Blog

Suspect Fraud? How and When to Make a Code 10 Authorization Request

It’s another busy Saturday at Barney’s Barbershop. Matt’s scurries to the front desk to ring up Joelle’s last customer. Suddenly, a “Lost / Stolen Card” error message flashes on the terminal. Matt’s heart begins racing. His palms now sweaty. What is he to do?

Though we’ve made significant strides to curb fraudulent activity with new payment technologies like EMV, fraud can, and still does, happen.

The good news is that there are proactive steps you and your staff can take to minimize your risk and effectively manage these situations.  

So, what should Matt do?

If you or a staff member suspect fraud, like Matt, a Code 10 call should be made.

But First, What’s a Code 10 Authorization Request?

A Code 10 Authorization Request is a preventive tool used by merchants to verify additional payment card information, while, at the same time, alerting the card issuer of possible fraudulent activity. 

Think of a Code 10 call as an added layer of prevention for your business that should only be used when suspicious behavior or unusual requests are evident.

Whether you sell products and services face-to-face, like Matt — or over the phone, by mail or online — you can employ a Code 10 Authorization to verify additional information on a suspicious transaction.

In other words, a Code 10 can be used in both card-present and card-not-present transaction environments.

 

When Should a Code 10 Authorization Request be Made?

You should act on your suspicions when the details around a transaction seem unusual.

Examples of suspicious activity in a card-present environment:

  • A customer swipes or inserts their card in the payment terminal, and an error message reading “Pick Up Card” or “Lost / Stolen Card” appears on the payment device.
  • A customer provides a card where the security code or expiration date have been manipulated.
  • The signature on the card and the receipt don’t match.

Examples of suspicious activity in a card-not-present environment:

  • An order is placed by a relay call, an operator-assisted telephone call, typically used by someone who is hearing impaired. While this is a valid service, criminals have been known to use the service to place fraudulent orders.
  • A customer orders a large quantity of the same or similar item. Also, be cautious of large bulk orders with a shipping address of an apartment or self-storage unit.
  • A customer provides multiple card numbers for the same purchase. You should also be leery of multiple card numbers that are only different by the few last numbers.
  • A customer requests overnight delivery, without regard to costs.
  • A customer requests immediate processing of the order and wants the tracking number used for the shipment ASAP.
  • A customer places a phone order, requests immediate processing of the order, and then advises they will have someone come to the store location to pick-up the product.
  • A customer requests delivery to an alternate address, other than the billing address, or the customer requests shipment to a freight forwarder. Criminals are known to use U.S.-based re-shippers to avoid detection of foreign shipments.
  • A customer requests merchandise you do not sell. The most common requests are for cell phones and laptop computers.
How Do You Make a Code 10 Authorization Request?

If you suspect fraud, the very first thing to do is remain calm, then follow these simple instructions:

1. Retain the card in question and let the customer know that you need to make a phone call for additional authorization.

2. Call 1-800-725-1243 and ask to be transferred to the Voice Authorization department.

3. Choose the prompt for ‘Code 10’. You will be transferred to a voice authorization representative who will ask you a series of yes/no questions to verify the cardholder information during your call.

If the cardholder information cannot be verified by the voice authorization representative, the information will then be forwarded to an investigator for further research. You will receive the results of the investigation within 24-72 hours.

4. Follow the representative’s instructions. In some instances, you may be asked to retain the card and call law enforcement. Only proceed if it is safe to do so. Otherwise, process the transaction and contact the card processor as soon as the customer leaves the site.

Your Best Line of Defense

Matt remembered he and his team had recently reviewed the protocol for situations like this. With that, he breathed a sigh of relief, then calmly made a Code 10 call.  Matt answered the representative’s questions in a normal tone and followed their instructions.

Like Matt and his team, it’s important to review these steps with staff, so they manage these situations in the most effective manner. Also, be sure to keep the contact information for reporting fraud easily accessible to all employees.  

It’s worth noting that Code 10 Authorization calls can also serve as part of your chargeback prevention plan. For more tips on preventing fraudulent transactions in card-present and card-not-present environments, see the articles: 7 Ways to Proactively Prevent Credit Card Chargebacks and How to Prevent In-Person & Online Fraudulent Transactions That Can Result in Chargebacks

Share this article:

Blog

Need Your Money Quicker? Standard ACH & Same Day Funding Explained


Few things are more important in business than cash flow.

That’s why it’s no surprise that one of the most common questions we get at Constellation Payments is: “Can I get my funding quicker?”

The short answer is “Yes! We offer same day funding which will speed up your deposits.”

But, before making the leap to same day funding, it’s important to understand the difference between standard ACH and same day funding to ensure you make the right call for your business.

What is standard ACH funding?

When you are set up with a Constellation Payments merchant account, your funds are electronically deposited as an ACH (Automated Clearing House) transaction into your designated bank deposit account.

With standard ACH funding, you’re funded within 2 business days from when you submit your batch. The cut-off time for batching is 10 pm ET.

For example, if you batch on Monday by 10 pm ET, you’ll receive your funds by Wednesday.

What is same day funding?

For those that need their money quicker, we offer the convenience of same day funding.

Instead of waiting 2 days for funds to be deposited, you’ll receive your funds the same day as long as you batch by 6 am ET.

Here’s an example for context: Say you’re a fitness facility that closes at 9 pm ET Monday night and batches before 10 pm. On the standard ACH funding schedule, your funds will be deposited on Wednesday.

With same day funding, if you batch by 10 pm ET on Monday — or anytime up until 6 am ET Tuesday — you would get your funds by Tuesday. As long as you batch by 6 am that day, you will receive your funding the same day.

Other noteworthy points to consider for same day funding:

  • Same day funding does not fund on the weekends or holidays. Batches that you submit on Saturday or Sunday are funded on Monday.

  • There is a monthly fee for the convenience of same day deposits since your funds are being put into a specialized rail with the Federal Reserve to speed up the normal funding process.

  • There is a batch limit of $25,000 with same day funding.

  • Same day funding is currently not available for all Canadian merchants. Merchants in Canada that bank with one of the following banks, and submit their batches by 6 am ET, can receive same day funding at no additional cost: Bank of Montreal, National Bank of Canada, Scotiabank, Royal Bank of Canada, Toronto Dominion.
Which funding schedule is right for you?

Of course, accelerating your funding to same day gives you more capital to work with — enabling you to purchase inventory, meet payroll, and make payments on bills and loans more readily.

Consider your business type, its own expenditures, and its unique needs to determine which schedule is right for you. And, if you need some assistance, we are here, as always, to help. Give us a call at 888.244.2160.

Share this article:

Blog

Manage Incoming Payments Like a Pro: 3 Tools to Start Using Today

Ever begin using an app that immediately becomes part of your everyday, leaving you thinking: “How DID I ever get along without this?”   

That’s how you’ll likely come to feel about these three tools.  

Incorporated into your business routine, they’ll quickly become your go-tos — making it far easier to keep your finger on the pulse of your business and its funds. 

Before getting started, you’ll want to sign up for a My Payments Insider account, if you haven’t already. My Payments Insider is your primary source for managing your merchant account, and accessing all your business’ payment information.  

To register, fill out the form here. A confirmation email will be sent to you with instructions to complete your account set-up. 

Now, about those tools 

1. Interactive Online Statements 

How much was deposited to my account last month?” …  “10 months ago?” …  “What did I pay in chargeback fees? 

You can easily get answers to questions like these with My Payments Insider. Within the portal, you have access to statements from the past 13 months that can be viewed online and easily downloaded to PDF, CSV, or XLSX. No more waiting for paper statements to be mailed to you and storing paper documents at your facility. All statements are secure and in one spot for easy access whenever you need them.  

Even better, the statements are interactive, meaning you can: 

  • Filter by business location, statement type, and date range (3 months, 6 months, 9 months, and year) 
  • Change views to deposits, fees, chargebacks and adjustment activity 
  • Drill down to batch and transaction level to get greater detail 

2. Funding Alerts  

No doubt cash flow is the lifeblood of your business. And like a monitor records the activity of the heart, you need a tool to keep a pulse on cash flow. Funding alerts are a quick and easy way to do that.  

With funding alerts, you’ll know the moment funds have been settled and processed to your account.  

To sign up, follow the steps below or call our Support Team at 888.244.2160, option 2.  

  1. Click on the ‘Personal Information’ dashboard tile 
  2. Click ‘Notifications’ 
  3. Check the ‘Funding/bank activity’ box 
  4. Enter your mobile phone number  

Select your merchant ID (MID) or all business locations. You’ll receive one text message per MID. 

3. Chargeback Alerts 

Managing chargebacks and retrievals can be a difficult and confusing part of payment processing. And, if you don’t respond to a dispute within the allotted timeframe, the banks will simply process the chargeback. (Typical timeframe is 120 days, however, in some cases, the timeframe may be longer or shorter depending on the chargeback reason code.)  

Chargeback alerts help you stay on top of payment disputes. With this service, you’ll be notified by fax, or by email and online alert, of any payment disputes posted to your account within 24 hours, so you can proactively handle chargebacks as soon as they’re made.  

Also, within the portal, you can set preferences for your alerts whether it’s new chargeback and retrieval cases, status updates, high value amounts, and case aging. My Payments Insider also includes a broad selection of reports to manage your activities and measure your results. 

To enroll for chargeback alerts, contact our Support Team at 888.244.2160, option 2 or open a ticket under the “Request a Change” reason and add notes to sign up for chargeback alerts via email. 

The Tool’s In Your Court 

Like outfitting a gym with essential equipment to train effectively, businesses need to incorporate the right tools to manage money effectively. Start using these three today to keep your finger on the pulse of your business and its funds, and make managing incoming payments a whole lot easier. 

Have a question about the tools listed here? Post your question below or visit our Support Hub Portal.

Share this article:

Blog

Form 1099-K: What Business Owners Need to Know

Receive a 1099-K form? Not sure what it is or what it’s used for? Here’s a brief overview to get you quickly up to speed and in the know this tax season.   

What is a 1099-K? 

Form 1099-K, also called Payment Card and Third Party Network Transactions, is an IRS information return form that is used to report transactions that are made by a payment settlement entity.   

In other words, if you use a service, like the payment processing provided by Constellation Payments, a third-party processor to process your credit cards and debit cards online, the transactions that were processed by the payment settlement entity are reported on Form 1099-K. 

Who is Issued Form 1099-K? 

Form 1099-K forms are mailed to our customers via USPS and are sent to the same address where monthly statements are sent. 

A copy is simultaneously sent to both the IRS and the merchant.  

It’s important to note that not all business owners who process credit card and debit card payments online are issued a 1099-K. There are minimum reporting thresholds. In most cases, a 1099-K is not issued unless: 

The payment settlement entity processed more than $20,000 worth of payments on behalf of the merchant annually, AND the payment settlement entity processed more than 200 individual transactions on behalf of the merchant annually. 

What Should I Do with My 1099-K? 

Form 1099-K should be used when preparing your annual tax return. According to the IRS, separate reporting of the transactions on Form 1099-K is not required.  Be sure though to add the income that is reported on your 1099-K to your total business income when you file your taxes.  
 
For more information, see the General FAQs on Payment Card and Third Party Transactions from the IRS.   

Have a question regarding Form 1099-K that wasn’t answered here? Post your question below or visit our Support Hub Portal.

Share this article:

Blog

PCI Data Security: The #1 Misconception That Can Harm Your Business and Its Reputation

There’s a common misconception about PCI compliance, that, if not addressed, can seriously harm the very business and professional image you’ve worked so hard to build.

The misconception? That your business does not need to become PCI compliant and renew its certification each year.

It’s easy to see how this misconception could come about. Most small businesses use a business management software, and work with third-party merchant services provider, like Constellation Payments, to help run their business.

Yes, the software provider is PCI-certified, and the merchant services provider is also PCI-certified.

However, working with PCI-certified vendors does not exempt a business from having to show their own compliance. All businesses that participate in the payment transaction process must adhere to PCI compliance standards. The process includes more than running payments through your software.

The payment transaction process includes how credit card and debit card payment information is handled at the front desk in fitness clubs and gyms, at the counter in salons and spas, on a tablet for on-the-go businesses like personal training, at the register in a retail store, and so on.

How Do I Get My Business PCI-Certified?

To become PCI-certified, your business must complete the self-assessment questionnaire annually.

Fortunately, there are many resources to help with PCI certification – ones that make it a relatively pain-free process.

At Constellation Payments, as part of our solution, each merchant is enrolled in the PCI Plus Protection Program that’s provided by well-known Quality Security Assessor, Sysnet.

What’s great about this program is that you get hands-on help. The team at Sysnet will guide you through the entire process to help you complete your self-assessment questionnaire (SAQ). And they’ll confirm all answers.

Once the questionnaire is completed, you’ll be able to download your validation certificate and then send the certificate to your merchant processor to have on file.

What Happens if My Business Isn’t PCI-Certified?

1. You could lose the ability to accept credit cards.

If there are possible breaches of card association regulations, the card brands could revoke your right to process credit cards.

2. You could get hit with a big financial loss.

Non-PCI-compliant merchants can face fines of up to $500,000.00 in the event of a data breach.

In addition, PCI non-compliance can result in penalties ranging from $5,000 to $100,000 per month by the credit card companies. These penalties depend on the volume of clients, the volume of transactions, the level of PCI-DSS that the company should be on, and the time that the company has been non-compliant. For example, the penalties for a Level 1 company that has not met the requirements for more than 7 months, could reach up to $100,000 monthly.

Merchant level identification is based on the total volume of transactions per year. See VISA’s site for detail on each level and level requirements.

3. You could lose clients and business.

All it takes is one data breach – no matter its size – to damage your business financially and inflict irreparable damage to your business reputation.

4. You’ll be subject to monthly non-compliance fees.

US businesses that have not completed their annual self-assessment questionnaire, and have not demonstrated PCI-DSS compliance, are subject to a $59.99 per month non-compliance fee.

At Constellation Payments, this fee is meant as an incentive to complete your PCI compliance self-assessment questionnaire to ensure you’re handling and processing credit and debit card payments in a safe and secure manner. Once a merchant has completed their questionnaire demonstrating compliance, the fee drops to $0.

The Benefits Beyond Data Security

Being PCI compliant doesn’t just ensure your business is following the rules and regulations. PCI compliance also helps your business growth and reputation. Knowing your systems are secure, consumers can trust you with their sensitive information and have confidence that their information is safe and protected.

Confident customers that trust you are more likely to do business with you again and become loyal, repeat shoppers. They’re also likely to recommend you to their friends.

Another key benefit of compliance: it improves your reputation with acquirers (banks and financial institutions that process credit and debit cards on your behalf).

Compliance also improves your reputation with payment brands such as VISA and MasterCard.

The Small Time Investment to Become PCI Compliant is Well Worth the Big Gains in Consumer Confidence and Peace of Mind

While it does take some time and effort to become PCI-compliant, it’s well worth it to gain customer trust and confidence — and avoid catastrophic data breaches that can destroy your business.

Not PCI compliant? Make today the day you become certified to protect your livelihood.

Or as the PCI Security Standards Council website so aptly states, “You’ve worked hard to build your business — make sure you secure your success by securing your customers’ payment card data.”

Share this article:

Blog

Global Payment Perspectives: Key Considerations that Can Make or Break Your POS Software Global Expansion – Part 2

Global POS photo

Thinking of expanding your POS software into international markets? Great! As a global merchant services company, we can help you do that. We’re able to provide a single gateway integration that allows software companies to enter foreign markets without having to integrate with multiple new banks and acquirers.

But First …

When going into new markets, I always advise my clients to make sure you’ve done your due diligence. In a previous post, I talked about the first step to take before entering international markets. Please check out that post first if you haven’t.

My last post covered specific considerations to take into account before global expansion.

There’s a bit more I wanted to cover, so let’s get into it and complete our list of key considerations.

1. Regional and Cultural Payment Preferences

Payment preferences are very different in different countries. You’ll want to know the common practices in the country you’re expanding into.

For instance, did you know, over 58% of online transactions that occur in Asia Pacific are done with alternative payment methods — not with standard credit cards or even direct debit?

In Asia Pacific, consumers pay with alternative payment methods like PayPal e-wallet services that are specifically geared towards specific regions.

Another example of payment differences: In Europe, especially in Germany, consumers prefer to set up direct debit for any transaction. Whether it’s their cable bill or gym membership, they are not accustomed to payment with a credit card. They prefer to use direct debit.

2. Consumer Behavior from a Consumption Perspective

You’ll want to consider different cultural differences when deciding which regions to expand into. For example, maybe you sell software used by fitness centers and are considering expanding to the Middle East-North African region. If one of those areas is primarily Muslim — which is one of the predominant religions in that region — you’ll want to consider making adaptations to your software to allow for cultural differences that would happen in a health club environment.

An example: you might want to provide the ability for women to have their own spaces or times to exercise without men present, and vice versa. You’ll likely want to account for that somewhere in your software so that the set-up of that software can include specific hours for specific groups that may need their own time.

3. International Fulfillment

If your product is typically sold domestically and you’re selling internationally, you’ll want to make sure your customer understands the logistics of shipping. Communicate the logistics by way of your marketing materials and website. Make sure the communication is clear and concise about what the fulfillment times are going to be, so that you set clear expectations.

4. Regulatory Issues

There are regulatory and legal issues to consider when moving into specific foreign markets. For example, the UK has specific, strict requirements to protect consumers from unauthorized charges. It takes a good while for a bank transfer to be authorized before you can begin debiting someone’s account.

If you want to debit someone’s account on the first of the month, that process needs to start anywhere from 10-14 days prior. There’s a customer mandate which is essentially the customer giving permission for you to debit their account and that must be submitted at some point 10-14 days prior to the day you want to debit their account.

Additionally, if consumers have an issue, you need to make sure everything is compliant. PCI compliance applies in all countries. Specific things about how customers will be charged needs to be communicated. If you are not a native speaker, you may need a website designer that can provide you a native language website and ongoing website support.

5. Legal Partner

It’s strongly recommended you hire legal counsel that can advise you to the nuances associated with moving into new international markets and make sure you’re following local laws of the region.

One international issue in some countries is that if you wish to process payments, you must have a local entity where mail can be sent and meetings can take place face to face with representatives of the company. This is particularly the case in the Middle East.

Yes, there’s a lot to consider before expanding internationally. And while this post and Part 1 of Key Considerations for POS Software Global Expansion give you a good starting point, it is by no means exhaustive.

However, I’m by no means trying to deter you from expanding. There’s much opportunity and business to be had when expanding globally. It’s just in your best interest to take the necessary steps to consider the entire picture along with the opportunity.

Many of Constellation Payments’ partners found integrating with our gateway more preferable than doing it themselves. With a single gateway integration, they were afforded access to multiple foreign markets and gained a partner already familiar with the payments landscape they were preparing to enter.

As always, if you have questions about our global payment capabilities or expanding your business into specific regions, feel free to give us a call at 888.248.7060 or send an email to sales@csipay.com.

grey-divider

globeGoing Global: How to Successfully Sell Your Software Internationally

Considering expanding to international markets? Request a copy of our 30-minute webinar for more tips and guidance on growing your base outside the U.S.

 

 

 

Share this article:

Blog

Global Payment Perspectives: Key Considerations that Can Make or Break Your POS Software Global Expansion – Part 1

Global Payment Perspectives: Key Considerations that Can Make or Break Your POS Software Global Expansion – Part 1 photo

We recently held a webinar on Constellation Payments’ global payment capabilities. And while it’s extremely exciting to provide our partners with the opportunity to expand into different markets, we encourage our partners to be aware of the challenges they may face when expanding. And encourage them to have a plan to overcome those challenges.

Our last post covered the very first step in taking your POS software to international markets. It’s also extremely important to review this list of key considerations before moving forward into foreign markets.

Native Language Web Experience

If your product is marketed on the web or sold directly over the web, you’ll want to consider the native language web experience of your prospective audience. There is a large amount of evidence showing that you’ll get more sales and convert more leads from your site if there’s a native language version of your website in the regions you serve. For example, if you provide a product or service in Mexico, a Spanish version of your site is strongly advised.

Native Language Customer Support

What kind of inbound calls do you get today? Presumably you’re going to get similar calls from your international clients. How are you going to handle that? Should you get a third-party to handle support calls on your behalf? If not, should you consider online only, text-based support and judicious use of translation software? Knowing how you’re going to provide customer support is critically important.

Purchasing in Native Currency

This is very important because cart abandonment in ecommerce is a big issue. Put yourself in the shoes of a foreign consumer.

Say you were doing a search for a product or service you are interested in buying, and came upon a website written completely in Russian. You don’t speak Russian or understand Russian currency exchange, and now you’re deciding whether to hit the final button to pay with your credit card and make the purchase. Would you be OK with it? Would you be at ease?

Most people would be much more comfortable to read a webpage in their native language and pay in their currency. They don’t have to worry: “Did I get that exchange wrong? Am I overpaying?

13% of all cart abandonment in 2016 was due to prices not being presented in native currency. It’s important to present native currency on the marketing side and on the ecommerce side when it comes to the shopping cart experience.

Cash Flow Considerations

Consider native financial regulations. In North America, for example, funding happens pretty quickly. We’ve got a very robust internet backbone and robust financial system. Merchant processing and direct debit processing happens relatively quickly compared to the rest of the world.

On the other hand, you may be doing business in a foreign country where there’s a 10-15-day delay between purchase and funding into your account. Understanding those effects on your business is important so that you can make sure you have enough cash flow to float during that time.

No doubt this is a lot to take in. We’ll leave you with these four considerations and wrap up the list in our next post. If you have questions about our global payment capabilities or specific countries, payment principles, or regional differences regarding cash flow timing, please call us at 888.244.7060.

Share this article:

Blog

Global Payment Perspectives: The First Step in Taking Your POS Software to International Markets

Global Payment Perspectives: The First Step in Taking Your POS Software to International Markets photo

It’s an exciting time here at Constellation Payments. We’re expanding our global payment processing capabilities at a rapid pace. It’s a unique opportunity we can offer our POS software provider partners.

For example, if a partner wants to enter the European market, they don’t have to go with another gateway provider. We’re able to offer a single gateway integration that allows our partners to enter this market, and many others around the world, without having to integrate with multiple new banks and acquirers. One integration allows the ability to process with many, many processors. Partners get a single point of contact with us.

Thought it’s exciting and unique, expanding into international markets shouldn’t be done on a whim.

We know it’s very easy to get really excited about the opportunities to expand a business. But, you want to make sure that you don’t get so excited about the opportunities that you miss the challenges you’ll need to overcome to do things the way you want them to be done.

SWOT It Out

Before entering new global markets, we strongly suggest taking all challenges into consideration.

The best way of doing this is to perform a SWOT analysis on the countries and regions in which you’d like to expand.

A SWOT analysis means looking at your Strengths, Weaknesses, Opportunities and Threats. Strengths and weaknesses are internal factors that give your business an advantage or disadvantage, like financial resources, internal processes, and systems.

Opportunities and threats are external elements that influence your business like market trends, customer demographics, environmental issues, and suppliers.

After identifying the strengths, weaknesses, opportunities, and threats, you’ll want to have an internal discussion with your key product stakeholders of what markets are attractive to your software business and why.

Look at what offerings you have and make sure they’re as relevant in certain countries as they are in the countries you’re currently operating in.

How the SWOT Helps

If you’re born and raised in North America, you have a good understanding of how consumers feel about a product like yours. But when you’re entering a foreign country with different currency, different language, and a different culture, it’s very important to understand how your product or service is viewed by the prospective audience.

Is there a need for your product?

For example, we recently worked with a business that has an app with a payment component for personal trainers. They’re looking to expand into North America. A SWOT analysis revealed that there are challenges based on the current products that are currently on the market in North America. In this example, the SWOT analysis was key. The analysis uncovered the current competitive landscape and provided an eye into the future.

Deep Industry Experience Can Give You a Leg Up

If you have lots of experience with your industry, a great practice is to look at the foreign markets and say to yourself: “What’s missing from those markets? What’s missing that we can offer?”

Some emerging and foreign markets are a bit behind a more modern, robust market like a North American or European market. All the growing pains that have occurred and all lessons that have been learned in markets you’re familiar with can be applied into a new environment. That market may be lacking services and opportunities you can fill that others can’t.

Experience is also a key factor in choosing a payment processing partner. At Constellation Payments, many of our integrated partners chose us because we’ve done much of the work with regards to payments in these foreign markets already.

Bottom Line

Do your due diligence. Run a SWOT analysis. It’s important to note too that there are limitations to a SWOT analysis. We’ve seen very extensive SWOT analyses, but also very simple iterations that are more a summary than anything else. Regardless, a SWOT analysis of any kind is a good starting point and can provide valuable insight before venturing to foreign markets.

Should you have any questions about our global payment capabilities or performing a SWOT analysis, feel free to contact us at 888.248.7060.

Images courtesy of Pixabay.com.

Share this article:

Blog

The Equifax Hack: What You Need to Know, Steps to Keep Customer Data Safe

The Equifax Hack: What You Need to Know, Steps to Keep Customer Data Safe photo

By now we’ve all heard the story of how 143 million Americans (roughly half the US population) had their personal data compromised due to a breach at Equifax. It’s reasonable to be concerned about the security of your personal accounts. But what about your customers’ sensitive financial data?

With so many people affected, consumers are being inundated with admonitions to update their passwords, freeze their credit reports, and reconsider to whom they entrust their data.

Facing Facts

Whether you sell Point of Sale (POS) software or use it to run your business, it’s time to face facts. After all, if one of the largest custodians of consumer identity data can be hacked, POS software companies and the companies that use that software should assume the worst about their own vulnerability.

Fact 1: This breach was avoidable.

Equifax failed to implement a patch provided by a software vendor/partner for a known vulnerability discovered months prior to being exploited at Equifax.

Key Takeaway / Action Item

Remain vigilant and create mechanisms that ensure your software and any plugins, extensions, or API-connected applications are updated as soon as possible.

Automate where feasible. There are some risks to automated updates, including the possibility that an update could cause a system failure. Only you can determine if automation is right for your company, but it should at least be considered.

Many of North America’s largest POS software brands trust Constellation Payments as their gateway specifically because integration with our PCI Level 1 compliant gateway reduces PCI scope for them and their users.

Fact 2: Equifax fumbled the ball, fumbled the recovery of the ball, and fumbled the recovery of the fumbled recovery of the ball.

Equifax discovered the breach on July 29th, yet didn’t announce it until September 7th. They sent affected customers to a website that looked like a phishing site, and the mechanism for determining whether someone was a victim of the hack was easily spoofed by several security pros who entered dummy data; only to be told their dummy identities were likely compromised.

Finally, Equifax made the egregious decision to try to sell credit monitoring to those that received the bad news, making Equifax seem at best, callous and uncaring, and at worst, opportunistic and sleazy.

Key Takeaway / Action Item

Have a breach plan before you have a breach. Who would you call if this happened tomorrow? What would be the best, most effective measures to take upon learning that your company’s data was now available to anyone willing to purchase it on the dark web? Are there PR firms, Law Firms and Cybersecurity Firms you should have on speed dial?

One thing’s for certain the old saying that “a failure to plan is a plan to fail” never felt more fitting than it does in the case of Equifax.

Recommended reading: Check out: Your Cyber Incident Response Exercise. The article takes you through key questions and scenarios that should be discussed and documented with your team before a breach occurs. This preparation is invaluable. Having a plan in place will help you and your team properly respond to a breach in an organized manner, as opposed to being backed against the wall in a “what should I do …”, frenzied state during an actual breach.

Fact 3: Equifax put revenues ahead of security.

Financial disclosure documents show Equifax’s annual overhead had not increased in several years, while profits had increased steadily. It’s been speculated that Equifax may have been slow to fix the patch, because it would be very expensive, and might influence earnings. It seems obvious that a company with as much to protect as Equifax should be increasing its security budget steadily year after year.

Key Takeaway / Action Item

Dedicate a budget to cybersecurity, choose partners who have done the heavy lifting for you, review the budget and your plan at least once a year, and never settle for the minimum protections when it comes to sensitive customer data.

Bottom Line – Prevent, Prepare and Invest

Ensuring the security of your customers’ sensitive data should always be a top priority. Your customers trust you with their payment information. You should do whatever it takes to maintain that trust. Take the time to put proper security mechanisms in place.

Should a breach occur, know how to respond. A cyber incident response plan that can be used throughout your organization is something all businesses should have.

Lastly, never cut corners on data protection just to save some money. In the long run, it could cost you the business you’ve worked so hard to build.

Monitor image courtesy of Pixabay.com.

Share this article:

Blog

Payments Around the Globe: 5 Things You Need to Know Before Selling Products and Services Internationally

Payments Around the Globe: 5 Things You Need to Know Before Selling Products and Services Internationally photo

It’s 2017 and one thing’s for sure: Businesses are growing internationally. Franchises are opening more and more locations overseas. Companies that sell online are extending their reach into new and often emerging markets.

While profitable for many, these types of expansions can be complicated, particularly when it comes to payment processing. Each region has its own unique payments landscape which must be considered prior to market entry.

We’ll get into specific scenarios, such as online retailers, a little later, but for now, let’s consider those factors that affect all merchants wishing to sell to international customers.

Platform Payment Integration

Whether your sales are initiated via a traditional ecommerce platform, your own website, or a third-party POS platform, the platform itself will need to be integrated with a payment processor that is registered to accept and process payments in the countries where you wish to expand.

CSIPay Global Reach infographicOne challenge many companies encounter: very few payment gateways can facilitate payments in every country where they wish to expand their business. Without this ability, businesses wishing to acquire customers globally will face increased cost and reduced speed to market related to integration of their platform with several unique payment channels.

This challenge was the inspiration that drove Constellation Payments to design a gateway where merchants connect to multiple processors while simultaneously benefitting from one provider for the bulk of their international transactions.

The Constellation Payments gateway can facilitate transactions in North America, Central America, United Kingdom, European Union, Australia, New Zealand, and multiple countries in the Asia Pacific region. Businesses wishing to accept payments from customers all over the globe should examine their current gateway’s capabilities to be sure it will match their expansion goals.

Research and Adapt

Not all markets function the same. For example, in Europe, consumer use of direct debit payment methods both for one-time and recurring transactions is far more prevalent than it is in North America or Asia. Companies that don’t understand this nuance will exclude themselves from a significant portion of the market. While you don’t have to offer every payment method under the sun, it is advisable to choose a platform/gateway combination that will offer the payment methods your target customer is most likely to use. When entering new markets, businesses are encouraged to discover what those methods are and evaluate their payment gateway and/or processor accordingly.

Another best practice is to present yourself and your company in the best possible light to foreign customers. Imagine tracking down a retail item you want to purchase only to discover that the site where you will purchase item is in a language completely foreign to you and in a currency different than your own. You can’t read the site, and you’ll likely have to leave the site and find an online currency conversion tool to verify that the price you are paying is acceptable.

Many customers facing this dilemma would simply leave the site without putting anything in their carts at all. Those that do proceed to checkout are likely to leave the site without completing their purchase due to the foreign currency issue.

In fact, 13% of all cart abandonment in 2016 was due to prices being presented in a foreign currency.

This is something we addressed at Constellation Payments early on. Our merchants can accept payments in the local currency of their customers no matter where they are, but still have the funds settled into their merchant accounts in their own native currency. This is all accomplished through something called Dynamic Currency Conversion (DCC).

Not all gateway and merchant services providers can provide this service though. It is highly recommended that companies going international verify whether DCC is available on their current platform and/or gateway configuration.

All this said, having localized versions of your website that acknowledge the language, customs, and currency of your target customer is highly advised when expanding internationally.

Clear Communication

In addition to the language and currency issues described above, it is also important that international customers purchasing physical goods understand any additional costs associated with purchasing from an overseas vendor.

When done right this is not a barrier to the sale at all. In fact, it is quite the opposite and somewhat expected. Clearly stating shipping costs, and making it easy to track items during the journey overseas, is critical. If there are duties or taxes that will be levied on foreign shipments, businesses will need to decide whether to absorb those costs or pass them on to the customer. If passing them to the customer, it should be crystal clear prior to finalizing the purchase.

B2B Challenges

There are some international challenges that are unique to the B2B world. For example, a company selling point of sale software will need to consider which foreign processors their merchants will be comfortable using and how their software users will obtain merchant accounts locally.

If a company in Mexico purchases the POS platform, not only will they want the POS platform to communicate in their native language, but when they have questions about things like deposits or chargebacks, they’ll want to speak with a payments professional that can speak their native language.

To address this for our own merchants, Constellation Payments has made strategic partnerships with carefully chosen local providers of merchant services, so that software companies connected to our gateway can refer their users to a local provider of payment processing that has been approved to process through our gateway and who understands local customs and banking regulations. These representatives can assist new merchants in applying for, using, and inquiring about their merchant accounts all in their native tongue.

Data Security

Another key issue when conducting transactions with foreign customers over the Internet is data security. Don’t let your company join the ranks of those with highly-publicized data breaches that have cost them billions in damages and lost credibility in the marketplace.

Constellation Payments is PCI-DSS Level 1 compliant, which is the highest level of certification available from the major card brands. Constellation also employs data encryption and credit card tokenization. Tokenization is the encoding of cardholder data such that it cannot be decoded without a key available only to the processor, and cannot be decoded or reused if intercepted by a third party.

Final Thoughts

Whether you are already offering your products or services internationally, or considering doing so, the team at Constellation Payments would be happy to review your processing needs and advise you as to your best options regarding payment processing.

Share this article: