Please Login

 

PCI SSC - Introduction to Payment Card Security

PCI SSC - Password Protection

Green Sheet video interview with Jason Oxman, CEO of the Electronic Transaction Association (ETA) from April 30, 2013

PCI SSC - E-Commerce

This is a short test video by Mark Dunn shot at NEAA 2011.

PCI SSC - Three Best Practices

 

Copyright 2013.
The Green Sheet Inc.

A boon for CPP hopefuls

T he Western States Acquirers Association has something new in store for those who attend its 10th annual conference Oct. 8 and 9, 2013, at the San Francisco Airport Hyatt Regency hotel in Burlingame, Calif. The organization just launched a scholarship program to benefit 10 individuals who want to sit for the Electronic Transactions Association's Certified Payments Professional (CPP) exam.

The program will fund the CPP application and examination fees, which amount to $350 for each recipient. The study guide will also be included; purchased separately, it would cost $49.95.

The ETA stated that the objectives of the CPP program are to "establish a uniform, defined standard of practice and knowledge for ISOs, sales personnel and other payments industry professionals; quantify the expertise and potential performance of payments industry professionals; enhance the productivity and reputation of payments companies and the credibility of the industry; thwart inappropriate practices that may sully the reputation of the industry; and provide an important service to the payments industry."

Who can apply?

Eligibility set by the ETA for exam candidates includes a requisite amount of industry experience and education, approval of a supervisor or a person in management at a payments industry company, as well as a signed attestation from the applicant.

Those seeking scholarships can nominate themselves or be nominated by others. In addition, WSAA established the following requirements for scholarship applicants. The individual must be:

• A first-time applicant and must complete the CPP exam within two years of scholarship approval
• Registered to attend the 10th Annual WSAA Conference
• A full-time ISO, merchant level salesperson or "independent contractor"
• Able to demonstrate a commitment to the payments industry via articles, blogs, webinars or participation at conferences.

According to the ETA's website, the next CPP testing window is Nov. 1 through 30; the ETA application deadline for that test period is Oct. 1. For more information about WSAA's upcoming conference and this scholarship program, please visit www.westernstatesacquirers.com ; for details on the CPP program, please visit www.electran.org .

FTC sues processor, addresses DCTC, mobile security
Friday, June 14, 2013

T he payments industry has been in the sights of the Federal Trade Commission on two fronts recently: for the processing of payments for alleged illegal activities and the potential restriction of innovation in the mobile payments realm.

On June 4, 2013, the FTC filed an amendment to a complaint filed Jan. 10, 2013, in the U.S. District Court for the Middle District of Florida Tampa Division against Clearwater, Fla.-based credit card debt relief firm Innovative Wealth Builders Inc. and its three owners.

The amended complaint contains eight counts against IWB, from misrepresenting services to performing unauthorized billing, in violation of Sections 13(b) and 19 of the FTC Act and provisions of the Telemarketing and Consumer Fraud and Abuse Prevention Act.

In the amended complaint, the FTC additionally named Westbury, New York-based payment processor Independent Resources Network Corp., which is also doing business as IRN Payment Systems. The FTC alleged that in providing credit card processing services to IWB from at least August 2009 to January 2013, IRN also violated the Telemarketing Act.

"Despite knowing, or consciously avoiding knowing, the illegal nature of the IWB Defendants' business, IRN processed millions of dollars of credit card transactions for IWB, thereby earning considerable fees for itself while allowing the IWB Defendants to harm thousands of consumers who purchased the IWB Defendants' bogus credit card interest rate reduction services," the FTC alleged in its complaint. It also accused IRN of ignoring IWB's "alarmingly high chargeback rates."

As the plaintiff, the FTC requested the court grant injunctive and other relief deemed appropriate to halt and redress violations of any provision of the law enforced by the FTC.

Entering the D.C. taxicab fray

On June 12, FTC staff submitted comments to the District of Columbia Taxicab Commission on proposed rules for district taxicabs. The comments expressed concerns that certain rules proposed by the DCTC to regulate mobile applications for scheduling and payment of rides "may unnecessarily impede competition."

The FTC advised against unwarranted regulatory restrictions on competition, except those necessary to address public safety and consumer protection. Regarding the DCTC's proposal to restrict how software applications can affiliate with taxicab operators, the FTC suggested the "DCTC allow for flexibility and experimentation and avoid unnecessarily limiting how consumers can obtain taxis." Appropriate security practices were also recommended by the FTC.

In addition, FTC Commissioner and Chairwoman Edith Ramirez presented opening remarks at the FTC Mobile Security Forum held on June 4. "The FTC's interest in mobile security is an outgrowth of our broad mandate to protect consumers, including from threats to the use and enjoyment of new technologies," Ramirez stated, adding that education, policy work and law enforcement are the FTC's best tools for advocating best practices. She said the FTC now offers online guidelines for app developers and has created a forensic mobile lab for FTC staff research and investigations. More information about the dispute over D.C. taxi payments will be published in "D.C. taxis at payments crossroads," The Green Sheet, June 24, 2013, issue 13:06:02.

PCI SSC releases PTS POI 4.0
Thursday, June 13, 2013

T he PCI Ssecurity Standards Council (PCI SSC) recently released version 4.0 of the PCI PIN Transaction Security (PTS) Point of Interaction (POI) requirements. The council stated, "These requirements, along with the Hardware Security Module (HSM) requirements, provide standards for device manufacturers to ensure merchants and others have secure devices for accepting and processing payment cards."

Key changes from the previous version include a restructured open protocols module, enhanced interface testing and logical security requirements, added source code reviews, and the introduction of a vendor provided security policy.

"The PTS POI requirements are critical to securing POI devices," Russo said in a press release about the updated requirements. "By continually enhancing the robustness of the program's testing criteria we can ensure that these products are being tested and validated against the highest level of security."

The full document is at www.pcisecuritystandards.org/security_standards/documents.php .

Enticing merchants with YouTube contest
Monday, June 10, 2013

M erchants nationwide have a chance to win big by putting their creative talents to work on YouTube. In the Harbortouch Business Upgrade contest, which runs from May 22 to Aug. 15, 2013, merchants are tasked with telling the world how they would use the prize offered to make positive changes in their businesses. The merchant who submits the winning video will receive $10,000, an Elite POS system and a one-year waiver on Harbortouch service and support fees.

"At Harbortouch, we serve small and midsize businesses all over the country," stated Jared Isaacman, Chief Executive Officer at Harbortouch. "We know how hard it is to succeed in this economy, and we hope that this contest will make a difference for one lucky merchant."

Isaacman encourages contestants to be creative with their videos – "the funnier, wittier and more entertaining, the better," he said. To qualify, merchants must be based in the United States and have a physical retail location. Videos also must be at least two minutes in length.

"The video should explain how they would use it to improve their business," said Nate Hirshberg, Marketing Manager at Harbortouch. "It doesn't have to be a current customer of ours, although our current customers are eligible, as well."

$1,000 bonus on table

Hirshberg noted that should a merchant signed by a Harbortouch merchant level salesperson (MLS) or ISO win the contest, the ISO or MLS will receive a boon, too. "If one of our current merchants or a new merchant ends up winning, the sales rep would also get a $1,000 bonus," he said, adding that this bonus is separate from the winning merchant's prize money.

Hirshberg said that response from the field has been positive and many ISOs are planning to use the contest as a sales tool when approaching merchants during the summer season. "We think of it as a good conversation starter for a sales rep or an ISO walking into a business," Hirshberg said.

Harbortouch management will judge all video entries shortly after the contest ends, at which point the name of the merchant winner will be released. If not currently enrolled, the winner must enroll in a Harbortouch merchant services account and will be responsible for all credit card processing fees during the free service-and-support period, the company stated. For more information about the Business Upgrade contest and to access the contest entry form, visit www.harbortouch.com/contest .

Pango mobile parking app catching on in Scranton
Friday, June 7, 2013

D rivers in Scranton, Pa., will no longer have to search for change to feed that city's parking meters. On May 28, 2013, Pango Mobile Parking rolled out a citywide service that allows drivers to pay for parking using their mobile devices or computers.

According to Dani Shavit, Chief Executive Officer of Pango Shyyny USA, which is the Pango licensee in Pennsylvania, Maryland and Washington, D.C., nearly 500 users had signed up for the service less than a week after the launch.

Use any mobile device

"How many times have you gone to park and found you didn't have change for the meter?" asked DeeDee Rudenstein, Vice President of The Cline Group, Pango's public relations company. "Now you can manage everything on your iPhone, BlackBerry or Android device via Pango's mobile app, or you can pay by phone or text message."

Users can download Pango's mobile app for free. The system accepts Visa Inc., MasterCard Worldwide, Discover Financial Services, or American Express Co. credit and debit cards. Once signed up, users find a parking space, access the Pango app and click to start payment. When ready to leave, another click stops payment. The charges are automatically processed by Wells Fargo Bank once a month, not at the time of use. Pango receives a small percentage of the parking fee for the service.

Easy sign-up and enforcement

Pango provided Scranton with signs to display on the blocks offering its service, along with parking-meter stickers that offer simple instructions on how to download and use the parking app.

"A large benefit to this system is that users only pay for exactly the time they're parked – charged by the minute," Shavit said. "It also saves time for the city; there is no need for money collectors and maintenance. It's a win-win-win situation for all three stakeholders: the city, the merchants and the drivers."

For parking spots on which time limits are imposed, Pango offers an alert that sends a message to a user's mobile device 15 minutes before the time has expired, saving headaches and expensive parking tickets, Pango noted.

Parking enforcers in Scranton were issued iPad Minis equipped with the Pango app, so they can enter a parked car's license number and immediately confirm that the driver has used Pango to pay. A text message is then sent to the user acknowledging that parking enforcement knows the individual has paid through Pango.

"At first, parking enforcers in Scranton saw the Pango program as extra work," Shavit said. "Now, a week after the launch, they are happy with the process. Some drivers are waiting until they hear from friends and family that our system delivers what it promises. But our best ambassadors are our parkers. So far none of the cities that have signed on have received any complaints."

Opportunities for merchants

Merchants may also participate in Pango's parking program by providing online coupons, advertisements or special offers that are automatically delivered to users based on their proximity to participating merchants. Users enter a zone number when parking that can trigger delivery of offers from merchants located nearby.

"We provide the platform, and the merchants provide us with images we deliver through the platform," Shavit said. "They can put out any type of promotion they want." This service is free for merchants while the concept is being tested; there will likely be a fee in the future.

The Pango Parking system was first launched in Europe and Israel, and is now available in five countries. According to Shavit, 65 percent of parking throughout Israel is paid for through Pango; in Tel Aviv, that figure is 90 percent.

In the United States, Scranton is just one of several cities now using Pango. The service is also up and running in special sections of Latrobe, Pa.; New York City and Auburn, N.Y.; and in Phoenix. Plans are afoot for making Pango Mobile Parking available in several other U.S. cities as well.

© 2012 The Green Sheet, Inc.