directly to your iPhone, Android, iPad or Kindle. You no longer need to go to direct order hobby shops. Your comic books no longer need to take up physical space. They’re right there at your fingertips — your entire collection just a thumbtap away. While they may be a bit unwieldy and tiny on the smartphones, they look rather luxurious and eye-popping on a larger device like a Kindle (where, not so surprisingly, I’ve been reading my comic books in 2012).

That brings me to the Kindle — or more generally, the reader devices and THIS BLOG HERE from Michael Essany at Daily Deal Media. The article resonates with me. A number of my close friends used to work at Borders Books and Music in their twenties. Last year the local Borders closed up shop. And all we currently have in our local area is a Barnes and Noble located in the Christiana Mall.

The most striking thing about their store in the mall is when you walk in their front door you are immediately overwhelmed by their eBook section, with large signage telling you all about the Nook (their version of the Kindle).

That sight at my own local big box book store really drives home Essany’s second paragraph, when he writes, “Although many avid readers are mourning the noticeable loss of traditional big box and mom-and-pop book retailers, the economics of eCommerce and the popularity of eBooks are quickly dispatching publishing companies, paperback publications, and even print magazines to the trash receptacle of history.”

The point Essany is making was driven home even further when I attempted to make a quick trip to that Barnes and Noble for a book on a work-related topic: Web Design. I knew the right section of the store to go to, but couldn’t find the title I was looking for. I used their interface terminal in the store to look that title up. Apparently it was in stock as an eBook. And I could order a regular print version of it from there, but had to order it as an online purchase and have it delivered to my house days later. The entire point of my trip was to get the book that day, otherwise I’d have gone online when I got home from work instead. So I kept browsing, and found every single book they had under the topic of web design was only available either through an online purchase or as an eBook.

E-Commerce is winning

In terms of printed media E-Commerce is absolutely dominating. Essany cites a statistic to back up this outlook, writing that according to the Yankee Group (a research company we’ve cited ourselves when they made projections on The Future of Mobile Payments), consumers will purchase approximately 381 million eBooks next year with an average selling price of $7.

Most impressive

My own research for this very blog during last year’s holiday shopping season demonstrated what to me has become a very obvious aspect of the economy: shopping online is a common thing for people to do. That means E-Commerce is making buckets of money. Each one of those transactions are part of the payment processing industry. The foundation is there. People have found the convenience of shopping online so powerful that it outweighs the risk of fraud. So more and more people have taken to solving their shopping problems online. I know that I myself do this. It’s so much easier to look for a product online and know you’re getting what you want with a few clicks, than it is to go trudging out to a store that may or may not have the item you want.

Last year in a Blog Post about the upcoming holiday shopping season, I reported “A 2010 survey conducted by Google and OTX found that 35% of internet users start their holiday shopping prior to the end of summer, months ahead of Black Friday. This trend is only continuing to grow as consumers find online shopping convenient to their shopping habits, easy to do, and the wide selection lets them find great deals on price.”

This trend in shopper behavior combines with the rise of virtual media like eBooks like Voltron to form a very powerful lion-fisted, right-left combo to the solar plexus of Print Media’s crumbling empire.

Host Merchant Services image on eBooks and E-Commerce

And you know what? I’m OK with this.

I’m a voracious reader. But I’m also under the thrall of the convenience of online shopping. I truly do turn to the internet first for most products I’m interested in. This is heightened when I want to purchase a book, a magazine or a comic book. It’s just so much easier. The only time I’ve wanted to wander into a book store to buy a book was when I wanted it right then, with no wait on delivery. And I found the remnants of the only big chain bookstore in my local area to have already forced the decision upon me: If I wanted a book about web design, I needed to go directly to the web to get it.

I’ve been using the ComiXology app this year. And when the company that I once worked for (Valiant Comics) as a production intern returned to the comic book industry after a long hiatus, publishing a comic book I once did post production work for (X-O Manowar), I immediately jumped onto my phone to purchase it. I find that I read more web comic strips than I ever read in a newspaper. I find I go to the web for my news. Or my phone. I’ve even found myself reading straight up only published electronically eBooks this year. I still prefer printed books, but for me they’ll be online purchases. I’ll buy the collected editions of comics I like, but do so online. I’ll buy printed books of titles I really just want to curl up with and turn the pages of, but I’ll make the purchase online. It’s gotten so pervasive in my life that I now buy tickets to sporting events online, brands of tea I can’t find at my local supermarket online, all of my roller derby referee equipment and rules books online. I even bought my ticket to The Avengers on my phone through Fandango and had it delivered to my phone as a mobile ticket.

E-Commerce is where it’s at. And publishers of the written word need to embrace this shift. Maybe it’s easier for me to do so because I work in the payment processing industry and get to see firsthand how big and booming E-Commerce is.

Global Data Breach Update

Today The Official Merchant Services Blog is updating its coverage of the Global Payments Data Breach. The current update revolves around the expansion the duration of the breach as well as the number of cards potentially affected. It has been a virtual roller coaster ride in terms of narrowing down a number for the cards that were compromised. When the news of this breach initially hit on Friday, March 30 there were reports that a mere 50,000 cards were compromised. Then at the height of the story’s initial frenzy it was reported that the number of compromised cards might be closer to 10 million. Attempting to quash that frenzy, payments processor Global Payments Inc. itself released a statement that the number was closer to 1.5 million cards. And now, after some relentless coverage and work by Brian Krebs — the blogger who first reported the breach — it appears the number is once again creeping back towards the 10 million mark.

“That’s No Moon” 

The size of the Breach keeps expanding after Global Payments initially made statements that downplayed both its size and its impact.

Global’s statements have all been very succinct, and the company says it reported the breach immediately when it found out about the breach. Global also stated that the breach is contained and only affected 1.5 million cards or less when it occurred in February 2012.

But Visa and MasterCard issued new alerts on May 15 and suggest the breach dates back to January 2011 — an exposure window significantly longer than what was originally reported when news of the breach surfaced in late March. Visa’s alerts in March, which Brian Krebs used to break the story,  indicated the breach occurred sometime between Jan. 21, 2012, and Feb. 25, 2012. Global used those alerts to help underscore their assertion that the breach was small and contained. But on April 26, an updated advisory from Visa put the suspected intrusion date closer to June 7, 2011. Setting the length of exposure for compromised cards back six months. And then Visa and MasterCard released information that pushed the date back an entire year from the initial alert, to January 30, 2011. This vaults the figure of compromised cards to 7 million — much higher than the 1.5 million “or less” suggested by Global in their official statement.

All this wiggling over the timeline and severity of the breach has been met with silence from Global Payments. They have offered no further comment other than to link to their website.

So About Those Compromised Cards …

And apparently the Breach may not have been contained, or at least not contained quickly enough to prevent fraud. Krebs says on his blog, krebsonsecurity.com, “Debit card accounts stolen in a recent hacker break-in at card processor Global Payments have been showing up in fraud incidents at retailers in Las Vegas and elsewhere, according to officials from one bank impacted by the fraud.”

This is a pretty big break in the ongoing story, as details of fraud have been danced around previously and Global’s not released any statements other than their initial commentary that suggested the breach was not going to produce any meaningful fraud. Krebs says that in March of this year the Danbury, Conn. based Union Savings Bank began seeing an unusual pattern of fraud on a dozen or so debit cards it had issued, noting that most of the cards had recently been used in the same cafe at a nearby private school. The bank noted that the school was a customer of Global Payments and so the bank contacted Visa to see if this was related to the breach.

According to Krebs, that’s when USB heard from Tony Higgins, then a fraud investigator at Vons, a grocery chain in Southern California and Nevada owned by Safeway Inc. Higgins contacted Doug Fuller, Union Savings Bank’s chief risk officer. And Krebs’s blog describes the way the fraud worked: “According to Fuller, Higgins said the fraudsters were coming to the stores to buy low-denomination Safeway branded prepaid cards, and then encoding debit card accounts issued by USB onto the magnetic stripe on the backs of the prepaid cards. The thieves then used those cards to purchase additional prepaid cards with much higher values, which were then used to buy electronics and other high-priced goods from other retailers.”

Krebs then goes on to report that the fraud described by Higgins matched the unauthorized activity seen stemming from accounts used at the private school cafeteria. Fuller said Visa alerted Union Savings Bank that about 1,000 of its debit accounts were compromised in the Global Payments breach — including the dozen or so card accounts that initially prompted USB to investigate. Krebs reports that USB officials say the bank has suffered approximately $75,000 in fraudulent charges, and that it has so far spent close to $10,000 reissuing customer cards.

Track 1 Not Needed

The details revealed by Krebs on the fraud perpetrated upon Union Savings Bank illustrates how the criminals can extract value from debit cards even if they only have some of the data associated with the accounts. This is important to understand because Global’s statements have stated that only Track 2 data was taken during the breach. Global maintained that cardholder names, addresses and other Track 1 data was not obtained by criminals in the breach. The indirect suggestion Global was making with that statement was that counterfeit cards could not be produced with the data obtained in their breach. However, the details of what happened to USB shows how Track 2 data alone was enough for the criminals to encode the card number and expiration date onto any cards equipped with a magnetic stripe. Those cards were then capable of being used at any merchant accepting signature debit — transactions that do not require the cardholder to enter a PIN number.

HMS Solutions

Looking at the threat of a data breach, Merchants must wonder what the solution can be. Is there protection available? PCI Compliance is a great foundation for transaction security. The standards and protocols set up by the PCI-DSS Council are the first step a merchant needs to take to protect their data. And Host Merchant Services offers a PCI Compliance Initiative that helps its merchants quickly and seamlessly take that step.

Also, one thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.

 

Reminder: Hypercom Name Change

Host Merchant Services wants to take a quick moment to remind readers of The Official Merchant Services Blog, as well as its own merchants of a change that took place in 2011 with Hypercom — the company that manufactures one of the most popular brands of point of sale terminals that HMS provides.

In October, 2011 it was announced that Hypercom USA formally changed its corporate name to Equinox Payments, LLC. In addition to selling new Equinox terminals, software and services, the company continues to support the very popular Hypercom-branded products in the U.S.

Hypercom US was sold to private equity firm The Gores Group in August 2011 as part of a deal to allay competition concerns when Verifone acquired the rest of Hypercom’s global business.

Former Hypercom product names have remained unchanged, but products are now showing up in marketing materials as branded Equinox or co-branded Equinox and Hypercom. Equinox says they will maintain the Hypercom brand for an extended period of time to reinforce Equinox’s continued support of Hypercom-branded products and services. So it’s been a slow evolution, which is why HMS is offering this reminder. We wish to clear up any confusion with our merchants regarding Hypercom and Equinox due to the popularity of the T4205 Hypercom terminal among our various customers.

Host Merchant Services image of the Hypercom T4205 Terminal.

The Companies Involved

Equinox Payments, headquartered in Scottsdale, Arizona, is a leading payment terminal manufacturer and related secure software provider. Through its commercial offices in the United States, Latvia, Manila and Australia, and a service repair facility in Mexico, Equinox’s more than 200 employees deliver secure payment terminals, applications and services to hundreds of thousands of merchants. Equinox is a portfolio company of The Gores Group, LLC.

The Gores Group, LLC is a private equity firm focused on acquiring controlling interests in mature and growing businesses which can benefit from the firm’s operating experience and flexible capital base. The firm combines the operational expertise and detailed due diligence capabilities of a strategic buyer with the seasoned M&A team of a traditional financial buyer. The Gores Group, which was founded in 1987 by Alec E. Gores, has become a leading investor having demonstrated over time a reliable track record of creating substantial value in its portfolio companies alongside management. The firm’s current private equity fund has committed equity capital of more than $4 billion. Headquartered in Los Angeles, The Gores Group maintains offices in Boulder, CO, and London.