Visa, MasterCard Investigate Credit Card Breach

By Jessica Silver-Greenberg and Nelson D. Schwartz / New York Times News Service

Published: March 31. 2012 4:00AM PST

Visa and MasterCard are investigating whether a data security breach at one of the main   Visa, MasterCard Investigate Credit Card Breachcompanies that processes transactions improperly exposed private customer information, bank officials said Friday. The event highlighted a crucial vulnerability that could affect millions of cardholders.

The breach occurred at Global Payments, an Atlanta company that helps Visa and MasterCard process transactions for merchants. One bank executive estimated that about 1 million to 3 million accounts could be affected. That does not mean all those cards were used fraudulently, but that credit card information on the cardholders was exposed.

The bank official, who insisted on anonymity because the inquiry is at an early stage, said that Visa and MasterCard notified his company Thursday, but that banks had been frustrated with the pace of disclosure by Global Payments. He said that Global Payments, which is one of the biggest transactions processors, had provided little information on where the breaches took place, how accounts were hacked and other details that could indicate which customers might be vulnerable.

Banks said that when they could identify victims, they would notify them and replace credit cards, if necessary.

Bank officials said they were told by Visa and MasterCard that the breach occurred sometime from late January to late February, and included what is known as Track 1 and Track 2 data. That includes details like names, card numbers, validation codes and in some cases, customer addresses.

“Thieves are after high concentrations of credit card numbers, which makes payment processors the perfect target,” said Tim Matthews, a director at Symantec, a security firm.

The processors, including Global Payments, act as the plumbing from merchants to banks, authorizing millions of transactions each day.

With each swipe of a credit card, the card number and other important financial information travels from the merchant to the third-party processors and then to Visa or MasterCard. The data is then forwarded to the bank that issued the card.

The holy grail for hackers is the account information. The goal is to break the data’s encryption as it travels through the payment processor system, said Avivah Litan, a vice president and analyst with Gartner Research, a security firm.

This is the second breach at Global Payments in the past 12 months, according to two individuals briefed on the investigations who spoke on the condition of anonymity because they were not authorized to speak publicly. Another similar attack was disclosed by Heartland Payment Systems in 2009, a breach that began in 2007 and resulted in the exposure of data on 130 million credit cards. Heartland estimated that breach cost it $140 million in fines, settlements and legal fees.

The new possible breach was reported Friday morning by a blog called Krebs on Security. Trading in Global Payments shares was halted around noon but the share price had already dropped 9.1 percent to $47.50.

A spokeswoman for Global Payments declined to comment on whether hackers had struck before. In a statement Friday afternoon, the company said it had identified “unauthorized access into a portion of its processing system,” and had asked for help from external experts in computer security and also contacted federal law enforcement. The Secret Service, which investigates credit card fraud, confirmed that it was looking into the breach.

“It is reassuring that our security processes detected an intrusion,” said Paul Garcia, the chief executive of Global Payments. “It is crucial to understand that this incident does not involve our merchants or their relationships with their customers.”

Electronic payment industry officials also said the latest data thefts were not evidence of a larger problem. “These folks work night and day to secure their systems, but they are connected to millions of merchants around the country and nothing is absolutely foolproof,” said Thomas Goldsmith, a spokesman for the Electronic Transactions Association, a trade group.

MasterCard would not say how many cardholders might have been affected by the attack. The card companies also said they had alerted banks and law enforcement officials to the breach, and emphasized that their own systems had not been compromised.

“We have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk,” MasterCard said in a statement. A Visa representative said that “there has been no breach of Visa systems.”

ATF – Bureau of Alcohol, Tobacco, Firearms and Explosives

Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF)

Federal Firearms Licensee (FFL) gun dealers are regulated by the AFT and provide many  Bureau of Alcohol, Tobacco, Firearms services to the firearms industry.

This is from the ATF Website:

Firearms Industry

One of the primary missions of the Bureau of Alcohol, Tobacco, Firearms and Explosives is to provide direction and advice to the firearms industry regarding the Federal firearms regulations. Our goal is to help you in understanding the requirements of being a Federal Firearms Licensee (FFL) and provide you with the tools to enable you to comply with the regulations governing the sale and transfer of firearms.

“We remain committed to educating the licensee population and the general public as well as our law enforcement partners on the regulatory requirements associated with firearms and the conduct of licensed business operations; to continue to build bridges, to facilitate cooperation and understanding and to further reduce violent crime resulting from the illegal use of firearms. Working in partnership and in a spirit of collaboration to reduce firearms related crime and to protect our communities is a Team effort.”

How to Become a Federal Firearms Licensee (FFL)

Once you have decided to make an application for a federal firearms license (commonly referred to as an “FFL”) you would send the completed application to the ATF – Bureau of Alcohol, Tobacco, Firearms and Explosives post office box listed on the application form, ATF Form 7 – Application for License (FFL). The application must be accompanied by the proper application fee, which you can pay by check, credit card or money order {we do not accept cash). Once the application fee is processed, the FFLC will enter your application information into its database and commence a full review of your application and supporting materials, including fingerprint cards and photographs. The FFLC will review the fingerprint cards you submitted for clarity and, as required by law, will then conduct an electronic background check on all the “responsible persons” you have identified on your application. ATF defines a responsible person as a sole proprietor, partner, or anyone having the power to direct the management, policies, and practices of the business as it pertains to firearms. In a corporation this includes corporate officers, shareholders, board members, or any other employee with the legal authority described above.

 
Get a Free Quote For Credit Card Processing:

How FFL Gun Dealers Boost Sales

Accepting credit cards online (or offline, for that matter) is an absolute necessity. In fact, running a business without a FFL Dealer credit card processing account is completely unheard of! Look around and you’ll notice most people don’t even carry cash anymore,  ffl merchant accountonly plastic and leather. For most people, a credit card feels safer than sending somebody cash or a check in the mail, because of the inherent paper trail a credit card leaves, along with the ability to accurately budget your account via online banking, and it’s a lot faster and there’s no chance of your money getting “lost” in the mail. So start accepting credit cards already!

Allowing customers to pay with credit cards or debit cards is the biggest way to keep yourself in business no matter the climate of our economy.  Credit card processing FFL dealer merchant account services allow you to easily set up credit card processing on your site or store, and lets your business grow and attracts more customers because all credit FFL dealer merchant account service use 64- to 128-bit encryption (this helps prevent credit card fraud and gives the customer a true sense of security). Here are some important things to consider when choosing a credit card processor (also known as a credit card merchant or gateway):

·    Good credit card FFL dealer merchant account service or payment gateway allows customers to pay using any currency. They will also allow all major credit cards, debit cards or electronic checks. Shoppers want everything, and they want it now. Your checkout process should be as quick and easy as possible. Any good credit card processing service will offer these features even on their most basic and cheapest plan.

·    As mentioned earlier, gun dealer credit card processors will provide extremely high levels of security, and your customer’s information will be encrypted from both sides. Many people are still wary of entering their credit card number online, so it’s important that your service protects them, and also informs them of their high measures of security. You want customers to feel safe while shopping at your store!

·    Choosing a good credit merchant lets you focus on your business instead of chasing down missing payments or fraudulent credit cards. You will be able to easily view customer purchasing habits and improve their shopping experience. This will also give you more time to improve on customer service and support.

·    Always remember that most people who buy online are impulsive. This means, they see something they want and they’ll buy it without really thinking. You should take advantage of the fast checkout systems that credit cards provide. Your online shopping cart should let people make their purchase in 3 clicks or less. Don’t give them opportunity to change their minds! Bring them to the final checkout page as quickly as possible.

Allowing customers to pay using their preferred method of payment gives the impression that your business cares about customer satisfaction, and indeed will make them happy. Perhaps they’ll even return in the future and buy from you again, or maybe recommend your store to their friends. Studies show that businesses which do not accept credit cards are dying out, and become bankrupt or simply shut down. Therefore, accepting credit cards is not only highly recommended, it is a true necessity.

Firearms FFL Dealer Credit Card Processing:

 

Get a Free Gun Dealer Credit Card Processing Quote:

 

FFL Dealer Merchant Accounts – FFL Credit Card Processor – iPhone FFL Credit Card

Processing – Accepting Credit Cards with iPhone, iPad and Android. Firearms Dealer Wireless Credit Card Acceptance. Ammo Merchant Account and FFL Merchant Services for Firearms Sales in the USA.

Accepting Credit Cards at Gun Shows

Why Accept Credit Cards at Gun Shows ?

The decision for gun dealers to obtain FFL dealer services to accept credit cards is a wise one for any firearms retailer.

From a practical business point of view, any retail firearms business that does not accept credit cards is leaving money on the table. Research has shown that accepting credit  gun show credit card processingcards increases revenue and helps with cash flow since you receive the money within a couple of days instead of waiting up to a week for a check to clear.

Credit cards don’t bounce, as some checks have a tendency to do. Credit card users are also more likely to buy on impulse and spend more when they do. Bad news for them, but good news for you. If you accept credit cards at gun shows you can expect an increase in sales as much as 60% or more.

To accept credit cards at a gun show you typically need four things for your FFL Dealer Service to work. The requirements may vary a little, but the following applies in most cases.

You will need:
1. A way to enter the customer’s credit card information into a verification and processing system. This can be done with a swipe terminal, point of sale system, or by calling the credit card in by phone;
2. A credit card gateway company to verify the credit card’s validity and process the payments;
3. A FFL Dealer credit card merchant account in which the credit card processing company will deposit payments made to you; and
4. A business bank account into which the settled funds will ultimately be deposited for your use.

Here’s how the process works. (1) You make a sale and the customer pays by credit card. (2) Using a card swipe machine or telephone, you contact what is known as a “gateway company” who takes the card information you submit and verifies that the card is valid and the charge can be made against the card account. The gateway company returns an approval code for the purchase.

With a swipe machine or point of sale terminal the verification process happens in a matter of seconds. If you’re doing telephone verification it can take a couple of minutes. You call the gateway company, give them the credit card number and expiration date and  Firearms dealer iphone credit card swipe readerthey give you an approval code that you write on the credit card charge slip. Either way, the money is typically deposited in your FFL dealer within 24 to 48 hours (less fees, of course).

You’ll also need to apply for a gun dealer merchant account with each credit card company whose card you want to accept. To do business with American Express and Discover all you have to do is fill out an application, but to accept Visa and MasterCard you must have a FFL dealer merchant account. A firearms dealer merchant account is a special bank account set up for the expressed purpose of accepting credit card payments processed by the gateway company. FFL dealers are usually associated with banks, though you can also use credit card FFL dealer service companies to perform the same function if you can not get approved for a FFL dealer merchant account.

FFL dealer services: FFL Dealer Merchant Services are available for FFL Dealers who need FFL Dealer Services to accept credit cards online.

If you are a gun dealer and want to accept credit cards call us toll free 800-757-5453 and we’ll answer all your questions for you.

 
 

firearms payment processing

Best Ways to Choose a Credit Card Processing Company

Best Ways to Choose a Credit Card Processing Company

The most important decision you will likely make in regards to launching your online business will how to process and accept credit card payments from your customers.  There are basically two way to accept credit card payments from your customers.  The  How to Choose a Credit Card Processing Companyfirst and most common is to have your own merchant account and process the transactions directly.  The second option is know as third party processing.  The decision you make regarding this will directly how you do business on your website.

One of the best ways to choose a credit card processor is by simply listing your needs and then comparing the different available plans.  Will cost be the most important element and what other factors will be involved?  Try comparing both a true merchant account to third-party credit card processors side by side.

How is a true merchant account different from a third party credit card processor?

True Merchant Credit Card Processors

With a true merchant account, you are the merchant and you have the option of applying directly through a bank.  However, this is often done through a sales agent.  The account will be for your business only.  You, as the merchant will have total control over the account and be totally responsible for it in everyway.  You will have to provide a gateway for the account because this will not be included in the account.

Note: Some companies that offer credit card processor plans will extend a bundle that includes a gateway as an enticement.  You are free to choose any gateway you prefer since they are totally separate entities.

Your merchant account for credit card processing is a direct account with Visa, MasterCard, Discover Card and American Express.  If you resolve to accept payments from their members, you must abide strictly by their rules.

Third-Party Credit Card Processors

A third-party credit card processing company has its own merchant account and they allow individuals and businesses to accept credit card payments through them or rather they do the processing for you.  A third-party credit card processing company has all of the power since they make the rules, which you must adhere to since they are allowing you to process on their merchant account.

When should you consider using a third-party credit card processing company?

-If your business isn’t registered

-If you have been blacklisted

-If you or your mechanize is considered high risk

-If you have poor credit or no credit

-If you only process a small amount of transactions

If you are a non-programmer and can’t carry out a complex API.

 

Additional considerations concerning third-party credit card processing

1. They charge higher rates and have extra ‘service fees’

2. They don’t perform credit checks

3. They can’t be used with a separate gateway

4. The third party processor’s name appears on your customer’s credit card statements

5. It can take up to a month to receive deposited funds.

6. You can’t negotiate rates for third-party credit card processing.

 

Most reputable online merchants understand they will be accepting credit cards online and that they will need a merchant account and a payment gateway.  There are good reasons for assuming this:

-If there are large volumes of transactions to be processed, the discount rate will be far superior with a true merchant account than with a third-party credit processing company.

-The merchant will have 100% control over the account.  The merchant can deal directly with customers and it’s the merchant’s name that appears on the customer’s credit card statement.

-Transparent checkout feature – Allows the customer transaction to be processed directly on the Merchant’s Website, rather than being redirected to a third party site.

-Portrays a more professional image – A true merchant account is a more seamless process which is expected from customers.

 

When you apply for a standard merchant account, you will have to go through a full credit check and you may not use the account in anyway for your own personal use.  The rates are always negotiable but high-risk products may garner slightly higher rates.  You may use a separate gateway of your choice for credit card processing and only your business name will appear on the customer’s statement. Funds will be deposited within 1-3 days and you may be subject to a contract.

Most online businesses that are just starting out have small margins and tight budgets.  Cost will be the biggest factor in choosing a credit card processing company for most of them.  The needs of each business will vary, as will the offers they receive for credit card processing.  In making a comparison, it’s almost like comparing apples and oranges and can be very confusing.  One way to approach the comparison process is to collect the data on fees associated with both third party and a true merchant account first.

-Setup fee: how much you need to pay to establish the account

-Discount rate: the percentage of sales that the processor takes

-Transaction fee: the flat fee the processor charges for each transaction

-Monthly fee: the monthly fee associated with keeping the account active

-Setup fee: the cost to set up a gateway and/or merchant account

-Gateway monthly fee: the monthly fee charged by the gateway provider for use of their payment gateway services

 

Once you have the above questions answered you will be able to get an idea of the cost associated with a  particular processing company.  There is a multitude of third-party processors and true merchant providers for credit card processing that may be compared.  For example, Papal and Verisign are two well known companies, but are completely different.

In Conclusion

No matter which method you decide to use for credit card processing online you will need to remember the ways they are implemented are very different.  They each have their own particular advantages.  Every business is different, so you must consider all of the factors involved with accepting credit cards online, not just the costs.  Sometimes, paying a few additional costs in fees can enhance your customers experience and the overall appearance of your Website.  Take ample time to explore all of your options

 

merchant-account-service

 

 

Get a Quick Quote:

Payer Authentication (also known as 3-D Secure)

Fast Charge Payer Authentication

Payer Authentication (also known as 3-D Secure) is a solution created by the credit card associations to provide additional fraud protection by asking cardholders to authenticate themselves to their issuing bank at the time of purchase. A cardholder’s identity is confirmed using one of a variety of authentication methods, and merchants are provided with instant authentication results thereby greatly reducing the risk of unauthorized use.

Marketed as Verified by Visa and MasterCard SecureCode, these programs ensure authentication of credit card holders with their issuing bank, eliminating merchant liability for the most common fraud-related charge-backs, and providing confidence to consumers that their cards cannot be used for fraudulent purchases.

Fast Charge allows merchants to integrate their choice of payer authentication applications into their shopping cart or web based application, and then process payer authenticated transactions through their existing payment gateway account to gain additional protection against chargebacks.

Advantages:

  • Reduces Fraud – Merchants can verify that the person using the card is the cardholder.
  • Charge-back Protection – Authenticated transactions may not be charged back if the cardholder alleges they did not make or authorize the purchase.
  • Increases consumer confidence – Assures consumers that their transactions will be secure, leading to increased sales.
How does the payer authentication process work?

Consumers enroll their Visa or MasterCard credit cards in the Verified by Visa or MasterCard SecureCode programs at their issuing bank’s web site. During the enrollment, they choose a password to associate with their card. When they use that card at a merchant enabled for Verified by Visa and MasterCard SecureCode, they are prompted by their issuing bank to ‘sign” for the purchase with their password.

Where can I find more information on payer authentication?

Additional information is available at the credit card association web sites:

How do I get started using payer authentication?

Contact Fast Charge customer service for more information on how to activate payer authentication on your account.

Note: Payer Authentication services (Verified by Visa and MasterCard SecureCode) are currently available to merchants that process on FDMS-Nashville or TSYS(Vital) authorizing networks. Additional fees may apply.

Storing Credit Card Numbers Safely

Keep cardholder account numbers and personal information confidential. Cardholders expect you to safeguard any personal or financial information they may give you in the  course of a transaction. Keeping that trust is essential to fraud reduction and good  Storing credit cardscustomer service. Cardholder account numbers and other personal information should be released only to your acquirer or processor, or as specifically required by law.

NOTE: Even though it is authorized by the credit card associations to store credit card numbers it is illegal to do so in several states. 

Merchants and their credit card processing acquirers must ensure that Third Party Agents who are handling Visa account numbers are registered in accordance with the Payment Card Industry Data Security Standard (PCI DSS).

A merchant servicer (MS) is defined as a Third Party Agent that has a direct relationship with a merchant and is storing, processing or transmitting credit card account numbers on the merchants’ behalf.

This type of Third Party Agent performs services such as payment gateway, shopping cart, fraud scrubbing, loyalty programs, etc. Merchant acquirers are responsible for ensuring each MS maintains compliance with the Payment Card Industry (PCI) Data Security Standard (DSS), validates PCI DSS compliance with Visa, and is correctly registered. Merchants should work with their merchant account acquirers to ensure all Third Party Agent rules and requirements have been satisfied, ensuring the merchants compliance with Operating Regulations. Any Third Party Agent that is used by a merchant must be validated for PCI DSS compliance and listed on the validated service providers list.

All stored, processed or transmitted sensitive cardholder account or transaction
information must comply with the PCI DSS and the Visa International Operating
Regulations. To protect sensitive customer and transaction information from
compromise merchants that store, process, or transmit cardholder account or
transaction data must:

  • Keep all material containing account numbers—whether on paper or
  • electronically—in a secure area accessible to only selected personnel.
  • Merchants with paper receipts should be extremely careful during the storage
  • or transfer of this sensitive information. Merchants should at all times:
  • Promptly provide the drafts to their acquirer.
  • Destroy all copies of the drafts that are not delivered to the acquirer.
  • Render cardholder data unreadable, both in storage and prior to discarding.
  • Never retain full-track, magnetic-stripe, CVV2*, and chip data subsequent to transaction authorization. Storage of track data elements in excess of name, personal account number (PAN), and expiration date after transaction authorization is strictly prohibited.
  • Use payment applications that comply with the PCI Payment Application
  • Data Security Standard (PA-DSS). A list of validated payment applications is
  • available at www.pcissc.org.*

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees.  Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.

It is important to be familiar with your merchant account agreement, which should outline your exposure.

 

merchant-account-service

 

 

Get a Quick Quote: