Industry Terms: Chargeback

This is the latest installment in The Official Merchant Services Blog’s Knowledge Base effort. Well we want to make the payment processing industry’s terms and buzzwords clear. We want to remove any and all confusion merchants might have about how the industry works. Host Merchant Services promises: the company delivers personal service and clarity. So we’re going to take some time to explain how everything works. This ongoing series is where we define industry related terms and slowly build up a knowledge base and as we get more and more of these completed, we’ll collect them in our resource archive for quick and easy access. Today’s term is:

Chargeback

Chargeback typically refers to the act of returning funds to a consumer. The action is forcibly initiated by the issuing bank of the card used by a consumer to settle a debt. Essentially what happens is a consumer disputes a transaction, and the credit card company’s bank responds by taking the money back from the Merchant and returning it to the consumer.

Customers dispute charges to their credit card usually when goods or services are not delivered within the specified time frame, goods received are damaged, or the purchase was not authorized by the credit card holder — the latter being the most common reason for a chargeback.

The chargeback mechanism exists primarily for consumer protection. To start a chargeback a consumer will contact their credit card company and ask for a chargeback. The dispute process then begins. During the dispute process he merchant will have to provide proof they rendered service properly. If the merchant can’t provide sufficient evidence, the credit card company debits the transaction amount from the merchant’s account and credits it to the consumer’s account. Additionally, the credit card company charges the merchant a chargeback fee as a penalty.

With each chargeback the issuer selects and submits a numeric reason code. This feedback can help the merchant and acquirer diagnose errors  and improve customer satisfaction. The code also helps the merchant better investigate the transaction in order to find proof during the Dispute Process. Reason codes vary by bank network, but fall in four general categories:

  • Technical: Expired authorization, non-sufficient funds, or bank processing error.
  • Clerical: Duplicate billing, incorrect amount billed, or refund never issued.
  • Quality: Consumer claims to have never received the goods as promised at the time of purchase.
  • Fraud: Consumer claims they did not authorize the purchase or identity theft.

 

For transactions where the original invoice was signed by the consumer, the merchant may dispute a chargeback with the assistance of the merchant’s acquiring bank. The acquirer and issuer mediate in the dispute process, following rules set forth by the corresponding bank network or card association. If the acquirer prevails in the dispute, the funds are returned to the acquirer, and then to the merchant.

The merchant’s acquiring bank accepts the risk that the merchant will remain solvent over time, and thus has an incentive to take a keen interest in the merchant’s products and business practices. Reducing consumer chargebacks is crucial to this endeavor. To encourage compliance, acquirers may charge merchants a penalty for each chargeback received. Payment service providers, such as PayPal, have a similar policy. In addition, Visa and MasterCard may levy severe fines against acquiring banks that retain merchants with high chargeback frequency. Acquirers typically pass such fines directly to the merchant. Merchants whose ratios stray too far out of compliance may trigger card association fines of $100 or more per chargeback.

For More Information

To find out more about Chargebacks and to gain some Chargeback Tips, be sure to CLICK HERE and read The Official Merchant Services Blog entry from January 9, 2012.

VexxHost Partnership

One constant struggle that we’ve seen with our customers is the ability to perform credit card transactions on their website.  While there are plenty of credit card processing companies in the market, it always seems like you need a degree in finance in order to understand all the fees involved, not to mention the plethora of documentation to go through.

Host Merchant Services Partner VexxHost LogoIt may also seem that a lot of the times, the credit card providers’ interests are not aligned with those of the merchant.  While a business has to operate with the interest of making profits through offering a service, however, it is important to draw the line and understand the limit of what a company should charge for to maintain a good relationship with their customers.

As a company, we were extremely happy to partner and work with Host Merchant Services.  When we were initially approached and presented with the opportunity that Host Merchant Services presents for their customers, it was undeniable that HMS works with their customer’s best interests.

All of our existing and new web hosting customers are now eligible for a $75 voucher that will cover their credit card processing fees, which means that all of VEXXHOST customers can now get started and offer payments via credit card either on their online e-commerce website or even in their store, as Host Merchant Services is not limited to online credit card processing.

From small things like having no contracts or any hidden fees up to the important details such as a locked-in lifetime rate that will never change and free equipment (such as terminals and supplies) for customers that do offline credit card processing. Host Merchant Services always goes to make sure that the customer is getting the best treatment they can possibly get.

We really hope that this partnership is equally beneficial, allowing our customers to leverage HostMerchantServices to process their credit cards online, if not start offering it now.  VEXXHOST customers can get started by simply clicking the “Merchant Account” icon from their cPanel control panel to get started!

Protection from Fraud

How to Protect Your Business from Merchant Account Fraud

In order to protect your business from high risk merchant account fraud, you will find yourself in the position of having to be as smart and as clever as the crooks themselves. In a way, this amounts to a technological dance, with fraud detection solutions evolving in response to the latest schemes fraudsters devise to acquire and to use purloined credit card account information. The same holds true when applying for usda home loans so its always in your best interest to trends with extreme caution.

There are many transaction management utilities available that will give you access to the level of extensive reporting and data comparison necessary to monitor your transactions. The system itself is configured to alert you to suspicious activity, against which you can then take action. Normally when you apply for a merchant account, fraud detection systems will be recommended to you. In order to use these systems to their best advantage, it’s important to understand three core principles that define what you are trying to accomplish in detecting and responding to suspicious activity. These principles hold true regardless of the management utility you use.

First, establish thresholds for the processing of each order. These can range in complexity and be applied in any sequence that best suits your business. A threshold may be a dollar limit on an order, or even a total for a day, week, or other appropriate period. (Similarly you can set a limit for orders or sales in a given time period.) This level of sophistication is especially important in combating high risk merchant account fraud related to online payment processing.

Thresholds can be tied to specific IP addresses so only a given dollar or order amount can originate from that computer according to the parameters you establish. This prevents criminals who have acquired multiple stolen cards to test them all from one computer to see if they can accomplish an approved purchase. This kind of threshold monitoring is then tied to more specific bans directed at particular users. You can exclude an IP address, a given credit card number, a bank bin number, or even geographic regions that seem to be the source of the potentially fraudulent activity.

It is just as important, however, for any fraud protection system to also give you the flexibility to establish exclusions or overrides. This will ensure that your legitimate and honest customers are not penalized by the bans and limits put in place to shut down the crooks. Always remember when you are evaluating a fraud detection and prevention system that you are both trying to stop the crooks and protect your legitimate customers without compromising the ease with which they can use their cards to make a purchase from you.

mobile payment

Mobile Payments [2023 Update]

A payment processing related story setting the blogosphere on fire right now is this study by Pew from their PewInternet and American Life Project that suggests that mobile payments — and swiping your phone to pay for things when you shop — will be the standard by 2020.

There’s been a wide variety of takes throughout the media on this study. It interests us here at The Official Merchant Services Blog because the future of mobile payments and mobile payment processing are topics we’ve been focusing on since our very beginnings.

  • First there was our infographic sharing an expansive look at Mobile Payments for the next couple of years.
  • Then there was our article offering tips for dealing with Mobile Payments.
  • Then there was our breakdown of three separate research firms and their predictions for Mobile Payments over the course of the next couple of years.
  • Beyond the articles, we also covered Mobile Payments in the blog here. We took a look through the Magic 8-Ball to see what was in store for Mobile Payments on October 18, 2011. Then on October 25, 2011, we asked the question Are Smartphones the Credit Cards of the Future? On January 23, 2012, we once again tried to peer into the future with Mobile Payments: 2012 and Beyond. On February 7 we examined the impact that Visa’s commitment to EMV chip cards could have on Mobile Payments. And on February 15, with the advent of spring training in the air, we took a silly take on the future of Mobile Payments, comparing it to the movie A League of Their Own.

Host Merchant Services image for article on Mobile Payments and Near Field Communications

The recurring theme in each of our articles and blogs: The future. All of the commentary, all of the studies, all of the research, and all of the stories released about Mobile Payments focus on the rise of Mobile Payments in the future. Just like this latest media blitz. Though the big difference this time is instead of Mobile Payments by 2014 or 2015, it’s looking further ahead … to 2020.

The Study Itself

You can download a PDF of the Study Here.

According to PewInternet itself, “The survey results are based on a non-random, opt-in, online sample of 1,021 Internet experts and other Internet users, recruited via email invitation, Twitter or Facebook from the Pew Research Center’s Internet & American Life Project and the Imagining the Internet Center at Elon University.  Since the data are based on a non-random sample, a margin of error cannot be computed, and the results are not projectable to any population other than the experts in this sample.”

The bottom line of the survey according to Pew is that within the next decade, smart-device swiping will have gained mainstream acceptance as a method of payment and could largely replace cash and credit cards for most online and in-store purchases by smartphone and tablet owners.

The media took that and ran with it …

Different Takes on the Same Story

One publication, Tech News World took the stance that Tech Leaders See Smartphones Replacing Credit Cards, Cash. The lead-in to their story reads: “Consumers may soon be able to leave home without pretty much anything but their smartphones and be confident they can pay their restaurant tabs or make purchases at stores without a hitch. There are still a few issues to resolve before mobile payments become ubiquitous, but a new survey suggests those hurdles will largely be cleared within the next eight years.”

Using the same source, though, Tricia Duryee wrote for AllThingsD that Mobile Payments Won’t Replace Cash or Credit for Another Decade, with a lead that reads: “It will take another eight years for cash and credit cards to be replaced almost completely by smartphones.”

Two different publications processing the exact same information from Pew and its survey, yet saying two very different things.

Venture Beat took a more straightforward approach, citing the statistics and headlining that 65% of Experts say Most People Will Adopt Mobile Payments by 2020. The story there focuses more on the numbers than the impact statement of replacing cash and credit. We particularly liked their lead as it asked an engaging question that sums up the whole Mobile Payments issue succinctly: “There’s no doubt that mobile payments are generating plenty of hype among the tech community, but how long will it be until they go mainstream?”

That’s essentially what the topic boils down to. Will it go mainstream? Predictions keep suggesting yes it will. Tech industry leaders keep pushing their companies toward this technology. And figures from this past holiday shopping season demonstrated a huge increase in mobile payment business. Seeking Alpha reported that mobile payment business increased 500% on Black Friday 2011 when compared to Black Friday 2010. There was definite movement in the industry, but the big number percentages cited by Seeking Alpha don’t tell the whole story. Mobile Payments are still a tiny piece of the consumer pie, nowhere near as big as online shopping or paying with credit cards, debit cards and even cash. The movement was big and noticeable but the percentages also act as a reminder that the totals are still very small compared to the other options.

Same Old Same Old

The study is fascinating, so if you have a chance definitely download the PDF linked above. And we’re happy to add it to our arsenal of indicators that the tech industry expects and wants big things from Mobile Payment Technology. But it’s still the same message that we covered with our Magic 8-Ball.

Mobile payments haven’t taken off as quickly as predictions suggest they should be. The Juniper study we covered in The Official Merchant Services Blog sets things in four years in the future. This Pew study sets things four years after that. So the boom is still very much capable of happening. But the same two things are holding Mobile Payments back in this country in 2012 that held them back in 2011:

  1. The technology isn’t developed fully yet.
  2. Security issues scare consumers.

The technology is sort of all over the place right now. You have a variety of different ways to process a mobile payment. And the biggest competitors in the industry (Google, PayPal, Amazon.com, MasterCard, Amex, Visa) are all still racing to outdevelop each other. Google Wallet is still not fully there yet. Near Field Communication (NFC)  is still only being tested on a small scale in the United States. The phenomenon simply hasn’t taken root.

And there’s the security concerns. People are already worried about credit card hacks, phishing scams and the security of their transactions with plastic or with online transactions. PCI Compliance is a hot button issue, especially in light of Global’s security breach this year as well as a 2011 DigiNotar Hack. So technology like NFC where people just wave their cell phone at a scanner make people nervous about how secure the transaction really is. And of course it was already shown this year at a security conference that the Square device from Square Up could be hacked and used to steal credit card information.

Chips Versus the NFC

And finally, let’s not forget that while Visa is heavily invested in the future of Mobile Payments, Visa’s hoping that the added security that the chip technology provides will overcome that obstacle and finally tap them into the billions of dollars of revenue that Mobile Payments are predicted to have in the coming years. Stephanie Ericksen, head of authentication product integration at Visa Inc. told Credit.com, “Since announcing our roadmap last year, we have seen strong interest among U.S. issuers large and small to invest in chip technology, as today’s milestone shows.”

So EMV and smart-chip technology, which has the edge in security, could be realized long before 2020.

Hand Inserting Credit Card To A Pos Terminal Payment Terminal Flat Design Vector 64931018

A is for Acquirer

We’ve been working hard the past 7 months at The Official Merchant Services Blog to offer our readers a knowledge base — a place to come frequently to get clear and useful information about the payment processing industry. But we’re always looking to take things a step further. We want to offer more information and be even more helpful. I was recently inspired by this article over at UniBul’s Credit Card Blog which offers a definition of 21 confusing payment processing terms. Credit Card Processing has a lot of buzzwords that get used. This type of technical or industry language can sometimes make understanding statements very difficult for merchants.

Well we want to make these terms clear and remove the confusion. This is part of the ongoing service Host Merchant Services promises: the company delivers personal service and clarity. So we’re going to take some time to explain how everything works. This is going to be an ongoing series where we define industry related terms and slowly build up a knowledge base. We’ll start with the same term that kicked off the UniBul blog. But our coverage is going to go a bit deeper than just a definition. We’ll provide a little extra context. And as we get more and more of these completed, we’ll collect them in our resource archive for quick and easy access.

Hand Inserting Credit Card To A Pos Terminal Payment Terminal Flat Design Vector 64931018

Acquirer

An acquiring bank (or acquirer) is the bank or financial institution that processes credit and or debit card payments for products or services for a merchant. The term acquirer indicates that the financial institution accepts or acquires credit card transactions from the card-issuing banks within an association. The best known (credit) card Associations are Visa, MasterCard, American Express, Discover, Diners Club, JCB and China UnionPay.

An acquirer is contacted to authorize a credit card or debit purchase. The acquirer will either approve or decline the debit or credit card purchase amount. If approved the acquirer will then settle the transaction by placing the funds into the seller’s account.

Every time you use your credit or debit card you are using the services of an acquirer. An Acquirer will charge a monthly and/or a per transaction fee to the stores or merchants to facilitate transactions. Acquirers need to be licensed with credit card companies, such as Visa or MasterCard.

To get a better understanding of how payment processing works, you can view this infographic.

data breach security

Data Breach Security [2023 Update]

data breach security

The Official Merchant Services Blog follows up its extensive coverage of the Global Payments Data Breach today. The news of this data breach hit on Friday March 30. At first there were reports that a mere 50,000 cards were compromised. Then the media upped the number to 10,000,000. Then Global Payments released its own statement to the media reporting that the number was closer to 1.5 million cards.

Phishing Scams Alert

The first update comes from this Credit Union Times Article: “CUNA Mutual Group has sent a risk alert to its bonded credit unions urging them to warn members about possible phishing attempts in the wake of the data security breach at Global Payments Inc.”

The article reviews the steps that Global revealed it took in response to the data breach. The payment processor said it immediately engaged external experts in information technology forensics and contacted federal law enforcement and then Global stated promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. Global admitted 1.5 million cards were compromised but the company called the breach “contained.”

Host Merchant Services image on phishing scams

The alert issued by CUNA however focused on the follow through that scam artists and hackers may attempt on the information that was compromised. It pointed out that criminals may launch a campaign of their own to obtain the additional data such as billing addresses, three digit security codes and passwords through fraudulent means. So the alert warns consumers to be wary of emails, text messages or phone calls requesting this type of information. And the alert tells consumers to report any suspicious activity involving that information.

So the breach may be contained, but the risk is still out there according to CUNA.

Verizon Releases Data Breach Report

The 2012 Data Breach Investigations Report has been released by Verizon.

As with previous reports, the 2012 report aims to understand the underlying issues of major data breaches. This year’s report has been supplemented with contributions from law enforcement agencies in order to increase the awareness of global cybercrime. To that end, the report also looks at breaches from 22 additional countries over the previous year. The 2012 report looks at 855 confirmed security breaches that affected 174 compromised records in 36 countries around the world. A quick big picture statistic: The 8 years of reports now includes over one billion compromised records from 2500+ breaches.

Visa, MasterCard Investigate

logo VisaBuilding off of the statements from Global regarding its reaction to the breach, comes this story from Vanguard, citing Visa and MasterCard’s continuing investigation of the breach. The story, filed April 11, states that Visa and MasterCard are investigating whether a data security breach at one of the main companies that processes transactions improperly exposed private customer information.

The key information in the article levies some indirect criticism of Global and raises some concern about the data breach that is in direct contradiction to Global’s statements about it being contained. Citing an anonymous bank official, the article says:

“The incident has opened a crucial vulnerability that could affect millions of credit card holders. The bank official, who insisted on anonymity because the inquiry is at an early stage, said that Visa and MasterCard notified his company on Thursday, but that banks had been frustrated with the pace of disclosure by Global Payments.

He said that Global Payments, which is one of the biggest transactions processors, had provided little information on where the breaches took place, how accounts were hacked and other details that could indicate which customers might be vulnerable. Banks said that when they could identify victims, they would notify them and replace credit cards, if necessary.”

Confidence Shaken

Host Merchant Services logo art for Blog Series on Global Payments Data BreachAnd now the general texture of the data breach, as reported by Newsweek here, seems to be that confidence is shaken and security issues are a huge concern.

The article states that “experts say that the break-in is a big deal and could nudge us closer to a federal breach-disclosure law. Avivah Litan, a security analyst for consulting firm Gartner, says Global Payments is one of the largest payment processors in the country and that the breach is just the latest in a string of credit-card-security failures that have plagued corporate America. “

The article quotes Beth Givens, director of the Privacy Rights Clearinghouse, an organization that tracks data breaches, as saying the data breach “brings into question the very security of the credit- and debit-card industry and whether or not it’s safe to use such payment cards.”

The article also touches on the disparity between what Brian Krebs initially reported about the data breach and what Global released in its statements. First it points out the long delay in when the breach occurred versus when the news broke: “The company insists it notified all parties and contacted law enforcement in early March when it discovered the break-in. ‘We did not delay,’ says company spokeswoman Amy Corn. Yet it took another three weeks for the news to reach the public, and it wasn’t the company but a security blogger named Brian Krebs who broke the news.”

And then it gets Krebs’ response to the disparity between the number of cards he reported were compromised and the number of cards Global said were compromised in their statements. Krebs told Newsweek: “The number of transactions or card numbers potentially exposed is probably far larger than the 1.5 million number they are citing.”

Infographic

And finally Shelia Turner from backgroundcheck.org has been following our blogs and shared with us this wonderful infographic about The State of IT Security. Thanks Shelia!

The State of IT Security
Compiled by: Background Check Guide

Android Phone Now Takes Payments

Host Merchant Services finally gets to make this announcement official: All mobile payment solutions the company offers now feature both iPhone and Android compatibility.

On February 28, 2012 Host Merchant Services teased through its Facebook Page that it would have big news regarding HMS and Mobile Payments in March. But technical difficulties with the full release of Payfox’s Android solution held the news back until today. In the Android Marketplace, Payfox is now listed and available for download. You can see the listing here.

The App has been on the Android Marketplace since March 21. But now the rest of the support is in place to get the app working. The final piece of the puzzle was the card reader — UniMag II, Two-Track Secure Mobile MagStripe Reader. The device is a two-track, encrypted magnetic stripe reader that works with a wide variety of mobile platforms, including Apple, HTC, LG, Motorola, and Samsung devices. Use your mobile device to read credit cards, signature debit cards, gift cards, loyalty cards, driver’s licenses, and ID badges. The UniMag reads up to 2 tracks of information with a single swipe in either direction, providing superior reading performance for your mobile device.  A merchant account is required to accept credit card transactions.

Host Merchant Services image of the Unimag II.

You can download the specs from the UniMag II data sheet right here. These are the Android devices supported by the reader:

  • HTC Aria
  • HTC Desire Z
  • HTC Eris
  • HTC EVO 4G
  • HTC EVO Shift 4G
  • HTC G2
  • HTC Hero
  • HTC Incredible
  • HTC MyTouch 4G
  • HTC EVO 3D
  • HTC Nexus One
  • HTC Incredible 2
  • HTC MyTouch 3G Slide
  • HTC MyTouch 4G Slide
  • HTC Thunderbolt
  • HTC Merge
  • LG Optimus T
  • LG Revolution
  • Motorola Droid 2
  • Motorola Droid X
  • Motorola Droid Pro
  • Motorola Milestone
  • Motorola FlipSide
  • Motorola Atrix
  • Motorola Droid 2
  • Motorola Droid 2 Global
  • Motorola Droid Bionic
  • Motorola Droid 3
  • Samsung Captivate
  • Samsung Droid Charge 4G
  • Samsung Epic
  • Samsung Epic 4G
  • Samsung Fascinate
  • Samsung Nexus S
  • Samsung Replenish
  • Samsung Infuse 4G
  • Samsung Continuum
  • Samsung Galaxy SII

Please Note

When you go to the Google Play Market and search for PayFox using your Android/Droid phone, the PayFox application will only display for those devices for which the application itself is compatible.

Host Merchant Services image for difference between Android phones and Star Wars Droids.

Red 5 Standing By

Our friends at Transfirst also wanted to offer some clarification about the use and licensing around the word Droid:

“Android and Droid are often used interchangeably when referring to ever-growing & increasingly popular line of smartphones that run on Google technology. The difference, for most purposes, is one of legal definitions and intellectual property. Android simply refers to the operating system and software that powers phones built by any of number manufacturers, including HTC or Motorola, and that run on any of the major carriers.

Droid, on the other hand, is a term coined and owned by LucasFilm Ltd., the licensing rights for which Verizon had to purchase in order to brand their specific line of Android Smartphones.”

In short, Androids are phones, and you can now use them to swipe payments. Droids are what Jawas scavenge. Though I’m sure the Jawas will happily accept mobile payments from all you moisture farmers out there. Ootini!

Data Breach Solutions

Today The Official Merchant Services Blog has a quick follow up to its ongoing coverage of the Global Payments Data Breach. The past two entries in our blog have taken a sweeping look at the big picture of data breaches and PCI DSS and how effective those security standards are. PCI Compliance is a topic very near and dear to Host Merchant Services because the company pushes an aggressive initiative among its customers to keep them PCI Compliant.

PCI Compliance: The Foundation of Security

Past studies from Verizon and Gartner Research have suggested that business owners slack on their security needs, especially in terms of PCI DSS compliance. The most oft suggested reason for this lax outlook on security has to do with PCI itself not having a lot of traction with those business owners. The merchants tend to think any security issues are the responsibility of the third party processor or the bank or the credit card companies; they don’t see a direct link to their business because of the simple fact that their terminal that swipes cards wasn’t theirs to begin with. Other issues include Merchants getting lost in the complexities of the PCI DSS website and its many forms that need to be filled out, and the recent change to PCI version 2.0 in October 2010 changing the structure of the system. Merchants get distracted by their day to day responsibilities of the business and gloss over the minutiae of PCI compliance.

PCI LogoHost Merchant Services understands these problems. Part of their service mantra is that the company designs payment processing solutions that let their merchants focus on running their company. The general theme is to make payment processing seamless and easy for the merchants. This includes transaction security and was the catalyst that fueled the company’s PCI Compliance Initiative.

But as we’ve seen with the Global Payments Data Breach, security needs to go beyond just PCI Compliance.

An Extra Layer of Protection

Host Merchant Services logo art for Blog Series on Global Payments Data BreachThis Article from The Data Center Journal suggests that better admin priveleges could have helped stave off The Global Payments Data Breach completely. From the article: “Avecto says that the possibility that the breach was caused by a compromised administrative account that was insufficiently protected shows that governance is a central requirement of modern IT security.”

The article maintains that multiple layers of security can go a long away to helping to prevent future data breaches of this type. Paul Kenyon, chief operating officer with Avecto, said in the article that “Our observations on this breach suggest that minimizing administrative privileges—an exercise in the principle of least privilege—would have gone a long way to preventing the breach.” It was suggested to Kenyon from another IT Security analyst that the privileged accounts that are reportedly at the heart of this breach need several layers of protection to properly insulate them from hackers.

Most articles looking at the aftermath of the data breach arrive at the consensus that security measures need to go beyond just PCI compliance. This article gives some very specific and clear advice on a step to take — a data breach solution.

Data Breach Penalties Stack Up

Yesterday’s blog also delved into the cost and fees companies face when they suffer a data breach.

And this article by Bank Info Security gives even more insight into the cost and impact of a data breach. It interviews Larry Ponemon, founder of the Ponemon Institute, which conducted this year’s Cost of a Data Breach study with sponsorship from Symantec. The study revealed that the average cost of a Data Breach has gone down this year. Which makes sense when you consider that even with the Global Payments Data Breach in the news right now, the scale is a lot smaller than the scale of the Heartland Data Breach.

In fact, this article, also from Bank Info Security, gives a side by side comparison between the much bigger Heartland Data Breach and the Global Payments Data Breach.

But back to Ponemon’s interview and his company’s study: “According to the annual report, the average per capita cost of a data breach has declined from $214 per record to $194 since 2011’s report.”

Ponemon suggests two reasons for the decline in average costs.

  1. Complacency: “We think people in general may be becoming numb to the data breach notification process. Most people have received at least one data breach notice; they may not even be aware of it because they don’t open their mail. The may see it as junk mail.”
  2. Topical Shift, or rather the rise of intellectual property breaches, which are not a part of the annual study: “We focus on one type of data breach – the type of data breach [of personal records] that requires notification in the United States and then other parts of the world – but in reality there are other, maybe more costly, data breaches that companies are experiencing every day.”

 

HMS Data Breach Security Program

The hackers that go after credit card information are a creative group of criminals who are constantly pushing technology forward and tying security systems in knots. Many times a discussion about data breaches ends up with the conclusion that “it’s not if a data breach is going to happen, it’s when a data breach is going to happen.”

Host Merchant Services offers a key resource in preparing a business to tackle that issue: Its Data Breach Security Program. This program protects a business and a merchant can get up to $100,000 in coverage per location for the most common forms of data breach:

  • Employee Dishonesty
  • Skimming
  • Theft of Credit Card Receipts
  • Theft of POS Terminals
  • Stolen Card Numbers
  • Theft of Computers

 

The Data Breach Security Program helps cover fees for any industry-mandated audit of a suspected breach, card replacement costs and related expenses, and industry fines and assessments. All of these fees come from non-compliance with PCI DSS and are fees and issues that any company even suspected of a breach can face as we described yesterday in our blog. The coverage would exceed even the penalties that Cisero’s faces as we saw in the article about their lawsuit targeting the PCI itself.

How Does It Work?

Host Merchant Services makes it easy to file claims once you’ve gotten on board with the Data Breach Security Program. A simple online form starts the process:

  • Step 1: Fill out the online claim form at www.merchantdatabreach.com
  • Step 2: Upload or fax the notice from the acquiring bank, which stipulates that there has been a breach or a suspected breach at your location and choose an authorized, qualified security assesor.
  • Step 3: When the forensic audit is complete, upload or fax a copy of the assessor’s report.
  • Step 4: HMS takes it from there. We process the claim for payment and if all documentation is in order you will receive a check for the expenses incurred from the audit and/or card replacement costs and/or fines incurred for a breach.

HMS Team 2

To recap

Data Breaches can and will occur. They are costly. The recent Global Payments Data Breach reminds us all how important transaction security is for all parties involved. Merchants need to understand how important PCI Compliance is for their business. And they also need to take more steps than just PCI Compliance. Host Merchant Services is committed to keeping its merchants safe and secure. The company takes the lead in the industry in terms of PCI Standards with its PCI Compliance Initiative. And the company offers added layers of protection to its merchants through its Data Breach Security Program.