Tag Archives: PCI Compliance

clover on the go

Clover POS Systems Work With Many Payment Options

People who need POS system setups are finding it easier for them to accept more payment options through Clover®. Clover POS systems are prominent for how flexible they are in handling payments. These provide sensible interfaces that help people complete their transactions in moments, plus they never have to worry about inaccurate data.

Clover supports many payment options thanks to its hardware and software setups. Clover produces durable card-accepting items with customer-facing screens that help people choose what payment methods they will utilize. You’ll need this support to ensure you’ll have more control over your sales experience while satisfying whatever needs your customers may hold.

General Cards

Clover POS systems can support various payment cards. Clover produces card readers that feature screens that display payment information and details before customers can confirm their transactions. A card reader can feature a slot for chip-based cards and a swiping space for magnetic stripe-based cards.

You can program your POS system to handle credit and debit cards. You can adjust the display screen to show which card brands you can accept. Not all retailers can accept American Express cards, so having this option to edit the display screen is essential to its success.

Chip-based cards are typically more secure than stripe-based ones, as it is harder to steal data from chip cards. But Clover’s interface provides a safe body that prevents tampering and houses a secure space for cards that people cannot alter without breaking the system apart.

You can also support gift card transactions with a Clover system. Gift cards are ideal for businesses, as people who receive these cards are often more likely to spend extra money on their transactions. They might purchase more items after a while and even return well after they finish using their cards.

Contact-Free Payments

You can also use Clover POS systems to accept wireless or contact-free payments. NFC payment options like Apple Pay are very convenient. Clover makes POS setups that can collect NFC payments and other things that don’t require physical cards.

Clover produces systems that meet PCI compliance standards while handling NFC transactions. Clover will encrypt the data you collect and ensure all content goes in a secure database where nothing is stolen. The data transfer process also ensures the transaction is confirmed and secured as soon as possible.

Online Wallets

You can also accept online wallet payments through Clover. People are using online wallet systems like PayPal to complete transactions fast and without having to go into one’s credit lines. You can gather transactions from these accounts and move the money to your account in moments.

Clover can handle PayPal and other similar online transfer systems. It can use a secure online connection that encrypts all financial and wallet data while ensuring no identifying factors will be exposed to outside parties. The extra protection you utilize ensures you’ll have more control over how Clover works for your content.

Don’t Forget to Adjust Your System

You’ll need to adjust your user interface and display to ensure everyone knows what payment options you can support. Clover POS systems come with convenient interfaces and programming setups that let you control how you’re handling your funds. You can use Clover to monitor where your money is going, how people are paying for things, and anything else of interest to your business.

Clover POS systems are perfect for when you’re looking for something of value. You can use these systems to make it easier for you to accept payments that work your needs. Take note of how Clover can work for your business and how it can adapt to whatever payment methods you support when running your operation.

The Clover® name and logo are trademarks owned by Clover Network, Inc., an affiliate of First Data Merchant Services LLC, and registered or used in the U.S. and many foreign countries.

EMV Compliance

Guide to EMV Compliance

EMV compliance states that a point-of-sale layout can accept EMV-compatible credit cards. The business also has a reader for handling EMV cards. If a customer enters a store and inserts their credit card into a machine slot, that store complies with EMV rules. The store at issue is probably not EMV compliant if it can only accept magstripe payments. 

Compliance with EMV is a global payment technology standard developed by MasterCard and Visa member groups to protect customers against fraudulent transactions. As you might have guessed from the term, EMV stands for Europe, MasterCard, and Visa. The other organizations have also joined in on the EMV standard, which is a more secure choice.

The American Express, Discover, JCB, MasterCard, Union Pay, and Visa member groups in 1993 joined together to create chip technology to protect themselves from the frequent breaches of the 2010s. With the use of Magstripe technology, more people lost their data, and fraudsters became adept. Since magstripe data could work in multiple transactions, theft only required taking the data of a person for a long time before it was discovered. Chip technology addresses such data leakage.

Technology Chip

By assigning separate, anonymous tokens for every transaction through a computer chip, EMV chip technology overpowers the magstripe technology, rendering any data taken virtually useless. The transaction content cannot be utilized at another time.

For numerous transactions, Magstripe data is lucrative to thieves. EMV compliance will not prevent anyone from stealing data, but it will make selling and using that data much tougher than before. That is why the EMV compliance statistics are so outstanding.

Steps to EMV Compliance

EMV compliance for merchants entails upgrading current chip technology hardware. This change must work throughout your entire firm if a transaction that does not employ EMV does not conform to your work. While non-EMV transactions can still be accepted, they are exposed to risk and subject to the same legislation as non-EMV transactions. Note that this applies only to transactions involving the use of a genuine card. For online transactions, the old limits still apply.

You should not only be concerned about obligations. Customers do not like firms with which they are dangerous. It is a terrible experience for customers, and when there is fraud, they generally lose faith in the organization.

The EMV Chip Specification aims to strengthen face-to-face payment transaction security by incorporating components that minimize fraud caused by fake, lost, or stolen cards. The characteristics described in the EMV Chip Specifications are as follows:

  • The chip card system checks that the card is genuine to safeguard both online and offline transactions from counterfeit fraud.
  • Risk management parameters will set the conditions through which the issuer allows an offline transaction and the conditions that compel on-line transactions for authorization, such as exceeding offline limitations.
  • Digital signature of payment data for completeness of transactions.
  • More comprehensive verification mechanisms for cardholder protection against card fraud, plus verification for cases where a card is lost or stolen.

Steps to EMV Compliance

It’s now easier than ever to become EMV compliant. All you have to do now is get a POS system that accepts EMV cards and mobile readers for chip cards.

Steps to EMV Compliance

One of the main advantages of changing to EMV is the ability to combat remittances and avoid paying for both the services provided and the customer’s loss.

If you haven’t already done so, switching to EMV will be the most beneficial, but there are other tactics you can do to support it.

How to Stop Chargebacks

  • Make the switch to EMV right away.
  • Keep a record of all receipts and orders of purchase
  • Prevent fraud with the newest 3DSecure technology from internet technologies, including AVS, card verification, and VISA.
  • Include a tracking number for shipments.
  • Confirm the delivery for the customer.
  • Record information about the customer and previous orders that the person has made.
How to Stop Chargebacks

You Can Upgrade EMV In Moments

You may have postponed EMV updates due to the associated hardware and software costs, but we are pleased to report that switching is easier today. And, regardless of the amount you spend on switching, you’re going to save money in the long term because you can protect chargebacks and avoid further physical transaction fraud.

Why Compliance Is Critical

It’s always an essential subject, but compliance has a direct influence on small and medium-sized enterprises.

In the past, if someone had stolen a credit card and completed a fraudulent purchase, the issuer of the credit card was held accountable. It’s been like this for years until compliance with EMV became a factor.

When a fraudulent transaction is conducted, it works less on the card and more on your failure to use the chip as intended. As a result, liability moves from the issuer of the credit card to the company concerned.

As of October 2018, if you only accept magnetic credit card payments, all fraud-related charges and end-of-story costs will be blamed on you. But EMV compliance ensures you’ll avoid these liability-related issues. The move will probably cover more than the upgrade cost, depending on the business you are running and the average dollar amount for each transaction.

Can EMV Influence Your PCI Compliance Work?

The EMV chip does not comply with PCI compliance rules, nor does it reduce the vendor’s PCI coverage. Whether or not EMV is implemented, compliance with PCI is necessary. To fully protect client information in card transactions, all merchants and service providers must comply with EMV and PCI requirements. Even in combination, these guidelines are not 100% effective against fraud. But the cardholder and the vendor have better protection here than if they were battling alone. EMV and PCI collaborate to enable safe and secure card transactions for traders, customers, and issuers.

What is PCI Compliance and Why is it Important?

If you accept credit cards, you must understand and implement PCI compliance – it is required by all merchant services providers. The good news is that it’s not as hard as you think to comply, and there is plenty of support available to help you.

What is PCI Compliance?

Payment Card Industry Compliance (PCI) is a set of regulations that ensure all businesses are transmitting, processing, and storing payment information in a way that’s safe and secure for consumers. The regulations lower the risk of a data breach, identity theft, and ensure overall safety for both consumers and businesses.

There are 12 total requirements businesses must meet to be ‘compliant.’ Some regulations pertain to the equipment you use – building a secure network and ensuring its ongoing safety as well as practices to determine who has access to the data and how.

PCI compliance also affects financial institutions and payment processors – anyone involved in the payment processing must be compliant to ensure the safety of the transactions.

Why is PCI Compliance Important?

First, PCI compliance isn’t optional – it’s the law. If you don’t follow it, you can’t accept credit cards. Businesses that aren’t compliant are at risk of not only data breaches, but a reputation of not being secure. Word gets around fast when there’s a data breach and it takes a long time to build that reputation and/or level of trust up again.

Today, it’s not only public opinion that gets involved, but the government steps in too. The risk of terrorism is high and the need to know what’s going on in all aspects of data transmission is a key factor.

How to Make Sure your PCI Compliant

You could handle PCI compliance yourself, but it’s time consuming, confusing, and stressful. Instead, it’s best to work with a payment processor who handles it for you. Instead of navigating unchartered waters yourself, you can have support and education to learn what’s involved, what steps you need to take, and even to do most of the heavy work for you.

A part of the compliance does fall on your shoulders though. You must make sure your staff is on board and understands the rules and regulations. You must also take control and know what risks you’re putting your company and your customers’ information under as there’s always a risk anytime information gets transmitted.

When you can promise your customers that you have PCI compliance under control, not only will it help build up your reputation, but it helps increase sales too. Customers are loyal to businesses that do more than provide the goods or services they need. They are loyal to a business that they know will protect their information, watch out for their wellbeing, and provide all-around good customer service.

If you haven’t given PCI compliance a thought lately – it’s time to figure out how to put the proper steps in place. Your business and your customers are relying on you to do so.

data protection

What is Tokenization in Payments?

If you accept credit card payments, security should be your utmost concern. Amid the PCI compliance issues, tokenization is one of the primary issues/concerns all businesses should know and understand.

What is Tokenization?

It sounds complicated by tokenization is literally replacing important numbers with ‘tokens’ or a string of numbers/characters for security purposes. The numbers are placeholders for important information, such as the credit card number or account number.

Tokenization is the direct replacement of the sensitive data that if revealed could put a customer’s information at risk. The token can be safely stored and if stolen, hackers wouldn’t’ be able to do anything with it.

How Does it Work?

Tokenization is a part of the payment process. You don’t have to do anything different – a token is assigned when the customer processes his/her payment. If you store the payment information, you’ll never see the customer’s account information. Instead, you’ll see the tokens, which protect the real information.

Here’s how it works:

  • The customer enters his/her payment data
  • The system immediately replaces the account data with a string of characters
  • The tokens are sent for authorization and immediately sent back
  • You can process the payment with the provided token

Why Tokenization is Important

There’s one reason tokenization is important – fraud. It’s reaching high levels and merchants have to do everything possible to stop it, starting with tokenization.

If you store customer data, you must use tokens to replace their ‘real information.’ While there are many benefits of storing customer’s data, including starting a loyalty program, using a customer’s buying history to advertise, and recommending future products, there’s such a high risk in storing the information that tokenization is crucial.

The good news is if anyone were to get their hands on the tokens, they are virtually useless to them. Sure, the data was hacked, but they can’t connect the tokens with anyone’s information, making it impossible to steal the credit card information.

Tokenization also increases customer loyalty. There’s something reassuring about knowing you can shop at a store and not have to enter your information. Think of Amazon – most people store payment information and even use their one-click purchasing, so all they have to do is click the button and the item is purchased. It’s convenient and smart.

They benefit merchants too because it enhances purchase power, and increases the likelihood of subscription-based purchases.

Bottom Line

If you accept recurring payments, want to store customer’s payment information for convenience and customer loyalty, or you just want to provide a quick way to check out, tokenization is the key to your success.

Work with a payment processor that offers tokenization and makes it easy for the merchant to implement. Running a business is hard enough, but adding the complexities of payment processing on top of it can be a lot for a business owner. Find a payment processor you can trust and that will have your back in all things credit card security.

Get PCI Compliant

Payment Card Industry compliance refers to a specific grouping of standards that have been set up to help ensure that customer data is being secured uniformly throughout the industry. MasterCard, Visa, Discover, and American Express set up the Payment Card Industry Security Standards Council over 13 years ago in 2006 with a view to helping regulate the credit card industry and maintain the Payment Card Industry standards to hopefully improve the security of transactions and payments.

Why Do I Need PCI Compliance for My Business?Small Business Cash Advance Options

Any business, no matter how big or small and regardless of transaction volume, needs to be Payment Card Industry compliant if they’re accepting payments from credit and debit cards. To be more specific, any company that will be storing, transmitting, or processing credit card information is legally required to be Payment Card Industry compliant. Should a data breach occur, any company that is not fully Payment Card Industry compliant will be subject to steep fines by the Payment Card Industry Security Standards Council. When it comes to smaller-sized businesses, being Payment Card Industry compliant will lessen any liability for your business in the event of a data breach occurring.

How Do I Become PCI Compliant?

In order to become fully Payment Card Industry compliant, a yearly self assessment questionnaire must be completed, along with a quarterly Payment Card Industry security scan which must be passed.

The self assessment questionnaire will include a series of questions that have been designed to assess Payment Card Industry security levels, and depending on how a business is to deal with their payment processing, they will fall into one of several categories.

Additionally, by finding a payment processor that will provide Payment Card Inquiry compliant payment processing, you can ensure that all of your business’ credit card transactions will be secure.

The different types of Self Assessment Questionnaires break down as follows:

A: Card-not-present merchants for whom all cardholder data functions have been outsourced to validated third party service providers with no cardholder data stored, processed or transmitted on the merchant’s systems or premises.

A-EP: Online merchants for whom all payment processing data is outsourced to validated third parties, and who don’t receive any cardholder data through their website, but can, however, impact the transaction’s security. No cardholder data is stored, processed or transmitted on the merchant’s systems or premises.

B: Merchants who only use standalone dial out terminals with no electronic cardholder data storage and/or imprint machines with no electronic cardholder data storage.

B-IP: Merchants who use only standalone terminals that are PTS approved, with an IP connection to the payment processor, and with no electronic cardholder data storage.

C-VT: Merchants manually entering single transactions at a time with a keyboard into a validated third party virtual terminal solution. No electronic storage of cardholder data.

C: Merchants with online payment application systems and no electronic storage of cardholder data.

P2PE-HW: Merchants with hardware only payment terminals, with no electronic storage of cardholder data.

D (Merchants): All merchants not covered by any of the above

D (Service providers): All service providers a payment brand has defined as eligible to complete a self assessment questionnaire.

Terminal Retirements

Leave a reply

Following up on our recent blog about terminal of the future, the VX 520, today we’re going to let the other shoe drop. With the payment processing industry thrusting its spotlight onto security in the wake of the Target Data Breach, the PCI DSS and its upgraded protocols are getting a lot of attention.

Host Merchant Services has been ahead of the curve on PCI compliance, having instituted a PCI Compliance Initiative years ago. But the Payment Card Industry Security Standards Council is in a continuous state of refining their security requirements and best practices so we here at HMS have to remain agile and adept at navigating these changes.

EMV smart cards, a topic we’ve discussed in depth here, are prompting PCI DSS to reorganize large swaths of its standards, and as a result, retire various terminals. As more and more POS hardware adapts to support EMV chip cards and end to end encryption, manufacturers and software developers will have to put their older equipment out to pasture. With the release of EMV/Contactless terminal applications, many of the legacy terminal devices/applications do not have the memory capacity required in order to support the association mandates. As a result, TSYS has provided a preliminary end of life schedule for credit card terminal applications that will be fully retired.

This is something the PCI DSS has been preparing for, and as such they have a schedule implemented for the retirement of older equipment. Coming up next is the VX 510 Terminal and its VDID300 Application, scheduled for retirement on June 3, 2014. Also the VX 510 and VX 570 and its VXGFT02 Application will be retired that day.

Prior to this date, Host Merchant Services has terminal upgrades available for our merchants. While we will continue to honor merchant boarding for these devices until the effective end of life date, once that occurs these devices/applications will no longer be an option available within our internal systems and downloads will no longer be available for terminal updates, swaps or technical support. So upgrading should be a priority, and Host Merchant Services will make the process seamless and trouble-free.

The VX 520 Embraces the Future

Leave a reply

Sometimes the future just sort of sneaks up on you. Even if you’ve given yourself reminders, sticky notes, calendar alarms, and the proverbial string tied around your finger, the future still has a way of creeping up on you unawares.

Which is why Host Merchant Services is happy to offer its customers a payment processing terminal that comes with a reminder built in. Verifone with its VX 520 Terminal is here to prevent any memory lapses about the future from happening to your business and its PCI compliance needs. The VX 520 is PCI PTS 3.0 compliant right out of the box and is a forward thinking terminal designed specifically to be prepared for the PCI compliance mandates that are changing the rules of the industry.

Verifone terminals use end-to-end encryption with SSL v3.0 and 3DES to maintain the highest levels of security. This encryption, coupled with Master/Session and DUKPT key management, provide maximum protection from fraud and misuse of the terminal. The VX 520 terminal is also certified with PCI PED 2.0 approval.

All About Security

Security and secure transactions have been a hot button issue in the payments processing industry for the past few years. Everything from the Global Data Breach to Bitcoin to the Target Breach has people wondering about how secure their payment information really is. This is the root of the creation of PCI and its standards. In the ten years since the PCI DSS emerged as a consensus industry standard for the major credit card vendors, PCI DSS succeeded wildly in some areas – such as the use of endpoint security, encryption and network monitoring technology.

The Clock is Ticking

However, the success of PCI DSS in some areas highlighted others in which the standard had little to say or created perverse incentives—rewarding “compliance” over real security. Subsequent updates have attempted to right those wrongs. And the VX 520 is on the cutting edge of those PCI updates.

In January 2012 the PCI DSS released version 2.0 of their standards. And the VX 520 was built to be compliant to those standards and more.

In November 2013, the PCI DSS released version 3.0 of their standards. And again the VX 520 was compliant.

The 520, offered by Host Merchant Services, is a nimble processor that is ahead of the curve on security standardization. This is helpful because by December 2014, changes are coming from the credit card companies where older terminals will no longer be valid. Host Merchant Services offers a free terminal to new customers that sign up and are available 24x7x365 to help upgrade existing customers to terminals that will be PCI compliant.

Getting Secure and Staying Secure

Host Merchant Services knows that your business needs secure transactions to function. And we’re here to make the process of PCI Compliance easy, understandable and consistent for you each year. We offer the lowest PCI Compliance fee in the industry, at just $4.95 per month. PCI Compliance is essentially the process of adhering to the standards set forth by the Payment Card Industry Data Security Standards Council (PCI DSS). Essentially the standards are a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.

Secure transactions are important for merchants and a key element of the customer service Host Merchant Services provides. As part of our commitment to our Merchants and their transaction security, HMS offers a PCI ComplianceInitiative to anyone interested in processing with us. We are happy to offer this initiative as well as our free resources to help our merchants see what needs to be done to become compliant … and stay PCI compliant.

Hacker

Hackers find new target: Mariott [2023 Update]

Leave a reply

Holiday Inn, Marriott Hotels Suspected Targets of Data Breach

The Official Merchant Services Blog has breaking news regarding the ongoing series of credit card data breaches. One the heels of the major hack of discount retailer of Target that stole credit and debit card data from 40 million accounts right smack dab in the middle of the holiday shopping season, there’s yet another target of hacker greed: Holiday Inn. Lodgers at Holiday Inns, Marriott and Renaissance hotels may have had their payment card details compromised for much of 2013 as revealed a hotel management company  on Monday.

White Lodging Services, a hotel management company, warned in a news release it suspects point-of-sale systems at restaurants and lounges on 14 of its properties were compromised between March 20, 2013 and Dec. 16, 2013. Guests who did not use their card at restaurants and lounges, as well as those who used their room account for purchases from those outlets, were not affected, the press release revealed.

The Merrillville, Indiana-based company said it manages hotels like Holiday Inn under agreement with hotel owners. The company is a separate entity from the specific hotel brands it operates. White Lodging Services said it has contacted federal law enforcement and initiated a forensic review of its properties. It runs more than 169 hotels in 21 U.S. states.

databreach1

The Full List

The full list of the food and beverage outlets affected by the suspected breach were located at the following hotels:

  • Marriott Midway, Chicago, IL
  • Holiday Inn Midway, Chicago, IL
  • Holiday Inn Austin Northwest, Austin, TX
  • Sheraton Erie Bayfront, Erie, PA
  • Westin Austin at the Domain, Austin, TX
  • Marriott Boulder, Boulder, CO
  • Marriott Denver South, Denver, CO
  • Marriott Austin South, Austin, TX
  • Marriott Indianapolis Downtown, Indianapolis, IN
  • Marriott Richmond Downtown, Richmond, VA
  • Marriott Louisville Downtown, Louisville KY
  • Renaissance Plantation, Plantation, FL
  • Renaissance Broomfield Flatiron, Broomfield, CO
  • Radisson Star Plaza, Merrillville, IN

 

White Lodging last week told the New York Times it was investigating a potential security breach, covered in a report from security writer Brian Krebs. The same Krebs who broke the news on the Target Data Breach as well as the Global Data Breach.

What Was Hacked?

The unlawfully accessed data may have included names printed on customers’ credit or debit cards, credit or debit card numbers, the security code and card expiration dates.  Guests who used or visited the affected businesses during the nine month-period and who used a credit or debit card to pay their bills at the outlets might have had such information compromised and are encouraged to review their statements from that time period.

One idea posited on how this happened is RAM scraping. Attackers are planting malicious software, known as “RAM scrapers,” on POS devices, which capture unencrypted card details after a customer has swiped a card, defeating other security measures in place intended to protect sensitive details. White Lodging said customers’ names as printed on credit or debit cards, the card numbers, the cards’ security code and expiration dates may have been unlawfully accessed.

What’s Next?

Financial institutions have reissued some payment cards and are monitoring other credit and debit cards for unauthorized activity, the company said. White Lodging is also arranging to offer one year of complimentary personal identity protection services to all affected cardholders.

The unfolding disclosures have drawn the attention of the U.S. Congress. The House Energy and Commerce Committee is scheduled on Wednesday to hear from senior executives from Target and Neiman Marcus along with the U.S. Secret Service about how data breaches can be prevented.

Host Merchant Service’s PCI Compliance Initiative

Looking at the threat of a data breach, Merchants must wonder what the solution can be. Is there protection available? PCI Compliance is a great foundation for transaction security. The standards and protocols set up by the PCI-DSS Council are the first step a merchant needs to take to protect their data. And Host Merchant Services offers a PCI Compliance Initiative that helps its merchants quickly and seamlessly take that step.

Also, one thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.

 

How to Save Money on Credit Card Processing Fees

Leave a reply

Here at Host Merchant Services we guarantee to save our customers money every month on their credit card processing. We understand that some of you are wondering how we do this! Transparency is a key cornerstone of our customer service values, so we have no problem sharing our secret formula and show everyone out there exactly how we carve out superior savings for every single one of our customers. We believe that when you get your statement every month, you should understand every item, and it should match what you were promised in the sales process. One of the first things to understand when switching to Host Merchant Services is we utilize the most cost effective and fair pricing available in credit card processing. It is called interchange plus or “cost plus pricing.” Interchange is a set of rates and fees determined by the card associations (Visa, Mastercard, and Discover). What this means is that our merchants are able to clearly see what interchange categories they qualify for. Here are a few different interchange categories that merchants pay with the same consumer visa credit card. Keep in mind each interchange category has a percentage and a dollar amount included in the category.

Supermarket Credit 1.22% + $0.05
Small Ticket (Transactions under $15) 1.65% + $0.04
Standard Retail / Restaurant 1.51% + $0.10
Charity 1.35% + $0.05
Service Station 1.15% + $0.25
e-Commerce / Mail order & Telephone order 1.80% + $0.10

These examples are based on interchange plus pricing. They also don’t include processor markup, and we have the lowest in the industry! There are other types of pricing that processors will use. You may encounter three-tier pricing (1.79% Qualified, 2.49% mid-qualified, and 3.29% non-qualified) for example. Some merchants are priced flat rate (2.9%, or 2.75%) or flat rate plus surcharges. There is also the dreaded enhanced bill back! Once you understand your pricing and category you need to look at how you are accepting your credit cards. Credit cards that are taken face-to-face (card present) often cost less than cards that are taken over the phone or on the Internet (card not present). For example, retail swiped transaction of 1.51% versus an e-Commerce transaction of 1.80%. Card associations justify this increased interchange rate due to transactions not being face-to-face. The next step in saving money is learning how much money is currently being spent on average to take in each dollar on credit cards. This is called your effective rate. This is calculated by totaling all the money you are paying in fees divided by the total amount your business processes in sales and refunds. For example a merchant who pays $300 in fees to bring in $10,000 in credit cards has an effective rate of 3.00% ($300 / $10,000 x 100 = 3.00%). A few other pieces of information are important to solving the puzzle. The average ticket or average transaction amount is also critical to understanding your rates. The reason being is that a $.20 transaction fee is not a substantial amount of an average ticket of $100 ($.20 / $100 = 0.20%). However, take that same transaction fee on an average ticket of $10 ($.20 / $10 = 2.00%). This goes to show that merchants with larger average tickets pay lower effective rates on average. Lastly we want to look at other fees; many processors will charge monthly fees, statement fees, administrative fees, regulatory and product fees, PCI fees, and annual fees. Host Merchant Services will help you save money on these fees as well! You can learn more about this process through our Official Host Merchant Services Road to Savings Infographic. The best way to start the process is to have one of our industry experts analyze a current merchant statement. We will walk you through the confusing process by explaining what you are currently paying versus what you would pay with HMS. Along with the potential to save hundreds to thousands of dollars each year on your credit card processing, we’ve upped the ante with our new $100 Challenge.

Call us today at (877) 517-4678 and let us design a solution that dramatically improves your bottom line – we guarantee it!

Tokenization Makes Card Use Safe

Leave a reply

Safeguarding Stored Cardholder Data with Tokenization

In this era of connectivity, consumers are increasingly concerned about the safety of their personal data. Leaders in the merchant services industry are actively engaged in developing new ways to protect customer information. Here at Host Merchant Services, we commit to security by providing our clients with tokenization, the most secure type of cardholder information storage available today. This system has enormous potential for any company that regularly utilizes credit card processing.

Tokenization involves taking in cardholder data and returning a token, a string of letters, numbers, and characters that represents and stands in place of the original data. Each token serves as a pointer for cardholder information, which is securely stored offsite in a cloud-based database. Since tokens do not contain cardholder data in and of themselves, they are essentially immune from the threat of hackers and identity thieves.

Tokenization And PCI Compliance

Tokenization and PCI Compliance

Through data tokens, merchants can safely store customer information with payment gateway providers like Host Merchant Services. This system is particularly well-suited for companies that charge customers on an ongoing basis. For example, businesses that offer subscriptions or memberships generally charge clients around the first of the month.

Storing large amounts of cardholder data for this purpose can create PCI compliance headaches. Essentially, when a merchant retains and stores a customer’s card information, it changes the level of compliance they have to adhere to for PCI DSS standards. You can review PCI Compliance in more detail here, but Tokenization helps to alleviate some PCI issues for merchants and boost transaction security at the same time.

Instead of storing cardholder data on-site, merchants can store tokens and simply pass these tokens to their payment processors at the appropriate times. Upon receiving these tokens, processors use the tokens to pinpoint cardholder data and generate unique credit card transactions. This system is fast and efficient while minimizing the risk of fraud and identity theft.

Helping  Businesses Small And Large

Helping  Businesses Small and Large

Token systems are ideal for smaller companies seeking to reduce their PCI compliance burdens while maintaining impeccable customer security. That said, companies of all sizes use data tokens to simplify their operations. For example, a tokenization-based payment processing system is useful for closely managing even a large-scale customer rewards program. The ability to store the tokens securely while not compromising customer cardholder data, lets a large company deftly keep track of and maintain their rewards program.

As credit card processing becomes ever more critical for modern commerce, many more companies will adopt this robust system of safeguarding customer data. Here at HMS, we are proud to offer tokenization as an integral part of our Transaction Express payment gateway.

A payment gateway is a system of technologies and processes that allow merchants to electronically submit payment transactions to various payment processing networks (i.e., the Credit Card Interchange and the ACH Network). Payment gateways may also provide merchants with transaction management, reporting, and billing services. Payment Gateways essentially bridge the gap between web-based payment options and credit card processors.  To take payments in a store, you must have a merchant account, to take payments online you must have a payment gateway.

Beyond the in-house Transaction Express gateway, Host Merchant Services also supports a variety of other Payment Gateways for your payment processing needs. We are able to customize a payment processing solution that fits your own individual needs. Here is a brief list of the Payment Gateways we support directly.

Services like the ones Host Merchant Services offers demonstrate how the payments industry is working tirelessly to prioritize information security.

Benefits Of Tokenization In Payments

Benefits Of Tokenization In Payments

Tokenization within the realm of payment gateways involves substituting payment information, like credit card numbers with an identifier or token. This token serves the purpose of enabling transactions without exposing the data. There are advantages to using tokenization in payment gateways;

  1. Enhanced Security: Tokenization provides security for information by preventing access and reducing the risk of data breaches. Since intercepted tokenized data is useless without the tokenization system it holds no value for attackers.
    PCI DSS Compliance; Compliance with Payment Card Industry Data Security Standard (PCI DSS) is crucial for businesses that handle cardholder data. By minimizing storage and transmission of information tokenization helps reduce the scope of PCI DSS compliance audits.
  2. Risk Reduction: Replacing card details with tokens significantly decreases the risk of transactions. Even if a token is somehow intercepted it cannot be easily exploited for transactions without access, to a system.
  3. Simplified Compliance: Tokenization assists in meeting regulations related to data protection and privacy.
    It ensures that customer data, which is sensitive is handled securely and in compliance, with requirements like GDPR, HIPAA, and others.
  4. Efficient Operations: Tokenization simplifies the process of integrating payment gateways into systems. By eliminating the exposure of card data during transactions developers can focus on integrating with the tokenization system making it a straightforward process.
  5. Building Customer Trust: Businesses that prioritize the security of payment information are likely to gain customer trust. Tokenization showcases a commitment to safeguarding customer data fostering trust and confidence in the brand.
  6. Convenient Recurring Payments: Tokenization proves advantageous for businesses offering subscription services. Once a card is tokenized it can be utilized for recurring payments without customers needing to enter their card details.
  7. Accelerated Transactions: ** Processing Speed;** Since tokenized transactions do not involve transmitting the information they can be processed rapidly resulting in enhanced efficiency, in payment processing.
  8. Support, for Multiple Channels: Tokenization can be used in payment channels, such as mobile and in-store transactions. This flexibility makes it a versatile solution for businesses that have payment requirements.

In essence, tokenization in payment gateways offers a security measure that minimizes the chances of data breaches and ensures adherence, to regulations. Improves the overall effectiveness and reliability of payment procedures.