GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

Congress takes on security, privacy, pot, CFPB

Patti Murphy

News

Industry Update

U.S. inches closer to faster payment systems

Merchants go to court over hidden fees

RDC summit explores next-gen banking, technologies

Amazon bows out of card processing

Las Vegas hosts global, regional payments events

Features

EMV observations at the liability shift

Stephen Kiene
First Annapolis Consulting

DOE moves forward on campus card regulation

Loyalty redefined

Mobile search engine market heats up

Views

Automated risk is its own reward

Dale S. Laszig
DSL Direct LLC

Words that kill (deals)

Adam Hark
MerchantPortfolios.com

Education

Street SmartsSM:
Advice from pros on tradeshows

Jeffrey I. Shavitz
TrafficJamming LLC

What you should know about payment security

Michael Gavin
Cayan

Electronic payments and small business loans

Ty Kiisel
OnDeck Capital Inc.

Company Profile

Comodo Group Inc.

New Products

White-label platform for mPOS providers

payworks
payworks GmbH

Driverless, multitasking, secure scanner

EC9600i series
RDM Corp.

Inspiration

Keys to motivation

Departments

Letter From the Editors

Readers Speak

Boost Your Biz: Avoid financial mistakes and gain

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

November 23, 2015  •  Issue 15:11:02

previous next

What you should know about payment security

By Michael Gavin

Security should be a top priority for every business. While many headlines about data breaches usually focus on large retailers, like Target Corp. and The Home Depot Inc., there are numerous data breaches and fraud instances that we don't hear about, especially those that happen to small and midsize businesses.

According to a recent Kaspersky Lab study titled "Damage Control: The Cost of Security Breaches," http://media.kaspersky.com/pdf/it-risks-survey-report-cost-of-security-breaches.pdf, over 90 percent of respondents had experienced at least one security incident.

One data breach could cause a small business to go under. That's why it's critical for industry professionals to have an excellent grasp of payment security and how it works in new technologies. Here's a look at the different payment methods and the security behind each one.

Swiped cards

When making an in-store purchase, you're used to quickly swiping your credit card. As you probably know, this recently changed, and swiping cards will soon become the old way to pay. Although swiping is on its way out, it's good to understand the security behind this method so you can explain the advantages of Europay, MasterCard and Visa (EMV) chip cards.

Mag stripe cards use the same technology as cassette tapes ‒ showing just how far behind the United States was before EMV came into play this year. Data is stored within the stripe on the back of the card, and it contains the consumer's account information. That same data is used repeatedly for every transaction, making it easy for hackers to pull this information off the card and use it to create a duplicate card. Fortunately, the United States has implemented chip cards to make in-store credit card payments more secure, but it'll be a while until swiping is completely gone.

Chip cards

With the liability shift now in effect, chip cards are the new way to pay. Each card contains a microchip that creates a unique token each time it's used during a transaction. This makes it nearly impossible for a criminal to create a counterfeit card to use during an in-store purchase.

When a consumer inserts a card into the EMV slot, also known as "dipping," the data is encrypted and a unique token is created, so even if a hacker were to access a consumer's information, the token displayed wouldn't be tied to the actual card.

During an EMV transaction, consumers are prompted by the terminal to either provide a signature or enter a PIN for verification. In some cases, transactions may not require either, depending on the total purchase amount. Currently, the majority of chip cards issued in the United States require signatures, not PINs. However, if a chip card is stolen, it's much easier to forge a signature than to guess a PIN. Given that PINs enhance security and most of Europe is already using PINs, it'll be interesting to see if the United States eventually changes its approach.

Mobile payments

As new mobile payment services enter the market, mobile payment adoption continues to rise. The technology behind mobile payments is called near field communication (NFC), which enables two-way communication between two devices that are within a few centimeters of each other. Data is transmitted wirelessly. With NFC, consumers can complete transactions with a simple tap of a mobile phone. When paying with Apple Pay or Android Pay, consumers are required to enter a password or scan their fingerprints for verification. This enhances security, making it almost impossible for hackers to steal information or make fraudulent transactions.

In newer mobile devices, such as the iPhone 6S, a chip or "secure element" authenticates each purchase and completes the transaction. Similar to chip cards, a unique token is created in place of consumers' information when the data is transmitted. Employing the chip, unique code and touch technology makes it extremely difficult for hackers to access consumers' information.

Another factor to consider is that most consumers are attached to their phones, so even if a mobile phone were stolen and a hacker attempted to make a purchase, it's likely the phone would have already been reported stolen. With credit cards, it takes consumers longer to realize when they are lost.

Security should be top of mind to protect your merchants' data and that of their customers. When speaking with potential and existing merchant customers, explain the differences in security to help validate why they should adopt new technologies for their businesses. With the enhanced security and more consumers using new payment methods, there's no reason to avoid new technologies.

As Cayan's Senior Vice President, Sales, Michael Gavin is responsible for day-to-day management of the company's direct sales efforts including organizational structure, sales forecasts and overall strategies. He also oversees all sales activities within the company's agent channel, a growing network of more than 400 independent representatives throughout the United States. Michael has served as a key leader within the organization since joining the company in late 2000. An individual who has made numerous key contributions, Michael was the architect behind the design and development of the agent channel. Michael is a graduate of Merrimack College where he earned his Bachelor of Arts degree in Political Science. Contact him at mgavin@cayan.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems