The CHOSEN Blog: July 2015

Tuesday, July 28, 2015

Payment Processing Breaches: What Can You Do to Protect Your Information?

Payment Processing Breaches: What Can You Do to Protect Your Information?

Credit-card fraudsters are everywhere these days, but when it comes to targeting victims, they have a special fondness for Americans. Just look at the latest breaches that occurred at about 40 zoos – Service Systems Associates, a company that serves gift shops and eateries at zoos and cultural centers across the United States, acknowledged earlier this month that they incurred a breach of its credit and debit card processing systems.

Who will be next? We’ve already heard about Target and Home Depot and in May, we discovered that there were significant issues at bars and restaurants across the country with their Point of Sale systems. And now patrons of zoos across the United States are worried that their information has been compromised. Why is this issue so prevalent and what can we do to protect ourselves?

Nearly half of all the credit card fraud around the world occurs in the US, even though America accounts for only about a quarter of the global card volume.

The increasing instances of credit-card fraud—and the subsequent hassles, like not being able to use our credit cards or having to replace them more often—are mostly due to the fact that the US still relies on old, faulty technology that the rest of the world moved on from years ago.

As I’ve noted in previous blogs, in the US, credit cards still transmit financial information through a magnetic stripe that is easy to replicate if stolen. Hackers also can remotely install malicious software onto checkout terminals at retail stores to capture credit-card numbers. The data gets transmitted to the cyber criminals, who then sell the information to the highest bidder.

These tactics don’t work as well in the rest of the world, where most credit cards are now embedded with little chips (often referred to as EMV, for Europay, MasterCard, and Visa) that are more secure because they randomly assign a number to each transaction that changes each time customers use their credit card. Users must also input a personal identification number to verify each purchase.

The technology is not totally bulletproof (paywall) and other problems exist that lead to credit card fraud. But it’s pretty telling that the adoption of EMV chip-and-pin technology in the UK, which began in 2003, has led to a 70% reduction in counterfeit fraud in the UK over the past decade.

The rest of Europe (which now has an 81% adoption rate of the new cards) and countries like Australia and Russia have followed suit. But the US, plagued by fierce battles between credit card companies and retailers, have been slow to adopt the chip-and-pin technology.

Naturally, fraudsters have focused their attention on the US, where it’s just easier to hack into retailers’ checkout terminals and steal millions of their customers’ personal information.

But, there is good news.

The US is finally joining the rest of the world in its move to chip and pin technology. By the end of this year, retailers will be required by credit card companies to have upgraded their checkout terminals to accept the new cards—or bear the liability for fraudulent card transactions.

But just about any retail checkout clerk in the US will tell you that most people aren’t using the new cards yet, which means fraudsters still have some time left before they’re going to lose easy pickings from the US.

So what can you do? For breaches that happen at large retailers on a grander scale, your credit card company or a third party company in charge of payment processing are responsible and are insured to make sure you are protected. But, what about a personal theft or credit card fraud?

Right now, credit card information is easy to obtain by hackers, making it easy for them to open a new line of credit. So, protect yourself.

1. Protect Your Personal Information
2. Shred Everything
3. Use a Secured Mailbox
4. Have Your Bills Sent to You Electronically
5. Pay Your Bills Electronically
6. Create Strong Passwords and Keep Them Safe
7. Protect Your PIN numbers
8. Watch What You Say on Your Cell Phone
9. Check Your Credit History and Score Regularly
10. Take Action

Remember, you can take action to protect yourself from identity theft and credit card theft by using the tips above. You may think you have better or more important things to do than stay on top of your personal information, but taking the time to protect yourself will save you time and money in the future. And you can go to bed at night feeling more secure – physically and financially.

If you have questions about the services Chosen Payments provides or you have a topic you would like to see covered in my blog, feel free to reach out!

Zach Allen Regional Vice President at Chosen Payments
Credit Card Processing | ACH | Gift/ Loyalty Cards | Mobile & Ecommerce Payments | ATM
Toll Free: 1.855.424.6736 x. 116
zach.allen@chosenpayments.com | www.ChosenPayments.com
www.facebook.com/ChosenPayments | Twitter: @ChosenPayments
http://chosenpaymentskc.blogspot.com/

Tuesday, July 21, 2015

Let me take a SELFIE! ;)

Can a Selfie Better Protect Your Money?

With usernames and passwords needed for just about everything, it’s easy to get confused as to which password goes to what. And since it is highly recommended to change passwords frequently for security purposes, your brain can go into overload. But never fear, MasterCard may have found a solution. Forgot your password? MasterCard will soon be accepting another form of verification: Your face.

Under a pilot program beginning in the fall, the credit card giant will allow customers to snap a selfie to verify their identities with facial scan technology.

MC is experimenting with a smartphone app which allows people to confirm their identity and authenticate online transactions via a facial scan.

Users will have to download the MasterCard phone app and at checkout they will be asked to hold up their phone to stare and blink at it.

Currently, users can set up something called "SecureCode," which requires a password when shopping online. However, as mentioned before, passwords can be forgotten, stolen, or intercepted.

The small pilot program, involving only 500 people, uses fingerprints - but also facial scans to verify online transactions. But, the program is designed to grow since MasterCard has partnered with every smartphone maker to make this method of verification possible.

How does it work? A pop-up will ask for authorization after consumers make a purchase. They can choose fingerprint or facial recognition. Users who choose facial recognition have to stare at the phone and blink once.

Why blink? MasterCard's security researchers believe blinking is the best way to prevent a thief from just holding up a picture of a person and fooling the system.

MasterCard said it does not actually get a picture of the user's finger or face. All fingerprint scans will create a code that stays on the device.

The facial recognition scan will map out a user's face, convert it to 1s and 0s and transmit that over the internet to MasterCard.

And if you think this technology is something out of the Matrix or Mission Impossible, just wait. MasterCard is also experimenting with voice recognition, so people may be able to simply approve an online transaction by speaking to their phone.

Hackers and identity thieves are smart, but MasterCard seems to be trying hard to ensure the safety and security of its customers’ money. Up next – a pilot program designed to recognize an individual’s heartbeat. Stay tuned.

Although this company is not in the line up, EyeVerify may be a great solution for fraud prevention for several reasons. First off the accuracy is equal to or greater than the fingerprint sensor, it is less expensive than the fingerprint sensor and it is a software only bio-metric.

"EyeVerify Inc. is the creator of Eyeprint ID™ – transforming a picture of your eye into a key that protects your digital life. Eyeprint ID is a highly accurate biometric technology for smart devices that delivers a password-free mobile experience with convenient, secure, private authentication. This patented solution uses the existing cameras on mobile devices to image and pattern match the blood vessels in the whites of the eye."

Eyeprint ID is already being implemented in a handful of Smartphone OEM devices including ZTE, Vivo and ALCATEL ONETOUCH (TCL). It will be interesting to see how Eyeprint ID competes with Apple Pay"s Touch ID

If you have questions about the services Chosen Payments provides or you have a topic you would like to see covered in my blog, feel free to reach out!

Wednesday, July 1, 2015

“Cowries, Cash & Credit – The History and Future of Payment Processing” Series 4 of 4

The History (and Future) of Payment Processing – Part 4

In part 3 of our “Cowries, Cash & Credit – The History and Future of Payment Processing” series, we took a look at the advancements of payment processing with Apple Pay and Google Wallet. However, times and technology are ever-changing and there are more products coming to market that promise to be easier, more convenient and safer for both merchants and consumers. In the last and final part of our series, we will introduce CurrentC, Stratos and Coin and try to explain how all of it works with EMV.

CurrentC

Both Apple Pay and Google Wallet are promising services, but some retailers nationwide have begun deactivating their payment terminals and encourage the use of their competitive payment system – CurrentC. As a result, the collateral damage competition between mobile giants could prove frustrating for customers.

Conspicuously absent from Apple’s partner launch lineup a couple years ago were massive retail juggernauts like Walmart and Sears. That’s because these businesses collaborated on a mobile payments solution of their own, available in both platforms’ app stores, called CurrentC. CurrentC uses QR (Quick Response) codes on cashiers’ screen to initiate a transaction with the smartphone, circumventing the iPhone’s locked-down NFC chip. CurrentC requires a linked bank account, and asks for users’ Social Security and driver’s license numbers before adding a payment method. The system allows for the application of discounts or promotional pricing all within the app, and was designed to let retailers avoid margin-cutting credit card fees.

CurrentC is not available yet, and at this time requires an invitation to begin using, but could see an opportunity among smartphone users whose devices don’t include NFC capabilities—namely, older Android phones and iPhones before 6.

Some smartphone users have announced their intention to boycott affected stores, but the real impact of the Apple Pay–CurrentC melee is longer-term. Soon, the decision to shop at one retailer over another might come down to more than location, and might be determined by the smartphone in users’ pockets.

Another option – Stratos, Coin, Plastc

If you want to forgo the worries of the Apple Pay-CurrentCdebacle, you can look at universal credit cards. We have reviewed some in our previous blogs, but the Stratos card appears to be worth a longer look.

The founders of Stratos decided in 2012 to raise over$7 million from venture capitalists rather than pursuing crowdfunding cash. And for good reason. This let the company quietly build and develop the technology, brand and marketing. As of today the company and product is relatively unknown and thus doesn’t have the immense public pressure that often plagues crowdfunding gadgets — like one of Stratos’ closest competitor, Coin.

The Stratos card ships with a mag-strip reader that snaps into a smartphone’s 3.5mm port. Load the app and swipe your cards to add them to the system. The card’s key information is not transmitted to Stratos’ servers. The only data the company gets is the contact information associated with the card, which they use to fulfill a legal requirement to verify the owner.

Once they scan their cards, owners select three to be accessed directly on the Stratos. When it’s time to select one of their cards from the Stratos, users tap it and press one of the three buttons, which correspond to one of their cards. The Stratos Card can then be swiped like a normal credit card. There are two magnetic strips on the back of the Stratos, which is technology that the company developed to enable the card to work in every type of card reader.

Along with using bank-level encryption, the Stratos Card has proximity alerts built in. Owners can set the card to be disabled if it’s been separated for a set amount of time from the proximity of the owner’s phone.

Stratos is not alone in attempting to build a universal credit card. Below is a side-by-side-by-side comparison of Stratos to Coin and Plastc, a company that promises its card will support Visa, MasterCard and American Express accounts. Though mobile carriers and phone makers are rolling out usable and (some) successful mobile wallets, it doesn’t hurt to take a look at what is happening in the world of universal credit cards.

Card	Stratos	Coin	Plastc
Info displayed on card	None	Last 4 digits of the card, card network and expiration date	16-digit card number, expiration date, issuing bank, card network and your name
Card interaction	Single tap on any card surface and press one of three preset buttons on the card before swiping	Enter unique tapping sequence (must be enabled) and press button to cycle to desired card before swiping	Enter PIN, pick card category and then select card before swiping
# of accounts supported on the card	3	8	20
EMV	No (future upgrade)	No (future upgrade)	Yes
NFC	No (future upgrade)	No	Yes
Battery life	2 years (non-rechargeable)	2 years (non-rechargeable)	30 days (re-chargeable)
Pricing	$95 every year or $149 every 2 years	$100 per card	$155 per card
When is it available	April 2015	November 2014	Summer 2015

But, how safe are these types of cards?

These cards are extremely new and there are still a lot of kinks to be worked out. Aside from the limited battery life of these cards, you cannot control the Bluetooth capabilities. The company controls all of this, so you cannot turn it off and on yourself. The lock feature that Stratos and Coin both are offering seems like a nice feature to have if you accidentally leave your card behind at a register or restaurant, but it's not clear as to how effective this lock is, nor has either company explained how easy it is to unlock your card once it's retrieved.

Another concern with these cards is the payment method themselves. This October merchants are required to change their payment systems from magnetic stripe technology to the more secure EMV payment systems. When this transition is made, will the all-in-one payment cards stay behind the times by continuing to use magnetic strips? If they do update to chip-enabled cards, will the company have more glitches to sort out, and will users be required to pay an extra fee to upgrade? The answers for these questions are currently unknown, but these are questions that you should ask yourself and the card company before you sign onto one of these cards.

With so many new electronic and mobile payment options out there now, it's important to do your own thorough research before trusting any of these companies with your financial information. Even trusted companies have been hacked recently, exposing millions of people's personal information, so you can’t just assume your information will be safe with Stratos or Coin. And, in the event any of these companies are breached, it’s not just your name that will be exposed — it’s every item that you provide to these services. So, it could be the equivalent of handing your entire wallet over to a hacker or identity thief. Before you decide to sign up for one of these cards, that’s something you should decide if you want to risk.

If you have questions about the services Chosen Payments provides or you have a topic you would like to see covered in my blog, feel free to reach out!