Evolving security for online payments.

Worldwide, card not present (CNP) fraud continues to be a challenge in the payments industry. We have seen the warnings. Such fraud typically rises as countries migrate to EMV/chip cards in an effort to reduce other types of fraud like point-of-sale fraud and card cloning. This is indeed happening now in the United States. However, do not think industry players (e.g., issuers, networks, acquirers, merchants) are sitting idly. Following are a couple evolving tools to combat CNP fraud and/or the theft of personal data.

One-time Passwords 

Perhaps you have experienced one-time passwords or passcodes (OTP) already. My payment card processor utilizes this functionality. After I provide my ID and password for their site, I also have to enter a one-time, six-digit number that they send to my mobile device as part of the login process. It expires in five minutes. 

Every fraud prevention strategy should include a multi-faceted approach to increase effectiveness.

Every fraud prevention strategy should include a multi-faceted approach to increase effectiveness.

Julie Conroy, Research Director, Aite Group Retail Banking Practice, is someone who has studied security over the years. She stresses, “A big security weakness is our reliance on static passwords and the fact that most people use the same password for multiple sites. The industry must transition from static passwords to dynamic ways of confirming the identity of a user.”

There have been countless reports of fraudsters obtaining access to one account of an individual and using the stolen credentials to access other accounts belonging to that person. They are often able to gather enough personal data to commit more crimes like applying for a loan.

As individuals, we can do our part by not using the same password for multiple applications and sites. Also consider the strength of the passwords you use. One of the most common passwords continues to be password. Many organizations train their employees on strong passwords and other aspects of security. Further, it is a best practice to address security within your card program policies, procedures and training.

3-D Secure 

Despite being an international security standard for online card payments, 3-D Secure (3DS) has not received a lot of press, nor extensive use, in the United States. This is starting to change as CNP fraud makes more headlines and 3DS continues to improve. It provides another method for verifying someone’s identify during the online checkout process, but it requires participation from the merchant and their acquirer/processor, and the cardholder and their card issuer/bank. You might be familiar with the different names, depending on card brand; for example, Verified by Visa, Mastercard SecureCode and American Express SafeKey. 

The first iteration of 3DS relied on static passwords. During checkout, the purchaser (cardholder) would click a link to access a designated webpage by their card issuer, in which they must enter an additional password (previously established) to authenticate the transaction. Opponents of this arrangement argue it can result in the abandonment of legitimate purchases because of the extra step. However, as Julie Conroy shares, “The evolution of 3DS now gives merchants greater control—through a metrics-based approach—over which transactions are pushed down the 3DS path.” She also notes that many of the large issuers have moved to either risk-based authentication, which requires no interaction from the purchaser, or dynamic authenticators, such as a one-time passcode (OTP). Some countries are even mandating 3DS to some extent or are considering a mandate. Within the Commercial Card realm, 3DS is primarily used outside the United States.

Naturally, every fraud prevention strategy should include a multi-faceted approach to increase effectiveness. This post only references two of many.  

What's Next

Stay tuned to this blog for a related, upcoming post on a new security solution for Commercial Cards.   

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

One supplier's card acceptance journey.

In the life of a card program manager, it is common to approach suppliers about accepting card payments. You initiate a call and are prepared to address the “why accept” question. What if a supplier surprises you by already being convinced? Instead of asking why, they want to know how. Smaller suppliers in particular might not know how to get started. Your ability to offer advice beyond “talk to your bank” could prove to be the pivotal action. For insider experience, I spoke with Rick Swartwood, CPCP, who went from card professional to restaurant entrepreneur (and card acceptor). Read on for his insights that could help you assist your suppliers.

Following his 16 years of Commercial Card experience—most of which were with the Lockheed Martin Corporation—and prominent industry participation, Rick pursued a lifelong ambition of opening his own restaurant in 2014. He is now seeking a return to the corporate world, whether working within a payments arena, procure-to-pay operation or shared services. His restaurant experience has given him a whole new perspective of what it means to be a card-accepting supplier. Email Rick or get in touch through LinkedIn.

Finding Merchant Services

While a supplier’s current bank is certainly one route to explore for merchant services, there are many other options. Finding them is probably the easiest part. Rick shared how, as a restaurant owner, approximately 20 different merchant services organizations “came out of the woodwork” to sell him on their card acceptance solution. If a supplier has not received any such communications, they could find options though a simple Internet search. Two popular search phrases are credit card processing and merchant services. However, in the business-to-business (B2B) payments world, it is critical to find an acquirer who specializes in this space.

Evaluating the Options

Like any vendor search, when selecting a merchant services partner, a supplier should be wary of any verbal promises by salespeople such as “no extra fees.” The written proposals always include various types of fees, such as: monthly service fees, add-on or pass-through fees, PCI compliance fees and contract opt-out charges.

Because each merchant services company had a unique proposal format, Rick’s biggest challenge was finding the fees within each proposal to make apples-to-apples comparisons. To make his process easier, Rick developed a standard list of questions and required each company to answer in the same order. Questions included:

  • Is your service based on a monthly statement processing fee or are the processing charges deducted on a batch by batch basis? 
  • Is your service based on a fixed rate per transaction? If so, does the rate vary by card type? 
  • Is your service based on a cost plus pass through charge? If so, what is the charge? Does it vary by card type?
  • When are the receipt funds available in my bank account? Does it vary by card type? 
  • Is there a single receipt for all card types or multiple individual receipts based on card type? 
  • Is there a cost to opt out of the contract? 

This approach could help other suppliers who are new to card acceptance. When a supplier specifically needs B2B credit card processing, I recommend they also ask merchant services companies about their B2B capabilities and experience.

Having Buyer’s Remorse

Rick’s original merchant services choice was not his last for a couple reasons. For example, the availability of funds for one type of card became problematic. While the funds were supposed to be available within 48 hours, the reality was that it sometimes took 72–96 hours. In addition, another merchant services company proposed some financing of restaurant equipment if they could become the processor, so it made sense for Rick to change. See also my previous blog post about why some card acceptance relationships fail.

Suppliers should not be afraid to make a switch, but they also need to consider the financial repercussions of doing so.

Suppliers who are new to card acceptance and seeking a merchant services partner need to be wary of any offers that sound too good to be true.

Suppliers who are new to card acceptance and seeking a merchant services partner need to be wary of any offers that sound too good to be true.

Final Thoughts

Every supplier has different needs when it comes to card acceptance. For Rick’s restaurant business, 85% of payments, including server tips, were via cards. For these reasons, his priorities were low fees and quick availability of funds. Because he was paying servers’ tips in cash on a daily basis, a two-day lag for card payments was not ideal. For a non-retail/non-restaurant business like mine, I sought simplicity above all else.  

The next time one of your suppliers seeks guidance concerning card acceptance, encourage them to:

  • identify their needs
  • understand the fees they could encounter and payment timing/availability of funds 
  • shop around for a merchant services provider, especially one with experience in business-to-business (B2B) credit card processing 

Access additional resources related to card acceptance.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Turn ideas into a speaking proposal.

When you last attended an industry conference or even just reviewed an event brochure, what content holes did you see? This could fuel ideas for you to submit a speaking proposal for a future conference. In January, I encouraged readers to make 2016 the year to strengthen their professional biographies, mentioning the pursuit of speaking opportunities as one possible action. I expand on that now, offering some suggestions for the various stages of a speaking endeavor.

The Proposal

The second half of the year is generally when speakers are chosen for conferences the following year, so spring is a good time to think about this. Do not be intimidated if a speaking role would be new for you. Most conference organizers do not require prior speaking experience; the ultimate goal is having good content from a variety of individuals. Consider your past successes, including any challenges you overcame in the process. You can translate these stories into tips and advice for others.  

Presentation Preparation

If you are selected as a speaker, above all, ensure your presentation aligns with the published session description, so attendees are not disappointed. To make your content stand out among the dozens of other presentations, check out these two previous blog posts:  

Conference Arrival

Use your session as an icebreaker during networking events. As you meet fellow attendees, share that you’ll be doing a presentation on “X.” Ask about their experiences with the topic to gain additional perspectives that you could add to your session.

What experiences or expertise do you have that could make a great presentation?

What experiences or expertise do you have that could make a great presentation?

Final Thoughts

If you will be attending a conference this spring like I am (in my case, NAPCP next month), this might make it easier to think of ideas for a future session you would like to propose. However, regardless of your speaking intentions, be sure to make your next conference experience count by planning ahead. This was something I addressed in a post last year and I found it useful to re-read my own words.

 

 

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.