Consumer Guide to EMV

Breaking Down EMV for Consumers

The United States may be one the last developed countries to migrate to an EMV-based payments infrastructure, with a card network-imposed liability shift going into effect on October 1.  However, a recent MasterCard survey says that 57 percent of American consumers are excited for the change and are anxiously awaiting their EMV chip cards to come in the mail.  The recent data breaches in the news have undoubtedly contributed to the anxiety. 

The payment processing industry is excited too.  Not just about launching a new product, but about the safety and security that comes with it.  But while the payment processing industry is making major strides in protecting consumers and merchants, cyber-criminals have become more sophisticated, frequently accessing sensitive payment information. So, what can consumers and merchants to combat these cyber-criminals?  First, you have to understand EMV and the benefits of this technology.

Below is a compilation of frequently asked questions, so that our customer’s customers understand EMV and the impending change.

What is a chip card?

A chip card is a plastic credit or debit card with a metallic, embedded microchip that can be used on chip-enabled POS (point-of-sale) terminals. In addition to a small computer chip, a magnetic stripe can also be found inside the card.

What is EMV?

EMV is short for Europay, MasterCard and Visa- the credit card companies that developed smart card technology. This payment system is the international standard for secure inter-operation of chip cards. Regulations help authenticate credit and debit card transactions made on POS terminals and ATMs.

How does using an EMV chip card keep me safe?

EMV chip cards keep consumers safe by generating a unique transaction code every time a payment is made. If a hacker steals your financial data through an unsecure POS terminal, he or she will not be able to use the card without producing a one-time code. Because of this, EMV technology is not designed to proactively ward off security attacks. Instead, the release of upgraded chip cards makes it incredibly difficult for criminals to steal personal payments information. In countries where EMV compliance is widespread, fraudulent credit card activities have dropped considerably.

Where can I use my chip card?

Chip cards are becoming the standard for merchants and businesses in the US. Establishments with a chip-enabled POS terminal can accept EMV credit or debit cards. It is important to take note that chip cards will still work on magnetic stripe POS terminals. For stores that do not accept chip and PIN payments, you will need to confirm your purchase through the traditional signature process.

How do I use an EMV card for in-store purchases?

Chip cards are easy to use compared to current card-swiping protocols. During a transaction, individuals are required to insert the smart card directly into the terminal. This process is also known as ‘card dipping‘. The action is much easier to master than a smooth swipe, and less effort is needed. Card dipping increases the chances of a successful reading due to direct contact between the chip and the POS terminal.

What will happen after the October 1, 2015 deadline passes?

All merchants in the U.S. must comply with the latest EMV standards by October 1, 2015. However, this doesn’t mean that most businesses will be equipped with chip card readers. Investing in a new POS system is costly and many merchants are holding out until the last possible second to make the switch.

It’s going to be extremely hectic and busy from now until the October deadline.  We, at Chosen Payments would recommend you replace your old cards with the new chip cards as soon as possible to ensure a smooth transition.

If you would like more information on EMV or if you have a topic you would like to see addressed in a future blog, contact us!

Zach Allen Regional Vice President at Chosen Payments
Credit Card Processing | ACH | Gift/ Loyalty Cards | Mobile & Ecommerce Payments | ATM
Toll Free: 1.855.424.6736 x. 116
zach.allen@chosenpayments.com  |  www.ChosenPayments.com 
www.facebook.com/ChosenPayments  |  Twitter: @ChosenPayments 
http://chosenpaymentskc.blogspot.com/

What to do when you’re a victim of a data breach

At Chosen Payments, we care about the businesses we serve, but we also care about their clients and customers as well.  With data breaches, computer hacking and credit card fraud prevalent in the news. We wanted to make sure our customers’ customers are as protected as can be.  If an online company with which you have an account has been hacked or you have received a notice informing you that your personal information, or your credit-card number, was stolen in a data breach – would you know what to do?

If you’re personal information has been compromised, you're definitely not alone. In the past few years, dozens of companies, including Target, Home Depot, Neiman Marcus, Michael's Stores, LinkedIn and the giant health insurer Anthem have suffered data breaches that compromised tens of millions of accounts and payment-card numbers.

If you're among the millions of consumers whose sensitive information may have been exposed in a data breach, here's what to do to minimize your chances of becoming the victim of identity theft or credit-card fraud.

1. Determine what was stolen.

You'll need to pin down exactly what kind of information was lost in the data breach. Sensitive information falls into three general categories:

Least sensitive: Names and street addresses. Such information was pretty harmless when it was printed in the phone book. Today, a name typed into a search engine can yield data useful to online marketers and nosy neighbors, but probably not enough to cause serious trouble.

More sensitive: Email addresses, dates of birth and payment-card account numbers. (Payment cards include debit cards, credit cards and charge cards like an American Express card.)

A stolen email address may result in increased spam; a stolen credit card will often result in fraudulent charges, but the card holder is generally protected from liability (see below). A date of birth by itself is useless, but when combined with a name, it's more valuable than an address, because it never changes and is often used to verify identity.

Most sensitive: Social Security numbers or (in Canada) Social Insurance Numbers, online-account passwords, financial-account numbers and payment-card security codes (the three- or four-digit number printed on the front or back of payment cards).

An online-account password, combined with an email address, can be used to hijack online accounts. A card security code lets a thief use a stolen card number for online and telephone shopping. A bank account number lets snoops track your financial history and even move money into (but probably not out of) an account.

The company that suffered the breach may tell you that even though email passwords or credit-card numbers were stolen, those items were encrypted and hence "safe." Don't take their word for it — hackers and cybercriminals can "crack" many forms of encryption. If your password was less than 10 characters long or used words that can be found in the dictionary, consider it stolen.

Possibly the worst piece of personal information to have stolen is your Social Security or Social Insurance number. With that and your name, almost anyone can pose as you. Unfortunately, it's very difficult to replace an old Social Security or Social Insurance number with a new one. For more on what to do, read our primer on what to do if your Social Security number is stolen.

2. Change all affected passwords.

If an online account has been compromised, change the password on that account right away. If you used the same password for any other accounts, change those as well, and make up a new, strong password for each and every account.

Don't reuse the password for a second account. That way, you'll be limiting the damage next time there's a data breach, and you won't have to go through this process again.

If creating and remembering all those new passwords is difficult, use a password manager to handle it all for you. With a password manager, you'll need to remember only one password; the software will take care of the rest. The downside is that if the "master password" is compromised, all your accounts will be as well.

3. Contact relevant financial institutions.

If a payment-card number has been stolen, contact the bank or organization that issued the card — immediately. (Most credit cards have toll-free customer-service numbers printed on the back.) Make sure you speak to a live human representative. Explain that your account is at risk of fraud, and ask the card issuer to alert you if it detects suspicious activity on your account. The bank will almost certainly cancel the card and issue you a new one straight away.

Professional credit-card thieves often try to "bust out" stolen card numbers with many purchases in a matter of hours, often on weekends when banks are not fully staffed, before the banks can cut off the card. Nevertheless, federal rules limit the customer's liability for fraud. If you alert the banks or card issuers before any fraudulent transactions take place, you're covered.

Debit cards have much less protection if fraudulent charges are rung up before the bank is notified. To get the $50 limited liability, the customer has only two business days after learning of the fraud to tell the bank. After that, you may be liable for up to $500; if more than 60 days go by and you still haven't told the bank, you could be on the hook for the whole thing.

4. Contact the credit-reporting bureaus.

Contact the major consumer credit-reporting bureaus and ask each to place a fraud alert on your name. This way, if anyone tries to steal your financial identity — for example, by trying to open a credit-card account in your name — you'll know. (You'll also learn when anyone tries to look up your credit.)

Fraud alerts, also known as credit alerts, are free and can be renewed every 90 days. Once an alert is requested, the customer will get a free credit report.

You can also take a more drastic step of requesting a credit freeze, also known as a security freeze.

A credit freeze won't allow anyone to run a credit report on you, or open an account in your name, without your explicit authorization, so it's pretty solid protection. But it may cause unforeseen complications when you apply for new credit cards or a mortgage, or even switch cellular carriers or cable-TV companies.

5. Sign up for a credit- or identity-monitoring service.

Many services, both free and paid, will help monitor your financial accounts and sensitive personal information.  Contact Chosen Payments and we’ll be happy to refer a service to you.  Personally, I use Safe Id Trust and have found that both Tim and Mike to be very helpful and knowledgeable. It is important to know that starting a program like this is a lot more effective when used proactively.

Many large companies that suffer data breaches provide affected customers with one or two years of free identity protection. You should take advantage of the offer, but read the fine print for what kind of protection you'll get. A service that doesn't monitor financial accounts won't be of much help if your credit-card number, but not your personal information, was stolen.

What if your identity DOES get stolen?

All of the above steps are meant to make sure your identity doesn't get stolen.

If identity fraud does occur — if someone else indeed pretends to be you for any purpose — you'll need to file a report with your local police precinct as soon as possible. That may seem useless, but it's extremely important, as it will establish a legal basis with which you can dispute any future fraud.

Next, you'll need to file a formal report of identity theft with the federal government. You can do this online with the Federal Trade Commission. Like the police report, the government report will be essential in disputing and resolving future fraud.

You may also want to institute a credit freeze with the credit bureaus, as described above. You know the fraud is happening and need to stop it — the inconveniences resulting from a credit freeze may be worth the peace of mind.

In the worst cases, clearing your name can take years. Make sure you document each phone call made, and each email message and letter sent, during your efforts.

If you would like more information on the above information or if you have a topic you would like to see addressed in a future blog, contact us!

Zach Allen Regional Vice President at Chosen Payments
Credit Card Processing | ACH | Gift/ Loyalty Cards | Mobile & Ecommerce Payments | ATM
Toll Free: 1.855.424.6736 x. 116
zach.allen@chosenpayments.com  |  www.ChosenPayments.com 
www.facebook.com/ChosenPayments  |  Twitter: @ChosenPayments 
http://chosenpaymentskc.blogspot.com/

ACH – Not Just Another Acronym, But the Heart of Your Business

ACH – Not Just Another Acronym, But the Heart of Your Business

In the alphabet soup that floats the credit card processing industry, the initials ACH stand for
Automated Clearing House, a vast electronic network that connects banks, credit unions and all other
financial institutions. Initially introduced in the 1970s as an alternative to traditional check payments, today it is the secure system used by all issuing banks, merchant account providers, and third-party processors to process, clear and settle electronic fund transfers (EFT), including transferring funds from credit card transactions to a merchant’s direct deposit account.

The ACH network is governed by rules and regulations established by NACHA (previously known as the National Automated Clearing House Association) and the Federal Reserve. Both the government and the commercial sectors use ACH payments. Direct deposit payroll and vendor payments, consumer payments of insurance premiums, mortgage loans, check conversions, B2B payments and some local, state and federal tax transactions are all processed through ACH. Some businesses offer ACH online as a payment alternative to credit and debit cards.

ACH processes large volumes of credit and debit transactions in batches throughout the day in a store-and-forward system. This means transactions are accumulated throughout the day and remain in a sort of holding pattern until sorted by destination, cleared and transmitted in groups at specified times.

Entities that transmit or receive ACH entries do so through ACH operators — the American Clearing House Association, the Federal Reserve, the Electronic Payments Network, and Visa. As the sole public sector institution serving as a central clearing facility, the Federal Reserve handles the majority of ACH transactions, primarily retail transactions in low dollar amounts.

Think of ACH as an information super highway used by every financial institution in the country. Anything that slows down the system will impact on all users. Since all payment card transactions are settled using ACH, beware of a merchant account provider who claims that they can deposit funds into your bank account faster than another provider.

If you have merchant account-related questions, I’ll be happy to help.  At Chosen Payments, we have trained experts on hand to help! Take the time to educate yourself about merchant accounts and credit card processing.  The more you understand the many benefits, the better for your business!

To see a full list of our services, visit:  www.chosenpayments.com.  If you have questions about the services we provide or you have a topic you would like to see covered in my blog, feel free to reach out!

Zach Allen Regional Vice President at Chosen Payments
Credit Card Processing | ACH | Gift/ Loyalty Cards | Mobile & Ecommerce Payments | ATM
Toll Free: 1.855.424.6736 x. 116
zach.allen@chosenpayments.com  |  www.ChosenPayments.com 
www.facebook.com/ChosenPayments  |  Twitter: @ChosenPayments 
http://chosenpaymentskc.blogspot.com/