Credit Card Industry Trends to Eye in 2016

The credit and debit card industry – and the entire payment processing sector, for that matter – is an evolving field. Let’s look forward to some potential changes and trends for 2016 that will be deserving of your attention.

2016 Credit Card Trends 02

There are certain things that over the long haul, stay relatively similar. The fly swatter’s design hasn’t changed much in decades and probably won’t anytime soon. Neither has toilet paper, for that matter…well, at least according to George Costanza, but not Elaine and Jerry.

But if we’re talking about anything related to computers, telecommunications, or technology in general, you can bet your bottom dollar that it will change – and rather rapidly, at that. The world of credit and debit card transactions and how they are processed is no different. With that in mind, let’s examine a few topics and trends that are bound to be noteworthy in the cards processing industry for 2016.

More Mobile Payments

There’s no denying that we are using our mobile devices and smartphones at an ever increasing rate. In fact, the most popular website in the world, Google, announced that for the first time ever, 2015 saw more searches coming from mobile devices than desktop computers and laptops.

These miracle devices are with us wherever we go, so it makes sense that we as consumers would opt to streamline as much as we can onto them. That includes using them as payment methods, and thanks to Near Field Communication (NFC) technology utilized by Apple Pay, Google Wallet, Samsung Pay, and others, it’s never been easier.

Although the adoption rate of NFC payment technology hasn’t been quite as exponential as some were predicting, it will still be worth being able to offer the option to your customers in 2016. Apple and the other players in this space aren’t going anywhere anytime soon.

More Innovative Rewards Systems

One of the biggest incentives to customers using cards over cash are rewards system. Even a modest 1% cash back on all purchases is better than nothing, but now that rewards systems are expected, companies are competing over who can offer the most appealing paybacks. American Express Blue Cash Preferred is offering an impressive 6% cash back on groceries currently, in addition to 3% cash back on gas and select stores.

But beyond cash back (or airline miles, which are by far the two most popular forms of rewards), look for card issuers to get more creative with the type of rewards they offer. There may be a points system which allows you to accrue points based on dollars spent to redeem for real-life items or travel, or they may be as simple as offering extra cash back on online purchases for those that rely heavily on e-commerce.

More Small Businesses than Ever to Accept Cards

This is less of a “trend” per se and more of the inevitable progress of change. As we’ve covered before on our blog, the costs of not accepting credit or debit cards at your small business far outweigh any possible fees or surcharges you may incur from accepting them.

As recently as 2013, approximately two thirds of all point-of-sales (POS) transactions were done with some type of plastic card – either debit, credit, or pre-paid gift. And according to Community Merchants USA, nearly 70% of customers aged 18-34 will only shop at businesses that offer multiple payment options.

There are still some straggling holdouts who are cash-only operations, but moving into 2016 and beyond, they will become much more of a rarity.

More Cashless and Checkless Operations

Dovetailing into our previous point, the amount of businesses that will swing toward the other end of the spectrum and not accept cash or check at all will continue to grow. Many companies both small and large have already made the switch – Southwest Airlines, for example, has been completely cashless since 2008.

The benefits of accepting cards along with cash are clear and well-known – increased likelihood of impulse purchases, making your business more appealing to millennials and younger people, etc. But what are the benefits of going 100% cashless?

For one, you will almost guarantee a faster checkout rate. Depending on your type of business and the volume you see on a daily basis, that can more than make up for any potential lost customers who are insistent upon paying with cash or check. You also make your bookkeeping a bit easier, as every transaction is quickly, electronically, and automatically accounted for. And although it’s a small thing, your register and POS transaction area will be much cleaner when you consider that the average dollar bill has literally thousands of types of bacteria on it.

Want to ensure your business is as future proof as possible? Get the latest card reading equipment and processing from Valued Merchant Services. And if you’re using somebody else for your processing needs, consider this – we guarantee that we can reduce your fees for debit and credit cards, or we will give you $500.

By Chris Del Grande

Top Small Business Trends for 2016

The world of small business is tough enough as it is, but the ever-changing nature of the competitive landscape can make it even tougher. Let’s take a look ahead at what could be some of the biggest trends in the space so you can be prepared.

2016

First of all, although you may be reading this at some point in the future, we published this in very early January, so everyone here at Valued Merchant Services would like to wish you and yours a very happy 2016! As a credit and debit card processing company, the majority of our clients and customers are small to medium-sized businesses, so we know full well the difficulties associated with starting and operating a successful operation. In fact, according to data from the United States Bureau of Labor Statistics, over half of all small business will fail in five years or less.

So considering that sobering fact, how do you indeed make sure your 2016 is a happy one by staying in business? Being aware of some of the trends expected to be heading our way during the coming year will go a long way toward your success, so let’s examine a few.

Even More Reliance on the Cloud

There are no shortage of statistics that show the exponential rise of cloud computing, but here’s just one – RightScale found that approximately 82% of enterprises used some sort of cloud in 2015, up from 74% in 2014. It won’t be long until that number at 100%, and the convenience of cloud computing makes it easy to see why.

How in particular will this affect your average small business? One example is how any owners are increasingly opting to replace traditional in-house positions – such as an accountant or bookkeeper – with a cloud based Software-as-a-Service (SaaS) bookkeeping and payroll systems. Another more basic example is storing a small business’ data remotely on a cloud rather than on an in-house hard drive. This not only frees up space and is generally more affordable, but it can also allow a small business owner to remove the cost of operating an IT department.

More Telecommuting and De-Centralization

As Internet speeds get faster and faster, and as the corporate mindset becomes ever more comfortable with the concept, telecommuting will continue to grow in popularity. It was just a few years ago when Yahoo CEO Marissa Mayer made headlines by putting a company-wide kibosh on working from home – even in 2013 the move was seen as a bit antiquated, as more CEOs and business owners are seeing the benefits of telecommuting.

Allowing employees to work partially or fully from home gives your business a few distinct advantages. First, it allows you to cast a much wider net with applicants and draw from a much larger talent pool, instead of focusing on just those potential employees in a commutable radius to your office. Secondly, allowing your employees the freedom to accommodate increasingly busy life schedules will go a long way toward building their loyalty and trust – and for many adults, if they have the choice between two nearly identical job offers, the one that allows flexibility in where they can work will be the deciding factor.

This trend of telecommuting goes hand-in-hand with more businesses becoming completely decentralized and lacking a main office. With commercial real estate prices on the rise, having no office to maintain and pay for can save a dramatic amount of money. Obviously, a decentralized business with employees who all work from home from various spots around the country isn’t a model that will work for all types of businesses – but it’s important to think about ways you can adopt these ideas and take advantage of ever-improving technology.

Payment Security

This is something we’ve covered before on our blog a few different times before, but 2016 will see a big rise in the adoption of Chip-and-PIN and Chip-and-Signature credit and debit cards. You can click either of those links in the previous sentence to brush up on what they are, but essentially they are a much more secureversion of debit and credit cards. They have already been utilized in Europe with great success – in fact, the United Kingdom saw an approximate 70% drop in credit card fraud within eight years of utilizing these cards.

Most major card issues have already begun to switch over to the Chip-enabled cards, and will be required to by October 2017. For small businesses that have card readers in their store, the time is now to ensure your brick and mortar has the appropriate equipment to process these new types of cards. That’s where Valued Merchant Services can help. Not only do we offer the latest machines and processing services, but we also guarantee that we can reduce your company’s processing fees for debit and credit cards, or we will give you $500.

By Chris Del Grande

A Brief Overview of the Debit Card

As we’ve covered in earlier pieces, the credit card has been a part of the collective American consciousness since the 50s. Debit cards, although ubiquitous now, are a bit more recent – let’s take a look at their rise to prominence.

Debit Card

If you’re under a certain age…let’s just say 30 as a rough estimate…odds are good that the amount of times you’ve actually gone inside of a bank and spoken with a teller to withdraw money from your checking account are pretty low. Possibly even zero.

Also low is the amount of paper checks you write in a month…again, possibly even zero. That’s because those of us in that age group have grown up having and being comfortable with a debit card. Much like a credit card, a debit card is a 16-digit plastic card that many of us use on a daily basis – the only difference is the funds you can withdraw are directly related to the funds currently in your checking account.

While credit cards have been around for decades, debit cards are a more recent staple of the average American’s purse or wallet. Let’s take a quick look into their history, how they’ve changed our daily lives, and what the future holds.

Brief History

Although it may sound odd, the first debit card (at least in a rough sense of how we view them today), dates back nearly 50 years to the 1960s, according to Marketplace. The nitty-gritty dates are a bit unclear and would take enough space to merit its own article, so we’ll just cover the broad strokes. The Bank of Delaware is credited with pioneering the first true debit card in 1966, and not too far afterward (in 1969 to be precise), the first ever Automated Teller Machine (ATM) was created and introduced here in the states.

More and more banks began implementing both the debit card and the ATM, but it was only on a localized basis and only to their best customers who had a large savings account and a long history of good standing with the bank. This was because in their infancy, debit cards did not withdraw immediately from the checking funds and worked more like a credit card. The technology simply wasn’t there.

It wasn’t until the 1980s, once interbank networks began to gain hold and both MasterCard and Visa bought stake in them, that debit cards truly started to gain a foothold. That, coupled with the explosion of ATM machines nationwide and the development of technology to debit directly/instantly from the user’s checking account, were the big reasons for the debit card’s growth. And grow they did. In less than a decade (1998), debit card transactions began to outnumber paper check transactions, and the gap between them is widening exponentially each year.

How they Changed the World

Going back to our introduction with young people in mind, it’s estimated that about 20% of millennials have never written a check, which sounds crazy to anyone born before 1985 but is easy to see why. Many Americans, regardless of age, have switched to online bill paying. It saves money for both the payer (no stamps) and the payee (significantly reduced paper and postage costs), it’s better for the environment (much less paper used so less trees chopped down, and less fossil fuel used to deliver statements and bills), and saves time (you eliminate time spent balancing your checkbook, and companies eliminate time spent opening mail, separating checks from statements, etc.).

Younger people are understandably more comfortable using the Internet and technology to pay their bills with their debit card, so check usage is on the decline…but what about cash? As we’ve covered before, we are living in an increasingly cash-less world, and that’s no more readily apparent than with younger men and women. According to a recent study by the Independent Community Bankers of America, about 25% of millennials carry less than $5 cash on them each day. A big part of that is because for many younger folks, carrying cash is seen more as a risk than a safety net. While older Americans needed to always have cash on hand in case of an emergency, it’s getting harder and harder to find a place that doesn’t accept debit/credit cards, so that notion is becoming more outdated by the day. And what if you lose your wallet or purse? Any cash you had in it will likely be gone forever, whereas a debit card can be reported lost or stolen almost immediately and whoever got their hands on it would need to know your secret PIN to get any cash from you.

What’s Next

Due to their high saturation point around the world, the debit card isn’t going anywhere. We’ll undoubtedly see more of the Chip-and-PIN/Chip-and-Signature style cards in the near future, with them being all but ubiquitous by October 2017. Some firmly believe that even the more secure chip-style cards won’t be around for long, with more secure biometric options like fingerprint or retinal scanning will replace entering PINs and/or signatures in the not too distant future. The reward programs surrounding debit cards will likely change vastly as well, including tailoring the type of rewards based on user input on social media.

Regardless, the debit card as we know it is here to stay, and as such, will continue to be a valuable part of any business. Valued Merchant Services guarantees that we can reduce your company’s processing fees for debit and credit cards, or we will give you $500. Learn more.

By Chris Del Grande

Biggest Unexpected Costs of Small Business Operation

Starting your own small business is a big step toward becoming financially independent – but sadly, about half of all small businesses fail within five years. Being cognizant of these potential financial pitfalls will help ensure your venture’s success.

Save Money

Many Americans dream of starting their own small business. The idea of truly being your own boss is appealing enough, but often, the dream of having a small business take off and turn into a large business or enterprise level operation (and the financial success that comes along with it) is the main draw that causes an individual or partners to take on the risk.

And there is significant risk with starting up a business, rest assured. When you consider the rough average of $30,000 cost involved with starting a business, and the fact that about half of all business fail within five years and only a third last more than 10 years, the odds are stacked against the risk-takers and entrepreneurs.

But a big reason for many failures is failing to budget for expenses that tend to crop up. In this article, we’ll take a look at a few of the more common yet oft overlooked costs that come along with starting a business. If you’re aware of these expenditures ahead of time and can adequately prepare for them, you’ll be going a long way toward assuring your business can beat the odds.

Permits, Licenses, and Trade Organization Fees

Often, the first spark of inspiration that comes with starting a business is the idea for the service or product in question. If it’s an especially great idea, entrepreneurs can run the risk of rushing headlong into the execution phase without spending enough time in the planning phase. And one of the first elements of the planning stage that seems to get bypassed is dealing with your local government.

This will vary heavily on both your location and your type of business, but you’ll likely have to apply for at least one license or permit to operate your business in the specified location. The cost can vary dramatically, as well – a soy farmer in Cedar Falls, Iowa will likely spend much less on permits and licenses than a restaurant bar in Manhattan. You can do a bit of research on what types of fees and permits to expect at the IRS small business database.

Also, while not mandatory, joining a trade organization or industry association can really help you get connected to people and businesses within your industry. You might also be able to bounce ideas and questions off a fellow business owner in your trade and/or area. The Center for Association Leadership can help you find relevant groups.

Insurance

Some business owners will try to skip out on all but the most necessary insurance in an attempt to curb monthly expenditures. You probably don’t need us to tell you that that strategy is at best lacking foresight, and at worst catastrophic. How many employees you have (if any at all), what kind of business you operate, whether you run your organization from home or a separate brick and mortar space, and more will all come into question. Thankfully, Allstate has a pretty good FAQ for business owners to consider which kinds of insurance are most necessary.

Professional Fees

Unless you’re a wunderkind genius who knows the ins and outs of business law, accounting, AND the trade that your business is in, you’ll probably need some help. That’s where having an accountant and lawyer come in handy. A surprising 46% of small business owners reported that they do not work with an accountant. When the finances get really good (or really bad), having a professional on-hand to navigate the books but also to give fiduciary advice is key – especially since as a business owner, you’ve got a lot of other things to think about.

Bringing on a lawyer, especially initially, can help take care of some of the legalese minutia that can drag down the layman – air-tight contract wording, corporate structure, tax issues, and more are all second nature to a good attorney.

Utilities

More and more businesses are online and require less and less of a physical presence, so these types of ventures will understandably cost less in terms of utilities. But even an online only business will have some utilities to plan for – an ecommerce site, for example, will still need to pay the lights and power in the building they store their online goods. Even a small, one person outfit run out of a home office will have considerations – Internet, a new cell or land line for business purposes, and increased power and heating/cooling usage that comes from being home and online all day all need to be taken into account.

Credit Card Fees

We’ve already covered that while accepting debit and credit cards can give your business an extra expense, it’s absolutely worth it in the long run. Not accepting plastic at your operation can cost more in lost business than you’ll ever save in processing fees.
But there’s no denying that card processing fees are an additional expense of running a small business, and often one that owners fail to anticipate. Thankfully, Valued Merchant Services not only offers a wide variety of systems to fit the size and type of any business, but we also will beat any competitor’s processing fees – guaranteed – or we will give you $500. Learn more.

By Chris Del Grande

The Biggest Credit Card Companies and How They Got There

Let’s examine a bit of history about the four major credit card networks in America – Visa, MasterCard, American Express, and Discover – and how much of the market they control.

Credit Card Logos

It’s hard to imagine currently, but there was a time where credit cards as we know them didn’t exist – and it really wasn’t all that long ago. In fact, as recently as the 1950s, our concept of a general charge/credit card that could be used at a wide variety of establishments was seen as more of a pie-in-the-sky pipe dream versus a tangible reality.

Things obviously changed fairly quickly, and with the advent and eventual widespread adoption of Diner’s Club, Master Charge (which would eventually become MasterCard), and BankAmericard (which would eventually become Visa), the concept of credit card usage became a common practice in America.

We’ll save the history of how the process of credit card acceptance came to fruition (perhaps a future blog article), but for now, let’s take a quick look at how the main four players in the credit card arena – Visa, MasterCard, American Express, and Discover – came to grow so large to dominate the credit market.

Visa

Visa is the best choice out of the four to start with, as it is not only the biggest, but also the first out of this group to gain widespread acceptance. It started from humble beginnings, issued from Bank of America in Fresno, California. Initially branded very close to its lending agency, the BankAmericard had a marketing strategy that seems insane by today’s standards. Bank of America sent out 60,000 cards, unsolicited, to potential users in Fresno. Not the applications we commonly get today, mind you – no, these were actual, live, usable cards. It’s hard to imagine, but the 1950s were a much simpler time.

Initially planning on just being a general charge card for the state of California, the program took off and by the 1960s, the program extended into other banks around the country. In 1976, the name of the card was changed to Visa to be shorter and more recognized with being accepted in other locations (like a travel visa).

In terms of United States usage, Visa is the undisputed king. In 2014, the purchasing volume on Visa cards was a whopping $1.2 trillion, almost double that of the nearest competitor (American Express). There were 304 million Visa cards in circulation in 2014, again the largest by far of any of the four major companies.

MasterCard

It wasn’t too long after BankAmericard’s success that other banks wanted to get in on the action. A consortium of several California banks (most notably Wells Fargo, which also eventually acquired several of the other involved partner banks) eventually launched a card called “Master Charge: The Interbank Card” in 1966. Many simply called it “MasterCharge” as the initial title was a bit of a mouthful, but in 1979 the name was changed again to MasterCard, which it has been ever since.

Although it had significant ground to make up on Visa, which had been in the market for well over a decade, MasterCard quickly made a lot of mergers and acquisitions (too many to list here) which strengthened its position both in the U.S and aboard. MasterCard soon became firmly ensconced in second place behind Visa.

In 2014, MasterCard saw a purchasing volume of $607 billion, which again – is quite a bit behind Visa’s $1.2 trillion (and even a bit behind American Express, which we’ll cover shortly) but definitely nothing to scoff at. In terms of cards in U.S. circulation, there were 191 million active MasterCards in 2014, up from 178 million in 2013.

American Express

Unlike the other two companies listed previously, American Express got its start outside of the banking industry as a freight delivery service, oddly enough. It had its hand in a variety of pots though, and soon realized its financial sector was the most profitable. After World War II, in part to take advantage of an absolutely ridiculous economy boom, American Express began offering its customers charge cards that could be used at a wide variety of locales.

Thanks to sometimes hefty annual fees (as much as $2,500 a year for their ultra-exclusive Centurion card, which is on top of a one-time $5,000 activation fee), American Express has traditionally been viewed as a more appropriate option for the affluent, which is a big reason why they languish in a distant third in terms of number of cards in circulation (54.9 million in the U.S. in 2014). However, looking at their purchasing volume tells a different story. Despite much fewer active cards in the market, American Express is actually second in terms of money spent on their cards – $688 billion in 2014. How much of that has to do with the no-limit cards that allow users to purchase anything remains to be seen.

Discover

Discover is definitely the neophyte of the group here, and its relatively recent foray into the credit card market is a big reason why it’s a distant fourth behind the aforementioned cards. But considering it wasn’t introduced until the 1980s, it’s impressive how much of a foothold it was able to gain, and how quickly. Relatively novel ideas at the time, such as no annual fee, cash back rewards, higher credit limit for introductory accounts, and reduced merchant fees allowed it to make significant headway against the Visa and MasterCard leaders (at least compared to other cards like Advanta or Choice).

Discover continues to grow, but has quite a bit of catching up to do – in 2014, its purchasing volume was $129 million, or just about 10% of Visa’s.

Here at Valued Merchant Services, we have systems that will accept all four, as well as others. And the best part? We will beat the price you’re currently paying on processing fees – guaranteed – or we will give you $500. Learn more.

By Chris Del Grande

The 10 Biggest Credit Card and Data Breaches in History – Part 2

Some of the biggest acts of mass theft and fraud come in the form of data breaches – we’ll take a look at the 10 biggest in U.S. history.

Data Breach

In our most recent blog entry, we looked at the five biggest credit card and personal data breaches so far. In this follow-up piece, we’ll examine the remaining list to flesh out the full top 10. Here are 6-10, and again – credit goes to Elizabeth Palmero at Tom’s Guide who put this list together that we are expanding upon. Also, to reiterate – some of these account numbers do not necessarily correlate into the amount of credit and debit cards leaked. It may also refer to personally identifiable information (PII) such as names, email addresses, phone numbers, etc.

  1. Epsilon (60 million accounts)

At the time this breach occurred, many thought it was the biggest ever – and it’s still rather interesting because of the uncertainty of precisely how many accounts became compromised. In 2011, Epsilon – one of the largest email marketing providers – was the victim of a cyberattack that saw at least 50 of its approximately 2,500 clients have their customers’ information exposed. The clients were heavy hitters as well, which made it all the more high-profile – massive companies such as Capital One, Barclaycard US (a subsidiary of the massive Barclays Bank), Tivo, Disney, JP Morgan, and Citigroup being some of the biggest. Epsilon itself was never able to confirm exactly how many accounts were compromised, nor how many simply had their email addresses stolen versus any sort of credit card or financial information. They set their estimate at 60 million, but a 3rd party investigation by Privacy Rights Clearinghouse put the possible total number of accounts as high as 250 million.

  1. Home Depot (56 million accounts)

This is one of the more notable ones, not only because of how large the institution was that was targeted (Home Depot is the largest home improvement retail outlet in the country), but also because of all the accounts stolen were indeed payment card accounts. Initially being only suspected by cybersecurity experts and those monitoring credit card fraud cases around the country, Home Depot eventually admitted (about a week after Brian Krebs wrote his piece on the matter) that their in-store card readers had indeed been infected by malicious entities, and that anyone who made a credit or debit card purchase at any one of their 2,220+ locations between April 2014 and September 2014 stood a good chance of having their account stolen. All in all, 56 million cards were hijacked, making it one of the largest card thefts in history. Home Depot responded by offering all of its customers a year of credit monitoring service, as well as updating their card reader technology.

  1. Evernote (over 50 million accounts)

The popular online note taking service Evernote suffered a major security breach in 2013 in which approximately 50 million of its users’ information was stolen – mostly email addresses, passwords, but no payment information. And especially heartening to those affected was that none of their notes or other content stored with Evernote was stolen. The biggest problem here resulted in the influx of SPAM messages that flooded the affected users’ inboxes. Worst among them were the phishing scams that resulted – appearing to come from Evernote and directly referencing the recent breach, they urged users to enter in their personal information to reset their passwords, when in fact it was a ploy to get even more data.

  1. Living Social (over 50 million accounts)

This is another breach where no specific payment card information was stolen, but as Ars Technica called it, still “graver than you may think”. In 2013, Living Social – an online forum of sorts that allows its users to buy and do things specific to their city for discounts – was attacked and had about 50 million of its accounts stolen. Even though their users’ passwords were encrypted, as Ars pointed out, the encryption method they used left a lot to be desired: “SHA1, the algorithm used by LivingSocial, is an extremely poor choice for secure password storage. Like MD5 and even the newly adopted SHA3 algorithms, it’s designed to operate quickly and with a minimal amount of computing resources. A far better choice would have been bcrypt, scrypt, or PBKDF2.” They did, thankfully, almost immediately switch to bcrypt after the breach.

  1. TJX (46 million accounts)

As one of the oldest breaches on this list (2006, but discovered in 2007), this breach also saw a very high number of actual payment card information stolen – about 45.6 million to be exact. At the time, the TJX breach was the largest of its type in the world, as it operates two of the larger retail outlets in the states in T.J. Maxx and Marshalls. Not only was it notable for the sheer size, but it was also one of the first breaches that opened retailers’ eyes to the fact that criminals could focus on other elements of the business other than the point-of-sale machines themselves, as this c-net article illustrates: “In the case of TJX, [Gartner security analyst Avivah] Litan suspects it was a case where attackers gained access through a wireless regional hub for the company’s store controllers that handle the point-of-sale system. From there, the attackers may have been able to work their way into TJX’s central system.”

We take security extremely seriously here at Valued Merchant Services. In addition to providing top of the line processing solutions for your business, we also deliver peace of mind – click here to learn more about us and our service offerings.

By Chris Del Grande

 

The 10 Biggest Credit Card and Data Breaches in History – Part 1

Some of the biggest acts of mass theft and fraud come in the form of data breaches – we’ll take a look at the 10 biggest in U.S. history.

Data Breach

In the credit and debit card world, nothing grabs headlines quite the way a major data breach does. Not only does it strike fear and legitimate concern in the heart of average everyday card users, but stories with major corporate negligence always make for a big media splash.

Let’s take a look at the 10 largest credit card breaches in history, sorted by the amount of personal credit records compromised (with a special thanks to Elizabeth Palmero at Tom’s Guide who initially put this list together). We’ll cover the amount of personal accounts that were exposed (which are all approximations), but note that this doesn’t necessarily correlate into the amount of credit and debit cards leaked. It may also refer to personally identifiable information (PII) such as names, email addresses, phone numbers, etc.

  1. Heartland Payment Systems (130 million accounts)

Occurring in 2008 (but not announced by Heartland until 2009), this is one of the earliest big data breaches to occur and is still the largest breach to hit an American company. It’s even made all that more remarkable when you consider that A) it was largely the work of a singular hacker, Albert Gonzales, and B) Heartland wasn’t even the sole company targeted in the hack and resulting breach. In addition, Hannaford Brothers had 4.6 million card numbers stolen, and J.C. Penny and Target both had an undisclosed number of cards stolen – but all pale in comparison to the approximately 130 million Gonzales was able to grift from Heartland. He was sentenced to 20 years in prison for the breach.

  1. Target (110 million accounts)

After having their physical point of sale card readers infected and manipulated, hackers were able to get their hands on 40 million credit and debit card numbers from Target – the nation’s second largest retailer. Target later had to make the painful announcement that the amount of consumer accounts exposed had increased from 40 to 70 million. Due to their system, hey had no way of knowing how many of the 70 million accounts that contained PII overlapped with the initial 40 million credit and debit card accounts compromised – the total number accounts therefore could be as high as 110 million, or as low as 70. Either way, it constituted a big breach and a major financial and PR disaster for Target.

  1. Sony Online (102 million accounts)

Those who follow the cyber security space know that video games – both the companies that develop and publish them as well as the gamers who play them – are rife with cybercrime, hacking, and DDoS attacks. A band of unknown hackers (who have yet to be identified, much less caught) were able to work their way into Sony’s online platform, the PlayStation Network (PSN), as well as Sony Online Entertainment (SOE), a company which is the backbone and host for many popular online games. While first reported as only the login information of 78 million PSN gamers, approximately 24 million more were later discovered when SOE was discovered to have also been hacked/breached. An undisclosed number of credit cards were included in the breach.

  1. National Archive Records Administration (76 million accounts)

While having and implementing all the best fire walls, end-to-end encryption, passwords, and other forms of cybercrime defenses are great, you still have to employ individuals on the inside of your business and network who know which keys to turn to access confidential information. And as the National Archive Records Administration (NARA) found out in 2009, sometimes the biggest threat to your company’s security can often come from within. The independent agency of the U.S. Federal Government in charge of preserving historical and governmental records noticed that one of their external hard drives was faulty. After attempts to fix it failed, the agency sent it out to be scrapped rather than have it be destroyed on site. The only problem? NARA was unclear whether or not the drive was actually ever destroyed, along with the records of 76 million American Veterans. NARA thankfully updated their policies regarding hard drive retirement moving forward, and even offered free credit monitoring services to anyone that may have been affected by the leak.

  1. Anthem (80 million accounts)

This breach, the most recent on our entire list (both this Part 1 and the upcoming Part 2), didn’t approach the Target breach in terms of the sheer number of accounts compromised. But as the second largest health care provider in the country, it instilled the same level of consumer fear and lost trust as Target – if our major retail outlets and health care providers aren’t safe from hackers and breaches, is anything? The result of what Anthem called a “sophisticated attack” turned out to be anything but – vast amounts of data were left un-encrypted, and high-level IT access credentials were stolen from likely phishing schemes. Approximately 80 million current and former Anthem members’ data was exposed.

Note: We’ll cover the next batch of five, breaches 6-10, in our next blog article. Stay tuned to the Valued Merchant Services blog for future updates. And as a closing note, we take security extremely seriously here at Valued Merchant Services. In addition to providing top of the line processing solutions for your business, we also deliver peace of mind – click here to learn more about us and our service offerings.

By Chris Del Grande

Chip-and-PIN versus Chip-and-Signature Cards

In an earlier entry, we examined the primary differences between chip-based credit cards versus those without. This piece will take a look at two different kinds of chip-cards: chip-and-PIN and chip-and-signature, as well as additional safeguarding technologies.

Credit Cards

As mentioned in the subhead above, we recently took a look at the chip-and-PIN style of credit cards that are already the standard in Europe and many countries around the world, and slowly but surely gaining in popularity here stateside. But within the subset of chip-based cards, there are a two different types of cards – chip-and-PIN and chip-and-signature – the differences of which is the topic of this follow-up blog post. We’ll also take a look at a few additional security technologies that can significantly help reduce fraud.

Overview

Again, we covered chip-and-pin style cards at length in the previous article, but we’ll provide a brief overview in case you missed it. Chip-and-PIN (or EMV, for Europay, Mastercard, and Visa) cards have a microchip embedded in them that you can see on the front of the card. The chip contains all the data the older magnetic strips do about your account, but also create a unique transaction code while in the reader that can never be duplicated. The PIN entered by the cardholder is an extra layer of protection (in case of a lost or stolen card), and so far, this system of cards has been shown to significantly reduce credit card fraud.

Chip-and-signature is slightly different, and has actually been the style of choice for the U.S. banks and financial institutions that have begun the switch to chip-based cards. As you might guess from their names, the primary difference in a chip-and-signature card is that you still use your signature as your method of personal identification verification. A forged signature is obviously much easier to produce than it would be for a thief to try and guess a stolen card’s PIN number, so chip-and-signature cards are a bit less secure than their PIN-based brethren. And as most of us can attest to, it’s not entirely uncommon for retail clerks to even bother to check if the signature on the card matches the one they’re given on the receipt.

That, coupled with the fact that many automated kiosks don’t even involve a signature (filling up your tank at the gas station, for instance), and it’s easy to see why chip-and-PIN cards are the most secure format of credit cards available today, with chip-and-signature cards being seen as a half-measure of increased security above traditional mag-strip cards.

But despite reduced amounts of fraud involved, even chip-and-PIN cards aren’t perfect. Let’s take a look at a couple of technology solutions that add even greater security to card transactions.

Point-to-Point Encryption (P2Pe)

The advantage of a P2Pe system is that the credit card data is encrypted right at the moment the card is swiped – before the point of sale (POS). A Payment Card Industry (PCI) certified P2Pe card reader encrypts the card information instantly. This encrypted information is then sent to the payment gateway or processor for decryption, meaning the merchant actually never sees, stores, or handles the customer’s card information. Once the payment processor has the encrypted information on their secured network, it is then decrypted and passed along to the financial institution where it either confirms or rejects the transaction. If confirmed, the merchant is sent the “green light” to go ahead and process the transaction. While this process sounds intricate, the entire process generally takes place in about a single second.

Tokenization

Much like P2Pe, tokenization is a technology that aims to reduce credit card fraud and make it more difficult for hackers/thieves to access your data. And although the broad strokes are essentially the same (replacing card data with other alphanumeric information), the process behind it is a bit different. Encryption relies on an algorithm to change those 16 digit numbers, your name, billing address, expiration date, and any other sort of personally identifiable information (PII) into a code – which is great, except when hackers or thieves can somehow get their hands on or crack that code. If so, they will be able to get the card information from any encrypted card data processed.

With tokenization, the process is essentially random. Your card information gets transformed into a token for the payment gateway or processor to handle, but that token is not based on any sort of cipher or algorithm. Each card processed gets its own unique, randomized token, meaning that if nefarious parties were to somehow acquire all of the tokens used by a merchant, no amount of codebreaking in the world would ever allow them to get all of the card information the tokens represent, since they are assigned completely at random.

An incredibly oversimplified version would be as follows: with encryption, the number 1 equals the letter A across all cards in an encrypted system; in a token system, the number 1 could represent A on one card, the number 4 on another, etc.

Solution

John Perry, CEO of Bluefin Payment Systems, said that “The truth is that breaches will continue to occur, as there are smart, resourceful people out there who are committed to fraud.” There is no one solution that will solve all credit card theft, fraud, and data breaches, but enhancing your transaction system obviously leaves you in the strongest possible position by making theft as difficult as possible. Chip-and-PIN, P2Pe, and tokenization also shouldn’t be viewed as mutually exclusive entities – in fact, utilizing all three can be the most effective way to safeguard the storage of card data, the cardholder, and the transmission of data. Talk to Valued Merchant Services today to find out what kind of security we offer in our systems and how we can help protect you and your customers.

By Chris Del Grande

Chip-and-PIN versus Traditional Signature Cards

Europe (and pretty much the rest of the world) are quickly adopting a new credit card standard with Chip-and-PIN. Here’s everything you need to know about the new format.

Chip and PIN Card

This might not come as a shock to anyone who’s ever travelled, but America is quite a bit different from other countries. It would take up several lifetimes to try and enumerate every difference or even the most obvious. As a credit card processing company, we’ll pick a big difference that’s quite germane to our line of work: chip-and-PIN credit cards (also known as EMV cards, which stands for Europay, MasterCard, and Visa). These newer format of cards have been rapidly adopted as the standard in Europe and indeed all over the world, but not yet here in the states. Let’s take a look at them, the primary differences between them and our current standard of credit cards, and if we’ll be moving to adopt them as our standard in the near future.

Overview

In an earlier article from our blog, we got into the process of how our traditional credit cards work. A big part of that was devoted to the magnetic strip you see on the back of the card. EMV or chip-and-PIN cards definitely contain a mag strip on the back, but they also feature an embedded computer chip, which you can see prominently displayed on the front of the card as a small metallic square. (NOTE: This refers to the first generation of EMV cards, which are already in many hands across the world. The push is for future versions to feature ONLY the chip and get rid of the mag stripe completely, but the process has been slow going, especially here in America.)

This metallic square is a microchip that essentially “talks” to the reader and creates a unique bit transaction data each time it’s used. That data can never be reused. The cards are inserted into the reader, and the card holder enters a secret pin to proceed with the transaction while the card is still in the reader, and assuming everything matches, the sale goes through.

With a traditional signature card, the information contained in the mag strip never changes. If nefarious parties were able to get that information (as they so often are with multiple billions of dollars’ worth of credit card fraud committed each year), they would have all they need to use your card. With an EMV card, you need the magnetic strip information PLUS the chip transaction code and secret PIN number for a sale to go through. Without physically having the card in their possession, this makes traditional card fraud all but impossible for thieves.

Advantages

Obviously, the scenario we just talked about is the biggest advantage to chip-and-PIN cards – much greater security. Over the past few years, the massive consumer data breaches at Target, Home Depot, Michaels, and others have left many customers at a hugely increased state of risk for credit card fraud. As mentioned above, if a data breach occurs that has swiped your traditional signature credit card and has it stored in any fashion, a hacker will be able to use your credit card with the static information stored on the card’s mag stripe. With EMV cards, that data would be useless without the microchip.

Over 130 countries have already adopted chip-and-PIN cards as the standard, and have seen notable reductions in the amount of credit card fraud. In fact, the recent rise in fraud here in the United States has been at least in part attributed to scammers moving their scams away from countries with EMV standards and into the U.S., one of the few major countries to still have signature cards as the standard.

Disadvantages

You can still use most chip-and-PIN cards at retail outlets that have traditional card readers, so long as it has a magnetic strip on the back. But increasingly today, more and more merchants and retail outlets that reside in countries where EMV is the standard have switched to full EMV merchants, meaning your traditional signature card will not work there. This is more of a disadvantage to the card holders themselves rather than of the chip-and-PIN format itself, but it’s important to be aware of before you travel abroad.

One of the biggest reasons why EMV adoption has been slower in America compared to many other countries comes down to liability. As anyone who’s ever been the victim of credit card fraud or a stolen card will know, almost all financial institutions and card issuers accept the liability for these cases. If someone steals your card or its mag strip information and racks up thousands of dollars in fraudulent charges, you thankfully don’t foot the bill – the issuer does. With chip-and-PIN systems, it’s a bit different. If you have an EMV card with a mag strip and use it at a place of business that doesn’t accept EMV style transactions, that opens up the possibility for a fraudulent or counterfeit card to be used. In the eyes of issuing institution, that’s the fault of the merchant for not upgrading to the latest and most secure system, and they would thus be liable for the charge.

The biggest card issues have shared their schedules for when the shifts to chip-and-PIN must take place, and are detailed all the way through October 1, 2017. Most credit experts expect the U.S. to get caught up to the rest of the world in terms of EMV, but it will be more of a gradual change than an overnight shift, even with the deadlines set.

Contact the Experts

There’s a lot more detail regarding the switch to chip-and-PIN cards than we have room to talk about here. And if you’re a merchant, the questions and intricacies get even more complex depending on your exact situation. Contact us today if you’re interested in more information and how we can help.

By Chris Del Grande

The Cost of Not Accepting Cards

 

Sure, accepting debit and credit cards at your business costs a bit extra…but it’s nothing compared to the missed revenue by not accepting them.Credit Card

We are increasingly living in a cash-less society. While some still view credit cards as something you use for only big purchases and emergencies, more and more people are becoming comfortable using them for small, every day purchases. Many savvy customers actually shop around for the best reward systems or cash back options and load up all of their expenses on a credit card (or two).

And that’s to say nothing of the meteoric rise of the debit card. Although they’ve technically been around since the 60s, the debit card really caught hold in the late 90s and early 2000s – according to the Kansas City Federal Reserve, there were about 300 million debit card transactions in the U.S. in 1990, and that number exploded to 37.6 BILLION by 2009.

It’s easy to see why – debit cards have all the quick convenience of a credit card, but none of the worry that you’ll rack up a balance you can’t afford to pay off right away (and thus, accrue finance charges). Debit cards are the single biggest reason why we are, as this article started off, in an increasingly cash-free world.

If debit and credit card transactions are becoming the new norm and almost completely replacing cash and checks, the average customer will often wonder why a business wouldn’t accept them. For an extremely small business – say, a flower stand or a hot dog vendor – it is understandable. But a surprising amount of “larger” small businesses don’t accept them. Why would they shun such a ubiquitous form of payment? The answer, as with many things in life, comes down to money.

As every business owner and retail employee knows full well, there’s a bit of work that goes behind each debit and credit card transaction, and that work isn’t free. Merchants who accept credit and debit card purchases have to pay a fee for each and every transaction that occurs, and that is without a doubt the biggest factor for a business opting to only accept cash.

Upon first glance, the decision actually seems reasonable. A merchant typically pays three types of fees when it comes to credit and debit card transactions: a set, flat amount that is the same for each transaction; a percentage of the transaction itself; and a monthly service fees that is upfront and completely independent of the amount and volume of transactions.

All these fees (let alone the card scanning equipment costs and the necessity to have an Internet connection to process them) most certainly add up, and for a business operating on a razor thin profit margin, it’s easy to initially think that avoiding these fees would be smart. But when you consider how many transactions in general your business will lose as a result of not accepting cards, it quickly becomes clear that the savings you’ll see on skipping fees doesn’t come close to revenue you’d be missing.

Think of that earlier statistic from the Kansas City Federal Reserve. 37.6 billion is a huge number, but that number is now approaching 100 billion transactions per year according to Payments Source. How many of those transactions take place in your area, or in your area of business? Enough to make a difference.

Plus, with younger generations that have always grown up with a debit card (many of which have never even owned a checkbook), the concept of cash is odd. It takes more time to carry out a transaction (fishing through wallets/purses/pockets for bills and change), and it’s an unnecessary risk. They wonder (rightly so) why they should carry around cash in their wallet or purse when, if it becomes lost, the cash is gone forever? Why not use a debit card that links up directly to their checking account, which if it becomes lost, is almost certainly useless to the person who finds it without their secret PIN?

Many millennials, teens, and college students are almost 100% cash free. If your business only accepts cash, you are absolutely losing out on their business, which is becoming an increasingly large sector of the purchasing force worldwide. Sure, you can place an ATM machine in your business, which is still a fairly common practice. But almost all banks assess a fee to their customers for using an ATM that is not owned by the bank, which the customer doesn’t relish paying. Plus, most 3rd party ATMs assess their own processing fee, so the customer gets dinged twice simply for accessing their own money. Many won’t use in-store ATMs for this reason alone.

Business owners can be in a bit of a tricky spot – what’s the best approach to accept credit and debit cards to not lose out on a huge swath of potential customers, but minimize the amount spent in fees? By choosing a merchant services partner that offers the lowest rates in the industry. Guaranteed.

Valued Merchant Services will beat the price you’re currently paying on processing fees – again, guaranteed – or we will give you $500, no strings attached. Yes, you will still have to pay processing fees on card transactions – but you don’t have to over pay. Let us help.

By Chris Del Grande