On October 1, 2015 Visa, MasterCard, Amex, and Discover will be instituting a liability shift for fraudulent transactions. If either the merchant or the issuer (the customer’s bank who issued the credit/debit card) are not EMV-compliant and the other is EMV-compliant, then the party with the lesser technology will bear the liability for card-present transactions that are found to be fraudulent. In other words, the party that has made investment in EMV deployment will be protected from financial liability for card-present counterfeit fraud losses. If neither or both parties are EMV-compliant, the fraud liability remains the same as it is today.Read more
In light of the recent Target event, there has been an uptick in activity around malware that specifically targets Point of Sale systems. The most common ones that seem to be referenced are the following:
BlackPOS: Affects Windows-based Point of Sale systems. The attack essentially sits in between the card reader and the POS application. Track data (data that can be used to replicate a physical credit card) is extracted and uploaded to a remote server via FTP.Read more
Not to make light of the gravity of the event, but here we go again – Consumers are subjected to another round of warnings about yet another credit card information breach! Unfortunately, these data breach warnings are in danger of becoming as common as the daily weather report. This time the source of the breach, which affects Visa and MasterCard credit and debit cards, has been laid at the feet of Atlanta-based payment processor Global Payments. Global Payments self-reported that unauthorized access into its processing system had indeed taken place earlier this year.
Implementing tokenization is much more about understanding how your organization interacts with payments than it is simply rolling out a device that will tokenize payment card data. Many tokenization solutions in the market today are a “silver bullet” and can remove your environment from PCI scope. Beware though, most solutions address only one piece of the tokenization puzzle.Read more
Don’t be fooled. Implementing tokenization may not be as easy as they say. In fact, depending on your environment, implementing tokenization can be quite complex. For instance, if your company is a wholesaler and takes payments through multiple channels, implementing tokenization in all of those channels can be quite challenging.Read more