Category Archives: PCI Compliance

ABT_Buzzwords

Cheat Sheet: A Quick Reference Guide to Payment Processing Buzzwords

Payment security is at an all time low and as a result, the payment industry is in process of getting a much-needed overhaul. With this rapid implementation of new rules, processes and technology, there are a lot of payment processing buzzwords that have recently entered into the industry vernacular.

As a business owner, you’re busy with your day-to-day operations, so keeping up on the latest payment processing news and trends is probably not at the top of your priority list. However, as these changes could eventually impact your business, it’s never been more important for you to be in the know.

To help you stay updated, we’ve compiled the following glossary of industry buzzwords for your quick reference.

EMV / Chip-and-Pin

EMV is the future of credit card processing, although it’s not exactly so futuristic anymore. If you’re not already aware of the EMV payment revolution happening in the United States, you can read up on the basics here. In a nutshell, over the course of the next few months, banks will begin to roll out new credit cards in an effort to phase out insecure magnetic stripe technology. These cards will be embedded with microprocessor chips that will allow for more secure transactions. But the benefits of these “EMV” or “chip-and-pin” cards won’t come to fruition unless business owners take action now and update their payment terminals.

PCI Compliance

PCI compliance is a term often shrouded in myths and misconceptions, but it isn’t all that confusing once you break it down. PCI is a set of 12 requirements that all merchants, no matter the size or industry, must meet to ensure a secure environment for credit card transactions. If you’re not sure what’s required of your business in order to establish compliance, you’ll want to check in with your merchant services provider or visit the Security Standards Council website.

ABT_Buzzwords_NFCNFC

Near field communication (NFC) is the technology that enables wireless data transfers between two devices in close proximity, without the need for an internet connection. Think of it like modern-day Bluetooth. Today’s smartphones are embedded with NFC technology to allow for consumers to make payments directly from their phones by simply tapping or waving their devices over an NFC terminal.

Apple Pay

Apple Pay is a mobile application that is sweeping the nation. Essentially, the application allows consumers to transform their phones into mobile wallets by syncing credit card information from their iTunes accounts. Consumers can simply wave or tap their phones over an NFC terminal (currently available at numerous retailers across the globe) to make a purchase.

ABT_Buzzwords_TOKENTokenization

When a credit card is swiped through a terminal set up for tokenization, the card’s Primary Account Number (PAN) is automatically substituted with a randomly generated sequence, called a token. Merchants can use this token to handle refunds, returns and manage other transaction details. The benefit? Tokenization takes sensitive payment card data out of the picture for merchants, eliminating the need to store the data on their networks and the risk of a data breach.


Stay updated on payment processing trends by following Abtek on Twitter and Facebook. Sign up to receive our newsletter, too.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABT_PCI-Compliance

Four Common Misconceptions About PCI Compliance

The cost of not maintaining PCI DDS compliance can be huge, especially when it comes to data breaches and fraud. Unfortunately, many merchants don’t fully understand everything involved with PCI compliance, so card security breaches will continue to occur.

According to a survey conducted by Proficio, 23% of respondents did not even know if their businesses met the most recent set of standards, PCI DDS 3.0, which was released at the beginning of this year.

It’s important for every merchant to understand what PCI DDS means, so that they can take the necessary steps toward ensuring payment security. While it’s not a foolproof solution, it can significantly help to deter data breaches and potential fraud.

ABT_PCI-Compliance_3Deciphering the Alphabet Soup (PCI DDS)

The Payment Card Industry Data Security Standard (PCI DDS, called PCI for short) is a set of 12 requirements that merchants must meet to ensure a secure environment for credit card transactions. The requirements were put in place by the Security Standards Council, comprised of the five major credit card companies: American Express, Discover, JCB, MasterCard and Visa.

PCI Myths Busted!

There are many misconceptions surrounding PCI. Here, we reveal four of the major myths and the reality behind each of them.

Myth #1 – I own a small business; only large companies and e-commerce websites need to be PCI compliant.

False! Every organization or merchant that accepts credit card transactions must be compliant. The size of the company doesn’t matter, nor does the number of credit card transactions. There are, however, different levels that businesses can fall into, as defined by the major credit card brands. Businesses must determine which level they fall into for each brand and complete the correlated compliance verification requirements.

ABT_PCI-Compliance_1Myth #2 – Once my business is PCI compliant, I never have to worry about it again.

Many merchants don’t realize that compliance is an ongoing process, not a one-time deal. As a business owner, you (or your merchant services provider) will need to be in continuous communication with your acquiring bank and the card brands with which you do business. This will ensure that any payment security vulnerabilities are identified and fixed in a timely fashion to maintain PCI compliance.

Myth #3 – My outsourced credit card processing company automatically takes care of all PCI issues.

Using a third-party processor can help to improve payment security and reduce risk exposure, but it is not a guarantee that your business is PCI compliant. As a business owner, you need to take responsibility to ensure that your payment processing system is up to PCI standards. Ask questions and be proactive—if they can’t answer or don’t know, it may be time reconsider your merchant services provider.

ABT_PCI-Compliance_2Myth #4 – Nothing bad will happen if my business isn’t PCI compliant.

If a business fails to maintain PCI compliance, payment brands, such as Visa and American Express, have the right to fine acquiring banks anywhere from $5,000 to $100,000 per month. These fees eventually trickle down to the merchant who violated the compliance. On top of that, the bank will very likely increase transaction fees or terminate the relationship with the merchant. It’s important for merchants to understand that the costs associated with PCI violations can be destructive to businesses of all sizes.

Business Owners: Take Action Now!

Not sure if your business is PCI compliant? The experts at Abtek are experienced at guiding business owners, just like you, through the complex validation process. Contact us today to find out how we help you ensure that your business’s payment processes are secure.


Stay updated on payment processing trends by following Abtek on Twitter and Facebook. Sign up to receive our newsletter, too.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABTK-SM-Blog-paymentprocesses-hero

Could Your Payment Processing Methods Be Endangering Your Customers?

Adopting good business finance habits ensures an establishment’s security and longevity. When credit card processing is treated with acute attention, point-of-sale transactions are quick and simple.

However, many businesses engage in a slew of less-than-safe practices, capable of undermining the entire establishment’s security.

Both negligence and bad bookkeeping can severely harm a business—and poor payment processing can compromise its customers.

ABTK-small-blog-image-paymentprocessing-01Insecure Data Storage

Merchant services requires consistency and protective storage methods. Unfortunately, when PCI compliance isn’t regularly practiced, digital payments may reduce an organization’s security.

An Oswap.org business data breach analysis has figured in the many threats posed against companies utilizing point-of-sale technology. Store-based devices aren’t entirely safe from malware, malicious users or false authentication. Similarly, the following habits can severely compromise a customer’s security at, and after, the register:

  • Writing down credit information by hand
  • Using insecure mobile applications for promotions
  • Improper maintenance of addresses, social security numbers and credit card data
  • Easily accessible information systems

ABTK-small-blog-image-paymentprocessing-02The Importance of Employee Training

Delegating business tasks effectively ensures a resource-savvy business. However, employee training benefits the customer’s security directly.

Task distribution promotes business connectivity, and a well-connected business may further assist its customers. When employees aren’t trained effectively, however, their customer attentiveness may dwindle. Similarly, they may forget or fail to execute vital actions needed for customer safety.

Anyone operating a business register or information database should be capable of utilizing supreme precaution. A negligent employee may not mean to compromise a customer’s information—but poorly trained job skills can absolutely exploit important information.

ABTK-small-blog-image-paymentprocessing-03Credit Card Security

Forgers often utilize fraudulent credit cards and their potential danger should be understood. This primarily affects the business, rather than the consumer. However, anything capable of targeting a business’s secure data infrastructure should be considered a vital security risk to everyone involved.

When examining credit cards for purchases, merchants must remember to check the following:

  • Valid expiration dates
  • First four account numbers above the card’s first four numbers
  • Three-dimensional security hologram
  • Matching signatures

Fraudulent credit cards can affect a business when high-tech sales processing machinery is forgone, which is why maintaining comprehensive point-of-sale processing is incredibly important.

Remember: The consumer is relatively unprotected during most transactions. While a business actively maintains systems to ensure their own privacy and sustainability, consumers may be exposed. Proper routines, effective employee training and a watchful eye during transactions will not only protect the consumer’s information—it’ll breed a business atmosphere deserving of trust and success.


Stay updated on payment processing trends by following Abtek on Twitter and Facebook. Sign up to receive our newsletter, too.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABTK-SM-Blog-EvaluateMercant-hero

Aggregators vs. Merchant Banks, Part 3: Control Over Funds

We’ve been exploring what makes merchant banks a better solution for merchants than aggregators.
Previously: Part 1 – PCI Compliance | Part 2 – The Costs of Payment Aggregators Adds Up

AggregatorPart03-02One of the greatest risks to your business when using a payment aggregator such as PayPal or Stripe may be the structure of the payment system itself. Unlike traditional banks and credit card processing systems, these merchant services providers are not deemed to be banks, are not required to follow banking regulations or be PCI compliant. The last issue may create liability and risk for the merchant because aggregators are not legally mandated to follow strict fraud prevention regulations.  These issues can all affect how much control over your funds.

The Aggregator Controls the Money

In practice, a merchant services provider for online payments through handy POS systems is not required to disburse funds until they determine whether the transaction meets the terms of service and is not a fraud risk. Without PCI compliant procedures, this process can take days. Thus, the aggregator continues to control the money.

Moreover, you may have very little recourse other than to take the aggregator to court, and that takes time and money. Some of the aggregators will enforce their terms of service strictly, which adds more risk of the funds being held back. Any slight violation can result in funds being frozen indefinitely with no recourse. With a traditional merchant bank account, the customer’s payment goes directly into your business account, and you keep control.

AggregatorPart03-01

Using the Processor’s Merchant Account

To gain an understanding of how this method works, your business uses the aggregator’s merchant account through the POS systems rather than opening and using your own with a bank. You deposit funds into the service provider’s bank account, and then you may transfer funds to pay for goods or into your own bank account. Moreover, some providers, PayPal in particular, offer debit cards to spend the money online with other businesses that accept those payments. This offers a relatively safe way to make payments online with most ecommerce sites, and most aggregators offer protections for both the customer and the business in credit card processing.

Thus, as a third party payment solution, the merchant services provider receives the money for the goods and services you provide. The money does not come directly from the customer. Until they disburse the funds, the money is the property of the aggregator. While these facts may be embedded in the terms of service agreements, many business owners fail to fully grasp the meaning and potential detriment to their cash flow, accounting and profitability. The credit card processing goes through an intermediary who controls the outcome.

Additional Risks

According to an FDIC advisory, accounts with payment aggregators require “careful due diligence, close monitoring and prudent underwriting.” In addition, there may be a greater risk of “potentially unfair or deceptive acts or practices under Section 5 of the Federal Trade Commission Act. This greater risk adds to the potential that your funds could be frozen as the payment processor makes its determination about possible fraud. Moreover, statistics such as higher than average chargebacks may be considered evidence of fraud, adding other reasons that the aggregator may freeze your money.

The POS systems of aggregators offer simple, easy set up and access to the online ecommerce world. However, considering that nearly all of these transactions happen automatically without review or recourse, the risk to your business of a disruption in cash flow or the loss of a payment may be too great. While traditional merchant bank accounts require extra time, paperwork and verification, having complete control of the money once deposited into your account may be well worth the effort.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
ABTK-SM-Blog-AggregatorPart1-hero

Aggregators vs. Merchant Banks, Part 1: PCI Compliance

Payment aggregators or merchant aggregators provide services through which ecommerce businesses can process payment transactions. These service providers allow businesses to accept bank transfers and credit card payments without opening and maintaining a merchant account with a card association or bank. The aggregator facilitates the payment from a consumer via bank transfers, credit cards or stored value accounts to the merchant. Thus, the aggregator pays the merchant, not the consumer. These services have become increasingly popular, although they have downsides when compared to a traditional merchant services provider such as a bank. These include:

  • Limitations to transaction size.
  • Lack of PCI Compliance.
  • Fewer filters to prevent fraud.

In general, payment aggregators hold consumer credit card data for quicker purchases, or they hold money for making future purchases. Companies such as Google Checkout, PayPal and Amazon Payments differ in their POS systems, credit card processing, services and costs for their merchant services. While these alternative merchant services have aggressively worked to establish themselves as market leaders, each business must assess the risks and analyze the costs in relation to traditional credit card processing to obtain the appropriate payment solution.

Transaction Limitations

For instance, a business that sells high-end goods, may suffer from Aggregatorspart1-03lost sales because the credit card brands place an $8,000 limit per business per month. This limits online payments to lower priced goods. Moreover, as the service providers accept liability and risk for each transaction through the master account, individual transactions face maximum limits as well. Currently, the increasingly popular POS systems such as Square use an aggregator model that limits transactions to no more than $400. If a business exceeds those maximums, the automated system places holds on transactions up to 30 days, and those transactions may be subject to higher processing charges. Thus, two major drawbacks include:

  • The money is not yours. Your business receives payment from the aggregator. The money collected from bank transfers or payment card transactions are property of the aggregator. If you violate the terms of agreement, the money may be held indefinitely.
  • Higher fees for higher volume. After monthly volume exceeds certain levels, the fees can increase.

PCI Compliance

Another way that traditional merchant bank accounts provide safer credit card processing involves PCI compliance. Currently, all bank credit cards must follow PCI procedures to reduce liability and risk for the merchants for all account types. Most payment aggregators include that critical information only in the ultra-fine print. The merchants remain obligated to maintain PCI compliance despite using a payment aggregator that lacks the ability to screen for potential fraud. This applies to mobile merchant accounts as well.

If you do not maintain PCI compliance, you put your business atAggregatorspart1-01 greater risk for the increasing threat of debit and credit card theft and data breaches, which could result in large fines from regulatory agencies, banks or card organizations, as well as lost customers and legal expenses.

Thus, a small to medium sized entrepreneur faces higher risks when using POS systems like Square or aggregators such as Groupon for processing debit and credit card transactions. Traditional merchant accounts do not vary the liability and risks assumed based on processing volume, whereas many aggregators do. Smaller volume translates to higher risk ratios, which can lead to frozen funds and transactions in an automated system without regard for your cash flow needs. Moreover, without appropriate fraud screening methods to prevent risky transactions, the aggregators play catch up to the schemers at your expense.

Additional Costs

Lastly, it pays to investigate all of the potential costs for the Aggregatorspart1-02alternative payment methods. Many can be significantly higher than direct card payments. Further, costs may increase from fewer fraud guarantees and clearly defined processes for disputes. Fraudulent chargebacks may increase without any restitution from the service provider. Thus, while it may be tempting to take the easier, shorter route to accepting payments, a traditional merchant bank account offers better safety, lower risks and potentially higher profits.

Read more in this series:

Aggregators vs Merchant Banks, Part 2: The Costs of Payment Aggregators Adds up

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS