The Trust experts share their insights on a variety of topics.

New website launches!

TrustCommerce Blog

Secure Payment Acceptance in a Dynamic Environment Oct. 11, 2011 (2) Like 
Share

Life was simpler way back when. Some of you may remember when televisions only had three channels. A pencil or typewriter was your primary means of written communication. When you made a purchase or paid a bill, you mailed a check or paid cash at the register. Choices were limited, but simplicity appeared to make everything a little more manageable.

Innovations have lead to more choices and greater convenience—especially in our payments world. Think of all the ways consumers pay today: cash, check, credit cards, ACH/e-check, debit cards, gift cards, etc. Merchants also have a multitude of ways to accept payments: POS, online, automated recurring billing, SMS, mail order/telephone order, kiosks, integrated voice recognition (IVR), mobile devices—you name it.

Staying on Top

To remain competitive, merchants must support the traditional methods of payment, while moving forward and accommodating early adopters of the latest technology. However, the breadth of payment acceptance options can seem like an opening for greater risk and exposure. How does a merchant make sure all of the payment data entry points are secure? How do you integrate with existing systems for ease of reporting and reconciliation? Here's how:

1. When choosing a payment acceptance solution, look for a partner who is PCI compliant. Next, find a solution that reduces your compliance burden. Merchants who do not store, process or transmit Account Data (Cardholder Data and Sensitive Authentication Data), as defined by the PCI DSS, can dramatically reduce the cost of compliance and the risk associated with accepting payments. TC SMART products accomplish that goal and provide a clear path for compliance, data security, and fraud reduction.

2. Don't get caught up in all the features and benefits and lose sight of the big question: Will this integrate with my existing systems and solutions and allow me to grow? TrustCommerce's secure API, TCLink, allows merchants to integrate multiple transaction entry points and is open source. This gives merchants more control and flexibility.

A comprehensive payment acceptance solution provider can make it easier to embrace change. The convenience that comes with offering choice makes it worthwhile.

Posted By: Categories: Products Comments: 0
Tags: Payment Solutions, PCI Compliance, TC SMART Product
New TrustCommerce Developer's Guide Available Sep. 22, 2011 (1) Like 
Share

Some things are worth the wait! We are happy to post that the latest and greatest TrustCommerce Developer's Guide 4.0 is now available for download within the TC Vault in PDF format. This new version comes with many improvements and several new chapters and sections. This document began as a revision to the existing TCLink Developer's Guide, but evolved into a more comprehensive TrustCommerce Developer's Guide.

As a replacement to the TCLink Developer's Guide, the new TrustCommerce Developer's Guide:

  • Begins with the TCLink API as the fundamental interface for TrustCommerce payment processing
  • Builds on that base to cover basic and advanced transaction processing
  • Ties in additional TrustCommerce services, such as TC Citadel and TC CrediGuard
  • Includes alternative processing interfaces, such as TC Batch, HTTPS/POST and TC Trustee Merchant Host.

We hope you find this to be a valuable resource. To submit feedback or make requests for future versions, click here.

Posted By: Categories: Products Comments: 0
Tags: Payment processing, PCI Compliance, security, TrustCommerce news
PCI Compliance for Small Merchants Sep. 19, 2011 (2) Like 
Share

Small businesses are the heart and soul of the U.S. economy. From local mom and pop shops to innovative web start ups, we rely on these merchants daily for goods and services. In the payments world, small businesses are referred to as Level 4 merchants, those processing less than 20,000 e-commerce transactions annually and up to 1 million transactions annually. There are more than 6 million Level 4 merchants in the U.S.
PCI compliance is a vital component of merchants overall, ongoing security program. However, Level 4 merchants have not always been well educated or encouraged by their acquiring bank to become compliant.

If your business transmits cardholder data, you must also be PCI compliant. The Payment Card Industry Data Security Standard (PCI DSS) is a security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This definition may sound intimidating, but the overall goal is to help organizations proactively protect customer account data.

All merchants must be PCI DSS compliant
Regardless of how small your business is, you must be compliant. PCI DSS compliance is required of all entities that store, process, or transmit cardholder data, including financial institutions, merchants and service providers. Cardholder data is any personally identifiable information associated with a cardholder, such as an account number, expiration date, name, address, social security number, etc.
Although PCI DSS is not a law, failure to meet compliance standards can result in fines from credit card companies and banks, brand and reputation damage, and even the loss of the ability to process credit cards.

What are risks of accepting card holder data?
Small businesses and home-based businesses are vulnerable to hackers simply because they are usually not well protected. Home-based businesses account for 53 percent of all small businesses. Intruders see these businesses as easy targets and exploit their broadband connections, which are always on, and programs such as online games and file-sharing applications. Other typical ways merchant environments are breached include: SQL injection attacks, malicious code attacks, insecure remote access, or insecure wireless.

Sensitive cardholder data can be stolen from many places:

  • Compromised card reader
  • Paper documents stored onsite
  • Data in a payment system database
  • Hidden camera recording entry of PIN or other authenticating data

What are the costs?
Oftentimes it takes numbers, and fear of loss, to push merchants to take the compliance leap. Merchants can expect to pay approximately $50,000 for PCI compliance violations. In addition, the bank will also most likely terminate your relationship or charge higher transaction fees. These penalties can be hard to overcome.

In addition, if cardholder data becomes exposed, be aware that more than 38 states have laws requiring data breach notifications to the affected parties resulting in incalculable losses to brand, reputation and customer base. Refer to www.privacyrights.org for detail on state laws.

Summary
PCI compliance is a must. Take advantage of the resources and reputable partners that can make the process more efficient. By creating a safe environment for processing your customer’s transactions, you will keep them coming back and ensure your business thrives. 

To learn more, read TrustCommerce's whitepaper on PCI Compliance for Small Merchants.

Posted By: Categories: security Comments: 0
Tags: Payment processing, PCI Compliance, security, TC SMART Product
Secure Payment Solutions that Come with a Guide Sep. 6, 2011 (1) Like 
Share

On my morning commute, lost in thought, I drove right past the office. Snapping out of it, I realized what I’d done, took a right turn and began my detour back to the office.  Having never gone this route, I saw buildings and roads I’d never seen before, discovering better paths for future trips.

Seeing things in a new light makes me think about the TrustCommerce professional services team. What I love about our team is how they look at a project from every angle – upside down, backwards, and sideways before arriving at a clear plan for reaching an objective. Our team has lead projects and implementations for leading organizations in key vertical markets and apply that unique knowledge to every project.

Merchants come to our team with an action plan, and 9 times out of 10, TrustCommerce project managers find a clearer path to the merchant’s ultimate destination. They help the merchant better understand their objectives and the payment environment, thereby, streamlining the project and providing a cost-effective solution.

The team’s 4-phase methodology may be standard; the team is anything but.
Phase I: Concept – Technical Design and Discovery
Phase II: Development – Development, error handling
Phase III: Integration & Acceptance Testing – Testing and UAT
Phase IV: Production & Maintenance – Production Validation, confirmation

It never hurts to explore your surroundings, see things in a new light, and let that new awareness lead to better direction. Our project management team applies this lesson daily!

Posted By: Categories: Products Comments: 0
Tags: credit card payment acceptance, payment integration, professional services, secure payment solutions
Weighing in on Mobile Payments Aug. 29, 2011 (1) Like 
Share

I am an information junkie. I sign up for a multitude of e-newsletters. I set up Google Alerts for topics that are important to me, watch Twitter trends and follow thought leaders on social media. Each morning, I sift through the information to find the day’s gold nugget. Here’s what I learned from my inbox this morning:

  • 57% of U.S retailers are preparing or already have a mobile commerce strategy.*
  • Mobile commerce will generate $6 billion in sales this year and is expected to double in 2012.
  • “Life is luck, make it.” --Mother Teresa

Mobile commerce is here to stay. As you develop your strategy, I offer food for thought:

1. Consider how you sell: B2B, B2C, B2G. Evaluate how consumers use mobile technologies in your environment.

  • Customers want to use mobile payments at a physical store
  • Your business is on the go: conventions, catering, services, healthcare, etc.
  • Contactless payments for transportation
  • Businesses or government want to pay accessing an electronic check/ACH account

2. Look at who the key players are:

  • American Express is partnering with Foursquare and Facebook with a focus on large and small merchants.
  • MasterCard and Google are banking on the Google wallet and NFC
  • Visa has invested in Square and is committed to NFC and the digital wallet.

3. Focus on payment security.

  • From swipe, transmission, to storage—if you aren’t confident your customers’ data is secure, omit that solution from your strategy.

The fragmentation of the mobile payments industry can be overwhelming. Keeping track of all the acronyms, start ups, new terms and technologies is a challenge, but one thing is certain—you make your own luck. Don’t leave business on the table. Develop a mobile payments strategy, be willing to adapt, and enjoy your well-earned luck.

*Internet Retailer e-newsletter

Posted By: Categories: Products Comments: 0
Tags: Digital Wallet, e-tailer, Mobile Commerce, Mobile Payments, Mobile Wallet, Payment Security, Secure Payments
Top Tips for Online Payment Fraud Reduction Aug. 22, 2011 (1) Like 
Share

Sure, it’s only August, but if you are an e-tailer, you are already thinking about the holiday season. Here are 5 top payment processing tips to reduce fraud and prevent chargebacks. Make the most of the holiday rush by being prepared!

1. Manually verify the order — While it sounds time consuming, sometimes your best bet is a little human interaction. If in doubt:

  • Call or email the customer to make sure the order is legitimate.
  • Reverse look up the phone number and check that the phone number matches the ZIP code area. Mismatched phone numbers and ZIP codes typically create higher fraud rates.
  • Look for different bill-to and ship-to addresses.
  • A foreign credit card shipping locally often is a warning sign for fraud.
  • Shipping to a temporary address, such as hotel or PO Box can be an indicator. A quick phone call can prevent a chargeback.

2. Check IP — If your system can check where IP address are from, you will be able to identify anomalies such as a billing/shipping address in one country, and the IP address locator indicating the IP address used was from another country. This can trigger the merchant to evaluate the purchase and take anti-fraud measures.

3. AVS Match — Using AVS is a must. Merchants can set up AVS to accept or reject orders based on certain criteria. Your system should allow customers to enter both billing and shipping addresses. It is critical that the billing address matches the customer’s credit card information. If it doesn't match, the credit card company will automatically side with the customer in a chargeback. Enable your AVS to reject orders that don't match the billing address and ZIP code.

4. CVV2 Match — It is against Visa/MasterCard regulations to store the CVV2 number. By verifying it, it helps assure that the person placing an order physically had possession of the credit card that was used.

5. Create a block list — Many payment processing solutions allow you to create a “block” list. For example, you may block countries or IP addresses that are typical sources of online fraud. You might hesitate to block a large segment of perceived potential customers, but smart choices can reduce fraud. Consider your industry, customer base, buying behavior, and other unique business characteristics when creating your block list.

TC CrediGuard
U.S. merchants incurred losses of over $150 billion resulting from stolen merchandise; identify theft, and lost interest and fees associated with chargebacks, according to a LexisNexis Risk Solutions report.
TC CrediGuard can be merchant’s fraud protection partner. It is sophisticated fraud detection and scoring software featuring a Web-based management console. Monitor 24x7 by activating different checks to aid in fraud prevention specific to your unique environment and industry.

Velocity Controls allow the merchant to determine when an account behavior is excessive or abnormal. Options include:

  • Global: restricts the total number or dollar value of transactions
  • ZIP code: restricts the total number or dollar value of transactions submitted from a certain ZIP code
  • IP Address: restricts the total number or dollar value of transactions submitted from any one IP
  • Credit Card: restricts the total number or dollar value of transactions submitted from any one credit card

Merchants can create a Black List rule to indicate the value to be blocked. Transactions that match a Black List rule are not processed and are reported as Declined/Blacklist.

  • Name    
  • Address
  • State    
  • ZIP code
  • Phone   
  • Country
  • Email  
  • IP address
  • Full credit card number

Use TC CrediGuard in conjunction with AVS and CVV checking for powerful results. To learn more, call 800.915.1680 and speak with a solutions consultant.

Posted By: Categories: Fraud reduction Comments: 0
Tags: e-tailer, Fraud reduction, Payment Solutions, TC CrediGuard
Prevent POS Fraud with Secure Devices Jun. 7, 2011 (1) Like 
Share

On May 13, 2011 news broke of Michaels arts-and-crafts stores falling victim to debit-card data theft. 

      "Thieves tampered with the retailer's debit-card processing equipment at about 80 stores from Massachusetts to Washington, according to the chain's corporate parent, Michaels Stores Inc.

      The thefts apparently involved the use of electronic devices called skimmers that allowed crooks to record information from shoppers' debit cards and steal their personal identification numbers, or PINs.1"

News outlets understandably identify the cardholders as victims in this type of attack, but retailers suffer, too. Damage to the brand, consumer confidence, and the cost of device replacement are all side effects that are to be dealt with.

     "The company said it is working with federal and state law-enforcement authorities, and is replacing all of its 7,200 card-processing terminals as a precaution. The U.S. Secret Service, which investigates financial fraud, said that it is investigating the Michaels incident.2"

Michaels is not alone in being forced to respond to attacks of customer card data. As long as there is a point of sale device and an Internet connection everyone is at risk. We live in the information age where how-to-hack[ing] guides are only keystrokes away. Thieves stealing sensitive data can range from the casual passers-by to the highly sophisticated computer whiz.

Implement an Anti-Skimming Plan
Staying secure for a retailer may seem like an uphill battle, and it is. The Michael’s theft, however, is one that could have been avoided. Replacing a piece of hardware in a merchant environment is a battle that can be won with anti-skimming planning. At TrustCommerce, we take the security of sensitive customer data and the integrity of our merchants seriously. That is why every device that TrustCommerce resells is able to avoid the type of attack that Michael’s experienced.

If a TrustCommerce merchant is unaware of devices being swapped out for “skimmers,” they are protected. With our integrated software solution, payment processing is not possible without the TrustCommerce key-injected point-of-sale (POS) device. Thieves won’t be able to capture payment data on their non-injected POS device.

At TrustCommerce we partner only with device vendors that are industry leaders when it comes to offering encrypted devices that allow us to capture and transfer data securely. A TrustCommerce device purchase offers value to any merchant looking for an integrated security solution. Not only are the devices we’ve selected secure, but the TrustCommerce security software offers invaluable features including the ability to track transactions with our advanced reporting, transfer responsibility of storing credit card data, restrict user access levels in complex environments, and much more. With our dedicated staff and vast industry-specific security knowledge, we continue to make credit and debit card processing an option both consumers and merchants can Trust.

--N. Medellin, Product Manager

1 http://finance.yahoo.com/banking-budgeting/article/112735/thieves-debit-card-data-michaels-wsj
2 http://finance.yahoo.com/banking-budgeting/article/112735/thieves-debit-card-data-michaels-wsj

Posted By: Categories: Products Comments: 0
Tags: Encryption, POS Devices, TC POS Vault, TC SMART Product, Tokenization
A Merchant’s Best Friend: E2EE & Tokenization Jan. 20, 2011 (0) Like 
Share

It’s the start of a New Year and, naturally, businesses begin prioritizing projects.  “What can we accomplish this year? What projects can we take on that will deliver the most bang for the buck.” Each division jockeys for position and vies for scarce time and resources.

The single most important business decision merchants can make this year centers on data security. All the hard work your teams put in every day is rendered useless in the event of a data breach. Progress stops and all attention shifts toward survival.

How are you securing your data? Better yet, where is it?
When evaluating whether you are confident in your data security strategy, begin by looking at where your data resides. Start scratching the surface and you might find private cardholder information in unusual places, such as marketing and even human resources. Merchants can greatly reduce exposure and expenses by eliminating the data from their environment and rely on a third-party vendor to secure the information. This becomes a strong foundation for protecting their brand and reputation.

TC SMART Products® encrypt, secure, and warehouse your cardholder data using E2EE and tokenization.
Tokenization replaces sensitive cardholder information with unique identification symbols that retain the necessary information in a meaningless format to hackers. In a payment card transaction, a token typically consists of alphanumeric characters that represent cardholder data specific to the transaction in progress and contains only the last four digits of the card number. When an authorization request is made to verify the transaction, the card number is used only in the initial request. The token is returned to the requester instead of the card number along with approval or rejection of the transaction. The merchant can access the token for recurring payments but the credit-card number is stored in TrustCommerce’s PCI compliant data storage service.

In support of tokenization, Visa has released a paper discussing best practice recommendations. You may read the full document here: http://usa.visa.com/download/merchants/tokenization_best_practices.pdf

End-to-end Encryption refers to a complete protection of data that flows between two points in a network, in which the data is encrypted when it leaves its source, leaving it encrypted while it passes through any intermediate computers (such as routers), and decrypting only when the data arrives at the intended destination.

In a recent Aite Group report, “Card Fraud in the United States: The Case for Encryption,” they determined end to end encryption would have the greatest impact on reducing fraud. “We estimate that a national E2EE deployment would cut 90% of card-not-present and counterfeit cards in the United States.”

As the pioneer of these technologies since 2001, TrustCommerce payment processing solutions are proud to have led the way in innovation by leveraging tokenization and E2EE.  TrustCommerce created the security needed for the industry, before most addressed such concerns. This powerful combination, in conjunction with other secure technologies, allows merchants to defer much of the cost, risk, and threat, involved in handling sensitive cardholder information. Our leading solutions include:

TC POS Vault uses industry proven key injection management and encryption technologies to quickly and safely process transactions from the customer swipe. This solution also mitigates card-not-present browser cache vulnerabilities.

TC Citadel is a powerful e-billing application designed for recurring, installment, subscription and utility payments. TC Citadel securely stores cardholder payment information and privacy data within the TrustCommerce data storage service. Merchants exchange credit card numbers and other privacy data elements for TrustCommerce issued Billing IDs.

Affordable and easy to integrate secure solutions
You may perceive that implementing a data security solution is expensive and as resource intensive as maintaining PCI compliance. Fortunately, making a large stride toward stronger data security can be done rather easily (and lessen your PCI compliance burden). TrustCommerce payment processing solutions leverage these powerful technologies and can be implemented quickly. The TrustCommerce professional services team can also develop custom integrations for merchants with unique environments or needs.

So, as you tackle your business’s “To-Do” list this year, place data security at the top. Then, feel that sense of accomplishment when you can quickly mark it complete.


Posted By: Categories: Products Comments: 0
Tags: Payment processing, PCI Compliance, security, TC SMART Product
Get to Know the TC Payment Portal® Dec. 7, 2010 (1) Like 
Share

We love the TC Payment Portal® and so do our customers. It is a versatile product that makes it easy, affordable and convenient for merchants of any size to offer online payment options to their customers. Allowing integration support for customer bill presentment, users can securely log into a website and have immediate access to their account information.

What makes the solution ideal is that it puts the power in the hands of the customer. From a single login, customers can initiate real time payments or setup a recurring payment cycle using credit cards, online debit cards, and ACH for all of their enrolled accounts. Reporting is available so merchants can view payment history and proactively manage their account(s).  The TC Payment Portal® also removes the financial data from you environment, making PCI compliance easy! 

By empowering customers, Merchant’s benefit in many ways:
• Allows customers to pay directly to the business 24 hrs a day
• Reduces costs associated with live customer service/Bill Pay
• Allows merchants to send customers notifications, auto-confirmation of payment emails, and more.
• Lets merchants batch upload payment amounts due and updates to customer’s user accounts
• And more


Posted By: Categories: Products Comments: 0
Tags: Payment processing, PCI Compliance, TC SMART Product
Non-Profit's Unique Payment Processing Needs Nov. 4, 2010 (0) Like 
Share

At the NACHA Mega Meeting, September 29-30, we listened to an esteemed trio of panelists, American Red Cross, Faith Direct, and Star of Hope; discuss payments and the non-profit sector. During an economic period where overall charitable contributions are down, payment simplification is paramount for non-profits.  Americans gave more than $307 billion in charitable donations despite the economic conditions in 2009. However, total giving, when adjusted for inflation, was down 3.6 percent. This was the steepest decline since the Giving USA annual reports began in 1956.

As a payment partner for many non-profits, we care about the challenges they face in the payment industry. What matters most to them? Let’s take a look.

•    Simplified payment processing that doesn’t create a barrier to donation - Although there are several options for online payment processing, some third-party choices require an extra step. Signing up for an account before being allowed to make a payment can turn away e-givers. Another concern is that when a third-party payment vendor’s name appears on the donor’s credit card statement, it causes donor confusion. In many cases, if the non-profit’s name doesn’t appear on the credit card statement, the donor may dispute the charge and request a reversal. Charitable organizations that set up their own merchant account can experience greater payment success through easy identification. It is also imperative that non-profits have the ability to accept all forms of payment—cash, credit cards, debit cards, electronic check and more. Just like any merchant, you don’t want to turn someone away because their payment type wasn’t supported.

•    Automated recurring donations – Many e-givers make charitable donations on a regular basis. Automating the process by using a payment solution that offers recurring billing generates predictable cash flow, reduces administration time and cost, and presents a green solution.

•    Trust & security – The market for charitable donations is competitive. Building a trusted relationship with donors keeps them coming back. To build that trust, donors must have a smooth transaction process and must feel confident that their account information is secure.

•    Customization & easy integration – Charitable organizations don’t always have a technical team on staff. Easy to use solutions that integrate into existing systems are a great cost-savings to non-profits.

TrustCommerce has been meeting the needs of charitable organizations for more than a decade with our secure TC SMART products. These solutions remove, secure, and protect sensitive cardholder data as well as allow for automated recurring payments. 83 percent of all philanthropic dollars are contributed by individuals and bequests. Make it easy for individuals to give by utilizing a comprehensive payment processor.

Posted By: Categories: Products Comments: 0
Tags: non-profit sector, Payment processing, security

Connect