PCI Compliance has become a much larger part of credit card processing these days and for good reason. Being compliant is now mandatory because of the increased risk a breach on your terminal/gateway/virtual terminal. Our PCI Compliance partner, JDS, recently wrote a great article about the dangers of non-compliance and what the hackers really want.
“On any given day, you’re likely to read about a data breach, whether it involves credit card data, personal data, or medical data. So far this year, several big-name companies, including Global Payments and Zappos, have made headlines when it was announced that credit card information had been breached. Just this week the FBI disputed a claim made by a group of hackers who claim to have stolen personal identification data on millions of Apple device owners from an FBI agent’s laptop.
All of this activity begs the question – just how much is the data worth? The answer depends on who stole it, and why. Some hackers do it simply because they can, it’s a cyber game. Others, known as “hacktivists,” target specific companies to prove that their security is inadequate. In both of these scenarios, financial gain is not the goal.
It’s the third type of hacker, the criminals who make their living by selling stolen credit card data, that present the greatest financial risk to merchants and cardholders.
According to Chester Wisniewski, a Senior Security Adviser at United Kingdom-based computer security firm Sophos, these criminals tend to make their money by selling data in bulk to other criminals, known as “carders” – defined as someone who buys, sells and trades stolen credit card data online.
Stolen credit card data commands different prices, depending on the amount and type of information the hacker has illegally obtained. “Each piece of information stolen in a breach has a different value,” says John Harrison, Group Product Manager for endpoint threat protection, security technology and response at Symantec, based in Mountain View, Calif.
A 2008 Symantec study found account numbers paired with expiration dates and card verification values were sold for anywhere from $.50 to $12.00, with packages ranging in size from five to 500 accounts. By comparison, card data without the expiration dates and card verification values were sold for approximately $.10 per piece. Pricing also varies depending on how soon a card will expire, and whether there is other personally identifiable information available for the card.
At these rates, it’s easy to see why hackers target companies the size of Global Payments and Zappos. Clearly, it’s a volume based “business”.
More often than not, the real money is made by the carders who purchase the stolen credit card data. The cards are used to purchase high-ticket items, which are then sold on online auction sites, generating virtually 100% profit to the carder. In the end, it’s impossible to say just how much that data is worth.”
Are you interested in improving your networking skills? Are you curious how to best use LinkedIn and other social media sites? Are you questioning how to best select which networking events to work/attend?
Networking is often the best way to get your name out there and meet potential clients. Darrah Brustein was recently selected as one of Atlanta’s best connectors, a title bestowed on her by her peers. She was interviewed on High Velocity Radio to give tips to their listeners on how to be an effective networker and great connector. You can listen to the radio interview here as she covers some of the topics above along with many other tips from Darrah and the other experts.
Darrah Brustein has once again found herself quoted in an article. This time it was with The Atlanta Journal Constitution for her optimistic outlook on the 2011 economy. Here are a few of Darrah’s quotes from the article:
‘The company is a broker, helping merchants find the least costly arrangement for letting customers pay with credit cards. Business is good, she said. “What I see more than anything is e-commerce is booming.”
She predicts a better year, but says that depends on attitude as much as circumstance.
“I know we will be doing better in 2011,” she said. “There are ways to keep your business succeeding. There are ways to counteract the economy. I think it’s important for business owners to just keep pushing on.”’
You can view the full article at http://www.ajc.com/business/economic-stakes-are-high-792497.html.
Darrah Brustein has just been quoted in another magazine, QSR, for her expertise in the merchant services industry. Here are a few of Darrah’s quotes from the article:
‘“If no one is explaining those things to you, there’s something fishy going on,” says Darrah Brustein, a partner with Equitable Payments.’
‘Brustein adds that operators also should avoid automatic renewal clauses and know when the contract expires so they can revisit their options at the end of the contract.’
‘Brustein says to always err on the side of caution.
“Ask as many questions as you can to make sure you’re not trapped in an agreement where you’re getting a raw deal,” she says.’
You can view the article at http://www.qsrmagazine.com/articles/operations/147/processing-1.phtml.
An Equitable Payments (formerly MJT Group) partner, Darrah Brustein, was recently featured in Inc. Magazine for her ability to find a sales lead in a very obscure way. Here is a piece of the recent article:
‘Darrah Brustein, a partner at MJT Group in San Diego, was attending an out of town wedding and having lunch with a group of friends at a large restaurant. “As we were trying to pay the bill in this 300-seat restaurant, all of their computers went down and they couldn’t accept any payments,” says Brustein. “I work in credit card processing, so I got up, talked to one of the people who worked there who was in a panic, and gave him some advice on calling in the orders to their processor.” After dealing with the problem, the employee slipped Brustein his card and asked her to call him the following week. “He’s now one of my best clients,” she says.
The lesson: Your competition’s misfortune may be your biggest opportunity.’
You can view the full article at http://www.inc.com/article/2010/10/weirdest-place-to-find-sales-leads.html.
Over the past year, a lot of merchants have been hearing more and more about PCI compliance but they are unsure as to what it is. The term PCI DSS stands for Payment Card Industry Data Security Standard. It is a set of requirements that every merchant accepting credit/debit cards needs to be in compliance with to help protect the data being transmitted during a transaction. Every merchant must comply with these standards whether they accept payment through a terminal at a store, through an ecommerce setup or anything in between.
All merchants are now given a PCI questionnaire when signing up for a merchant account. They must complete this questionnaire and return it to their processor within the specified time period (often 90 days) to make sure that their account is deemed to be compliant. If a merchant does not return the compliance paperwork or does not pass the compliance test, they could be subject to charges ranging from $5,000 to $100,000 per month because of the security risk that they are causing.
To find out more about PCI compliance, you can visit the following website. They have a pretty in depth faq that should be able to answer most questions.
Visa and Mastercard have an “Interchange Board” that meets at least once a year to set new rates for different types of credit and debit transactions. In April, they set new rates for many of their transaction types. You have received a couple of statements since those changes which makes now the perfect time to study your rates. These rate changes are applied to all processors so many processors have increased rates for their merchants to make up for any transaction types that had rates increased.
How can you tell if your rates have increased?
Many processors will have a “fine print” section on the front page of each statement that serves as a notice for any rate changes that they will be applying to your merchant account. Any rates changes will often be listed in this “fine print” section on March’s statement so that you know the increase is coming for April. Most merchants don’t read that section because the information usually seems irrelevant to them and that is why most merchants don’t even realize that their rates have been increased. You most likely had your rates increased if you are in a tiered pricing structure. If you are in an interchange pricing structure, you will see all of the rates changes. That means you will actually get certain rates lowered because some categories were decreased in April.
As always, if all of this sounds a little too complicated for you, feel free to give us a call and have us do a free analysis of your statement to let you know if your rates have been increased.
The following guide will help you understand when it is appropriate to complete certain types of transactions.
Debit vs. Credit – Debit cards always have a lower fee in terms of the percentage paid on the total volume of the transaction. Credit cards always have a lower per transaction fee which makes them the better choice for very small transaction volumes. The easy way to know which is better to accept is to figure out your break even point. On average, a good rule of thumb for a break even would be $10 as you see below:
Credit < $10 < Debit
Swipe vs Key Enter – Swiping a card instead of key entering it is always the better choice. Swiping the card will decrease transaction time, create a less risky transaction, and lower the costs associated with the transaction.
Offline Debit vs PIN Debit – The term offline debit refers to accepting a debit card without having the customer enter their PIN. PIN debit refers to the occasions in which the customer enters their 4 digit PIN code to complete the transaction. Offline debit will traditionally have a slightly lower per transaction fee while PIN debit has a lower percentage paid on the total volume. The break even point for PIN vs offline debit is not always the same but the easiest way to know which is better to accept is to remember a break even point of $15 as you see below:
Offline debit < $15 < PIN debit