The Trust experts share their insights on a variety of topics.

New website launches!

TrustCommerce Blog

Practical Ways to Protect Yourself Online Jan. 25, 2012 (1) Like 
Share

Zappos, online shoe and clothing retailer, is the latest merchant to succumb to a data breach. More than 24 million customer accounts were compromised, which may have included customer names, e-mail addresses, addresses, phone numbers, the last four digits of credit card numbers and "cryptically scrambled" passwords. Zappos encrypts payment card data and said no credit or debit card information was accessed.

The recent Zappos breach has us all thinking about trust. We start to think about all the online sites in which we've placed our trust—accounts we've opened, where we've shopped and social networking sites where we disclose our lives, to name just a few. Many of us can't remember them all; let alone the email or password we used. As we go about our daily lives, we repeatedly take leaps of faith. For convenience and opportunity, trust seems to be the only choice. However, there are some practical ways you can protect yourself. Here are just a few:

  • Take the time to create a strong password. The strength of a password is comprised of length, complexity, and unpredictability. For example, use a minimum password length of 12 to 14 characters, including numbers and symbols, using mixed case, if possible.
  • Avoid using the same password for multiple sites.
  • Don’t share passwords.
  • Don’t write down or email credit card information or passwords.
  • Log out when you complete an online session.
  • Change your password regularly.

As you choose sites with which to interact, take a moment to look at a web site's privacy and security pages. Find out how they collect, use and store your information. If the site accepts payments, is it PCI compliant? Does the web site instill confidence? If not, trust your gut and look for other options.

2011 was a difficult year in terms of breaches—Sony, Michael's, Citibank and many others were affected. The trend continues in 2012. Be that first line of defense. Although following some of these tips may seem inconvenient, would you rather be left wishing you'd done things differently?

Posted By: Categories: Payment Processing Comments: 0
Tags: Payment Solutions, PCI Compliance, secure payment solutions
Save Money on Payment Processing Jan. 20, 2012 (2) Like 
Share

Wouldn't it be nice if payment processing came with a textbook for beginners? Unfortunately, many times merchants are on their own to master key terms and skillfully implement best practices that help manage costs. One of the biggest challenges can be understanding the interchanges rates set by the card networks and other fees incurred in order to accept credit card and other payments.

Here are some areas to explore that could save you money.

  • Clear transactions in a timely manner. Best practice is daily settlement nightly. Settling transactions in one day, as opposed to two or more, you could result in lower rates. Check with your merchant bank for their requirements.
  • Keep inventory well-stocked. Know your sales cycle and order accordingly. Reduce capture rates to ship out. This can also help reduce the need for re-authorizations.
  • Utilize the Address Verification System (AVS) to help protect against fraudulent transactions. AVS verifies the address of the customer presenting the payment card. The AVS system checks the billing address, numeric part of street address and zip code of the payment card provided by the user, against the address on file for that card.
  • Obtain the Card Security Code (CSC), an additional security feature implemented by Visa, MasterCard, Discover, and American Express. The CSC is a three- or four-digit value printed on the card or signature strip, but not encoded on the magnetic stripe. It is best practice to send this data when the card is not present. The codes have different names unique to each brand, as follows: Visa - CVV2, MasterCard - CVC2, Discover -CID, American Express - CID or unique card code. This data should be sent for non-swiped transactions. In some cases non-compliance fees may be assessed if no information is submitted. CSC can also help protect against chargebacks.

TrustCommerce can assist with reducing interchange rates as well as compliance costs through the following products and services.

  • Debit—PIN and PINless debit card payment acceptance have a different fee structure than credit card processing. Associated fees are typically lower.
  • Purchase card Level II and Level III transaction processing—allows qualified Business to Business (B2B) and Business to Government (B2G) merchants to process transactions with varying levels of information. This is done primarily for improved reconciliation and reporting and may also result in a preferred discount rate. TrustCommerce supports Purchase Level II and III transactions for a variety of processing platforms.
  • TC Citadel—provides a means to securely store and retrieve customer payment card and ACH information for future, one-time, recurring billing, and installment transactions. The stored information is recalled with a single six-character alphanumeric code known as a BillingID. Using this secure solution can greatly reduce costs associated with PCI compliance.
  • TC Trustee Merchant Host—is a transparent redirect web application solution that allows merchants to process payments directly from their web site without ever handling sensitive cardholder data. TC Trustee Merchant Host seamlessly integrates into the checkout process of a merchant's shopping cart, payment page, or other online payment system. Customers enter their payment card data on a form on the merchant's website, submit the payment form, and the data is seamlessly redirected to the TrustCommerce payment gateway. TrustCommerce stores and transmits the sensitive cardholder data. This secure payment solution can greatly reduce PCI costs.

Contact a TC Solutions Consultant to help guide you through payment processing: 800.915.1680. In addition, watch these TrustCommerce payment solutions videos to learn more about our services.

Posted By: Categories: Payment Processing Comments: 0
Tags: payment integration, Payment processing, Secure Payments
Healthcare Payment Trends: Patient-Initiated Payments Jan. 9, 2012 (3) Like 
Share

With patients bearing more of the responsibility for healthcare payments, healthcare organizations are looking for ways to make it easier for patients to pay, thereby improving collections and decreasing the time and resources it takes to collect payments.

Healthcare payments landscape

More than $2.7 trillion of healthcare payments are made in the U.S. annually, which represents one sixth of the U.S. gross domestic product (GDP). Direct patient-to-provider payments represent $326 billion.1  According to a McKinsey & Co. report, about 35 percent of a provider's total revenue will come from patients.

Collecting payment for healthcare services is a labor-intensive process and timing is critical. The healthcare payment process typically involves interactions between multiple parties, often after the service has been provided. As the time from the patient visit grows, patients become hard to contact and harder to collect from.

In traditional methods of payment acceptance, the healthcare worker takes a co-payment onsite prior to the doctor visit. The patient is billed for the remainder of the payment. A healthcare worker will phone and mail statements regularly to try to collect payment from the patient. Types of payment include co-pay, deductible, pre-and post-service expenses, and prescriptions to name a few. For the most part, patients pay by cash or check. Electronic payments, such as credit card, debit card, and ACH, offer patients greater convenience and providers benefit as well. Accepting electronic payments can increase accuracy and shorten the payment cycle.

Patient-focused payment technologies

In conjunction with accepting electronic payments, practices can adopt new “patient-initiated” payment technologies that help capture more revenue and collect payments more efficiently. These technologies include:

Patient payment portals allow patients to securely log in to a web site to manage their accounts. They have immediate access to their account information and can self-manage their own bill payment. Patients can initiate real time payments or easily setup a recurring payment cycle using credit cards, online debit cards, and ACH.

Interactive Voice Response (IVR) facilitates text to speech, speech recognition and speech enabled actions. IVR systems can automate many of the routine and repetitive calls made by a provider, such as balance due reminders.

Kiosks serve a variety of purposes and streamline administrative tasks. Using a touch screen, patients can self check in, update personal information, make co-payment and deductible payments, and more.

Emerging Technologies:

  • Mobile phone payment processing provides a simple way for patient payment scenarios that are needed outside of a standard healthcare check in environment such as bedside and emergency room payments.
  • Tablet-based healthcare payment solutions are moving towards combining collecting patient healthcare information and a simplified co-payment.

When looking at new technologies, providers should consider the following:

  • How the solution integrates into existing infrastructure and workflow
  • Is it easy to use, thereby increasing the probability of adoption
  • Does it comply with regulation and securely protect patient privacy
New Technologies – One Solution

The ability to embrace change and adopt new payment technologies becomes more manageable with a comprehensive and flexible payment acceptance solution as the foundation. TrustCommerce's integrated suite of offerings helps healthcare organizations accommodate their disparate payment sources. With an emphasis on customer service and the ability to customize solutions, TrustCommerce open-source payment solutions provide the assistance organizations need to manage complex legacy systems and explore emerging payments. TrustCommerce is integrated with leading patient management systems such as GE and Epic.

TrustCommerce payment solutions allow providers to not only process standard credit card transactions but pass IIAS transactional data in order to accept flexible spending account (FSA) and health savings account (HSA) cards, while maintaining the highest level of compliancy and security.

To be successful, providers and health systems must evolve to keep pace with the rapid changes in healthcare. By implementing new technologies that include patient-initiated payment methods, healthcare organizations can speed the patient payment cycle and use human resources more efficiently.

1Aite Group

Posted By: Categories: payment security Comments: 0
Tags: Mobile Commerce, payment integration, secure payment solutions
Top Tips for Merchants to Reduce Fraud Dec. 19, 2011 (2) Like 
Share

It is an unfortunate reality that during this busy shopping season criminals and fraudsters are increasingly active trying to find ways to steal goods, payment cards and money. 

The use of counterfeit and stolen payment cards is at an all time high during this time of year.  The increasing volume often makes it difficult for merchants to quickly identify whether the cards are valid.  There are a few simple things merchants can do to reduce the incidence of fraud and increase their legitimate transactions. 

1.    Ask for ID.  The card brand rules permit asking for identification as a fraud prevention measure.  Establish a policy in which your cashiers ask for identification when either unsure of a transaction or at a predetermined interval (every 10 transactions, etc.).  People using counterfeit cards do not like to shop at merchants that ask for ID as it increases their risk of being caught.  Simply asking for ID provides a general deterrence that reduces the likelihood of counterfeit cards being used in your store.  It is important to remember that a very high incidence of fraud is "friendly" fraud.  This is the use of a card by a family member or another person who may be related to the family member that is not authorized to use the card. If the full name on the card does not match the ID, do not accept the card.

2.    Compare the numbers.  Compare the swiped card number to the account number on the front of the card.  Some point of sale (POS) systems currently prompt cashiers to compare the numbers. If yours does not, it is advisable to ask your cashier to ask for the card to quickly compare the numbers.  Many counterfeiters will rewrite stolen track data onto a legitimate card.  To the casual observer it looks legitimate but the number on the magnetic stripe will not match the number printed or embossed on the front of the card. 

3.    Watch out for gift cards.  Another common trick of fraudsters is record stolen credit card data onto a gift card.  As gift cards do not require ID, merchants often swipe them without checking.  Always compare the swiped number to the number printed on the front of the gift card. 

4.    Use advanced authentication for MOTO transactions.  As Mail Order and Telephone Order (MOTO) transactions do not require the card to be physically present, they have a high rate of fraud (when compared to swiped transactions). Merchants can mitigate the risk by ensuring that advanced authentication tools are employed.  CVV2 (3-digit number on the back of the card) as well as AVS (address checking) are methods to dramatically reduce the percentage of fraudulent transactions. Additionally, you may have protection against chargebacks in the event a transaction was fraudulent.

These few simple rules will help ensure that your business mitigates the risk of accepting fraudulent transactions. Have a safe and fun Holiday Season.

Posted By: Categories: payment security Comments: 0
Tags: Fraud reduction, Payment Security, Payment Solutions
Prevent Data Thieves from Stealing Payment Data Dec. 13, 2011 (1) Like 
Share

As 2012 approaches, and companies continue to pursue compliance with the PCI DSS, the threat of data theft still looms large for merchants. On December 12, 2011, CNN, and other news organizations, ran a story announcing that US authorities arrested four Romanian Nationals in connection with a data theft scheme that had been active since 2008. The four individuals would hack into Point of Sale (POS) systems and install Trojans and key-stroke loggers to capture payment card data. This data was then used to make fraudulent purchases, primarily in Europe. 150 Subway restaurants, as well as over 50 other retailers, were victimized and an estimated 80,000 cards were compromised.
 
While a tragic story, the interesting part of this is the acknowledgment that the attacks had been ongoing since 2008--nearly four years before detection. This story is yet another example of how difficult it can be for retailers to protect data from theft and highlights the need for constant vigilance. PCI DSS compliance is simply not enough any longer to prevent data thieves from stealing data. TrustCommerce TC SMART products are designed to provide security for retailers and online merchants. By removing the data from merchant environments, there is nothing for the data thieves to steal. To learn more about TC SMART Products, please contact us at: 800.915.1680.
 
You can read the full article here: http://on.msnbc.com/tOF4ef

Posted By: Categories: payment security Comments: 0
Tags: Payment Security, TC SMART Product
5 Tips to Reduce Holiday Shopping Fraud Dec. 5, 2011 (1) Like 
Share

As consumers, it is easy to get caught up in the excitement of the holiday season and drop our guard when it comes to safe shopping. The increasing balances on credit cards often result in people not checking their statements until after the holiday season.  In a rush to make purchases, caution may take a back seat to convenience and the prevalence of goodwill may convince some shoppers that criminals wouldn't take advantage of the holiday season. Unfortunately, the holiday season is when criminals are often most active.

Here are some tips for safe shopping for consumers.

  1. Use a credit card if possible. While this topic is too complex for a short blog post the key here is that most people would rather see a fraudulent transaction on a credit card than to have money taken directly from their bank account. It is often easier to recoup the funds due to various card brand rules. All major card brands "guarantee" all transactions. Even if it takes a week or longer to dispute the transaction you do not risk being without needed cash.
  2.  Use your pen not your PIN. If you decide to use a debit card for purchases over the holiday season consider "signing" for the transactions instead of using your PIN. If prompted for a PIN, simply hit cancel and you will be prompted for a signature. It is often much easier to chargeback a fraudulent transaction that is "offline" (signed) as opposed to "online" (PIN based) due to various card brand rules. Also, ensure you read your cardholder agreement as all major credit card (American Express, Visa, MasterCard, JCB) transactions are "guaranteed," which means if it is fraudulent you will get your money back. This may not be the case in debit card transactions.
  3. Know your store. There is always temptation to shop for the cheapest prices. During the holiday season fraudsters increase the number of fraudulent shopping sites in an attempt to defraud cardholders. Providing your personal information and private account data to a site that is not known, or to which you have questions about, could result in your card being stolen or resold. All TrustCommerce merchants are carefully vetted. Cardholders can have confidence when shopping with them knowing their data is secure and the merchant is legitimate.
  4.  Check your statements. Check your statements at least weekly. You want to identify any fraudulent transactions as quickly as possible. If your card has been compromised, make sure to contact the issuing bank ASAP to have a new card issued. Unfortunately, some people wait until after the holidays to check their statements only to find that their payment card was compromised weeks ago. This increases the headaches associated with disputing the transactions. 
  5. Keep your card safe. While this is a sensitive subject, the majority of credit card fraud occurs through what is known as "friendly fraud". Family members, close friends, those that may work around the house and others "borrow" a card and go on a shopping spree. It is important that you always maintain possession of your card or keep it secure. When shopping do NOT leave your purse or your wallet in your vehicle! Every year people return to their vehicles to find windows smashed and all their presents and purses/wallets stolen. 

Remember—the holiday season is the peak season for fraudsters. Being vigilant will reduce the chance that you become a victim. By following the short rules listed above, you can reduce your risk of being victimized and enjoy your holiday season.

Posted By: Categories: security Comments: 0
Tags: Fraud reduction, Payment Solutions, PCI Compliance, Secure Payments
Secure Payment Acceptance in a Dynamic Environment Oct. 11, 2011 (3) Like 
Share

Life was simpler way back when. Some of you may remember when televisions only had three channels. A pencil or typewriter was your primary means of written communication. When you made a purchase or paid a bill, you mailed a check or paid cash at the register. Choices were limited, but simplicity appeared to make everything a little more manageable.

Innovations have lead to more choices and greater convenience—especially in our payments world. Think of all the ways consumers pay today: cash, check, credit cards, ACH/e-check, debit cards, gift cards, etc. Merchants also have a multitude of ways to accept payments: POS, online, automated recurring billing, SMS, mail order/telephone order, kiosks, integrated voice recognition (IVR), mobile devices—you name it.

Staying on Top

To remain competitive, merchants must support the traditional methods of payment, while moving forward and accommodating early adopters of the latest technology. However, the breadth of payment acceptance options can seem like an opening for greater risk and exposure. How does a merchant make sure all of the payment data entry points are secure? How do you integrate with existing systems for ease of reporting and reconciliation? Here's how:

1. When choosing a payment acceptance solution, look for a partner who is PCI compliant. Next, find a solution that reduces your compliance burden. Merchants who do not store, process or transmit Account Data (Cardholder Data and Sensitive Authentication Data), as defined by the PCI DSS, can dramatically reduce the cost of compliance and the risk associated with accepting payments. TC SMART products accomplish that goal and provide a clear path for compliance, data security, and fraud reduction.

2. Don't get caught up in all the features and benefits and lose sight of the big question: Will this integrate with my existing systems and solutions and allow me to grow? TrustCommerce's secure API, TCLink, allows merchants to integrate multiple transaction entry points and is open source. This gives merchants more control and flexibility.

A comprehensive payment acceptance solution provider can make it easier to embrace change. The convenience that comes with offering choice makes it worthwhile.

Posted By: Categories: Products Comments: 0
Tags: Payment Solutions, PCI Compliance, TC SMART Product
New TrustCommerce Developer's Guide Available Sep. 22, 2011 (2) Like 
Share

Some things are worth the wait! We are happy to post that the latest and greatest TrustCommerce Developer's Guide 4.0 is now available for download within the TC Vault in PDF format. This new version comes with many improvements and several new chapters and sections. This document began as a revision to the existing TCLink Developer's Guide, but evolved into a more comprehensive TrustCommerce Developer's Guide.

As a replacement to the TCLink Developer's Guide, the new TrustCommerce Developer's Guide:

  • Begins with the TCLink API as the fundamental interface for TrustCommerce payment processing
  • Builds on that base to cover basic and advanced transaction processing
  • Ties in additional TrustCommerce services, such as TC Citadel and TC CrediGuard
  • Includes alternative processing interfaces, such as TC Batch, HTTPS/POST and TC Trustee Merchant Host.

We hope you find this to be a valuable resource. To submit feedback or make requests for future versions, click here.

Posted By: Categories: Products Comments: 0
Tags: Payment processing, PCI Compliance, security, TrustCommerce news
PCI Compliance for Small Merchants Sep. 19, 2011 (4) Like 
Share

Small businesses are the heart and soul of the U.S. economy. From local mom and pop shops to innovative web start ups, we rely on these merchants daily for goods and services. In the payments world, small businesses are referred to as Level 4 merchants, those processing less than 20,000 e-commerce transactions annually and up to 1 million transactions annually. There are more than 6 million Level 4 merchants in the U.S.
PCI compliance is a vital component of merchants overall, ongoing security program. However, Level 4 merchants have not always been well educated or encouraged by their acquiring bank to become compliant.

If your business transmits cardholder data, you must also be PCI compliant. The Payment Card Industry Data Security Standard (PCI DSS) is a security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This definition may sound intimidating, but the overall goal is to help organizations proactively protect customer account data.

All merchants must be PCI DSS compliant
Regardless of how small your business is, you must be compliant. PCI DSS compliance is required of all entities that store, process, or transmit cardholder data, including financial institutions, merchants and service providers. Cardholder data is any personally identifiable information associated with a cardholder, such as an account number, expiration date, name, address, social security number, etc.
Although PCI DSS is not a law, failure to meet compliance standards can result in fines from credit card companies and banks, brand and reputation damage, and even the loss of the ability to process credit cards.

What are risks of accepting card holder data?
Small businesses and home-based businesses are vulnerable to hackers simply because they are usually not well protected. Home-based businesses account for 53 percent of all small businesses. Intruders see these businesses as easy targets and exploit their broadband connections, which are always on, and programs such as online games and file-sharing applications. Other typical ways merchant environments are breached include: SQL injection attacks, malicious code attacks, insecure remote access, or insecure wireless.

Sensitive cardholder data can be stolen from many places:

  • Compromised card reader
  • Paper documents stored onsite
  • Data in a payment system database
  • Hidden camera recording entry of PIN or other authenticating data

What are the costs?
Oftentimes it takes numbers, and fear of loss, to push merchants to take the compliance leap. Merchants can expect to pay approximately $50,000 for PCI compliance violations. In addition, the bank will also most likely terminate your relationship or charge higher transaction fees. These penalties can be hard to overcome.

In addition, if cardholder data becomes exposed, be aware that more than 38 states have laws requiring data breach notifications to the affected parties resulting in incalculable losses to brand, reputation and customer base. Refer to www.privacyrights.org for detail on state laws.

Summary
PCI compliance is a must. Take advantage of the resources and reputable partners that can make the process more efficient. By creating a safe environment for processing your customer’s transactions, you will keep them coming back and ensure your business thrives. 

To learn more, read TrustCommerce's whitepaper on PCI Compliance for Small Merchants.

Posted By: Categories: security Comments: 0
Tags: Payment processing, PCI Compliance, security, TC SMART Product
Secure Payment Solutions that Come with a Guide Sep. 6, 2011 (2) Like 
Share

On my morning commute, lost in thought, I drove right past the office. Snapping out of it, I realized what I’d done, took a right turn and began my detour back to the office.  Having never gone this route, I saw buildings and roads I’d never seen before, discovering better paths for future trips.

Seeing things in a new light makes me think about the TrustCommerce professional services team. What I love about our team is how they look at a project from every angle – upside down, backwards, and sideways before arriving at a clear plan for reaching an objective. Our team has lead projects and implementations for leading organizations in key vertical markets and apply that unique knowledge to every project.

Merchants come to our team with an action plan, and 9 times out of 10, TrustCommerce project managers find a clearer path to the merchant’s ultimate destination. They help the merchant better understand their objectives and the payment environment, thereby, streamlining the project and providing a cost-effective solution.

The team’s 4-phase methodology may be standard; the team is anything but.
Phase I: Concept – Technical Design and Discovery
Phase II: Development – Development, error handling
Phase III: Integration & Acceptance Testing – Testing and UAT
Phase IV: Production & Maintenance – Production Validation, confirmation

It never hurts to explore your surroundings, see things in a new light, and let that new awareness lead to better direction. Our project management team applies this lesson daily!

Posted By: Categories: Products Comments: 0
Tags: credit card payment acceptance, payment integration, professional services, secure payment solutions

Connect