ProPay Blog

May 8 2012

Skimmers & Scammers: How is payment data stolen?

Posted by hmark
Data Breaches, Risk/Fraud, Scams, Social Engineering
No Comments

The cautionary tales abound regarding the protection of payment data – credit and debit cards, and ACH (or banking) information. Bad guys are seemingly around every corner looking for ways to steal data. It’d easy to believe that stealing payment information requires a great deal of technical knowledge and a lot of time. One is almost tempted to envision the old Spy vs. Spy cartoons in Mad Magazine. (The picture to the left is The White and Black Spy, from Antonio Prohias‘ Mad Magazine comic strip.) Unfortunately, sometimes the low-tech scams still work the best.

Social engineering is still one of the most effective ways of stealing sensitive data. According to Wikipedia, “Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.^” In other words, worm your way into someone’s confidence and you can convince them give up critical information. In the context of payments, this may take the form of someone telling you that they are calling to help you with your merchant account and can quickly troubleshoot an issue (that you may or may not be experiencing) if only you’ll provide your merchant ID and password. The thief now can access your merchant account at will and doesn’t have to resort to any technical wizardry to do so. They can process stored cards for payments to your merchant account, which would result in angry customers and multiple chargebacks.

Another common scam is the “skimmer.” In this scenario, someone that has access to the card terminal or card swipe device replaces the card reader with a “skimmer” which duplicates the information and can be downloaded or sent to another individual. The information can then be sold or even used to make counterfeit cards. Skimming is most commonly seen in restaurant environments, where servers have access to cards and are often able to take those cards out of the line of sight in order to process the payment. Here is an example of a skimming ring that was fairly successful.

These are just a couple of the methods used by data thieves to misappropriate financial data. Of course, the most reliable way to ensure that you don’t fall victim to a data thief intent on gathering your customers’ financial data is simply not to store it.

Tags: Data Security, data security for small businesses, data theft, fraud, heather mark, ProPay, Security, Social Engineering

May 7 2012

ProPay Solutions for eBay® Sellers

Posted by hmark
Merchant Services, ProPay News
No Comments

ProPay is excited to announce that we’ve broadened our offerings to eBay sellers. Previously available only to PowerSellers, ProPay eAuction accounts provide sellers with ease of use and competitive rates. With a number of account options available, ProPay can offer payment processing solutions that meet the unique needs of the eBay seller.

If you’re an active eBay seller with good buyer feedback, come and see what ProPay can do for you. Sign up for a ProPay eAuction account today.

ProPay Benefits Buyers AND Sellers

ProPay has developed a payment processing account specifically for eBay sellers. The account can benefit buyers and sellers in the auction process.

Seller benefits include

Competitive rates
Integration with your eBay account
Top-notch customer support (see our Facebook page for proof)
Secure payment processing that protects you and your customers

Buyer benefits include

No login or ProPay account required to make a payment
Simple check-out process
Secure payment processing protects their payment data
All major credit cards accepted

ProPay has been offering small businesses a safe, secure, and affordable way to accept payments since 1997. Our company is dedicated to enabling entrepreneurs to build and grow their unique businesses. Come see how we can help you grow your eBay business by offering your customers a safe, simple way to pay.

To learn more about how ProPay can help, visit our website: www.propay.com

Tags: eBay, Merchant Account, ProPay

Apr 30 2012

Payment Processing 101

Posted by hmark
Merchant Services
No Comments

Many small businesses recognize the importance of having a merchant account. Having such an account allows the business to accept payment cards in lieu of cash or checks. Studies have shown that accepting payment cards can increase conversion and increase the average ticket size – both great thing for small businesses. But how many businesses know what really happens when you swipe that card or key in that number? The process is actually much more complex than one might think. Following is a quick and dirty description of how a payment is actually processed.

1) The consumer presents the card as a method of payment for goods or services.

2) The merchant sends the transaction to the acquiring bank. The acquiring bank is the bank that provides the merchant account.

3) The Acquirer sends the transaction to the card brand networks and eventually to the issuing bank. The issuing bank is the bank that provides the card to the consumer.

4) The issuer sends a message of approval if the cardholder has enough balance on their cards to cover the cost of the transaction or a denial if the balance is not sufficient.

5) The issuer sends the payment to the merchant.

Now, as I stated earlier, this is the very simplified version of the process. Different sources list anywhere from 7-11 different steps in the process. In addition, the process laid out above doesn’t include 3rd party service providers, back office providers, and others that may assist in the transaction process. It can quickly get very complex. Hopefully, this summary has answered some questions about how transactions are processed. Though some magic surely happens, it a pretty linear process involving a number of different organizations and networks. If you have any questions about how the process works, or any of the steps in the process, please let us know. We’ll be happy to answer whatever we can.

Dr. Heather Mark, PhD; VP Market Strategy

Tags: heather mark, Merchant Account, Merchant Services, Merchants, payment processing

Apr 10 2012

Mobile, Mobile, Mobile

Posted by hmark
Data Security, Industry News, Mobile Payments, PCI DSS, Small Businesses
No Comments

Mobile technology seems to be in the news quite a bit today. Instagram, a social photosharing, site was acquired by Facebook. AisleBuyer, a line-busting mobile commerce application, was acquired by Intuit. Best Buy is looking at mobile strategies to combat the phenomenon of “showrooming,” in which consumers come to the retail store to look at the product, then make the purchase from Amazon, or eBay or another eCommerce site. Mobile commerce, mobile payments, mobile social. It seems that mobile is everywhere. What does that mean for merchants? What should merchants be looking for in the mobile revolution?

Something that often gets overlooked with the introduction of a new technology is that of strategy. Merchants often rush to the new technology that promises convenience, increased conversion, and cool factor. But the question that we should be asking is, “Why?” Does mobile even make sense for me? Consider a traditional, independent bookstore. They have a storefront and inventory. They get foot-traffic and have a traditional Point of Sale (POS) system that is integrated into their inventory management system. What would a mobile acceptance channel add to them? On the other side of that coin, consider a crafter or a locksmith. Often, these professionals operate in the field – at craft fairs or in parking lots. They have traditionally accepted cash or checks. Recently they’ve begun to use either a “knucklebuster” or an IVR system to accept payment from debit or credit cards. For them, mobile payment acceptance makes sense – they can increase their conversion rate (and sometimes their average ticket size), cut back on “bad” transactions with real-time authorization, and add convenience for themselves and their clients.

Another factor that must be considered is security. Just because a payment is mobile, that doesn’t mean that security goes by the wayside. In fact, some (including myself) may argue that security becomes more important. Encrypted card readers are just one layer, albeit a very important layer, of protection for the payment process. Choosing a service provider with a demonstrated history of compliance with the Payment Card Industry Data Security Standard is another important step in protecting mobile payments.

Mobile payments are an exciting innovation in the payments world. They offer significant advantage, but as with any tool, they must be managed appropriately in order to recognize the maximum benefit.

Dr. Heather Mark, PhD. SVP, Market Strategy

Tags: Data Security, heather mark, Merchants, Mobile, Mobile Payments, PCI DSS, ProPay, ProPay JAK, Social Media

Mar 21 2012

AFP Releases Survey on B2B Fraud

Posted by hmark
Uncategorized
No Comments

The Association of Financial Professionals (AFP) has released its latest survey on Business to Business Fraud. According to the findings 66% of the respondents were the targets of an attempted or actual payment fraud in 2011. Of those attempts, checks were the dominant payment form targeted by the criminals. Nearly 85% of the organizations that were targeted by fraudsters reported that checks were most frequently targeted. Further, the companies that suffered a financial loss as a result of the fraud averaged a loss of around $19,200. The good news is that the number of organizations that suffered attempted or actual payment fraud has declined over the last two years. Not surprisingly, the larger the company the more likely they are to be targets of fraudsters.

It is also interesting to note that check fraud remains the favored target, despite the decreasing use of checks by corporate entities. After checks, according the report, the most popular targets for fraud include ACH, corporate or commercial purchasing cards, and consumer payment cards. For full details on the survey, you can download the report here.

Tags:

ProPay Solutions for eBay® Sellers

Payment Processing 101

AFP Releases Survey on B2B Fraud

Blogroll

Helpful Links

Press & Articles

Categories

ProPay Blog RSS

Skimmers & Scammers: How is payment data stolen?

ProPay Solutions for eBay® Sellers

Payment Processing 101

Mobile, Mobile, Mobile

AFP Releases Survey on B2B Fraud

Blogroll

Helpful Links

Press & Articles

Categories

ProPay Blog RSS

Tag Cloud