| FEATURED ARTICLE |
| The Dangers of Using Outdated Terminals |
| Criminals are always looking for the weakest link in the payment chain in order to obtain the greatest amount of information with the least amount of cost and energy. The weakest link is an outdated terminal. |
 Criminals are increasingly targeting older, unsecure PIN pads and terminals as a relatively easy means to gain access to cardholder data. While the large company’s make the headlines, 90% of breaches actually occur in small businesses. Almost half of data compromises are due to outdated versions of Point of Sale systems. |
| Initially created by the major card brands (Visa, MasterCard, Discover, American Express , JCB ) the Payment Card Industry standards are now governed by an industry association called the PCI Security Standards Council. The council maintains three key standards that mandate the use of credit and debit card account data: |
| • |
PCI PED (PIN Entry Device) governs any payment terminal or device that includes a PIN entry device by which a consumer can key in his or her PIN (Personal Identification Number) that verifies to the electronic payment network that he or she is authorizing a transaction against their checking account. Payment terminal suppliers may no longer sell devices for PIN usage that are not PCI PED approved. Pre-Visa PED systems will have to be removed from service in 2010. Prior to 2004, PEDs were governed by minimal standards. Validation of software requirements and tamper prevention and detection were left to individual manufacturers. Browse a list of approved PIN devices please. |
| • |
PCI DSS (Data Security Standard) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It mandates such things as use of firewalls and antivirus software, the encryption of card data over public networks, protecting stored card account information, restricting physical access to card data and monitoring access to card data, as well as other requirements. For more information visit PCI DSS. |
| • |
PA-DSS (Payment Application Data Security Standard) is the newest standard from the council and is based on Visa’s earlier Payment Application Best Practices. PA-DSS provides guidelines to software vendors and others on developing secure payment applications that do not store prohibited data, such as full magnetic stripe, other sensitive authentication data or PIN data, and support compliance with the PCI DSS. |
|
| The cost of correcting a data breach after it happens is far greater than if merchants readily follow Payment Card Industry Data Security Standards (PCI DSS) and Payment Application Best Practices (PABP). Studies have found that sixty percent of customers do not typically return to a merchant where they have their card information stolen from, and a typical forensic research project costs around $10,000. |
| If you have questions on whether or not your terminal or pin pad is out of date or if you are interested in upgrading your terminal please contact NTC Texas www.ntctexas.com or 877-877-6511 |
| PRODUCT SPOTLIGHT |
| CHARGE Anywhere® for QuickBooks with Bill Presentment |
 Put the power of processing credit and debit payments in your hands. Save time and money by eliminating double data entry. The credit card transactions are automatically applied and posted into QuickBooks. With CHARGE Anywhere® for QuickBooks you can Process payments directly from invoices, process multiple invoices, automatically apply payments, import transactions processed via POS terminals, process returns and voids and process PIN Debit transactions with optional PIN Pads. Using the Bill Presentment module, merchants can now email invoices directly to customers with a linked page where the customer can pay their invoice. The system automatically posts the payment directly into the QuickBooks ledger. Please contact NTC Texas at 877-877-6511 if you are interested in CHARGE Anywhere® for QuickBooks. |
| TECH TIP |
| Convenience Fees – What Are They & How Do They Apply to You? |
| A convenience fee is a charge for a true "convenience" in the form of an alternative payment outside the merchant's customary payment channels. The fee must be imposed on all like transactions regardless of the form of payment used. |
| Both MasterCard and Visa do allow for convenience fees but both have strict policies; however, Visa’s convenience fee rules are generally more restrictive than those of MasterCard. |
| Below are a few of the guidelines associated with Convenience Fees: |
| • |
A convenience fee cannot be assessed in a face-to-face merchant environment. |
| • |
A convenience fee cannot be assessed for recurring payments. |
| • |
The merchant must provide a true "convenience" in the form of an alternative payment channel outside the merchant's customary payment channels. |
| • |
The fee must be disclosed by the merchant to the cardholder as a charge for the alternative payment channel that is provided. |
| • |
The convenience fee must be disclosed prior to the completion of the transaction with the cardholder being given the opportunity to cancel if not wanting to pay the fee. |
| • |
If a convenience fee is assessed it must be for all payments (Visa, MC, Discover, AMEX, ACH, Check) within a particular payment channel (mail, phone, internet). |
| • |
The MasterCard convenience fee can be tiered, % based, or a flat fee. Visa permits only a fixed or flat fee regardless of the amount of the transaction. A merchant who accepts Visa and MasterCard is restricted to a flat convenience fee. |
|
|
| DID YOU KNOW? |
 Effective July 1, 2010 merchants are not permitted to hand key in the card number of an unembossed card. Unembossed cards must be processed through a terminal. The merchant must call and obtain a voice authorization from the card issuer if the unembossed card cannot be read by a terminal or if a terminal is not available. Transactions without issuer authorization may be subject to a chargeback. |
| TRENDS |
 In 2005 Trustwave formed Spiderlabs, an advanced security team within the company focused on forensics, ethical hacking and application security testing. The results of what they found are interesting. |
| POS systems are most frequently breached because they are the easiest target. |
| Last year there was a rise in ATM breaches. ATM’s were inserted with skimming devices and hidden cameras used to capture magnetic stripe data. |
| Of the breaches investigated in 2009 Spiderlabs found that certain markets are most vulnerable; 38% hospitality, 14.2% retail, 13% food & beverage and 11% of breaches last year were E-commerce solutions. |
| Read more about what you can do if your business is compromised. |
| PAYMENTCARE.COM |
| Interested in our Healthcare Payment product? Click here for more information. |
| ABOUT NTC TEXAS |
| An Elavon Payment Partner, NTC Texas enables your business with all the transactional capabilities of the processing network rated #1 by MasterCard for reliability and availability. Whatever size your business is now, together, we can make it grow. |
| • |
Healthcare Providers |
| • |
Retailers |
| • |
Veterinarians |
| • |
Web Developers |
| • |
eCommerce/eBusiness |
| • |
Legal |
| • |
Assisted Living & Nursing Homes |
| • |
Day Care Centers |
| • |
Salons/Spas |
| • |
Restaurants |
| • |
Entertainment |
| • |
Travel & Lodging |
| • |
Not -for-profit |
| • |
Business-to-Business |
| • |
Government & Utility |
|
 |
| CONTACT US |
| NTC Texas |
| 106 Decker Court Suite 260 |
| Las Colinas, Texas 75062 |
| Email: Info@NTC Texas.com |
| Web: www.ntctexas.com |
| Tel: 972.406.8111 |
| Toll Free: 877.877.6511 |
| Fax: 972.406.8611 |
|