Due to law and regulation blocking such surcharging in the US, European carriers see chinks in the armor of US legislation and card association regulation that permits surcharging, i.e. governmental convenience fees for one.

 The article also asks if debit is the answer leaving the question unanswered.

 The move by the European airlines does not bode well of US consumers.  Neither debit nor ACH offer the protections of credit card particularly when an airline goes out of business as many have done with more to do so.

 The BTN article also noted in a tip of the hat to Durbin that the airline surcharges average 1% over the cost to the airline of card processing fees by the various cards.

 It is doubtful that the card associations or government intervention can stem the surcharge tide for long in this country. 

 Somewhat aside, Greyhound and Trailways bus lines begin to look better every day if they would improve terminals, getting them out of what are now ghettos, use a hub and spoke concept within cities to feed long haul routes as well as offer accommodations on overnight routes.

Please take a moment to review the two notices.  They outline important MasterCard and Visa rules changes and card acceptance practices relative to settlements that the U.S. Department of Justice entered into with Visa and MasterCard.  Both Visa and MasterCard have instructed processors to send each merchant in the U.S. and its territories written notification of the rules.

Merchants may now offer free or discounted product or service in addition to rebates in promoting the use of a particular brand type.

Visa Notice

MasterCard Notice

At CardWare, we are working with other equipment resellers to assess the problem with real numbers. More to come later.

Mike Firestone

mikefirestone@13-inc.com

What happened to the Citibank hack?

 Unlike other hacks, the hack of the US division of Citibank, the world’s largest card issuer, has essentially disappeared from mention as if it never happened.

 So what’s going on? Remaining are deep and wide-ranging unanswered questions, including was Citibank PCI compliant?  Was compliance self audited or an external auditor and if so by which firm?

 Then how will MasterCard and Visa treat one of their own as they meter out punishment and fines compared to main street merchants?  How will the US government, states attorney generals and the various banking regulators react to a major bank being hacked?

 When an event of this magnitude is possibly made to vanish from any mention in the industry press, something is amiss,

 The main street merchant wants to know and deserve to know?

 As the event unfolds, merchants should be up in arms if there is not relative equity in the retribution against Citibank by all the stakeholders.  For the PCI DSS council, in my opinion, the chickens have come home to roost on the validity of PCI if Citibank was compliant.  But then the Council’s stand is always; if there was a successful hack then the hacked could not have been compliant .To that I can only respond . . . . . BULL! 

 For several years I have shared that businesses, banks and merchants alike, are resource constrained by money, time, knowledge and expertise. Hackers on the other hand have none of those constraints.  So when the world’s largest issuers of credit cards with all its resources is unable to thwart a hacker, how can a main street business owners expect their comparatively meager resources to effectively protect cardholder data?

 In my view, the industry, particularly in the US, takes a wrong view of data security.  US resources should be focused on the apprehension anywhere in the world then severe punishment of the perpetrators. The punishment should be so heinous as to cause only the most suicidal hacker to continue their effort.

 A childish dialogue?  No!  It is a very important dialogue that needs to occur.

 Technology meant to increase the security of card initiated transactions and protect card holder data, chip and pin,  has been compromised. 

 I’m not sure what success anyone hopes to have using off the shelf technology.  As the late John Candy would scream, WAKE UP DUMMY!  The technology of chip and pin functionality is available in any library or via the Internet, ooooops, hence how to easily overcome chip and pin’s supposed security is readily available.

 Watch this video then judge for yourself whether or not you feel chip and pin are secure.

 http://www.wreg.com/videobeta/?watchId=8ba6f8fc-90a2-4711-90ea-1884ec348310

 While this method is about as productive as dumpster diving for carbons, the data gathered is in an importable and usable format.   Irrespective, the consumer has unknowingly had their card data compromised or pocket picked.

 One storey was the unauthorized, albeit fake, repair technicians swapping out a companies PED for ones with skimmers.  The “technicians” returned later to retrieve their PEDs with stored mag stripe data along with pin numbers, returning the original PEDs.

 About eight years ago CardWare provided a solution for the theft of a dozen terminals.  Thieves stole terminals fro dozen different locations of a particular franchisee of national fast food chain.  They left behind cash registers with money in them, taking only the terminals. 

 The thieves put credits thru the terminals, loading gift cards that they distributed across the world.  After about $180,000 in losses by the franchisee, the processor shut down the terminal ID and MIDs. Not to be out done, the criminals reprogrammed the terminals with new TIDs and MIDs in the BIN of the franchisee.  So another$120,000 later the processor asked CardWare to swap out 90 terminals with an entirely new BIN for the franchisee.

 The Prepaid Press article contains excellent advice for the physical security of the POS hardware.  I strongly advise that you read it on line.

 CardWare International working with Engineered Network Services, www.ens-co.com provides a complete range of lock down mechanisms designed for specific POS devices.

 Physical security is but one a requirement of PCI.  You’ve locked down your system and its data.  Now lock down your hardware.

 Call 800-284-1313 and ask for Brad or Biff to explore increased security for your POS hardware.

Thirty years ago a now retired bankcard manager who became a close friend shared, “the only constant in bankcard today is change”. Entering the new year of 2011 his statement is ever more factual.

Like a breeze across a Kansas wheat field, today’s difficulty is the constant ebb and flow and instability with legislators, rule making bodies and even the card associations themselves and every aspect of our economy.

How does one manage and grow a business during extreme uncertainty?

Contingency planning is the answer.

Even in uncertainty, there is a degree of certainty; the economy is not gong to improve any time soon. Business like life is about cause and effect, action versus reaction, decisions and the consequences of those decisions.

Assemble your key managers and staff, particularly line people and sales people that demonstrate vision and strategic thinking. Then play out various what if scenarios. Have everyone interject his or her own scenarios, the direr, the better.

By the mere fact that you have undertaken this exercise, whether or not notes are taken or documented plans result, your company and its people are better prepared than 95% of your competitors. You, your company and your people with act appropriately versus react inappropriately when uncertainties become certainties.

Another colleague shared a business philosophy that I embrace and have endeavored to instill in every person at CardWare. He said, “Always make a decision, take positive action, for no decision is a decision of the worst kind. Do the right thing that is best for the customer with the least damage to your company and its partners”.

I am amazed and constantly disappointed by individuals I meet who are charged with making decisions, have the responsibility with commensurate authority, and yet unable and unwilling to fulfill the responsibilities by saying yes or for that matter, no.

In 2011 assess the various uncertainties and their outcomes so that you are prepared to make decisions with positive action and outcomes when the uncertainty becomes a certainty. Say yes. Say no. Saying let me think it over or some variation is no decision . . . of the worst kind.

The issue as I see it is the printed versus embossed PAN, cardholder name and expiration date.

Visa in typical shortsightedness is again sticking it to the acquiring industry, the merchant.

Quoting Visa’s announcement, “Because Vertical cards are not embossed, manual imprinting – as with the old-style “zip-zap” imprinters – is not possible. Businesses without electronic terminals, or those who cannot swipe the card, should ask the cardholder for another form of payment.”

“Visa warns that card-present businesses that key-enter a transaction or do not swipe the

Vertical cards or any un-embossed card do so at their own risk. Should the transaction be disputed by the cardholder or issuer, the business risks receiving a chargeback.”

Reintroduction of the initally flawed electron card albeit in vertical format doesn’t alter why it failed the first time.  Namely there were too few electronic merchants teamed with too much risk by a merchant accepting an un-embossed card.

While 92% by some estimates of merchant process electronically, 8% or almost half a million merchants are still paper based.  Electronic processing is just not possible in many business environments, period. Additionally, system failures by the card associations and processors along with communication and equipment failures exacerbate the problem

 Unchanged is the risk factor to all businesses.  In my assessment the risk today is far greater given current, off the shelf printing capabilities.

My advice to any merchant, electronic or otherwise, presented with an un-embossed card, DO NOT ACCEPT IT!  As Visa noted, “request another form of payment.”, the embossed card of a competitor.

In typical Visa style it speaks from both sides of its mouth.  One side push acceptance at a greater number of increasingly diverse businesses.  Another side says don’t accept this new card of ours or ask for our competitor’s card.

Reintroduction of the electron card is not the brightest move in the card issuing one-upmanship chess game.

The printed, vertical card is yet another glaring example of card association rules not keeping pace with technology and the industry.

Visa’s CEO needs to get its house in order since marketing without substance is a house built on sand plus it distributes far too much contradictory communication.

I predict Visa’s vertical, un-embossed Visa card issued by First National Bank of Omaha will be a quick failure.

FREE Savings Analysis! 

If CardWare cannot save you money on merchant services and supplies you will receive a $50.00 Prepaid Gift Card.

Email bradmccoy@13-inc.com or Call 740-522-2150 Ext 220 for an appointment today!

Corporate Accounts only.  Offer valid through February, 28th 2011.

The use of the term “merchant services” has created some undue concern that CardWare is an ISO and as such is competing with its customers. 

CardWare is not nor does it have any desire to sell processing services, an ISO’s primary role. For one we believe it to be unethical to compete against our clients, contrary to the approach of some of our competitors.

The term “merchant services” in our world is programming, encryption, kitting, deployment, training, supply replenishment and on-going support along with project management and a plethora of other functions.

What would you call what it is that CardWare does? I am frankly open, welcome and encourage your suggestions for another term that defines what CardWare does yet differentiates that from processing sales, what an ISO does. 

Share your thoughts or suggestions with me at biff@13-inc.com with Merchant Services in the subject line. 

If we use it you might find something nice from us under your Christmas tree.