The Discover Financial Services Small Business Watch, a monthly index measuring the relative economic confidence of the approximately 22 million business owners who employ fewer than five people, said confidence among these merchants rose to 72.8 in December 2008, up 5.3 points from November. According to the index, merchants believe their business prospects are improving; this is an indication that more money will be spent on business development over the next six months.
"While we saw small improvements in economic confidence almost across the board this month, the mood still remains cautious," said Ryan Scully, Director of Discover's Business Credit Card division. "Most small business owners still believe that it will be at least 2010 before the economy recovers."
On Dec. 30, 2008, Amazon.com informed its customers it was cutting off Bill Me Later as a payment option as of Dec. 31. The move was a result of eBay Inc.'s purchase of BML in October for $945 million.
Amazon's statement offered no explanations; it simply said, "Bill Me Later will no longer be accepted as a payment method on Amazon. However, all sales and orders processed with Bill Me Later prior to the sunset date will continue to be processed." More than 1,000 online stores, catalogs and travel sites currently offer BML as a payment method.
Amazon purchased 10 percent of BML in 2007 and launched it as a payment option on its site in July. When eBay announced it was acquiring BML in October, the company said that, while it could not speak for Amazon, it expected to continue to have a long relationship with Amazon.
"We think Bill Me Later provided a valuable service to shoppers on Amazon.com, and we would welcome the chance to work with Amazon.com in the future," said a BML spokesman.
"And based on the change of control, Amazon exercised their right in deciding to discontinue offering us as a payments option." In addition to its acquisition of BML, eBay said in October 2008 that it also expects to add the PayPal merchant services platform in 2009.
Idaho Attorney General Lawrence Wasden said Los Angeles-based Electronic Clearing House Inc., an e-commerce payment processor, agreed to discontinue transactions for illegal online sales of cigarettes and other tobacco products in Idaho, California and New York. The three states began investigating the company after Wadsen filed a lawsuit against Scott Maybee, a high-volume, online cigarette seller.
Maybee was ordered to pay the state of Idaho approximately $160,000 for illegal Internet sales of millions of units. State investigators said Maybee processed thousands of transactions on ECH's payment platform beginning in 2006. "Online tobacco retailers are a major source for young people to buy cigarettes illegally," Wadsen said. "Stopping these transactions to minors is a huge step, and we hope other companies and banks involved in this business follow their lead."
Following his arrest in New York in May 2008, fraudster Aleksander Aleksiev admitted using hacked ATM codes to steal Citibank N.A. accounts. In Decem-ber, he pled guilty to one count of device access fraud, a federal offense. Aleksiev was apprehended while trying to withdraw money from machines under video surveillance.
In late 2007, cyber-thieves hacked into a server that handles transactions for Citibank-branded ATMs at 7-Eleven Inc. stores in New York; they stole account information and associated PIN numbers.
This information was then sold on the digital underground. Counterfeit cards were manufactured and used to deplete compromised accounts. The criminals made an estimated $2 million from the scam.
Citibank began monitoring the accounts in January 2008. Bogus withdrawals accounted for $180,000 siphoned from compromised accounts in the three days prior to Aleksiev's arrest. He was caught with 12 counterfeit cards and $12,000 in cash and was the fifth person in the United States to plead guilty to charges linked to ATM hacking since 2007.
Federal bank, credit union and thrift regulatory agencies published a revised identity theft brochure to assist consumers in preventing and resolving theft of personal information. The updated brochure, You Have the Power to Stop Identity Theft, focuses primarily on Internet phishing by describing how it works, offering ways to protect against identity theft and detailing steps for victims to follow. The brochure is available to download from www.occ.treas.gov/ftp/release/2008-151a.pdf.
For ISOs and merchant level salespeople (MLSs), it is important to remember the sunset date for the Fair and Accurate Credit Transaction Act (FACTA) of 2003 Red Flag Identity Theft Rules is May 1, 2009. The Federal Trade Commission requires that creditors and financial institutions develop and implement appropriate identity theft prevention programs before that date.
ACE Cash Express Inc. recently donated $943,874 to the March of Dimes Foundation. ACE's 2008 Give a Little campaign surpassed its 2007 total by more than $400,000. Through its corporate giving program, ACE has donated more than $2 million to the foundation.
CO-OP Financial Services reported it will save its credit union members $2.5 million annually as a result of its investment in the CO-OP Connect ATM telecommunications infrastructure. CO-OP Connect was made available through CO-OP business partner Transaction Network Services in mid-2008.
Online payment service provider Ctopay indicated it is now compliant with the PCI Data Security Standard (DSS). Trustwave performed the PCI DSS compliance validation.
Web portal BankNews awarded Dynamic Card Solutions LLC's CardWizard FCP 20/20 flat card printer an honorable mention in its 2008 Innovation Solutions Awards. The awards are presented to companies that have helped community banks improve their ability to serve their customers.
EProcessing Network LLC reported that its ePNJPOS, ePNPlugIn and ePNMobile applications are now certified as compliant with the Payment Application DSS (formerly Visa's Payment Application Best Practices).
First Data Corp. Class A certified Hypercom Corp.'s Optimum T4210 and T4220 PCI PED-approved card payment terminals. The company also Class A certified Ingenico Inc.'s i-Series terminals.
Fundtech Ltd. won the Financial-i Leaders in Innovation Award for electronic payments. The annual award is given to banks and vendors that are shaping the delivery of business solutions in wholesale transaction banking.
Hypercom Corp. rolled out its medCompact health care terminal as part of the migration to the new e-health card program in Germany. MedCompact is the first health care terminal to receive e-Health Basic Command Set approval from Gematik, the German company operating the country's national electronic health card program. Also, Hypercom's Optimum T4200 and M4200 countertop and mobile payment terminals received Association of Payments and Clearing Services Common Criteria accreditation in the United Kingdom.
Merchant Service Inc. was awarded the 2008 Best of New England Award by the U.S. Local Business Association. The award was given in the credit card or credit plan equipment and supplies category.
Doin' it right
It took three years and countless hours, but Merchant Warehouse attained PCI DSS certification. The Boston-based ISO is now a PCI DSS-certified Level 1 service provider and can boast the highest level of system security in the payments industry.
"I've got to say it was probably more difficult than we thought it was going to be," said Henry Helgeson, President and co-CEO of Merchant Warehouse.With 150 employees to be trained and about 250 machines in total (desktop computers, laptop computers, servers and so forth) that needed to be secured, it was a complex process.
When Merchant Warehouse started down the compliance road in 2005, the company didn't have a clear focus on how to become PCI compliant, Helgeson said. "Pages and pages" of procedures were written down to establish protocols, he added. The company hired a compliance officer to work full time on the task.
Helgeson said the biggest changes the company made were procedural. The main thing was employees had to be retrained on how to handle sensitive cardholder data.
For example, customer service representatives had been typing credit card numbers into the notes feature of the company's customer relationship management (CRM) software, which "sounds pretty benign," Helgeson said. "But when you realize that [the CRM] is not set up to hold card numbers and isn't encrypted in the way we encrypt card numbers, that became an issue when we started looking at what was on our network," he added.
Now, no account numbers are stored on workers' computers; to ensure that that remains so, frequent embedded scans are performed on computers. For example, Microsoft Word and Excel files are scoured to make sure no card data has been saved on individual computers.
The other major issue that faced Merchant Warehouse was "locking down" the company's network, Helgeson noted. In addition to its ISO business, Merchant Warehouse operates an online gateway and shopping cart, which complicates its security requirements.
Merchant Warehouse's Internet technology staff of 10 had the expensive and laborious job of securing those systems. "They were bogged down with things like segregation of data," and the IT team had to "unwind some of the programming and some of the systems that we originally built and split them into multiple systems," Helgeson said.
Merchant Warehouse contracted with security compliance management firm Trustwave to perform the certification audits. Two major audits were executed. And according to Helgeson, both audits consisted of hundreds of smaller audits, such as individual computer scans, so Merchant Warehouse ultimately went through "the high hundreds to low thousands" of audits.
Helgeson estimates that with about 50,000 merchants in its portfolio, Merchant Warehouse's gateway handles thousands of transactions a day, and a thousand more through the company's online shopping cart monthly. That amount of card data in transit makes Merchant Warehouse a prime target for fraudsters.
Therefore, Helgeson believes Merchant Warehouse went beyond the PCI DSS requirements. "We've got it as locked down as we can possibly make it," he said. "If we're going to go through the process, we said let's make sure rather than just doing it to the letter of the law, and that was it. We went as far as we could go with it."
Helgeson said Merchant Warehouse even encrypted playback call recordings (used for coaching and training its customer service reps) so hackers could not eavesdrop on call data. "When you look at the consequences of what happens to an ISO in the case of a breach, for us it just made all the sense in the world to throw as much as we could at this to make sure we can never be compromised," Helgeson said.
Merchant Warehouse reported that it has completed a full security audit and has obtained Level 1 Service Provider certification under the PCI DSS. To learn how this was achieved, see "Doin' it right," above.
MicroBilt Corp. is launching a new ISO and MLS partner program. Services include employee background screening, personal and business credit review, and a solution for complying with the FACTA Red Flag Identity Theft Rules. MicroBilt will help agents tailor solutions to retailers' needs and is offering a $1,000 bonus for ISOs and MLSs closing 10 qualified accounts within their first 60 days.
MoneyGram International expanded to 40,000 ExpressPayment agent locations in the United States with the rollout of its payment services at CVS/pharmacy and 7-Eleven Inc. stores.
In the past two years, MoneyGram has nearly doubled the number of its ExpressPayment locations, which include retailers such as Wal-Mart Stores Inc., Advance America and Albertsons.
Netgiro International expanded its payment offerings into Latin America. The company now supports online processing of domestic credit cards in Mexico and Brazil.
Semtek Corp. was a winner in the 21st Annual Most Innovative New Product Awards by UCSD Connect, an organization fostering entrepreneurship in the San Diego region by supporting the growth of promising technology and life sciences businesses. Semtek won for its Cipher Module, a magnetic stripe reader component designed to replace conventional mag stripe readers.
Shift4 received PA-DSS validation for its 4Go SafeSwipe technology. With 4Go, Shift4's Web-based payment gateway, Dollars On The Net, makes third-party POS and property management systems PA-DSS compliant, the company reported.
The Smart Card Alliance Contactless and the Mobile Payments Council introduced new tools for merchants accepting or considering accepting contactless and mobile payments.
Merchants can access a model to calculate return on in-vestment for accepting contactless payments online at www.smartcardalliance.org/pages/publications-contactless-payments-merchant-roi-model.
Merchants can also access a discussion forum at http://merchantforum.smartcardalliance.org.
The Society of Payment Security Professionals hosted its first Certified Payment Card Industry Security Auditor (CPISA) training and certification event. CPISA certification is the companion to SPSP's Certified Payment Card Industry Security Manager certification. The purpose of CPISA certification is to provide formal recognition for proficiency concerning PCI DSS issues.
TransFirst Holdings Inc. was ranked No. 31 in the 2008 FinTech 100, an annual ranking published by American Banker and Financial Insights.
The ranking features the top 100 global technology and service providers to the financial services industry. TransFirst has appeared on the list for the past five years; last year it was No. 44.
United Payment Services was selected for the 2008 Best of Westlake Village Award in the Credit Card Terminal Systems category by the U.S. Local Business Association. The award recognizes outstanding local businesses and focuses on quality, not quantity.
WRG Services Inc. was named to The Weatherhead School of Management at Case Western Reserve University's Weatherhead 100. It lists the fastest-growing businesses in Northeast Ohio. WRG was also honored with an award from The Lake-Geauga Fast Track 50; companies are ranked by sales and employment growth over the previous five-year period.
BancTec Inc. entered into a retail remittance processing agreement with Discover Financial Services. As part of the agreement, three BancTec operating centers in the United States, will handle Discover's accounts receivable processing.
Indonesia's Bank Central Asia signed with Wincor Nixdorf AG to expand its multichannel, self-service network. BCA expects to deploy 283 ProCash1500xe ATMs and 200 ProInfo 1000 kiosk systems. Wincor Nixdorf will also assume responsibility for maintenance of both the kiosks and ATMs.
Comodo, a provider of identity and trust assurance Internet services, entered a strategic partnership with U.K. payment provider PayPoint.net. The alliance will bring PayPoint customers special discounting across a range of Comodo Secure Sockets Layer (SSL) certificates, including Extended Validation SSL certificates.
Reciprocally, PayPoint.net will extend special offers across its online payment services to Comodo customers. This partnership is designed to level the playing field by offering enterprise-level security and sophistication to start-ups and established brands alike.
Eastern Bank is now connected to the SVPCO Image Payments Network. Eastern Bank is plugged in through the SVPCO Gateway DTA, which enables institutions to send and receive bulk files of images through the network on a peer-to-peer basis. Eastern Bank is one of 44 institutions in the network.
Frost Bank selected the Panini Vision X check scanner for branch image capture. The Vision X reportedly allows Frost Bank to increase operational efficiency by automating check processing in its branches by capturing check images at the teller.
Harris N.A. has renewed its NYCE Payments Network LLC participation and named NYCE its primary provider of PIN debit and ATM card access.
Ingenico named TASQ Technology its preferred distributor. TASQ has exclusive rights to sell Ingenico's AQUA transaction terminal in North America.
Nexxo Financial Corp. extended its partnership with TIO Networks Corp., offering its patent-pending technology to TIO's network of bill pay kiosks in Circle K Stores Inc. and other retailers.
Payment Processing Inc. partnered with POS software developer and Web site hosting service SunFlower Technologies Inc. The PPI PayMover payment platform will be integrated with SunFlower's QuickFlora POS shop management system.
Radiant Systems Inc. completed a rollout with Burger King Brands Inc. franchisee, Goldco LLC. It included the installation of the Aloha QuickService POS and MenuLink.net back-office solution in more than 60 Burger King restaurants in the United States.
TIO Networks Corp. and Pacific Gas and Electric Co. will launch a self-service bill-payment kiosk program. PG&E purchased 11 self-service payment kiosks powered by TIO's self-service software and processing services. The deal authorizes TIO to deploy the PG&E bill-pay application on at least 200 self-service kiosks.
Wells Fargo & Co. increased its volume of electronic payments by clearing checks through image exchange with Fiserv Solutions Inc. The agreement, which took effect July 29, has reportedly increased the number of check images Wells Fargo clears by over one-half million images per day.
Online game publisher Perfect World Entertainment signed an agreement with PaymentOne Corp. to deploy PaymentOne payment options. Perfect World will now be able to offer its customers PaymentOne's PhoneBill service, a "no credit card required" payment option.
CGI Group Inc. sold its electronic payment division to Central Tax Inc., a Montreal-based company specializing in automated property tax management and payments. Central Tax will retain all personnel of the business unit.
Check Point Software Technologies Ltd. has agreed to acquire Nokia's security appliance business.
The companies have collaborated over the past decade to deliver enterprise security solutions. Check Point will now provide an extended security appliance portfolio that it develops, manufactures and supports itself.
Fiserv Inc. will acquire iTech Corp., a provider of outsourced account and payment processing services, from First Interstate BancSystem Inc. The purchase price is $40 million.
Tangarine Payment Solutions Corp. entered into an acquisition agreement with 4491157 Canada Inc. through which 491157 will gain outstanding common shares of Tangarine for approximately $9 million.
It will also acquire outstanding Series 1 preferred shares of Tangarine for approximately $3 million.
Jon Prideaux joined Paymo as a Senior Advisor. During his 17-year career at Visa Inc., Prideaux was responsible for marketing and new product development, including the Verified by Visa program. Before Visa, Prideaux held technical and sales positions at IBM.
Stored Value Solutions Inc. named Ralph Rolen its Executive Vice President and General Manager.
Rolen joins SVS from Total Merchant Services. Previously he held leadership positions at First Data and First Horizon National Corp.
Robert Skiba joined InComm's executive management team as Executive Vice President and General Manager of Stored Value, Financial Services and Loyalty Programs.
Skiba's experience spans more than 33 years in a variety of industries, including financial services and retail. He recently served as Executive Vice President at SVS.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next