Tag Archives: PCI Compliance

AlignCloud and HMS partner up

Host Merchant Services, an industry leading provider of payment processing and e-commerce services for small and medium businesses, announced a promising new partnership with cloud consulting firm AlignCloud. This partnership is the product of extensive research and collaboration and the bold new alliance represents an exciting opportunity for customers to benefit from the combined expertise of these two companies.

AlignCloud tailors services for cloud providers and end-users alike. From cloud readiness assessment planning to cloud vendor management, AlignCloud provides indispensable services for all cloud customers. For cloud hosting providers, AlignCloud can help providers train sales staff, draft sales plans and fully engage with Web marketing and SEO. With its focus on the cloud and web hosting market, AlignCloud is a natural referral partner for Host Merchant Services.

HMS CEO Lou Honick has aptly summarized the buzz surrounding this collaboration. “Our expertise in e-commerce, payment cost optimization, and security meshes perfectly with AlignCloud to create compelling offerings,” Honick said of the AlignCloud partnership. AlignCloud clients can now seamlessly access secure, reliable merchant services, PCI compliance solutions, and e-commerce.

In the business world, demand for cloud services has reached an all time high. As mobile devices become more important for business, public worries about information security keep pace. Cloud Hosting is a type of hosting platform that allows customers powerful, scalable and reliable hosting based on clustered load-balanced servers and utility billing. Web hosting services allow individuals and organizations to make their website accessible via the World Wide Web.

For AlignCloud’s customers, HMS has designed services to insure absolute peace of mind. According to AlignCloud CEO Stacy Griggs, the program will provide clients with “lower rates and better service for credit card processing, mobile payments and merchant services.” The experts at HMS combine technical knowledge with uniquely dynamic customer service. Through expertise in data security and fraud reduction, Host Merchant Services promotes more confident commerce, both for businesses and customers alike.

A cloud hosted website can be more reliable than alternatives since other computers in the cloud can compensate when a single piece of hardware goes down. Also, local power disruptions or even natural disasters are less problematic for cloud hosted sites, as cloud hosting is decentralized. Cloud hosting also allows providers to charge users only for resources consumed by the user, rather than a flat fee for the amount the user expects they will use, or a fixed cost upfront hardware investment.

For Host Merchant Services, the partnership with AlignCloud is part of their successful strategy to partner with the web hosting and cloud services industry. Companies like AlignCloud can better serve clients by integrating credit card processing into their offerings. Through Host Merchant Services, AlignCloud customers will experience hassle-free credit card processing with 24x7x365 hour technical support and responsive website.

Clients of AlignCloud can also earn extra revenue by referring their customers to the program.

About PCI Compliance Fees

Leave a reply

Many businesses that accept credit cards wonder what the PCI compliance fee is and why they have to pay it. It all starts with the information that a retailer gains when a customer purchases a product or service using their credit or debit card to pay for the transaction. The thin black strip on the back of the cards holds sensitive information that can be used to defraud the card holder if a criminal gets hold of that information. A merchant must take steps to ensure that all personal information collected from a customer is kept safe and away from those who intend to do harm to others.

There have been some notable breaches of data over the past few years like what happened at TJX companies – the parent company of the T.J. Maxx and Marshall department stores. Over a 16 month period, thieves hacked into TJX’s computer system and stole information from over 45 million cards. This caused serious problems for the company and their customers that ended up costing a lot of time, money and effort addressing the damage caused by the breach.

Employees of businesses have also been known to steal this type of information. All they need is to gain access to credit and debit card receipts so they can purchase items using someone else’s card number. These types of incidents have increased with the proliferation of these cards. The major credit card companies like Visa, MasterCard, American Express and others developed guidelines that a business must follow to protect customer information. Failure to abide by these guidelines can result in the credit card companies deciding to discontinue doing business with a non-compliant company.

Many business owners know they should keep information safe, but many also have no idea why they are also being charged a PCI compliance fee.

These fees are charged for basically three reasons: education, non-compliance, and insurance.

Many credit card processing companies spend time working with business owners to make sure they understand what is required and how to meet those requirements. Some will add a fee to cover the cost of this educational component.

Businesses that do not show they are in compliance are also susceptible to being charged fees. This is generally done to remind the owners that they should take the time to fulfill the requirements. This portion of a fee could disappear once they have certified with the processors that they have taken appropriate action to protect their customer’s information.

A third component of some fees is insurance to help cover any breaches. The TJX breach ended up costing well over a quarter of a billion dollars. This is a cost many businesses cannot afford to absorb and still survive. The insurance will not cover breaches where the company was involved in the criminal activity.

The fees can be charged either monthly or annually. The fees range from five to 15 dollars per month to over 99 dollars per year.

Industry Terms: E-Commerce [2023 Update]

Leave a reply

This is the latest installment in The Official Merchant Services Blog’s Knowledge Base effort. We want to make the payment processing industry’s terms and buzzwords clear. We want to remove any and all confusion merchants might have about how the industry works. Host Merchant Services promises: we deliver personal service and clarity. So we’re going to take some time to explain how everything works. This ongoing series is where we define industry related terms and slowly build up a knowledge base and as we get more and more of these completed, we’ll collect them in our resource archive for quick and easy access.

E-Commerce

Today’s term is Electronic Commerce, or E-Commerce for short. E-Commerce is the process of using the Internet or computer networks in order to buy or sell information, services, or products. This includes all transactions involved in conducting business over the fore mentioned networks. The act of buying or selling over these networks allows for secure paperless transactions to happen electronically. It has also given many businesses the ability to expand from local and regional markets to national and global markets.

Initially E-commerce just involved business to business transactions over private networks, it wasn’t until the mid 1990′s that it became completely open to the public. These businesses were using Electronic Data Interchange (EDI), which was a transfer of electronic data from computer to computer and Electronic Funds Transfer (EFT), which was an electronic transfer of money from one computer to another in order to do business with each other. Doing business like this guaranteed that the transactions would be completed in a faster and less expensive way. Advancing computer networking capabilities led to the public use of the Internet and opened the doors of E-commerce to the world.

E-Commerce has a major impact on the markets that businesses can reach. Businesses now have the ability to reach a large global market allowing for a greater return on their product sales. Retailers can sell more of a particular product at a lower cost, as a result of business being done online and not by man power alone, which gives them the ability to lower prices and increase sales. Although we may take advantage of E-commerce and the ease it creates in our daily lives, its benefit to the global economy is always changing and ever-increasing as technologies continue to develop. Everyday we see new businesses from all over the world implementing E-commerce into their business strategies, resulting in the growth of a “global community”.

Host Merchant Services offers a variety of E-commerce solutions to fit your business, including HMS Express, our own cutting edge in house payment gateway. HMS is able to interface with most of the major Payment Gateways out there, including Authorize.net. We also offer unparalleled protection for all of our merchants in the form of our PCI Compliance Initiative.

Barnes & Noble Data Breach [2023 Update]

Leave a reply

Today’s edition of the Official Merchant Services Blog will take a look into the newest data breach, involving NY-based Barnes & Noble Inc.

Barnes & Noble revealed last week a “sophisticated criminal effort” had taken place at 63 stores, resulting in hacked PIN pad devices putting some of its customers at risk. The company discovered the hacking in September, but did not disclose it until recently on the advice of federal authorities. Security experts at the FBI have admitted that immediate disclosure in data breaches can make it harder for investigators to find the perpetrators.

In response, the chain has ceased using all PIN pads in its stores, and it has identified the affected locations in California, Connecticut, Florida, New Jersey, New York, Illinois, Massachusetts, Pennsylvania and Rhode Island.

“The tampering, which affected fewer than 1% of PIN pads in Barnes & Noble stores,” the company said in a news release, “was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases. This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads.”

Barnes & Noble said its customer database was unaffected, and that none of the compromised PIN pads were at its college bookstores. The company also said the breach did not affect e-commerce sales, customers who bought online or through company’s Nook e-reader and Nook mobile app remain safe.

The bookseller is also working with the payment card networks, banks, and card issuers to identify accounts that may have been compromised. The company expects to have to go through a re-validation process before it again is deemed to be Payment Card Industry (PCI) compliant.

Although unfortunate, this data breach could have been prevented by discontinuing the use of unnecessary equipment. PIN pads for terminal are no longer a cost benefit to a company, since the Durbin Amendment. Durbin makes PIN Debit rates the same as Swipe Debit rates (as long as the bank is large enough to qualify), essentially eliminating the need to a PIN pad altogether. Check out our blog post on the differences between PIN and Swipe Debit here. Fewer PIN pads would reduce tampering of terminals and theft of cardholders PIN numbers.

In the meantime, Host Merchant Services continues to offer the lowest PCI Compliance rates in the industry, as well as a vigorous PCI Compliance Initiative that seeks to inform and educate everyone interested as to the details of the process, step-by-step.

Host Merchant Services and Certified Hosting Announce Partnership

Leave a reply

Certified Hosting, a leading web hosting services company, announced today a new partnership with Host Merchant Services that will enable webmasters to use merchant services with their web hosting plans. All Certified Hosting customers, including those on shared web hosting, virtual private servers (VPS hosting), and dedicated server hosting plans, are now able to apply for Payment Card Industry (PCI) compliant payment processing that is delivered to Certified Hosting’s high standards of customer service.

“Certified Hosting offers a range of ecommerce hosting services,” says Kacy Carlsen, co-founder and CEO of Certified Hosting. “We have made it easy for our customers to get up and running with an online store using the latest scripts and rock-solid hosting services. Quality merchant services are an essential part of a good ecommerce strategy for any business, and we are proud to announce Host Merchant Services as our chosen payment services partner. We are confident that Host Merchant Services will deliver the quality of service our customers have come to expect, at an affordable price.”

As a leading web hosting provider, Certified Hosting balances cost against quality of service. The company’s reliable web hosting services come with a 99.999% uptime, at a price that is affordable to new and growing businesses. Similarly, Host Merchant Services offers professional payment processing with fees that are clear, fair, and incredibly low. Typically, each type of credit or debit card transaction incurs a different fee, depending on the risk associated with it. Some merchant service providers charge merchants predetermined fees, meaning that merchants always pay the highest rate, regardless of which card has been used. Host Merchant Services charges merchants using a system known as Interchange Plus. Interchange Plus ensures that merchants only pay the fees that have actually been incurred, plus a small surcharge for administration. As a result, merchants using Host Merchant Services can reduce their payment processing expenses and more accurately project the cost of future transactions.

“There are no other industries where customers pay unnecessarily high charges,” says Carlsen. “Yet merchants routinely pay fixed fees for payment processing that do not reflect the actual transaction cost. At Certified Hosting, we provide fairly priced services thanks to Host Merchant Services. And now we can offer credit card processing to match. Even better, Host Merchant Services is – like Certified Hosting – an honest, upfront company that does not surprise merchants with hidden fees and charges.”

Another factor in Certified Hosting’s success is the company’s unlimited web hosting services, with no charges for customers who use a lot of disk space or bandwidth. The payment processing industry is full of complex terms and conditions, including additional charges buried deep in endless documentation. Host Merchant Services removes several common surcharges in the industry, with free applications, free setup, a free virtual terminal and an affordable payment gateway. Merchants are simply charged for the transactions they carry out, making accepting credit cards online more affordable and, crucially, more predictable.

“The most important thing about Host Merchant Services is that payment processing is made simple,” says Carlsen. “Host Merchant Services has no hidden charges, no expensive setup fees, and no unpredictable fees. With Host Merchant Services, our ecommerce hosting customers can quickly apply online, be approved in minutes, and begin taking payments in as little as 24 hours. We hope customers will take advantage of this new partnership so they can spend less on payment processing and maximize their profits.”

Certified Hosting has a proven record of excellent customer service, going the extra mile to help customers grow their online businesses. With this new partnership, Certified Hosting allows customers to get started right away with an affordable and efficient solution for payment processing.

Customers interested in merchant services from Certified Hosting and Host Merchant Services are encouraged to visit certifiedhosting.hostmerchantservices.com.

HMS Versus Square: Part 3

Leave a reply

Today’s Official Merchant Services Blog post will wrap up our on-going series comparing Host Merchant Services and Square. In part 1 of our series, we reviewed how the two companies differ in how they set up merchant accounts. In part 2, the different pricing schemes offered were analyzed, as well as the time differences between fund dispersal. In Host Merchant Services Versus Square: Security and Conclusion we will offer a side-by-side comparison of the security and customer protection each company offers and wrap up the series with a final verdict on which offers superior merchant services.

Don’t be a ______

Everyone is concerned with credit card security these days. Merchants want to operate securely, and customers want to feel secure when they make purchases. The only way to be sure your credit card data is safe is to use devices that process credit card data in a secure manner. It may be cheap and easy to take the magnetic tape reader from a cassette player and attach a microphone input, but is it safe? Is it secure? Hackproof?

According to Verifone, and the hackers at Black Hat, the Square application is susceptible to audio hacking and the insertion of stolen credit card data via a TRRS cable (also known as an iPhone audio cable). Hackers have even created programs that can take credit card numbers and convert them into audio signals, which allow you to feed them into square through the audio port.

Many argue that this is no different than keying the card number in, the Square application doesn’t require CVV, why not just key them in? Here comes the scary scenario. With a simple cell phone application and this Square credit card reader, it makes skimming card data that much more easy for the malicious. Imagine leaving your credit card with the waiter/waitress and on the way to the POS terminal in the restaurant, and your server casually skims the card on the way. The hacker may be able to record the sound of your credit card and share the audio file with others or use it themselves to feed it back into Square.

Many people argue that this isn’t new nor is it the fault of Square that credit cards are so insecure. The problem is that since Square gives them out for free without any type of application, you have lots of potential card skimming devices in the market. Most consumers didn’t have access to a credit card reader in the past, but that has changed. The Square reader has been recently updated from the original design; you can see what the original Square looks like inside here.

Host Merchant Services differs from Square in many ways. HMS offers card readers through ID Tech, notably the UniMag II two-track mobile mag-stripe reader. This device works across Apple and Android platforms, being just as flexible as the Square reader. The ID Tech swipers that Host Merchant Services offers can work on the various iPhones, iPads and iPods, as well as a host of Android smart phones — a list can be found here.

These card readers are much more secure than the Square device as the Unimag swipers don’t work as input devices. This means you can’t upload a .txt file to get it to input, closing one of the holes in Square’s security.

Conclusion

Square is a viable and useful payment processing solution for a select group of merchants. Square’s marketing has always pushed that it is small business friendly. Digging through the details of what they offer however, it starts to become apparent that even a lot of small business owners can do better with other merchant services providers. If you’re going over the limits that Square sets in its fine print — especially if you find yourself having to be flexible and take card not present transactions on your mobile device — you’re losing out on the savings that you were promised. Those merchants are then paying fees at prices that are not all that competitive. Which means those merchants can find better savings and deals elsewhere.

I’ve always felt that Square is really a sign of the times, giving payment processing the same flexibility and potential that desktop publishing and online printers have given the vanity publishing industry. Desktop publishing has been opened up enough by computer software like Gimp and online printing and online distribution options to allow everyone to easily upload, produce and then publish books, brochures and other printed media — giving rise to micropublishers. And much like that shift in the publishing industry, Square has created viability in the payment processing industry that wasn’t there before. That is to say, Square works best with micromerchants — the kind of merchants you’d find on Etsy.com.

Square offers a payment-processing plan to merchants hawking their individual goods from place to place, giving them the ability to take plastic in what was once just a cash only endeavor. The people I think of in that plan are merchants constantly on the go, selling one or two items — maybe some concert t-shirts out of the back of their car, or their own sketches at a comic book convention. These are the merchants that could potentially save with Square.

Host Merchant Services offers a plan that can be customized to work with any size merchant. Specialized pricing with individual statement analyses mean that merchants come out on top with the most savings possible. HMS also keeps merchants compliant with the PCI Compliance Initiative, and keeps customers card data safe by offering the latest and most secure equipment, even for mobile payments.

Square has its shortcomings in terms of how merchants may grow and expand. By setting limits on card not present transactions, and setting up flat fees, Square is simple and straightforward. But it is also locked into a pricing structure where the fees cease to be competitive as a business begins to function on a more consistent basis. This is where a payment processor like Host Merchant Services begins to shine. Their pricing structure is flexible enough that it can offer competitive rates that save even Square merchants money if they switched. Host Merchant Services can also guarantee stable payment of funds; the merchant has their own merchant account, and helps the merchant seamlessly transition into transactions beyond just mobile with no change in rates or pricing.

Once you step up to the next tier of merchants, a small business merchant doing regular monthly transactions on their mobile device — a merchant with even just a tiny but steady stream of business through the device — HMS gets a clear edge when stacked up against Square. After comparing the two processors in terms of merchant account set up, pricing, disbursal of funds, and security in this series, the final verdict is that Host Merchant Services offers the most complete and straightforward merchant services, while still saving merchants money on fees.

HMS Versus Square, Part 1

HMS Versus Square, Part 2

HMS Versus Square: Part 2

Leave a reply

Today the Official Merchant Services Blog will begin the second segment in our three-part HMS versus Square matchup. Yesterday we briefly reviewed aspects of both companies, as well as delved into the differences between the merchant accounts they set up. If you missed Part 1 of this series, check it out here. In part 2, Host Merchant Services Versus Square: Pricing and Payment, we will take an in depth look at two of the most important aspects of any merchant services company, the rates offered and the payment of the merchant’s funds. First up are the pricing plans for both Square and Host Merchant Services.

The Pricing Plan

Square offers a very well publicized pricing plan. It began with the flat rate of 2.75% on swipe transactions. They recently upgraded to the “simple pricing” plan of $275 per month flat fee, with 0% charge for swiped transactions.

That’s easy enough to remember, right? Their advertising is really quite amazing because of how simple that plan is to promote.

But take a look at the fine print.

The Simple Pricing, or One Price Per Month, plan that Square announced has a limit. If you exceed $400 for a single transaction, or $250,000 in annual transactions, Square flips you over to the One Price per Swipe plan. That is Square’s original plan, the 2.75% per transaction plan.

And then there’s different pricing for card-not-present transactions, or transactions that you have to manually key in to your device. Square heavily promotes the rates on swipe transactions, but merchants have to deal with the wide variety of consumer needs, which will necessarily include card not present transactions. There will be times where even the tiniest of micromerchants needs to key in a transaction.

When that happens, Square’s pricing structure transforms to resemble the most expensive in the industry. Transactions that you have to manually key into your device cost you 3.5% + 15 cents per transaction.

Host Merchant Services offers its HMS Guarantee, combined with the Interchange Plus pricing model. It’s individualized pricing system, which in practice is designed to save merchants the most money possible.

Host Merchant Services starts with the basics of Interchange Plus pricing. Interchange Plus pricing is based on the “interchange” tables published by both Visa and MasterCard. Because the credit card giants publish these tables, the pricing is extremely transparent. Anyone can access the tables and see what the basics of the pricing starts with. On the whole, this transparency keeps the total cost of this pricing plan lower than the tiered pricing plans that are used by other traditional merchant account providers.

Added to the interchange rate is the discount rate, or markup. This flat markup fee is the “plus” in Interchange Plus pricing, and for Host Merchant Services the discount rate eliminates the need for hidden fees that tiered pricing plans utilize.

You’ll note that there hasn’t been any mention of specific numbers. Unlike Square, which plays up its flat fees and specific 2.75% or $275 per month, Host Merchant Services utilizes a far more organic approach. HMS takes each merchant on a case-by-case basis. The company looks at what the merchant is currently paying, or would pay as the industry baseline if they were brand new, and then cuts savings into that pricing structure.

This is the HMS Guarantee. The company guarantees to offer each interested merchant a pricing plan that saves them money on their processing fees. The flexibility lets Host Merchant Services find savings for companies where none may exist for other merchant services providers. This creates an equally powerful marketing message for Host Merchant Services when compared to Square. In fact, it allows HMS to approach Square users and still offer those users savings over Square for virtually any card type.

By not locking themselves into a flat rate plan, Host Merchant Services can relentlessly seek out the best pricing plans for each and every merchant, guaranteeing those merchants savings and finding the service and peace of mind that merchants need from their payment processor.

Also, it’s been widely publicized that Square’s rates aren’t the most competitive rates in the industry. Square is tailor made for e-commerce transactions because it is a mobile device credit card reader. The average interchange rate in 2011 for e-commerce was around 2.06%, which falls well below Square’s highly publicized 2.75% per transaction rate. This underscores how much flexibility Host Merchant Services has to compete against Square. Host Merchant Services also offers many of the same added perks Square offers — including a free swiper.

In fact, even the free swiper can be an easier process through Host Merchant Services. Square charges $10 for the swiper if you buy it in a store and then offers those who do purchase it that way a $10 redemption code which will be linked to your bank account. Host Merchant Services just provides its merchant with a free swiper — which is an extension of its HMS Guarantee that provides traditional brick and mortar merchants a free processing terminal. No fussing around with redemption codes.

Payment of Your Funds

Now we get to the next big sticking point — payment of funds.

Square has given a very healthy portion of the spotlight to its next day funding capability. This is a very big plus for merchants. Getting paid as soon as possible is always important to a business, and so next day funding is very popular with merchants.

Host Merchant Services provides next-day funding to its customers, meaning there’s one day of time elapsed from when the transactions happen and when the merchants get their funds. And once processing, merchants have a steady flow of deposits to their bank account.

There’s a limit on how funding works within Square’s framework. Because Square is a payment aggregator, receipt of your funds is at Square’s discretion. This comes into play with Square’s handling of manually entered payments, or card not present transactions. Square has a $2,002 weekly deposit limit for card not present transactions. Square states its merchants can accept more than $2,002 in manually entered payments during a single week, but when a merchant does that Square will defer depositing those funds for a full 30 days.

Square offers to work something out with merchants that have to do this regularly, but even then it doesn’t end up being next day funding — one of Square’s biggest selling points.

Host Merchant Services has no such caveat. You get next-day funding, and you get it for all of the kinds of transactions you end up processing through Host Merchant Services. With HMS, you don’t end up in a situation where card not present transactions (a typical form of transaction in e-commerce) end up putting you in a situation where you don’t see your funds for a month.

In conclusion, it is easy to see why Host Merchant Services is superior to Square in terms of pricing and payment of funds. Square holds its rates firm for every merchant, from 2.75% – 3.5% and also reserves the right to hold merchants funds for 30 days. Host Merchant Services offers an individualized pricing plan, custom fit to each merchant to maximize savings as well as a true next-day funding policy for all merchants.

Continue Reading – HMS Versus Square, Part 3

PCI Guidelines for Mobile Apps

Leave a reply

Today the Official Merchant Services Blog will examine the PCI Security Standards Council’s most recent guidelines, and their slow crawl towards comprehensive security requirements for mobile devices.

On Thursday, the PCI Security Standards Council released a set of best practices geared toward software developers of mobile devices. These guidelines come four months after they released some guidance about mobile payments for small businesses.

The PCI Council, based in Wakefield Massachusetts administers the Payment Card Industry data-security standard and affiliated standards for secure payments software and also PIN-based transaction devices. The guidelines were released during the Council’s annual North American meeting in Orlando, Florida on Thursday, after hinting at a possible PCI clarification in early September. Present at the gathering were security assessors, merchants, processors and vendors, all preparing for the update of the main PCI standard next year.

The Council announced that it is starting to approve hardware for mobile payments such as card readers that plug into smart phones or tablet computers. The Council has not delved into the approval of software for mobile payments and have they made it clear when that will happen. They have however, announced that more guidance for merchants will come next year and that they will continue to take input from the payments industry on the serious task of protecting card holder data when payments originate from mobile devices.

Correcting software vulnerabilities is the most important aim of the Council’s new guidelines, as app developers crank out new programs for processing payments on smart phones and tablets everyday. The guidance covers everything from the payment transaction, access protection, and remote disablement of a missing device.

The last point is arguably the most important aspect of a new mobile PCI security system. Since mobile payments are true to their name, mobile, the chance of someone running away with your credit card terminal is an increasingly possible risk. The same applies for any tablets acting as POS systems in a store. An unlucky shopkeeper may open up in the morning only to find part of his or her POS system missing, and all cardholder data inside compromised. This is what the PCI Security Standards Council seeks to avoid.

The Future of PCI and Data Security

Leave a reply

Today The Official Merchant Services Blog marks the triumphant return to the timely topic of PCI DSS and cardholder data security. This tantalizing topic has been touted time and again in the peerless pages of our payment processing chronicles.

Days of Future Past

The crafty criminals that defraud, hack and swipe courageous consumers for their cardholder data are a constant concern for the entire credit card processing and data security sector. The industry has to be ever vigilant in its commitment to curb the high tech criminal activities and keep that cardholder data safe.

Retailers need to be eagle-eyed when it comes to defending data and securing customer information. They also need to be prepared for disaster, with a protocol-based plan of action for the worst case scenario — the dreaded data breach. But none of these advance preparations will save a merchant from data breach dangers if the merchant is unaware of PCI DSS, what it all means and what the requirements for PCI Compliance are.

The misdirection and misinformation out there about the process of PCI Compliance has led to complacency among many merchants. Face front true believers, we’ve even expressed the fantastic facts and figures to support merchant apathy regarding PCI Compliance in previous published purveyances of PCI related blogs.

The media gloms onto the gargantuan headlines of something as garish as a Global Payments data breach and the searing spotlight of data security dazzles the masses with the terrifying tidbits of these capricious crimes. But the nature of the crime has the danger spreading to small business merchants more and more frequently in the past few years. In fact, this article from Convenience Store Decisions, it is suggested that the heinous hackers and nefarious fraudsters are backing away from the big fish and targeting the smaller retailers with easier to breach defenses.

The CS Decisions scribe John Lofsock posits that one of the prime reasons for this shift can be pinpointed to an alteration in the criminals’ own dastardly demographics. Today’s hacker is becoming less the angst ridden, misunderstood teenager with whiz-bang keyboard and coding powers and turning into a far more treacherous group of villains. As the article puts it, “When hackers run up against businesses with sophisticated information technology and up-to-date security, they’ll turn to easier systems, including those of small non-profit agencies and family businesses.”

Datapocalypse Now

So what does a merchant do? The hale and hoary Host Merchant Services PCI Compliance pioneers readily suggest utilizing their very own PCI Compliance Initiative. PCI Compliance is a fantastic foundation for top notch transaction security. The superlative standards and powerful protocols set up by the powers that be on the PCI-DSS Council are a forceful first step any enterprising merchant needs to take to protect their data. This is why helpful Host Merchant Services offers a power-packed PCI Compliance Initiative that gets merchants quickly and seamlessly up to speed.

Add to that amazing Initiative the second step that Merchants can take to shore up their security: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind. This program offers data breach insurance.

The article from CS Decisions quotes Trinette Huber, of Sinclair Oil Corp. in Salt Lake City as saying “as a merchant, I can go through all the steps to do this and do it in good faith, and yet if I have a breach — which is entirely possible — the PCI council will say I wasn’t literally compliant.”

This is where breach insurance comes into play true believers. The Data Breach Insurance that cutting edge and customer-oriented companies like Host Merchant Services offers can curb the pernicious penalties that merchants face when a breach occurs. As we’ve stated time and again here on The Official Merchant Services Blog, security only begins with PCI Compliance. It’s a never-ending battle for safety, justice and the power of payment processing. Merchant Services providers need to work in conjunction with merchants to stay out in front of any and all security issues. And even then, disaster can occur, so a solid data security plan will have backup protocols like data breach insurance.

The CS Decisions article also quotes Huber as saying that PCI “is asking thousands of merchants to do something (the credit card companies) should be doing themselves. They should be fixing the magnetic stripe (in credit/debit cards) so it’s not something that can be easily stolen, instead of asking merchants to fix (the security issues) for them.”

That concern right there is why Visa has been pushing so hard for its EMV chip program with newer, more secure smartcards that have worked so well in Canada and Europe. Huber is noted in the article for describing the overbearing cost that the switch to EMV could entail for small business owners, as well as the fact that the EMV chips have been in place for decades and have already had data compromised before.

So if not EMV, Then What?

Will no canny crusader for competent credit card processing and dependable data transfer step up to take the challenge presented by the PCI DSS? John Lofsock, the audacious author of the article we’ve been analyzing, thinks that Point to Point Encryption (P2PE) might be the champion the industry needs. This tantalizing technology that is newer than EMV chips apparently ensures that credit card data is protected from the moment it is swiped all the way through to the nanosecond it arrives with the payment processor. This could curry favor with retailers because it completely eliminates the need for the retailer to secure cardholder data, as the retailer never has possession of said data.

The real boon, as noted by Lofsock, is that the P2PE method will make it much cheaper for merchants to be PCI Compliant by removing the need for merchants to deal with network segmentation and other costly and time-consuming parts of the compliance process like the audit.

It is noted that PCATS and PCI are preparing future standards that deal with P2PE so it is on their radar.

In the meantime, Host Merchant Services continues to offer the lowest PCI Compliance rates in the industry, as well as a vigorous PCI Compliance Initiative that seeks to inform and educate everyone interested as to the details of the process, step-by-step.

Industry Terms: Payment Gateway

Leave a reply

This is the latest installment in The Official Merchant Services Blog’s Knowledge Base effort. We want to make the payment processing industry’s terms and buzzwords clear. We will eliminate any and all confusion merchants might have about how the industry works. At Host Merchant Services, we promise to deliver personal service and clarity. So we’re going to take some time to explain how everything works. This ongoing series is where we define industry related terms and slowly build up a knowledge base and as we get more and more of these completed, we’ll collect them in the resource archive for quick and easy access.

Payment Gateway

Today we will focus on Payment Gateways and how they work, in order to wrap up our week of E-commerce driven content. A payment gateway allows E-commerce merchants to accept credit cards on their websites. Sensitive payment information is encrypted by the gateway to ensure that it passes securely between the customer and the merchant. We have defined a POS, or point of sale system already for the Knowledge Base. A payment gateway can be considered a virtual point of sale system. The gateway acts as a “middle man,” allowing communication between online shopping carts or virtual terminals and the banks processing the transaction.

The process can be broken down like this, it starts when a customer places an order on a website by pressing the “Submit Order” button in an online shopping cart. The payment gateway then forwards the transaction information to the payment processor used by the merchant’s acquiring bank. From there the payment processor forwards that information to the appropriate card association (ex Visa, MasterCard). The credit card issuing bank receives the request, or the Authorization and does the necessary credit or debit check and then sends a response back to the processor in the form of an approval code (ex approved, denied). Next the processor forwards the authorization response back to the payment gateway. After receiving the response, the gateway forwards it on to the website, which then evaluates it as a relevant response and relays the outcome to the merchant and cardholder. Finally, the merchant then fulfills the customers order, then after a batch the acquiring bank receives the funds, and deposits them into the merchants bank account.

Payment gateways can be stand-alone systems designed for integration with other 3^rd party systems, or they can be bundled with their own shopping carts and virtual terminals. It’s worth noting that most merchants will not need to install additional software on their own servers to run a basic payment gateway. Some payment gateway providers are simple to implement, but do not offer much customization. Others are more complex but can be customized to your needs.

Host Merchant Services offers a variety of E-commerce solutions to fit your business, including Transaction Central, our own cutting edge in house payment gateway. HMS is able to interface with most of the major Payment Gateways out there, including Authorize.net. We also offer unparalleled protection for all of our merchants in the form of our PCI Compliance Initiative.

Tag Archives: PCI Compliance

About PCI Compliance Fees

Industry Terms: E-Commerce [2023 Update]

E-Commerce

Barnes & Noble Data Breach [2023 Update]

Host Merchant Services and Certified Hosting Announce Partnership

HMS Versus Square: Part 3

Don’t be a ______

Conclusion

HMS Versus Square: Part 2

The Pricing Plan

Payment of Your Funds

PCI Guidelines for Mobile Apps

The Future of PCI and Data Security

Industry Terms: Payment Gateway

Payment Gateway

Get Your FREE Merchant Services Account Review and Quote!

Feel free to Call Us @ 877-517-HOST (4678) to talk to our payments expert or fill out our form below and our team will be in touch shortly.

Get Started Now

Or Call us!

877-517-HOST (4678)