Why are U.S. merchants and consumers hesitant to use PINs to authenticate purchases as their counterparts in Europe have done?
Despite the fact that magnetic stripe cards are vulnerable to fraud, and often times more expensive to use, only 25 percent of American consumers choose a PIN transaction. Because of this trend, card companies promoted the use of contactless versions of the EMV chip, which has helped reduce the severity of identity theft attacks in Europe.
Meanwhile, American banks are still offering little consumer protection from identity theft, compared to their European counterparts.
Our Readers: Today's Snap Shot
United States,
China,
Latvia,
Germany,
Malaysia,
Panama,
Israel
Merchants strike back, sue Fed
The National Retail Federation is suing the Fed due to the excessively high cap on debit card interchange fees. The retail coalition asserts that the fees in are violation of the law.
The group claims that the "regulator caved to pressure from bank lobbyists in setting the limit at an average of about 24 cents per transaction, rather than the initial proposal of 12 cents. The coalition says that in elevating the cap, the Fed mulled costs that the law did not permit, and that the board rejected its earlier perception that the only costs that should be considered in the fee were those entailing authorization, clearing, and transaction settlement. The suit argues that the debit interchange cap is an "unreasonable interpretation" that exceeds the authority accorded to the Fed under the law," according to an AP article.
The group claims that the "regulator caved to pressure from bank lobbyists in setting the limit at an average of about 24 cents per transaction, rather than the initial proposal of 12 cents. The coalition says that in elevating the cap, the Fed mulled costs that the law did not permit, and that the board rejected its earlier perception that the only costs that should be considered in the fee were those entailing authorization, clearing, and transaction settlement. The suit argues that the debit interchange cap is an "unreasonable interpretation" that exceeds the authority accorded to the Fed under the law," according to an AP article.
Banks don't take action to prevent fraud, pass cost to consumers
It is well known that banks do little to prevent credit card fraud. Unlike their European counterparts, American banks are not as stringent in their card acceptance requirements. Thanks to the excessive charge back fees, it is not in their interest to completely eliminate fraud and abuse.
In a recent article in Bank Info Security, the American Bankers Association's Steve Kenneally noted "that the industry agrees that a 1 cent transaction fee is not enough incentive for financial institutions to invest in fraud-prevention solutions."
The financial industry associations are hoping to mitigate the impact of the Durbin Amendment by concentrating on the measure's fraud prevention portion. They claim that the cost of fraud prevention is much higher than originally considered.
In a recent article in Bank Info Security, the American Bankers Association's Steve Kenneally noted "that the industry agrees that a 1 cent transaction fee is not enough incentive for financial institutions to invest in fraud-prevention solutions."
The financial industry associations are hoping to mitigate the impact of the Durbin Amendment by concentrating on the measure's fraud prevention portion. They claim that the cost of fraud prevention is much higher than originally considered.
Data breach notification subject of California law
Data breach notifications are the subject of a new California law. The law outlines the details which will be required in data breach notifications.
Required details include
General description of the event
Type of information compromised
Time of the breach
Data breach notifications must provide consumers with the toll-free phone numbers and addresses of the major credit reporting agencies in California, in some cases.
The data breach notifcation law goes into effect next January.
Required details include
General description of the event
Type of information compromised
Time of the breach
Data breach notifications must provide consumers with the toll-free phone numbers and addresses of the major credit reporting agencies in California, in some cases.
The data breach notifcation law goes into effect next January.
Skimming: Best tips for small convenience stores and gas stations
The NACS has issued a very useful report on the best practices for small convenience stores and gas stations.
Skimming Concerns? Here’s What You Need to Know.
A number of news reports over the past month have focused on the topic of credit card skimming. NACS payments consultant Gray Taylor separates fact from fiction, and provide tips for what retailers and consumers can do to minimize the likelihood they are a target.
What is skimming?
Skimming is any attempt to acquire the data from a credit or debit card transaction. At its simplest, it is stealing credit card receipts. Today, it often involves placing a small electronic device over a terminal that the criminal later takes back to download card data. In all cases, the thieves need to open your dispenser to place the skimming device(s).
Is skimming a particular problem at convenience stores/gas stations?
The incidence of skimming at the fuel island is over-exaggerated, as industry data points to retail environments where the consumer gives up possession of the card as the biggest source of skimming. In fact, according to the 2009 Verizon Business Data Breach Investigations Report, the real risk to consumers isn’t retail at all; 93 percent of compromised accounts occurred at breaches within financial institutions. The simple fact is that criminals go “where the money is,” and complicated, site-based hacks of retailers is a high-risk, low-yield proposition.
Consumer Reports magazine and other publications have suggested that customers use signature debit, instead of PIN, to minimize the risk. Is this good advice?
The recommendation that consumers not use their PINs when paying is erroneous at best, and could increase consumer risk of compromise, overdrafts and increases retail prices.
Industry data shows that card transactions without PINs have a six times greater chance of being compromised – which is why PIN usage is the de facto standard for world payments. Consumers who choose not to use a PIN are also at risk for overdraft fees that occur when their bank does not remove debit holds from their account in a timely fashion. Signature-based transactions are processed on the antiquated Visa and MasterCard systems that do not process in real-time, versus the instant operation of PIN debit. Not using PIN also increases the cost of the transactions, which is passed back to the consumer. The Federal Reserve Bank of Kansas City documented that a $50 transaction processed with a PIN cost the retailer 49 cents, while the same transaction processed without a PIN cost the retailer 68 cents – a cost difference of 19 cents.
The assertion that “a lot of gas pumps use older technologies, so PIN codes are not encrypted” is totally unsupported by the facts. With the introduction of master session encryption technology in the early 1990s, fuel dispensers have been required by Visa and electronic funds transfer networks to encrypt PINS or not accept PIN debit. In fact, every one of the estimated 6 million fuel dispenser terminals installed today accepting PIN debit encrypts PIN numbers – as has been the case for the past 15 years. The convenience and petroleum retail segment has invested more than $5 billion in payment systems and technology to provide a safe, fast and accurate card payment experience for consumers.
How can a retailer check if terminals are being skimmed?
Unless you are a trained dispenser technician, you probably can’t tell. We recommend serial-numbered security strips and periodic inspections of them. The idea is to know if the dispenser has been accessed – if a strip is broken, then shut down the dispenser and call in a tech to inspect the pump.
How can retailers minimize the risk of being skimmed?
Here are three simple steps:
Use serialized security strips over all access doors you wish to protect.
Re-key the locks on dispenser doors that have access to electronic payment data.
Consider investing in anti-breach kits for dispensers. Manufacturers now offer anti-breach kits, which generally notify and shut down dispensers that are accessed without proper security code entry. This can be expensive, but is the ultimate line of defense.
What should a retailer do if there is an incident?
Stop the bleeding. Take the dispenser offline to discontinue any more transactions.
Have a tech identify the device, but do not remove or touch it. If there is no device, get it in writing from the tech and restart the dispenser.
Call the police to inspect. Remember, this is a crime scene and the perpetrators are probably doing the same thing to other retailers in the general area. Also, the Secret Service and FBI are frequently involved in large cases; let the police handle this. After the investigation, ask for a dated police report.
You don’t know if any of the cards used at the dispenser have been compromised, so don’t assume that they have been.
Do you have advice for consumers?
Use payment terminals and ATMs at established retail or banking locations, where access to the device is controlled by on-site personnel.
Use a PIN whenever you can; it reduces your risk of compromise six-fold and leads to lower retail prices.
Place reasonable limits on the daily or weekly withdrawals from ATMs.
Even the latest chip and PIN technology currently being installed outside of the United States has proven to be vulnerable to attack. The latest reports of skimming and the recent news of hundreds of company systems being hacked is irrefutable evidence that the United States needs to have a national conversation about payment, identity and access security, and how this country can lead the world to the next generation of data security, instead of following it.
Skimming Concerns? Here’s What You Need to Know.
A number of news reports over the past month have focused on the topic of credit card skimming. NACS payments consultant Gray Taylor separates fact from fiction, and provide tips for what retailers and consumers can do to minimize the likelihood they are a target.
What is skimming?
Skimming is any attempt to acquire the data from a credit or debit card transaction. At its simplest, it is stealing credit card receipts. Today, it often involves placing a small electronic device over a terminal that the criminal later takes back to download card data. In all cases, the thieves need to open your dispenser to place the skimming device(s).
Is skimming a particular problem at convenience stores/gas stations?
The incidence of skimming at the fuel island is over-exaggerated, as industry data points to retail environments where the consumer gives up possession of the card as the biggest source of skimming. In fact, according to the 2009 Verizon Business Data Breach Investigations Report, the real risk to consumers isn’t retail at all; 93 percent of compromised accounts occurred at breaches within financial institutions. The simple fact is that criminals go “where the money is,” and complicated, site-based hacks of retailers is a high-risk, low-yield proposition.
Consumer Reports magazine and other publications have suggested that customers use signature debit, instead of PIN, to minimize the risk. Is this good advice?
The recommendation that consumers not use their PINs when paying is erroneous at best, and could increase consumer risk of compromise, overdrafts and increases retail prices.
Industry data shows that card transactions without PINs have a six times greater chance of being compromised – which is why PIN usage is the de facto standard for world payments. Consumers who choose not to use a PIN are also at risk for overdraft fees that occur when their bank does not remove debit holds from their account in a timely fashion. Signature-based transactions are processed on the antiquated Visa and MasterCard systems that do not process in real-time, versus the instant operation of PIN debit. Not using PIN also increases the cost of the transactions, which is passed back to the consumer. The Federal Reserve Bank of Kansas City documented that a $50 transaction processed with a PIN cost the retailer 49 cents, while the same transaction processed without a PIN cost the retailer 68 cents – a cost difference of 19 cents.
The assertion that “a lot of gas pumps use older technologies, so PIN codes are not encrypted” is totally unsupported by the facts. With the introduction of master session encryption technology in the early 1990s, fuel dispensers have been required by Visa and electronic funds transfer networks to encrypt PINS or not accept PIN debit. In fact, every one of the estimated 6 million fuel dispenser terminals installed today accepting PIN debit encrypts PIN numbers – as has been the case for the past 15 years. The convenience and petroleum retail segment has invested more than $5 billion in payment systems and technology to provide a safe, fast and accurate card payment experience for consumers.
How can a retailer check if terminals are being skimmed?
Unless you are a trained dispenser technician, you probably can’t tell. We recommend serial-numbered security strips and periodic inspections of them. The idea is to know if the dispenser has been accessed – if a strip is broken, then shut down the dispenser and call in a tech to inspect the pump.
How can retailers minimize the risk of being skimmed?
Here are three simple steps:
Use serialized security strips over all access doors you wish to protect.
Re-key the locks on dispenser doors that have access to electronic payment data.
Consider investing in anti-breach kits for dispensers. Manufacturers now offer anti-breach kits, which generally notify and shut down dispensers that are accessed without proper security code entry. This can be expensive, but is the ultimate line of defense.
What should a retailer do if there is an incident?
Stop the bleeding. Take the dispenser offline to discontinue any more transactions.
Have a tech identify the device, but do not remove or touch it. If there is no device, get it in writing from the tech and restart the dispenser.
Call the police to inspect. Remember, this is a crime scene and the perpetrators are probably doing the same thing to other retailers in the general area. Also, the Secret Service and FBI are frequently involved in large cases; let the police handle this. After the investigation, ask for a dated police report.
You don’t know if any of the cards used at the dispenser have been compromised, so don’t assume that they have been.
Do you have advice for consumers?
Use payment terminals and ATMs at established retail or banking locations, where access to the device is controlled by on-site personnel.
Use a PIN whenever you can; it reduces your risk of compromise six-fold and leads to lower retail prices.
Place reasonable limits on the daily or weekly withdrawals from ATMs.
Even the latest chip and PIN technology currently being installed outside of the United States has proven to be vulnerable to attack. The latest reports of skimming and the recent news of hundreds of company systems being hacked is irrefutable evidence that the United States needs to have a national conversation about payment, identity and access security, and how this country can lead the world to the next generation of data security, instead of following it.
Settlement reached between the U.S. Justice Department and MasterCard and Visa
A settlement between the U.S. Justice Department and MasterCard and Visa has been reached on the issue of merchant choice. District Court Judge Nicholas Garaufis approved the settlement which permits merchants to offer discounts or rebates. The card processing networks must now allow merchants the choice in card acceptance. This is a substantial victory for small busness owners. States attorneys general and the Justice Department filed the lawsuit.
The big three card companies made it nearly impossible for small merchants to encourage or steer customers to use cards with lower fees. MasterCard and Visa have introduced more and more reward type cards with much higher interchange rates. These cards have been very lucrative for Visa and MasterCard, but small merchants have borne the burden.
Related articles:
Credit Card Surcharges and Restrictions: Who Really Benefits?
Credit and Debit Card Minimum Purchase Requirements Allowed
Loretta Hunnicutt
The big three card companies made it nearly impossible for small merchants to encourage or steer customers to use cards with lower fees. MasterCard and Visa have introduced more and more reward type cards with much higher interchange rates. These cards have been very lucrative for Visa and MasterCard, but small merchants have borne the burden.
Related articles:
Credit Card Surcharges and Restrictions: Who Really Benefits?
Credit and Debit Card Minimum Purchase Requirements Allowed
Loretta Hunnicutt
Fed defines "pre-paid cards"
The Fed has defined what qualifies as a "pre-paid" card. This definition distinguishes the cards that will and won't be affected by interchange exemptions.
According to the Fed, "pre-paid" cards are those whose monies can only be accessed through the card. "Transaction cards" are those cards that allow monies to be access without the card, but through, ACH, checks, P-2-P among other methods.
Prepaid cards are not exempted from the interchange restrictions outlined in the final Dodd-Frank regulations.
Loretta Hunnicutt
According to the Fed, "pre-paid" cards are those whose monies can only be accessed through the card. "Transaction cards" are those cards that allow monies to be access without the card, but through, ACH, checks, P-2-P among other methods.
Prepaid cards are not exempted from the interchange restrictions outlined in the final Dodd-Frank regulations.
Loretta Hunnicutt
Subscribe to:
Posts (Atom)
Digg
MSNR Is Consumers and Small Business Owners Best Friend
Merchant Service Reports Does Not Endorse Merchant Service Providers.
Merchant Service Reports collects reports of the best and the worst merchant service providers. Share you experience. Top credit card processors provide value to their merchants, and address their issues in a timely manner. Small businesses can get caught in a telephone maze thrown up by others and pay exorbitant prices for the priviledge of accepting credit cards. For over three years Merchant Service Reports has worked for the consumer and small merchant. We are on your side providing information from industry insiders that will save you time, money, and worries.
Comments are welcome at Merchant-service-reports.com, but the following will be removed by our administrator:
Plagiarized material.
Comments totally unrelated to the topic of the post.
Obscene or racist comments.
Personal attacks, insults, or threatening language. Name-calling will not be tolerated.
Commercial promotions or spam.
Commercial promotions or spam.
Hyperlinks to material that is not directly related to the discussion.
By posting a comment you agree to indemnify Merchant-service-reports.com and its officers and employees from and against all liabilities, judgments, damages, and costs (including attorney's fees) incurred by any of them which arise out of or are related to the comments that you post. Comments are intended only for the personal use of our readers, and may not be used for commercial purposes or for organized political activity.
Merchant-service-reports.com reserves the right to monitor comments, and remove any that it deems, in its sole discretion, to be abusive or in violation of the copyright, trademark right, or other intellectual property right of any third party, or otherwise inappropriate.
Notwithstanding the foregoing, Merchant-service-reports.com is not obligated to take any such actions, and will not be responsible or liable for comments posted on the blog.
If you do not agree to these terms, do not use the comments, as violation of the terms can lead to legal liability.
In order to facilitate a free exchange of ideas, tips, and comments, ALL contributions will be posted as authored by "anonymous" upon acceptance for publication except when the author of the post specifically asks to be identified.
Blog Published by BIGBLOG BUILDERS.
Merchant Service Reports collects reports of the best and the worst merchant service providers. Share you experience. Top credit card processors provide value to their merchants, and address their issues in a timely manner. Small businesses can get caught in a telephone maze thrown up by others and pay exorbitant prices for the priviledge of accepting credit cards. For over three years Merchant Service Reports has worked for the consumer and small merchant. We are on your side providing information from industry insiders that will save you time, money, and worries.
Comments are welcome at Merchant-service-reports.com, but the following will be removed by our administrator:
Plagiarized material.
Comments totally unrelated to the topic of the post.
Obscene or racist comments.
Personal attacks, insults, or threatening language. Name-calling will not be tolerated.
Commercial promotions or spam.
Commercial promotions or spam.
Hyperlinks to material that is not directly related to the discussion.
By posting a comment you agree to indemnify Merchant-service-reports.com and its officers and employees from and against all liabilities, judgments, damages, and costs (including attorney's fees) incurred by any of them which arise out of or are related to the comments that you post. Comments are intended only for the personal use of our readers, and may not be used for commercial purposes or for organized political activity.
Merchant-service-reports.com reserves the right to monitor comments, and remove any that it deems, in its sole discretion, to be abusive or in violation of the copyright, trademark right, or other intellectual property right of any third party, or otherwise inappropriate.
Notwithstanding the foregoing, Merchant-service-reports.com is not obligated to take any such actions, and will not be responsible or liable for comments posted on the blog.
If you do not agree to these terms, do not use the comments, as violation of the terms can lead to legal liability.
In order to facilitate a free exchange of ideas, tips, and comments, ALL contributions will be posted as authored by "anonymous" upon acceptance for publication except when the author of the post specifically asks to be identified.
Blog Published by BIGBLOG BUILDERS.
About Us
- MSRN
- Dedicated to economic and fianancial literacy for underserved commnities.
MSRN has no purpose other than to inform the small business owner, the credit and debit card carrying public, and electronic industry members of good practices, bad practices, bad actors, and the many government and industry resources available to make the right business decisions. We do not endorse any products or services.