As businesses expand, especially online, companies may extend their reach to international customers.  Modern technology enables companies to have customers half a world away.  However, that same technology can mask the identity of criminals.  Here are a few things to watch for when conducting international transactions.

A business’s potential for loss increases substantially when processing payments from international customers because it does not have the same protections as when products are sold to domestic buyers.  If there is a dispute, the company may find it hard to prove that products were delivered or that authorization to charge the card was given.  Without taking some precautions, a company may lose the products and the money.

Be aware of some common indicators of potential fraud:

• The order is for a large number of the same item.
• The transaction is for an unusually large amount.
• The person says it is his or her credit card, but wants the product shipped overseas to a friend or family member.
• The buyer is unwilling to provide you with additional contact information.
• The buyer is very anxious for their order to be processed.

What can a company do to protect itself?

• Gather as much information as possible (name, address, phone number, etc…).
• Collect the card security code (eg. CVV2 or CID) to verify the payment.
• Obtain a signed invoice/authorization from the cardholder.
• Require a delivery confirmation signature when the product is received.

If there is anything suspicious about a particular transaction, you may choose to obtain additional verification from the cardholder, or to simply not process the card.  Merchants are more likely to win transaction disputes when they have well-documented transactions.  The ability to sell internationally can be a great way to grow a business, but these procedures will help ensure that growth is stable.

Tanner Olsen

This Memorial Day please join ProPay in remembering all those who have sacrificed so much for this great country in which we live.  Regardless of political affiliation or beliefs, many men and women have selflessly sacrificed their lives so that we may all see a better tomorrow.  Please keep these service members and their families in your thoughts and prayers.

On this day I am reminded the friends that I served with that have lost their lives in service to their country.   Alan, Brian, and Mark,…may you rest in peace Marines.

Chris Mark

Selecting a password for any account can be frustrating when confronted with the parameters required to create one.  However these “pesky” requirements are not there to annoy, rather they are there to protect and insure that “pesky” hackers cannot access sensitive information.

When choosing a password it is important to remember that the more unique, personal and specific a password is, the better it protects the information it’s guarding.  Including different characters, spaces, symbols, case sensitive letters and numbers increase that security.  Simple passwords can be cracked and if used for more than one account, it can prove detrimental to the account holders.  Using one’s first or last name, company name or generally known personal information decreases security and makes you more susceptible to hackers breaching that information.  ProPay maintains specific password requirements to avoid any risk in accessing secure information.   Choosing or changing a ProPay password is a seamless process.  If a merchant forgets or mistypes their password, ProPay has the ability to help the merchant (and only the merchant) log in safely and successfully.

ProPay holds a long standing commitment and responsibility to insure that each experience using ProPay’s services are secure and simple to understand.   Assisting merchants in selecting a secure personal password is part of ProPay’s overall pledge to secure payment solutions.

It’s often easy to forget that the  device we carry around to check email, to make phone calls, and to play Angry Birds is more than a “Smartphone.”  It is essentially a computer, and as such, can be just as vulnerable to malware and other attempts at stealing sensitive data.  In fact, more than 50 applications were recently removed from the Android Marketplace because they contained malware.  In considering this point, the notion of using the Smartphone as a payment device can be daunting.  That is why it is vitally important to ensure that no sensitive data is stored on the phone itself.

Some mobile payment providers have declared that it is safer to store payment data on a Smartphone than to have it stored with a 3^rd party.  The rationale is that the third party represents a treasure trove of information and, thus, will be a more likely target for data thieves.  There may be a ring of truth about this, but upon further examination it does not hold up to scrutiny.  First, data thieves often take advantage of opportunities – “lost” or stolen phones containing payment data, for example, offer a compelling opportunity.  Further, companies whose core competency is the protection of data have greater levels of expertise and resources to bring to bear on the issue of securing sensitive data.  In addition, it is disingenuous to suggest that data thieves targeting smart phones would only get one-off opportunities to steal data.  These thieves aggregate those opportunities by simply having the consumer download malware (in the guise of legitimate applications) and subsequently are able to harvest personal data from thousands of phones at a time.

Given this information, then, how can one secure their mobile devices against such malware?  The most important method of protection is awareness.  Be cognizant of what information you are storing on your phone and avoid storing personal or financial information.  You can configure your browser options on your phone much the same way you would your home computer.

Be careful about the applications that you download.  While most applications are legitimate, data thieves have used malware disguised as legitimate applications.  There are many vendors now offering security suites for mobile devices.  These are very similar in nature to those that are installed on home computers and they can detect malware and anomalous activities.

An important step in securing the Smartphone, and one that is often overlooked, is as simple as setting a password on your phone.  Many users still perceive their phones as “only a phone,” and therefore don’t require a password to access it.  While this is not a “cure-all” it is a good first layer of defense against a lost or stolen phone.

Given the nature of the Smartphone and the potential vulnerabilities, it becomes extremely important to choose the right mobile payment application.  Mobile payment applications should be built on a solid security foundation.  When it comes to mobile payment applications, a vendor’s mantra should be “Security first, convenience second.”

Dr. Heather Mark, PhD. SVP Market Strategy

A quick read through the various security websites, blogs and even headlines of major newspapers show a trend developing in data compromise strategies.  Until 2010 or so, data thieves were laser focused upon stealing credit and debit card data.  While card not present data was often acceptable, their goal was to steal magnetic stripe data which could be used to counterfeit cards.  In 2010, we began seeing a trend toward stealing banking information which would allow data thieves to transfer funds from personal and business banking accounts through ACH transactions.  As companies have begun to bolster their security processes and controls, we are seeing another shift in data compromise objectives.  The recent news that Epsilon, and Sony (3 different divisions) experienced major breaches was interesting for several reasons.  First, it did not appear that the data thieves were targeting  financial information rather they were after personal information such as email, full name, addresses etc.  For those that are not familiar with tactics to steal information, this data is often more dangerous than credit or debit card data. 

One method that data thieves use to obtain account data is through a technique known as phishing.  In a phishing attack, an email  structured to appear legitimate is sent to thousands (if not more) recipients  in the hope that a small percentage of the recipients will act.  The email may direct people to a fraudulent website where the users are instructed to input their personal data or it may be a simple instruction to respond with credit card data.  Likely every reader on this blog has received numerous phishing attempts.  A more sinister variation is known as spear-phishing.  In spear-phishing, legitimate looking emails are sent to specific people.  The emails are addressed to the people and appear legitimate.  Because the recipient is addressed by name, it has a much higher rate of success as people are more inclined to believe it is legitimate.  The downside?  If I receive an email from Bank X I know it is fake as I have no business with Bank X.  This is where the recent breaches are cause for concern.  Because the data stolen is associated with one or more companies the spear-phishing attacks are much more targeted and will likely be much more successful.  People are receiving emails from what looks like companies with which they legitimately do business and the emails are personalized.  Many people will take action on this type of email than on a random, blind communication.

It is important to remain diligent in security.  Never enter your credit, debit card or personal information into a website upon direction from an email.