ProPay (www.propay.com), ETA’s 2010 ISO of the Year award recipient and industry leader in End-to-End Payment Security, credit card processing, and electronic payment services, announced today that it has been selected by Mountain America Credit Union to enable members to make house payments, car payments and even fund accounts using any Visa, MasterCard, Discover or American Express card. By implementing ProPay’s LenderPay solution, MACU was able to provide its members an additional method for making loan payments. In addition, MACU estimates annual realized savings of as much as $20,000 by completely eliminating their transaction fees and costs associated with these payments.

“This is a concept whose time has come. Consumers expect to be able to pay everything with plastic these days; including their car payment. We are very excited to enable Mountain America Credit Union to offer their members the ease and convenience of making loan payments with credit and debit cards. We expect to see many progressive credit unions and other lenders following Mountain America’s lead,” said Greg Pesci, ProPay’s Chief Operating Officer.

Borrowers are increasingly demanding payment options through a variety of channels and payment methods, while at the same time holding companies to an increasingly stringent standard of data security and privacy. LenderPay was designed to meet the specific needs of banks, credit unions and other financial institutions seeking a cost-effective, secure way to enable alternative payment methods for their members and borrowers. “Members contact our call center every day to make car payments on time and earn rewards miles; this isn’t just a service for past due accounts,” said Kelly Hofheins, AVP Call Center & Research at Mountain America.

The addition of LenderPay demonstrates the responsiveness of Mountain America to the needs of its members. “In searching for the right partner, Mountain America sought a company that would offer convenience and compliance while completely eliminating exorbitant transaction fees. ProPay allowed our credit union to serve the needs of our members and to maintain our commitment to fiscal responsibility,” said Tony Rasmussen, SVP eServices at Mountain America.

LenderPay not only introduces convenience and affordability to credit unions, but with ProtectPay, ProPay’s end-to-end secure payment solution, credit unions can be assured that their members’ data is securely stored in a PCI DSS compliant environment. No cardholder data is stored, processed or transmitted by the credit union. LenderPay enables institutions to offer additional payment methods, without taking on additional compliance burdens or security obligations. For more information about LenderPay, email lenderpay@propay.com or call 801-341-5642.

InfraGard_®, a Federal Bureau of Investigation (FBI) program designed to share information to help prevent hostile acts in the cyber field, recently held a conference in Salt Lake City.  The goal is to share information about data theft trends and how to help prevent takeovers from data thieves.

Each presenter, including the Lieutenant Governor, Greg Bell, noted a different category on ways data thieves are able to gain access to sensitive information; whether it through malicious content, clicking on a URL inside an email, or through the purchasing of stolen credit cards.  When discussing data breaches from 2003- present Chris Mark, ProPay’s own EVP of Data Security and Compliance said:   “Organized crime enterprises, mostly from foreign countries, have the time and money to defeat nearly every protection businesses have put in place on credit card transactions, “Chris then discussed ways in which companies could protect their data and explained how data replacement technologies like ProtectPay can reduce the risk to organizations.

Protecting sensitive data, or rather, removing the sensitive data from servers generally eliminates the possibility of hackers downloading the information. “…one solution would be for merchants to contract with specialized companies to process credit card information and guard that data.” (http://www.sltrib.com/sltrib/money/50336763-79/businesses-infragard-mark-information.html.csp)

ProPay also attended and spoke at the CardWare International Peer Group Meeting held in Newark, Ohio this week.  Dr. Heather Mark, PhD., SVP of Market Strategy for ProPay, discussed, along with several peers, the regulatory environment in the payment space including PCI DSS, FACTA, the Durbin Amendment, and legislative action at the state level.

ProPay advocates the concept of “Remove the data. Remove the risk.”  ProPay understands that it is not just the transaction itself that needs to be protected. Often, companies have other files that may contain payment data that must also be protected. ProtectPay_®, a payment solution from ProPay, allows merchants to protect payment data where it resides, whether in a payment database or in a settlement file or fraud report.

It is a common misperception that data thieves only target large, well known organizations. The fact is, smaller companies, because of their perceived lack of resources and technical sophistication, are often targeted by cyber criminals. Many industry studies have suggested that over 80 percent of identified compromises of cardholder data (credit, debit card data) involve small merchants. While larger companies often make headlines, dozens of smaller companies are victimized for every large or well-known company that suffers a data compromise.

I was recently on the Federal Trade Commission website and found a publication entitled, Protecting Personal Information, A Guide for Business. The guide provides some useful information for small businesses around data protection. You can get to the publication by going to the following link: http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus69.pdf. I’ve provided a “Cliffs Notes” version of some of the information below.

A Sound data security plan is built on 5 key principles:

1.     Take Stock. Know what personal information you have in your files and on your computers.

2.     Scale Down. Keep only what you need for your business. (ProPay would advocate, Remove the data. Remove the risk. And, through its ProtectPay solution, in most cases can eliminate the need for a company, large or small, to store sensitive payment data including credit/debit cards and ACH payment data. For small businesses, this can be done for as little as $20.00 per year).

3.     Lock It. Protect the information that you keep.

4.     Pitch It. Properly dispose of what you no longer need.

5.     Plan Ahead. Create a plan to respond to security incidents.

How is your business doing when it comes to data security? The publication above also included a Security Check Q&A. Below are some questions you should ask yourself and associate guidelines.

Q: Are there laws that require my company to keep sensitive data secure?

A: Yes. While you’re taking stock of the data in your files, take stock of the law, too. Statutes like the Gramm-Leach-Bailey Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security for sensitive information. Certainly, if you’re storing, transmitting or processing credit/debit card data, you fall under the Payment Card Industry Data Security Standard (PCI DSS) regulations.

Q: We like to have information about our customers, so we usually create a permanent file about all aspects of their transactions, including the information we collect from the magnetic stripe on their credit cards. Could this put their information at risk?

A: Yes. Keep sensitive data in your system only as long as you have a business reason to have it. Once that business need is over, properly dispose of it. If it’s not in your system, it can’t be stolen by hackers. (Again, ProPay would advocate a solutions such as ProtectPay where the need to store sensitive payment data can be eliminated.)

Q: We encrypt financial data consumers submit on our website. But once we receive it, we decrypt it and email it over the Internet to our branch offices in regular text. Is there a safer practice?

A: Yes. Regular email is not a secure method for sending sensitive data. The better practice is to encrypt any transmission that contains information that could be used by fraudsters or ID thieves.

Q: Our account staff needs access to our database of customer financial information. To make it easier to remember, we just use our company name as a password. Could that create a security problem?

A: Yes. To make it harder for hackers to crack your system, select strong passwords—the longer, the better—that use a combination of letters, symbols, and numbers. And, change passwords often.

Q: I own a small business. Aren’t these precautions going to cost me a mint to implement?

A: No. There’s no one-size fits all approach to data security, and what’s right for you depends on the nature of your business and the kind of information you collect from your customers. Some of the most effective security measures—using strong passwords, locking up sensitive paperwork, training your office staff, etc.—will cost you next to nothing and you’ll find free or low-cost security tools at non-profit websites dedicated to data security. Furthermore, it’s cheaper in the long run to invest in better data security than to lose the goodwill of your customers, defend yourself in legal actions, and face other possible consequences of a data breach.

ProPay has scheduled the first in a series of Payment Card Security Seminars providing real world guidance on protecting data while achieving compliance in a more cost effective and efficient manner.  The first seminar will be held on October 20, 2010 at the American Airlines Training and Conference Center located at the Dallas/Ft. Worth International Airport.

Making the decision to protect your customers’ data is easy.  Deciding how to protect it is the challenge.  If you’re in the process of evaluating new methods of protecting your sensitive payment information, or even if you want to evaluate your current practices, ProPay’s Payment Security Seminar is the one event you cannot miss!

Chris Mark, a globally recognized expert in PCI DSS and Payment Security and now ProPay’s Executive Vice President, will provide vital information on current PCI DSS issues, data breach trends and the technologies available to combat data thieves and minimize the risk to you and your organization.  Among the topics that will be covered during the all-day event are: 

• Data Breach Trends and Examples
• Standards and Regulations
• Compliance and Security Strategies
• The Value of Tokenization and End-to-End Encryption 

Chris, a former Visa trainer and PCI SSC Qualified Security Assessor, has trained over 15,000 people worldwide on the topics of the PCI DSS, and card brand programs.  Join ProPay for this lively and interactive discussion of payment card security.  Chris is a dynamic, energetic presenter you do not want to miss! 

Attendees are encouraged to bring questions, foster discussion and generate debate about the issues facing companies as they attempt to protect their business and their customers.  For more information regarding the event, please contact ProPay at: events@propay.com or call (801) 341-5609. 

The all-day event is priced at $149 ($129 after early bird discount before September 29, 2010). To register for the event, please visit: www.propaysummit.com.

I had the pleasure of meeting the founder of SmallBiz Technology Ramon Ray in New York several months ago and recently wrote a couple of blog posts for SmallBiz Technology.com.   Ramon is a very bright individual who clearly understands the challenges of small business technology.  He is a very interesting person to speak with and his blog is a great resource for all things related to small business technology. I highly recommend you add it to your reading list.  For the most recent blog post, please visit this link.