Industry News


Electronic payment processors and systems are great – they allow for increased versatility, quicker payment processing, and ubiquitous accessibility. However, keep in mind that each online payment processor is different! Consumer Reports suggests that you “…be aware of the disparity in loss liability and consumer protections they offer….”

Hidden fees are another aspect that you should be aware of when choosing a payment processor.  Many times they won’t make you aware of the fees they charge and you end up finding out after the fact.  Carefully study the fine print if you’re planning on using a new payment processor. You should double-check all stated transaction costs as well.

recent article offers more guidelines you should follow in order to protect yourself from hidden fees from payment processors:

-Check the payment processor’s “about us” page for any additional information as to their policies.

-Read user reviews – if it’s too hard to wade through the fine print, then it’s definitely easier to read about users who have experienced being charged hidden fees. Often, these testimonials are written in plain language and get straight to the point concerning how the hidden fee was charged.

Since 1997, ProPay has provided simple, secure and affordable payment solutions for organizations ranging from the small, home-based entrepreneur to multi-billion-dollar enterprises. ProPay is a leading provider of complete end-to-end payment security solutions designed to significantly reduce the client organization’s risk of having sensitive payment data compromised. If you’d like more information, feel free to contact us today!

The merchant credit card business can be highly aggressive. Some banks may use deceptive sales techniques in order to lure customers. Many businesses will sign on thinking that they found a great deal, then be shocked when they see hidden fees pop up.

Here are 3 ways to protect yourself from the hidden fees from payment processors that may be lurking in your current credit card agreement.

1. Annual fees are normally billed on the merchant statement at the end or beginning of the year, in December and January. They can range anywhere from $75 to $199 per account. This fee is often buried within the fine print on the merchant application. Steer clear of signing any application that includes this costly fee.

2. Cancellation fees are dependent upon whether or not a merchant decides to cancel an agreement early. They are then subject to cancellation fees that run anywhere from hundreds to thousands of dollars. Make sure there is no cancellation fee before agreeing to sign the merchant application.

3. Many processors may actually take out processing fees every day before depositing funds into your account. This can create accounting and bookkeeping nightmares. Merchants with multiple terminals and locations may find it difficult to settle terminal transactions with monthly merchant statements. The processor should only deposit the gross credit card and debit totals once a month.

By paying close attention to these concealed details, you can save yourself the headache of paying more than you should have to. If you would like more information on how to protect yourself from hidden payment processor fees, please contact us.

For those of us in the security space, it’s common to hear about crime rings based out of Eastern Europe that are targeting US companies and consumers.  Stealing the data and selling it to make a fast buck has been something that we prefer to identify as something that happens from abroad.  A recent report from ID Analytics, though, tells us that we have plenty of trouble with that particular crime here at home.

ID Analytics, a leader in consumer risk management, has undertaken a study to identify crime rings in the US that specialize in identity theft.  According to the report,  there are more than 10,000 separate crime rings operating in the United States.  Those rings appear to be most highly concentrated  in Washington D.C.; Detroit; Tampa, Fla.; Greenville, Miss., Macon, Georgia; and Montgomery, Ala.    Another unusual finding of the report was that a large number of these rings were comprised of friends and family working together.  You know what they say.  “The family that defrauds together…”

This report is interesting on a couple of levels.  First, there has been an assumption that Identity Theft is often the work of career criminals.  The report seems to contradict this, pointing out the almost communal nature of identity theft rings.  The individuals work together and even share identity information, like social security numbers, in an effort to get new lines of credits.  Secondly, while we do know that many breaches do originate from abroad, it is important that we not overlook the threat that we face here at home.   Another surprising revelation in the report is the genesis of the crimes.  Again, we tend to think of identity theft as an urban crime.  While most of the victims were city dwellers, the report shows that the crime rings originate largely in rural areas.

It would be interesting to see if longitudinal studies would uncover a relationship between the economic downturn, particularly as it hit these rural areas, and the increase in the formation and activity of identity theft rings.  It is sometimes easy to think of identity theft in the abstract, and that may entice people that wouldn’t be attracted to violent crime as a means of supporting themselves.

It is questionable if all the mechanical inventions yet made have lightened the day’s toil of any human being.  - John Stuart Mill

Last year, California was in the news as a result of an interpretation of a long-standing law, written and passed before the advent of the internet or ecommerce, that limited the amount of data that could be collected by retailers in order to complete a purchase.  The law, Civil Code § 1747.08 (a), expressly forbids retailers from doing the following:

(1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
(2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.
(3) Utilize, in any credit card transaction, a credit card form which contains pre-printed spaces specifically designated for filling in any personal identification information of the cardholder.
Essentially, if the information isn’t required for the fulfillment of the order itself, the retailer is prohibited from collecting the data.  This came to the forefront last year when the California Supreme Court ruled that collecting zip codes for Address Verification Service (AVS) was a violation of the 1971 law.  This year, the California Supreme Court is tackling the law again, this time to determine if the law does, in fact, apply to online retailers.  Retailers are concerned, understandably, that limiting the amount of information that can be collected may increase their exposure to credit card fraud.  This sets up a battle between privacy advocates and retailers that will likely set the stage for many more challenges to come.  Stay tuned to the ProPay Blog for updates on the case…

Barnes and Noble has reported that PIN entry devices in dozens of its stores have been hacked.  According to the company, one device in each of 63 different stores  had been compromised. The company said that its website and purchase made on the Nook were not impacted by the breach.    Reports indicate that the stores involved in the compromise were located in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island. B&N is working with banks to notify affected customers.    The company acted swiftly in disconnecting the devices in all of its more than 700 stores once the breach was discovered. Further, the company altered the process for using a card to a more secure method.  Rather than swiping the card, the consumer will now hand the cashier the card to be swiped, a process the company believes to be more secure.

There are two security issues at play here. The first is the question of physical security.  How many times have you walked into a grocery store, or any store for that matter, and used the PIN pad device without the assistance of the clerk?  While that certainly adds convenience, it can also introduce risk.  The following video demonstrates just how easy it can be to compromise a PIN pad machine.

As you can see, without the proper physical security, attaching a skimming device or tampering with the machine can take just a matter of seconds. If you are accepting cards it is vitally important to think about the physical security of the data, as well as the technical security.  If you use a mobile device, ensure that it is with you at all times.  If it is not with you, it should be locked in a secured location.  If you are using a Point of Sale solution or a PIN pad device, make sure that it is secured to the counter and that you can tell whether or not the device has been altered.  In the video above, the clerk noticed that machine had been tampered with and was able to prevent the theft of data.

The second issue at play here is the technical aspect of security.  This is of particular consequence, because thieves that are able to access full card data can make counterfeit cards and the volume of fraudulent transactions increases significantly.  To counter this, the PCI SSC has drafted a number of documents specifically aimed at protecting PIN pad devices.  You can find all of the PCI SSC security documents on the Library section of their website.

Security of transaction data is not an “online only” problem.  Thieves are able to extrapolate physical theft into credit card fraud.  That means the physical instruments that we use to accept credit card transactions must be afforded the same level of protection as the systems in which we store that data (e.g. databases or POS applications).

Next Page »