Entries tagged with “regulatory compliance”.

Many cyber security breaches result from the lack of security that credit cards with magnetic strips provide. Since these cards are most common in the U.S., your business has to take steps to protect your financial data.

The alternative to using a magnetic strip is a credit card with an encrypted chip. Yet while these cards are popular in most European countries, they’re not quite as common in the States.

Unfortunately, cards with magnetic strips are more likely to result in security breaches. According to a recent Consumer Reports article, it’s important to secure your financial data to make up for the magnetic strips:

“Contributing to today’s security problem is the fact that the magnetic stripe on payment cards is easily counterfeited. MasterCard claims that the new cards with an encrypted chip (EMV cards) have reduced counterfeiting by 60 to 80 percent. Virtual wallets, such as Apple Pay, Google Wallet, and Softcard, which use your smart phone to make payments, also provide better security than magnetic stripes.”

The problem is that Apple Pay and Google Wallet are relatively new options for consumers. You can’t just expect all your customers to switch to a virtual wallet overnight. Instead, you have to take immediate steps to protect your business from cyber security breaches.

One way to do this is to use a secure payment processor for all credit card transactions. Payment processors come with security features that help protect your financial data. So even if all your customers use credit cards with magnetic strips, your data will be safe.

Until Americans start using cards with encrypted chips, businesses will remain responsible for protecting their financial data. If your company deals with credit cards often, then you should consider buying a new payment processor for added security.

To talk more about cyber security breaches, or anything else, please contact us. Thanks.

A major internet service organization recently found itself the victim of a cyber security breach regarding financial data.

The company fell prey to hackers by a spear-phishing attack. Spear phishing is the attempt to get corporate information by sending an e-mail message that appears legitimate. The fraudulent message sometimes asks the recipient to click on a link to verify information. Instead, that link can download spyware, Trojan horses, or malware. That’s what was believed to have happened in the breach; employees clicked on links in an e-mail that apparently led to the installation of malware.

Besides giving the hackers access to e-mail, the scam also compromised content management systems, internal communication systems, and the company’s data system for managing domains. Security enhancements implemented months ago, by the firm, likely limited the unauthorized access sought by the hackers.

While this company will no doubt be more vigilant guarding against future spear phishing scams, there’s a lesson here that businesses of any size and type can impart to their own employees: Don’t click on links in e-mails that looks suspicious, particularly if the message is asking for information.  To learn more, contact us here at ProPay.

In the world of merchandise processing, there are two different types of transaction processing: swiping and keying. With the constant accessibility to mobile devices such as tablets, smartphones, and laptops more and more merchants are using swiping, but why? In order to fully understand why more merchants are swiping cards versus keying them in, let’s take a look at the difference between swiping and keying credit cards.

Swiping vs. Keying Credit Cards

The difference between swiping credit cards and keying them in is pretty self explanatory, when swiping you have to have the card present and it typically requires either a mobile device with a swipe adapter such as ProPay’s JAK, or a computer/register with an internet connection. Whereas when you key a credit card in, merchants have to hand enter every card number and the credit card doesn’t actually have to be present. So, why are more merchants avoiding keying credit cards? Three reasons: fraud, savings, and convenience.

Fraud Rates

The biggest reason not to key in credit cards is plain and simple: fraud. Because merchants don’t actually have to have the credit card present with keyed payments, the chances of fraudulent transactions are a lot higher. Because most thieves steal credit card numbers instead of the card itself and then make by-phone or online orders, the card itself is never seen. Avoid these types of no-swipe fraudulent transactions altogether and only allow customers to pay for merchandise when they have the card present.


Because there is a higher fraud rate for credit cards that are being keyed in, credit card processors charge a higher rate for keyed transactions compared to swiped transactions, in order to protect themselves against any false transactions. How much more money do they charge? About .5% more per transaction. For example, credit card processors typically charge around 3.5% for keyed transactions, whereas ProPay only charges 2.29% for keyed transactions.


Have you ever had to hand enter someone’s credit card only to realize you misentered one number and you have to start all over? With swiping, you never have to worry about that problem again. Also, you can swipe anywhere, at anytime—giving you the freedom and mobility your business needs in order to stay prevalent in this economy.

To learn more about swiped rates visit ProPay online.

Being a merchant nowadays is very challenging – not only do you have to worry about the rebound from our recent economic recession – you also have to now worry about cyber security. According to Tech Crunch, more and more retailers are succumbing to hackers.

Many retailers, including major clothing, home-improvement, grocery, and restaurant chains  have been attacked and successfully breached. “[one retailer] saw 56 million accounts compromised!” The article states that a major reason why most retailers are being breached is because they haven’t converted from mag stripe card readers to more up-to-date systems like chip and PIN. If there’s a takeaway to this: if you have a brick and mortar store – you should update your system to avoid any breaches. Keep in mind that whether it’s your payment processor or you that gets breached – you’ll experience a major dent to your reputation either way. Make sure to choose a cyber-secure payment processor – and update your hardware/software on your end as well.

ProPay has been providing thousands of merchants (with more joining each day) with excellent payment processor services since the 1990s. Contact us today to learn more about our state-of-the-art cyber security measures – and how we can help your business succeed further.

In discussions with small merchants about the Payment Card Industry Data Security Standard (PCI DSS), it is clear that there is still some confusion surrounding exactly what payment acceptance channels must be in compliance with the standards.  It is not uncommon to hear merchants suggest that PCI DSS only applies to online payments.  That can be a very unfortunate misconception.  All payment acceptance channels must be compliant with the PCI DSS.  Depending on how many transactions you process annually, you may not be required to validate compliance, but being in compliance is always required – for every payment channel and every merchant.

As a small merchant, think about all of the different ways that you might take payments.  You might have a customer that calls you and asks to place an order over the phone.  How do you process that transaction? Do you save the card number in a spreadsheet (please don’t save the number in a spreadsheet)?  Or do you enter the number in a virtual terminal so that you can securely process the payment and save the information for later use?  Do you have a website through which you accept orders?  Do you accept payments in a face-to-face context using a mobile payment device?  Each of the ways that you accept payment must be compliant.

It’s rare to find a merchant that doesn’t require multi-channel support from their merchant service provider.  It’s important to find a service provider that meets all of the needs of your business model.  More importantly, merchants should seek out service providers that can support and maintain compliance for each of those channels.  Merchants should ask probing question about how the transaction is secured, how the data is stored, and how long the company has been providing compliant services.  More importantly, merchants should have a full understanding of where the liability lies in that there is a data compromise.  If you’re storing numbers in a spreadsheet and your laptop gets stolen, that is considered a compromise under PCI DSS and the fines, fees and penalties can flow to you, the merchant.  ( You can read about Visa’s penalties here)  If you’re using a registered, compliant service provider to support your business, and you’re not storing the data yourself, the service provider has the liability for any compromise of that data.

It’s very important to understand the chain of liability when selecting a service provider, and even when selecting specific services from that provider.  For more information about how PCI DSS impacts small merchants, you can check out the Payment Card Industry Security Standards Council (PCI SSC) resources for small businesses.