Feature Articles

Several times monthly,’s writing staff tackles subjects that merit a deeper look than our news items. Our feature articles deliver original reporting on the latest trends, issues, companies and technology impacting the CNP payments space.


Guest Perspective: Enhancing Customer Satisfaction Without Increasing Fraud Risks in Electronic Bill Presentment and Payment

By Mia Papanicolaou, COO of Striata

Guest Perspective: Enhancing Customer Satisfaction Without Increasing Fraud Risks in Electronic Bill Presentment and PaymentMoving customers from paper billing and offline payment options to electronic bill presentment and payment (EBPP) is an attractive proposition for companies wanting to enhance customer experience, while achieving significant operational cost savings and reducing days sales outstanding (DSO).

EBPP also holds advantages for consumers who prefer the convenience of receiving and paying bills electronically. In its 7th Annual Billing Household Survey, Fiserv found that having multiple ways to receive and pay a bill improved a customer's experience and almost half of the recipients said receiving paperless bills increased their satisfaction levels. The study also found that the growth in electronic bill payment, from mobile devices specifically, increased by 450 percent over a four year period.

But as with any new technology or process adoption, the migration to receiving and paying bills electronically may be introducing new security risks that need to be addressed to avoid detracting from the obvious benefits. Applying electronic billing and payment principles to outdated technology and analog processes is a makeshift solution that doesn't work in the long term and could introduce security risks.

Read the full article...

Guest Perspective: Going Beyond EMV: Breaking the Fraud Cycle

By Sam Pfanstiel, Director, Solution Architecture, Coalfire

Going Beyond EMV: Breaking the Fraud CycleEMV cards have been trumpeted as a means of mitigating risk in card-present transactions for retailers. But for card-not-present merchants, the trouble is just beginning.

When it comes to chip-card technology, the U.S. is a late adopter. Whether this delay has been primarily due to the disparity of processing environments, politics among banks and processors, or any number of other distractions, is a conversation for another day. Irrespective of the reason, the U.S. can still benefit from lessons learned by the others that came before. The good news—for retailers and customers alike—is that more mature EMV markets have seen a reduction in card-present fraud. The bad news is that in each of those regions there has been an increase in fraud across almost all other payment channels.

The dramatic rise in card-not-present (CNP) fraud following EMV implementation—some markets experienced upward of 300-percent growth—is staggering. The situation in the U.S. is particularly dire. The U.S. alone accounts for almost 50 percent of global fraud but only about 21 percent of global payments transactions. Issuers in the U.S. lost nearly $4 billion last year to counterfeit transactions, according to The Nilson Report.

To combat the rise in CNP fraud, we must engage on two battlefronts...

Read the full article...

The 5 Stages of CNP Fraud: Moving From Denial to Acceptance

By Karisse Hendrick, Editor-at-Large,

Editor's Note: In 1969, Swiss psychiatrist Elisabeth Kübler-Ross proposed to great acclaim that humans go through five separate stages when dealing emotionally with the loss of a loved one: denial, anger, bargaining, depression and acceptance. While the stakes aren't nearly as high, in her former role advising merchants on their fraud issues,'s Karisse Hendrick noticed a comparable pattern. When CNP merchants identify for the first time that their company has become a target for fraudsters, it can be the start of an arduous process. By recognizing the pattern, companies hopefully will move through the process faster, reaching acceptance—and preventing future fraud losses—as efficiently as possible.

The 5 Stages of CNP Fraud: Moving From Denial to AcceptanceStage 1: Denial

Usually, the first sentence a fraud consultant hears goes something like this: "We don't have fraud, but we have been getting a lot of chargebacks recently," or "my bank says we have fraud, but I think we just have customers who don't want to pay their bills."

While legitimate customers may file chargebacks out of remorse every once in a while, merchants that suddenly experience a high volume of fraud chargebacks within a few months probably are facing fraud. A large number of good customers do not feel remorse simultaneously. More likely, an opportunistic fraudster found a way to get past processes in place (if any) and hammered the vulnerability, knowing that it may not last long.

Denial is not always rational, but it does need to be acknowledged in order to move on. One of the first companies I ever worked with was in the most denial about fraud on their systems. To be fair, this was before many companies were open about this type of loss, so they didn't have any experience or knowledge that CNP fraud was common. The CFO of the start-up said very matter-of-factly that...

Read the full article...

Guest Perspective: Two Steps That Can Cut Chargebacks by One-Third

By Suresh Dakshina, Co-Founder, Chargeback Gurus

Two Steps That Can Cut Chargebacks by One-ThirdThere are many factors merchants must consider when evaluating chargebacks, and a majority of them involve intentional fraud: stolen credit cards, well-conceived scams, or intentional attempts by consumers to get something for nothing. There's no doubting that fraudsters are out there, but sometimes it's you, not them. More than one-third of chargebacks are the result of something the merchant is not doing to protect itself. In our experience, by examining their internal operations and making improvements, merchants can greatly reduce the number of chargebacks that come as a result of back-office issues, rather than outright fraud.

Managing internal flaws is an area that merchants can easily control in two simple steps: Take preventive action and take corrective action. Do them both, and chargebacks will drop significantly.

Preventive Action

First, many chargebacks can be prevented by...

Read the full article...

4 Reasons Your E-Commerce Company Needs a Payments Expert

By Karisse Hendrick, Editor-at-Large,

4 Reasons Your E-Commerce Company Needs a Payment ExpertAs card-not-present commerce has grown over the last two decades, having at least one fraud-prevention expert on staff has become standard best practice for a majority of CNP companies. These positions provide substantial cost savings to merchants by protecting the bottom line. But an equally important role remains unfilled by many companies. Dedicated payments professionals can provide cost savings and also can increase sales for card-not-present companies. Many successful CNP companies have seen the value of hiring payments experts and building payments teams proven by the effect on their bottom line. Several key areas will benefit from their presence. While the opportunities within each organization vary, there are four basic areas in which payments professionals can provide value consistently.

Optimizing Payment-Related Costs

One top-100 retailer recently confided that the single largest line item on its books was payment processing costs. These costs exceeded the total cost of labor, goods, real estate and taxes. What many CNP merchants do not realize is that these costs can be reduced, either through negotiation or optimization. Payments costs can be divided into three buckets: discount fees, interchange and everything else.

You may wonder why the first bucket is called "discount fees." They certainly don't feel like a discount. This is...

Read the full article...

Guest Perspective: 3 Technologies Driving Alternative Payments

By Allison Ward, Account Director, Walker Sands Communications

The Payments Frontier: 3 Technologies Driving Alternative PaymentsShortly after e-wallet solutions reached mainstream adoption in the early 2000s and smartphones became increasingly ubiquitous, interest in mobile payments soared to new heights. But as new players flooded the alternative payments industry, the influx of payment options became too much to bear for consumers and merchants alike. Unable to differentiate one payment solution from another, consumers and merchants simply refrained from adopting alternative payments of any kind.

In recent years, however, concerns commonly associated with alternative payments have started to dissipate. 2015 marked the first time digital wallets were used more widely than traditional card payments. According to the 2015 Global Payments Report from e-commerce acquirer and processor Worldpay, the U.S. is expected to experience the largest shift toward alternative payments of any country. In fact, U.S. e-commerce turnover will grow from $312 billion to $536 billion by 2019—a 14 percent increase. Merchant-owned apps, tech players, bank-owned apps and general mobile wallets are leading the payments app race.

Needless to say, consumer knowledge of and confidence in alternative payments has never been higher. Still though, there is room for growth. In an effort to bolster the momentum behind alternative payments, key players in the ecosystem have set their sights on exploring the payments frontier.

Read the full article...

6 Steps to Fraud Prevention: How to Evaluate CNP Fraud Solutions

By Karisse Hendrick, Editor-at-Large,

Deciding which fraud solution will best fit the needs of your company can be overwhelming. While options were fairly limited a decade ago, the need for different types of services has driven the creation of literally hundreds of different fraud service providers since then. Whether you are considering a main fraud case management system or service or a complimentary tool to add additional identity verification, device identification or machine learning capabilities, the decision is one that shouldn't be taken lightly. Chances are this will be a relationship your company will continue to have for a long period of time, and the cost may be substantial. Recently, in one of the most popular panel discussions at this year's CNP Expo in Orlando, Fla., Laura Park, sales operations specialist for Other World Computing (also known as, shared the method she uses to select the right tools for her business. Here, in more detail, Park explains the six steps she takes to evaluate and choose a fraud provider.

6 Steps to Fraud Prevention: How to Evaluate CNP Fraud SolutionsStep 1: Identify the "Why"

It's important to identify why you need a solution. Maybe you need to reduce manual reviews, account takeover fraud or false positives. Perhaps you need to verify identities automatically or to have a work flow management or case management tool.

"The 'why' must be actionable and quantifiable," Park says. "If management comes in saying you need to be 'quicker' or 'more accurate,' the next step would be identifying exactly what that means. In my opinion, the entire process hinges on this first step. If you haven't identified the #1 reason you need something new, you won't know when you've found the right tool."

In the panel discussion, Park emphasized that...

Read the full article...

Guest Perspective: How Brexit Could Affect U.K.-Based PSPs

By Mirko Hüllemann, Managing Director, Heidelberger Payment GmbH

Guest Perspective: How Brexit Could Affect U.K.-Based PSPs by Mirko HüllemannOn June 23, the British decided in their referendum that the United Kingdom should leave the European Union. Apart from its political implications and clear signal effect, the decision will also have consequences for the EU's single market and e-commerce inside Europe. The U.K., as Europe's biggest e-commerce market, not only offers great opportunities in terms of customers and turnover for retailers. It is also one of the most important countries in the EU in the field of financial services. Against this background, the question arises: what effects can the e-commerce industry as a whole, as well as individual retailers, now expect from the U.K's departure from the EU?

The most obvious effect undoubtedly will be the disappearance of customs duty- and import sales tax-exempted trade between the U.K. and the EU. However, this probably will have very slight effects on the European market, since according to current studies, the British tend to shop more in the U.S., Australia and China rather than procuring their products over the Internet from their direct neighbors. What is of far more interest are...

Read the full article...

CNP Series: Lessons from a CNP Fraud Scheme - Part 4

By Theodore F. Monroe and Bradley O. Cebeci, TFMLaw

Recently, the criminal case against online merchant Jeremy Johnson in Utah that started back in June 2011 finally came to a close. After more than four years of litigation and six weeks of trial, the jury found Johnson guilty of eight counts of making false statements to a bank, but acquitted him on 78 other charges, including bank fraud, wire fraud, conspiracy and money laundering. By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

This is the last of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 described the case and some of the issues the decision turned on. Part 2 examined the involvement of CardFlex, one of the ISOs charged by the FTC of aiding Johnson in his alleged fraud. Part 3 looked at credit card laundering, one of the crimes Johnson was charged with. The last installment describes what a company can expect when it runs afoul of the FTC.

CNP Series: Lessons from a CNP Fraud Scheme – Part 4Anatomy of an FTC Action

Most payment processors understand that certain classes of high-risk merchants are popular targets for scrutiny by the FTC and other regulatory authorities. Trial, free-to-pay conversions, recurring billing, onerous return policies, paid testimonials and unsubstantiated advertising claims are just a few of the most common sins that will land a merchant squarely in FTC’s crosshairs. In such cases, the agency will not hesitate to look past the merchant to every entity in the payment chain it deems knowingly or recklessly facilitated the merchant’s access to the payments system in the face of such red flags, or in violation of its own underwriting policies. One need only consider the FTC’s prosecution of Jeremy Johnson and the associated ISOs and sales agents that boarded his straw merchant accounts, or the commission’s more recent pursuit of CardReady in connection with its alleged role for helping to launder credit card transactions in connection with a massive debt relief scam.

Nonetheless, many banks and processors have no idea what an FTC lawsuit looks like until the merchant gets sued and the operating account and merchant reserves are already frozen. So, rather than leaving you to learn the hard way by experience, we offer you this brief primer on the anatomy of an FTC lawsuit.

Read the full article...

Guest Perspective: Disruptive PSPs Redesign the Payment Landscape with Millennials in Mind

By Gijs op de Weegh, COO, Payvision

Guest Perspective: Disruptive PSPs Redesign the Payment Landscape with Millennials in MindThere has never been a more exciting time for the payments industry. The omnichannel era is here, powered by millennial shoppers who are comfortable browsing and buying through a variety of devices.  This represents a glut of opportunities for the ambitious payment solutions provider. Merchants of all sizes now have the potential to target a massive number of international consumers and they are hungry for payment solutions that support the channels and methods they need to do so.

And yet, when I look at the solutions offered by even some of the biggest names in our industry, I see few that are truly up to the task.

Legacy platforms made for different times

The problem is not willingness or lack of knowledge. The problem is that established PSPs built their platforms years ago to suit a shopper-merchant relationship from a different century. The answer? PSPs need to rip up their legacy platforms and build solutions powerful enough to suit the present and adaptable enough to deal with the rapid innovations of the future.

What every solution should offer

Read the full article...

Turning False Positives into Positive Sales

By Karisse Hendrick, Editor-at-Large,

Turning False Positives into Positive SalesOne of the most talked about subjects in sessions, hallways and over cocktails at the recent CNP Expo in Orlando, Fla., was false positives. Discussion centered primarily on how to measure and prevent negative impacts on legitimate customers from companies just trying their best to prevent fraud. Several CNP merchants offered best practices to help industry professionals with similar pain points.

In the last few years, the focus of fraud managers has shifted. More advanced fraud prevention systems have left many companies feeling confident they are preventing more fraud. They wonder, however, how many legitimate customers are being wrongfully declined by those systems. Over the years, the behavior of fraudsters has evolved to look more legitimate. At the same time, there always will be real customers using their own cards for orders that appear risky. Some fraud orders successfully get past review while some legitimate sales are held for several hours or canceled all together. Beyond the loss of the immediate sale, this also can impact customer retention. Customers that have an order delayed or canceled by the merchant due to suspicion of fraud may never return to that site. As one speaker stated at the CNP Expo: "When you cancel a good order, you are essentially referring that customer to your competitor."

Identifying the Impact of False Positives on Your Business

The biggest challenge presented by false positives is identifying them...

Read the full article...

Guest Perspective: Achieving PCI Compliance Does Not Need to be a Fire Drill

By Steven Grossman, Vice President of Program Management, Bay Dynamics

Guest Perspective: Achieving PCI Compliance Does Not Need to be a Fire DrillEvery year there’s a fire drill within companies to complete their Payment Card Industry Data Security Standard (PCI DSS) audit. That's in addition to the quarterly chaos necessary to complete the vulnerability scans that are also a part of the PCI DSS requirements. The reason behind the scramble is two-fold. First, companies are still in the archaic mode of manually compiling cyber risk data—including compliance data—into piles of spreadsheets that are then stitched together in an effort to show that the company has met all its requirements. Second, some companies do not practice continuous compliance, only worrying about it when the time comes to “check the box,” which creates a last minute rush to gather that manually generated data.

Large companies have tens or even hundreds of legacy systems—some of which store the company’s most valuable information—that are in scope for PCI DSS compliance. The systems are owned by different technology, line-of-business and application owners, each with their own administrators and experts. Enterprise security is responsible for coordinating with all of these parties to conduct vulnerability scans, penetration testing and validation and many other things required by the PCI DSS.  The effort is complicated by application owners who “give the Heisman” to the security department, and do not allow testing and patching to be conducted regularly, because they are concerned that it will impact their application’s availability.  The underlying tracking of this process is often maintained in a governance, risk management and compliance system, but just as often ends up in a dizzying array of emails and spreadsheets being exchanged right up to the deadline for reporting. 

In the best case scenario, the exchange goes something like this:

Read the full article...

CNP Series: Lessons from a CNP Fraud Scheme - Part 3

By Theodore F. Monroe and Bradley O. Cebeci, TFMLaw

Recently, the criminal case against online merchant Jeremy Johnson in Utah that started back in June 2011 finally came to a close. After more than four years of litigation and six weeks of trial, the jury found Johnson guilty of eight counts of making false statements to a bank, but acquitted him on 78 other charges, including bank fraud, wire fraud, conspiracy and money laundering. By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

This is the third of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 described the case and some of the issues the decision turned on. Part 2 examined the involvement of CardFlex, one of the ISOs charged by the FTC with aiding Johnson in his alleged fraud. Part 3 looks at credit card laundering, one of the crimes Johnson was charged with.

CNP Series: Lessons from a CNP Fraud Scheme – Part 3Credit Card Laundering: Feds Are Cleaning House

The U.S. federal government has declared open season on merchant processors for their involvement in what is called credit card laundering or “factoring,” with a number of high-profile lawsuits involving the practice.

Recently, Utah merchant Jeremy Johnson was prosecuted for such activity, which resulted in his conviction on eight felony counts of false statements to banks.  Prior to the filing of the DOJ’s criminal complaint in January 2011, the FTC filed its own civil action against Johnson, IWorks and the dozens of shell companies they used to carry out the fraud.  More than three and a half years later, in July 2014, the FTC sued the ISO CardFlex and the various sales agents allegedly responsible for facilitating more than $26 million in illegal transactions for the IWorks scheme.

The IWorks action provides a good illustration of how ISOs can quickly land themselves in hot water with the FTC right alongside their merchants for allegedly employing, advising or enabling them to employ deceptive tactics to open merchant accounts, and thereby facilitating their access to the payments system...

Read the full article...

A Pulse Check on EMV: Measuring Consumer Sentiments and CNP Considerations

By Allison Ward, Account Director, Walker Sands Communications

A Pulse Check on EMV: Measuring Consumer Sentiments and CNP ConsiderationsAs of October 2015, the liability deadline passed for U.S. merchants and card processors to adopt Europay, MasterCard and Visa (EMV) standards. Merchants or credit card processors that did not make the switch in time for the deadline are now liable for any point-of-sale fraud losses associated with antiquated magnetic stripe cards. As with any new technology, there’s always a learning curve and some hurdles along the way for both consumer and business adoption. Six months following the EMV liability shift, Walker Sands wanted to examine how consumers are responding to the change, so we surveyed 575 of them to measure sentiment toward new chip cards.

Our study, “No Easy Move: The Switch to EMV,” found retailers and card processors have been slower than expected to roll out new card readers, inform customers and thoroughly train staff, leading to some friction with the customer experience. And this friction not only applies to in-store transactions. In many cases, customers have faced obstacles when it comes to CNP transactions, such as recurring billing and online payments.

Here’s an overview of our key findings:

Read the full article...

CNP Series: Lessons from a CNP Fraud Scheme – Part 2

By Theodore F. Monroe and Bradley O. Cebeci, TFMLaw

Recently, the criminal case against online merchant Jeremy Johnson in Utah that started back in June 2011 finally came to a close. After more than four years of litigation and six weeks of trial, the jury found Johnson guilty of eight counts of making false statements to a bank, but acquitted him on 78 other charges, including bank fraud, wire fraud, conspiracy and money laundering. By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

This is the second of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 described the case and some of the issues the decision turned on. Part 2 looks at the involvement of CardFlex, one of the ISOs charged by the FTC of aiding Johnson in his alleged fraud.

CNP Series: Lessons from a CNP Fraud Scheme – Part 2The CardFlex Side of the Story

We recently reported to you regarding the DOJ’s federal criminal conviction of Jeremy Johnson for making false statements to Wells Fargo for the purpose of opening a myriad of straw merchant accounts. Fallout from the case landed on the processors, ISOs and sales agents that worked with him, including CardFlex, Inc., which found itself squarely in the FTC’s crosshairs because of the matter.  

 CardFlex’s CEO, Andrew Phillips, contacted us shortly after Part 1 of this series ran to give us his side of the story. We found it riveting and wanted to share it.

Read the full article...

Guest Perspective: How to Ensure Customers are Happy AND Protected While Shopping Online

By Steve Platt, Executive Vice President, Fraud and Identity, Experian

Guest Perspective: How to Ensure Customers are Happy AND Protected While Shopping OnlineIn the last few years we have seen a gradual shift in customer expectations when it comes to their online shopping experience. Historically, customers didn’t mind an interruption in their shopping if it allowed for increased security measures and stronger protection. They appreciated the concern. Today’s consumer, however, demands a smooth, enjoyable and safe experience without any hassle. They expect the places where they do business to safeguard them in ways that don’t waste their time, question their intentions or force them to prove who they are each and every time. Instead of appreciating the extra steps as they had in the past, today’s online shoppers feel frustrated with the extreme overload of more passwords, authentication, identity confirmations, etc. Consumers expect to be recognized and welcomed in every channel available to them. They are right to expect this. And when it doesn’t happen, it’s more than inconvenient. It erodes loyalty and damages trust.

Retailers are left with the challenge of balancing the customer experience with financial protection. And, this isn’t a one-and-done concept. In some cases, we’ve found consumers are willing to forgo certain levels of protection for a hassle-free shopping experience, yet there is still an expectation that strong anti-fraud protection measures are in place—preferably ones that go unnoticed. That’s the consumer perspective. The fraudsters themselves are not predictable, and the speed at which they evolve their tactics adds even more complication. They take advantage of any opportunity while retailers work to keep up, protect shoppers and grow their business. To avoid losing customers and revenue, retailers need to find a way to sort the good from the bad and understand who their customers really are without impacting the customer experience.

Fortunately, there are actions retailers can take now to minimize fraud, maximize customer satisfaction and confidence and accelerate business growth. What are the best ways to balance customer protection with customer experience?

Read the full article...

Guest Perspective: Costco Card Transfer from American Express to Citi VISA – Seamless Transition or Decline Tsunami?

By Grant Olson, Founder, Great Authorization Opportunities

Costco Card Transfer from AMEX to Citi VISA – Seamless Transition or Decline Tsunami?Costco's sixteen-year exclusive relationship with AMEX is coming to a close as Citi has purchased the Costco card portfolio from AMEX for a reported price of close to $1 billion. Citi will start mailing nearly 11 million new Costco Anywhere VISA cards near the end of May and the AMEX cards will stop working on June 20. Unfortunately, Account Updater programs from acquirers such as Paymentech will not support providing automated inter-brand card updates from AMEX, meaning subscription-based merchants will need to get new card information individually from cardholders. While Citi will remind cardholders to provide new card information to online retailers and companies that bill them automatically, many consumers will not actively reach out and provide the new card information to all recurring-billing merchants.

The impact of this transition will be felt by subscription billers as their AMEX decline rates will likely rise significantly after the AMEX Costco cards quit functioning on June 20. Declines impact cash flow, customer service costs, and customer attrition. How much the AMEX decline rate rises will vary for each recurring biller depending on the percentage of their AMEX customers who have Costco- branded cards and the percentage of customers who proactively provide their new card information. AMEX has reported that 10 percent of AMEX cards are Costco branded. If just 10 percent of a merchant's cards used for recurring subscriptions are AMEX cards Costco branded and even half of those cardholders fail to notify the merchant of their new card information, an additional 5 percent of that merchant's AMEX payments will start declining when Citi flips the switch in June. Since AMEX decline rates are typically 1-to-2 percent for recurring billers, an AMEX decline rate of 6-to-7 percent starting on June 20 might be a reasonable estimate.

There are several steps merchants that are exposed to a significant number of AMEX Costco cards can take when the issuing banks initiate the changeover this summer.

Read the full article...

Guest Perspective: How Value-Added Services are Redefining the Role of the Payment Gateway

By Michael Doron, Managing Director, PAY.ON, an ACI Worldwide company

Guest Perspective: How Value-Added Services are Redefining the Role of the Payment GatewayFor merchants seeking to take advantage of the opportunities the globalization of e-commerce presents, partnering with a payment gateway has long been a logical approach.

But, merchants considering global expansion must move quickly. The last thing they want or need in a highly competitive space is a payment gateway provider that restricts their growth or forces them to work with multiple payment providers (PSPs) in different regions. This rapid rate of change is, therefore, rewarding those payment gateways that are most agile and adaptive. From a technological standpoint, this means open platform architecture and streamlined processes, including automated merchant onboarding and self-service options. The ability to build additional services on a platform, supported by APIs and SDKs, also has become more important.

Increasingly, strategic partnerships with specialist technology providers are the answer, as payment gateway providers cannot build all these services alone. As a result of these partnerships, payment gateways get immediate access to the agility and flexibility their merchants are demanding. This is also changing the nature of the payment gateway model, as these partners bring a range of value-added services to the table. These “on top” services are the key to a PSP enhancing its proposition and, consequently, increasing merchant “stickiness.”

Value-added services in a cross-border context

Payment service providers support merchants as they expand internationally, by offering...

Read the full article...

Guest Perspective (Part2): Voice Authentication Principles and Advancements

By Steve Hoffman, Founder and CEO, SayPay Technologies

Guest Perspective: Voice Authentication Principles and AdvancementsThis is the second of a two-part series on voice biometrics.  Part 1: Voice Authentication Principles, addressed the differences between speech recognition and voice recognition, the different voice processing methods, voice accuracy, and how voice enrollment and authentication works.  In Part 2:  Voice Authentication Advancements, I provide an up-to-date view of recent advancements in voice recognition technology and give best practices for evaluating the launch of a voice program.

Part 2:  Voice Authentication Advancements

Launching a successful voice recognition program may first require collecting a data set of voice samples for a new geography or location.  While English is a common language throughout the world, each word or sentence sounds different depending on the speaker’s learned speech attributes. For this reason, English sounds different based upon country and region.  Even in the U.K., English is noticeably unique when spoken by people from London, Scotland and Ireland. In the U.S., accents are distinguishable among those from different parts of the Northeast, South, and West.

Advancements in voice recognition mean...

Read the full article...

Guest Perspective: Voice Authentication Principles and Advancements

By Steve Hoffman, Founder and CEO, SayPay Technologies

Guest Perspective: Voice Authentication Principles and AdvancementsAre you interested in learning more about voice biometric authentication but not sure where to start?  This two-part series provides a primer and essential information for any person seeking to understand more about the science behind voice identity processing and the business opportunities it presents.

Part 1:  Voice Authentication Principles

Speech recognition services like Apple’s Siri and OK Google have become convenient alternatives to the tedious, frustrating and time-consuming effort of keying data into mobile phones.  Speech recognition has been around for years and has reached consumers in the form of products like Dragon (Nuance), Cortana (Microsoft), and Alexa (Amazon).  So it’s natural for people to think the terms speech and voice recognition are synonymous. Voice recognition, however...

Read the full article...

CNP Series: Lessons from a CNP Fraud Scheme – Part 1

By Theodore F. Monroe and Bradley O. Cebeci, TFMLaw

Late last month, the criminal case against Jeremy Johnson that started back in June 2011 finally came to a close. After more than four years of litigation and six weeks of trial, the jury found Johnson guilty of eight counts of making false statements to a bank, but acquitted him on 78 other charges, including bank fraud, wire fraud, conspiracy and money laundering. By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

This is the first of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 describes the case and some of the issues the decision turned on. Subsequent articles will take a closer look at those issues and how they might apply to all sides of the card-not-present ecosystem.

CNP Series: Lessons from a CNP Fraud Scheme – Part 1The IWorks Scheme

Johnson masterminded an extremely profitable online marketing scheme known as IWorks.  IWorks depended on a huge network of affiliate marketers to target vulnerable consumers with risk-free and free trial offers to receive instructional CDs showing how to win government grant programs to stop foreclosures, pay down debt, purchase real estate, launch businesses, cover medical expenses, and even pay grocery bills and Christmas presents, all in exchange for the consumer’s payment of a nominal shipping and handling fee.  Instead, consumers found unauthorized charges by unknown merchants on their monthly card statements, including large onetime charges for “forced upsells,” and recurring monthly charges flowing from their involuntary enrollment in negative option continuity billing programs.  These practices enabled IWorks to generate more than $275 million in sales between 2005 and 2010 alone.

Read the full article...

Guest Perspective: Why Every Business Needs to Become a Platform, And How To Do It

By Kurt Bilafer, Global Vice President of Sales & Success, WePay

Why Every Business Needs to Become a Platform, And How To Do ItWhat’s the hottest trend in business right now? Social networks like Facebook and Twitter? Sharing economy apps such as Uber and Airbnb? Apple, and its line of personal computing devices? Or, Software as a Service for the enterprise, such as Salesforce?

You could probably make a case for any one of these, but here’s the thing: Although on the surface these companies appear to have completely different business models, they all share one very powerful component—a scalable online platform connecting people and ecosystems.

Each monetizes their platform differently. Facebook and Twitter sell ads alongside the content people share with each other. Uber and Airbnb take a fee for connecting buyers and sellers of transportation and lodging respectively. Apple manufactures products, owns retail stores and also has an open platform for developers to build and sell apps that makes the products Apple sells even more desirable. Salesforce does the same thing in the B2B world. Its cloud platform lets sales and marketing teams connect and share information about customers and prospects, and developers have enriched the value of the platform with a host of applications that integrate to the platform and add to its functionality.

Platforms’ speed of growth and economies of scale enable them to out-compete traditional businesses. To stay competitive, businesses have to learn to leverage the power of platforms. That starts with platform thinking...

Read the full article...

Guest Perspective: Fraud Detection through a Dynamic Update Statistical Model

By Fidel Beraldi, Fraud and Risk Department, First Data Brazil and Alair Pereira do Lago, Department of Computer Science, Universidade de São Paulo

Editor’s note: Fraud prevention technology continues to become more sophisticated as e-commerce merchants and those trying to steal from them move and countermove. But, the research behind advances in fraud prevention is not always visible, even within the industry. Fidel Beraldi, a fraud and risk manager with First Data in Brazil has agreed to share recent research conducted by Dr. Alair Pereira do Lago, a faculty member in the Department of Computer Science at the Universidade de São Paulo on a new statistical model that can be applied to fraud prevention that will enable fraud scoring systems to adapt to shifting fraud techniques quicker.

While the tone of this article is academic, it has been adapted from a much longer research report. It does retain some statistical language that is more sophisticated than usually appears on Readers interested in clarification or discussing the results in more depth with the authors can contact Fidel Beraldi at

Fraud Detection through a Dynamic Update Statistical ModelFraud indicators have shown that card-not-present transactions are riskier than card-present transactions, due to the fact that neither the cardholder nor the card itself is physically present at the point of sale. In these scenarios, more opportunities are created for fraudsters to produce new methods, resulting in large losses for the financial system.
As fraudsters quickly adapt to existing fraud prevention measures, statistical models for fraud detection also need to be adaptable and flexible to change over time in a dynamic way. Fraud scoring models can be updated sporadically or continuously over time, which raises the question of dynamic update of the model parameters to detect fraud.
Adrian E. Raftery, a professor of statistics and sociology at the University of Washington has developed a new method called...

Read the full article...

Guest Perspective: Innovating Financial Services with Banking APIs

By Konstantin Rabin, Kontomatik

Innovating Financial Services with Banking APIsTraditionally, financial services and banking have been among the most conservative industries. Then fintech happened. Companies composed of just a few talented and motivated developers started taking slices of the financial pie and "disruption" became a media buzzword applied to what used to be cautious industries. But, while quite a few banks have joined in the innovation, a key issue remains unchanged—banks do not provide APIs.

One often hears that "data has become the new oil" and, while such companies as LinkedIn, Facebook and many others share data using APIs, banks continue to hold the information about their clients under lock and key. This is changing, however, and without the involvement of banks. Some developers working in financial technologies have realized it would be much easier to craft fintech applications if a connection between an app and a bank existed and created the tool to make it happen. But what, exactly, is a banking API and what it is capable of?

Read the full article...

Guest Perspective: Is Your Alternative Identity Verification Clicking with Millennials?

By Michael Hagen, Corporate ID Strategist, Mitek

Is Your Alternative Identity Verification Clicking with Millennials?Millennials have become one of the most important market segments for any business. In 2015, millennials surpassed baby boomers as the nation's largest living generation according to the U.S. Census Bureau. While this group may be hard to categorize, one thing we are sure of is millenials prefer mobile-friendly payment features. In fact, according to a comScore report, one in five of them no longer uses a desktop computer to go online, instead relying exclusively on smartphones and tablets. As this move to mobile increases, many merchants accepting card-not-present transactions will find that they are not properly protecting themselves or their customers from fraud in the mobile channel.

Millennials Mean Mobile

Merchants and payments processors need secure and convenient user authentication and verification solutions more than ever. Mobile commerce now makes up 29 percent of e-commerce transactions in the U.S., according to Criteo. Card-not-present fraud now represents 45 percent of total U.S. card fraud according to Aité Group. In addition, a recent millennial survey found that 54 percent said security trumps convenience when using a mobile device. The survey also found that this highly influential group doesn't mind taking a few extra steps to validate their ID in the mobile channel. Merchants and payments processors must upgrade their identity verification process to keep pace with this new platform and this new mobile generation.

For merchants and payments processors to get ahead of their competition...

Read the full article...

Guest Perspective: Smart Home Payments for One and All

By Oren Levy, President, Zooz

Smart Home Payments for One and AllThe Internet of Things (IoT) has become quite a buzzword. Only a few years ago, many of the predicted offerings—from self-driving cars to adrenaline dresses—sounded more like the products of fevered imaginations than realistic options. Companies at the recent CES 2016 show, however, revealed these items and many other pretty amazing offerings already on the production line. Future applications will no doubt impact many ecosystems, from industry to agriculture. According to a Gartner study, the world will see 25 billion Internet connected “things” by 2020. It further estimates that IoT will produce close to $2 trillion of economic benefit globally, by transforming many enterprises into digital businesses and improving efficiency, as well as producing new sources of revenue.

One of the most exciting applications of IoT is in the private home. Already, home owners can control lighting, temperature, multimedia, security, and window and door operations from afar. But the automatic replenishment of home supplies is taking household IoT to the next level. And to make it work, manufacturers must incorporate secure payment options within an automatic refill process, enabling systems to independently handle the entire acquisition cycle from start to finish...

Read the full article...

Guest Perspective: Can Tokenization Lower Fraud and Security Risks in the Hotel Sector?

By Tony Ashe, Executive Vice President of Business Development, MiFinity

Guest Perspective: Can Tokenization Lower Fraud and Security Risks in the Hotel Sector?When a payments professional hears the term “high-risk merchant,” the image of a payday lending operation or 1-800 line may come to mind. But surprisingly, hotels—even large well-known corporate brands—wear the unwelcome high-risk merchant tag, too. Should they, though?

Certainly, many high-profile data breaches have impacted the hotel sector in recent years. In fact, Hilton Worldwide, the Mandarin Oriental Hotel Group, Starwood Hotels, and White Lodging Services Corporation (a franchise operator for many Hilton, Marriott, Holiday Inn, Westin and Sheraton hotel locations) all have experienced well-publicized breaches of customer credit and debit card information in just the last three years.

While each of those hacks made headlines, however, they weren’t necessarily hotel-specific...

Read the full article...

Visa Answers Merchants’ Concerns about Consumer Transaction Controls

By Karisse Hendrick, Editor-at-Large,

Visa Answers Merchants’ Concerns about Consumer Transaction ControlsLast week Visa, Inc. announced a new service for cardholders, “Consumer Transaction Controls” (CTC), providing issuers with functionality that enables cardholders to freeze a lost or stolen card, manage spending on all their cards and manage different cards by blocking transactions by merchant category, environment (CNP vs. card-present) or geographic region. The service enables cardholders to use these controls and change them in real time via a mobile app or mobile-enabled Web browser.

While there are obvious benefits to providing consumers control over their card spending, some CNP merchants raised concerns about such capabilities. They fear the possibility of declines or customer service issues arising from purchase attempts by cardholders who have forgotten the limits they set or who don’t understand the merchant they’re trying to buy from falls under a Merchant Category Code (MCC) they blocked. Also, merchants offering products or services by subscription have wondered if this feature could be used by a cardholder to bypass cancellation terms and block a recurring charge instead. reached out to Visa on behalf of CNP merchants, to help answer the “what about us?” questions and to learn, as a practical matter, how the new service will work and how merchants may be impacted by consumers being being able to block transactions and freeze their own cards...

Read the full article...

Gifts That Keep on Giving

Subscription gift sets are joining flowers and candy this Valentine’s Day

By Karisse Hendrick, Editor-at-Large,

Subscription gift sets are joining flowers and candy this Valentine’s DayAmericans will spend an average of nearly $147 each on Valentine’s Day gifts this year, according to the National Retail Federation. And, while candy and flowers still top the list, curated sets of everything from makeup and food to gadgets to lingerie—many tailored to meet consumers’ specific tastes—are being purchased on a subscription basis as gifts and delivered monthly. Providing an original gift tailored to the receiver scores points for the giver when the gift is first given, and each month when the recipient opens a new package. The gift also keeps on giving for subscription merchants as well. Those who have learned to capitalize on this gift-giving phenomenon have experienced spikes in subscriptions around various holidays.

In a recent study, subscription-billing platform provider Recurly reported an 83 percent jump in same-store sales on Cyber Monday during the just-completed holiday shopping season. This increase equated to a 23 percent increase in total payment volume over the previous year.

“We have seen our subscription merchants targeting the right customers and offering gift-givers curated products and experiences, whether in physical goods or digital content which leads to long lasting gifts for the consumers, and revenue for the merchants,” says Recurly CMO Frederick Felman.

Adapting subscriptions to gift giving

One such merchant that has learned to capitalize on gift-giving holidays is...

Read the full article...

The Payment Security Trifecta: Three Technologies for True Security

By J.D. Oder II, CTO and SVP of Research and Development, Shift4 Corporation

The Payment Security Trifecta: Three Technologies for True Security With so many data breaches in the last two years, it would seem that there’s a new inevitability to add to the oft-cited list of death and taxes. To keep their customers’ data and their reputations safe, merchants must stay informed about the newest security solutions and about cybercriminals’ most recent tactics.

Hackers are communicating via dark Web networks to strategize and trade information. Criminals are joining hacking groups, and some are being formed, backed, and even trained by criminal organizations and nation-states. Others are using this data to fund terrorism. The result is that hacking is becoming much more organized and sophisticated than it once was. There is a war for payment card data, and more needs to be done to help merchants keep their customers’ payment information away from hackers. It requires going beyond what’s needed for Payment Card Industry (PCI) compliance and more than just adding EMV chip cards into the mix.

There are three milestones in the life of a transaction where it is imperative that merchants shield sensitive cardholder information:

Read the full article...

Preventing Chargebacks: The Best Defense is a Good Offense

By Karisse Hendrick, Editor-at-Large,

Preventing Chargebacks: The Best Defense is a Good OffenseFor card-not-present merchants, chargebacks are persistent, often frustrating and costly. While the issuing bank is the party responsible for repaying the cardholder in most card-present chargebacks, the merchant bears that responsibility for CNP transactions. Also, because there is a lag between the transactions and when consumers actually receive their purchase, CNP merchants tend to rack up more service-related chargebacks. While card brands tolerate chargebacks up to 1 percent of sales, for many businesses, that 1 percent amounts to high dollar losses.

Merchants can reduce this loss by responding to chargebacks as they are received. Because not all chargebacks can be reversed, however, it is equally important to devise a strategy that reduces the volume of chargebacks issued to your company.

“Chargeback data can lead merchants to the specific steps necessary to reduce their chargebacks,” says Lisa Tennant, vice president of Business Operations at Verifi. “Analyzing chargeback details to identify common trends and locate gaps in their order acceptance and verification processes provides the best insight into where improvements should be made.”

Additional benefits of preventing chargebacks include...

Read the full article...

Reversing Friendly Fraud Chargebacks: You Can’t Win if You Don’t Play

By Karisse Hendrick, Editor-at-Large,

Reversing Friendly Fraud Chargebacks: You Can’t Win if You Don’t PlayAs retail merchants celebrate and recover from record-breaking sales in the 2015 holiday season, consumers are starting to receive their credit card statements, revealing their generosity and, perhaps, rethinking and regretting their holiday spending. While most consumers simply will resolve to spend less in the New Year and move on, many will call their credit card companies to dispute the charges in the form of chargebacks. The industry has dubbed this “friendly fraud,” though merchants know it’s anything but friendly.

Friendly fraud chargebacks can occur for several reasons beyond buyer’s remorse, though many merchants believe that is the main cause. They also can occur when a friend or family member borrows a credit card or if a customer service issue is not resolved to a buyer's satisfaction. Because the “I don't feel like paying for this” chargeback reason code doesn’t exist, merchants typically will see “goods not received,” “credit not processed” or “unauthorized transaction,” among others, as reasons for a friendly fraud chargeback. A fraud chargeback reason may be used in cases of friendly fraud, though a review of the original order can typically determine if the transaction was a result of true fraud or friendly fraud.

To Respond or Not to Respond

Managing chargebacks can be overwhelming for some companies. Because it can be time intensive to research the original transaction, determine the right course of action and create rebuttal documentation, some merchants choose not to review or respond to their chargebacks. There are benefits, however, these merchants may not have considered...

Read the full article...

Guest Perspective: What’s So Alternative about ‘Alternative’ Payments?

How unnecessary complexity and confusion are hurting adoption of new payment technologies

By Ralph Bianco, President, Ralph Bianco Advisors

Guest Perspective: What’s So Alternative about ‘Alternative Payments’?Over the last few years, when was the last time a day passed without another story about “alternative payments”? Readers are subject to a constant barrage of attention-grabbing—if not outrageous—headlines about the growth and ultimate dominance of alternative payments. Such a story ran recently on It caught my attention—as many of its kind do—and moved me to finally respond.

The article in question claims that “e-wallets will surpass credit cards as the most popular online payment method.” The author defines “those methods” (alternative payments) to include “bank transfers, direct debits, cash on delivery, e-invoices, e-wallets, prepaid, postpaid, carrier billing and digital currencies.”

Wallets will surpass credit cards? Alternative payments being defined as bank transfers, direct debits, cash on delivery, e-invoices, e-wallets, prepaid, postpaid, carrier billing and digital currencies (basically everything except credit)? Are you confused? I sure am. What does not confuse me is why merchant and consumer adoption of new payment technologies has been so low. It’s the propensity in our industry to redefine—and therefore complicate—simple things.

Here is what I mean...

Read the full article...

2016's Magic 8-Ball: 'Outlook Good' or 'Don't Count on It'?

Compiled by Staff

2016's Magic 8-Ball: 'Outlook Good' or 'Don't Count on It'?Predictions are a tricky business. For instance, last January, Tim Cook boldly called 2015 "the year of Apple Pay." While the past year spawned plenty of competition for Apple Pay, the mobile wallet space in the U.S. remains muddled. But, it's the time of year for clean slates and several experts in the card-not-present payments and fraud industries agreed to share their expectations for 2016 with our readers.

From the true effect of EMV on card-not-present fraud, to biometric authentication, to cross-border hot spots, to rosy predictions of e-commerce growth, it's the time of year for optimism. Hear what leaders in our space tab as trends to watch, opportunities to leverage or threats to prepare for in 2016.

Read the full article...

News Stories of Significance: 2015

By Staff

News Stories of Significance: 2015In addition to the explosion of mobile wallets that could have a material impact on CNP transactions going forward, there were lots of other big stories that affected the card-not-present industry in 2015. While its true effect on CNP fraud may not be felt for years, the long-awaited liability shift in the ongoing U.S. EMV migration arrived. In the meantime, steadily growing e-commerce transactions and an explosion in m-commerce growth had more immediate effects, along with the seemingly daily reports of the most recent data breach. Increasing attention of governments around the world to cybersecurity and the cost of credit card acceptance, an uptick in consolidation in the payments space and shifting fraud trends also made news this year. Here are the most important stories covered in in 2015.

Read the full article...

Visa Changes Its Chargeback ‘Naughty List’ in 2016

By Karisse Hendrick, Editor-at-Large,

Visa Changes Its Chargeback ‘Naughty List’ in 2016While a small volume of chargebacks can be a cost of doing business in a card-not-present world, a high volume of chargebacks—from a card-network perspective—could indicate fraudulent transactions not being canceled, customer service issues or network rules not being followed. As a result, each card brand monitors the number of chargebacks a merchant receives to ensure they do not breach certain thresholds. When a merchant exceeds a card brand’s acceptable ratio of chargebacks to sales, the brand may place the merchant on an excessive-chargeback monitoring program. Each network has a different set of thresholds and different methods to calculate risk and program eligibility.

Once a merchant is placed on a program by a network, it has a certain length of time in which it can address the problem or else it faces fines and, possibly, not being allowed to accept that card brand. Because it is impossible to accept Visa or MasterCard and not accept the other, if a merchant cannot correct its chargeback issues and loses its privilege to accept one of the brands, it would lose the ability to accept both.

Read the full article...

Guest Perspective: Holiday Chargebacks and the Grinches Who Steal Christmas

By Frederick Felman, CMO, Recurly

Guest Perspective: Holiday Chargebacks and the Grinches Who Steal ChristmasThe holiday season is upon us and retail sales are already booming. In fact, after Black Friday and Thanksgiving weekend, retail sales reached $1.73 billion online—a 22 percent increase compared to the same period in 2014.

Sadly, some of these purchases, though kept, cherished and loved, won't be paid for in 2016. Along with spikes in holiday shopping come spikes in credit card chargebacks. Some chargebacks stem from legitimate returns—the sweater that didn't fit or the loved one who changed her mind about her wish list. But, other chargebacks are the result of fraudsters who take advantage of the high levels of online credit card purchase activity to defraud retailers.

Global losses due to fraud in 2014 reached $16.3 billion on total sales of $28.8 trillion, according to the Nilson Report. Furthermore, these figures only reflect losses from the unauthorized transactions—They don't include the fees, interest and other penalties associated with chargebacks.

To add more coal to retailers' stockings this year, experts also predict an increase in card-not-present (CNP) fraud as the introduction of new EMV cards makes card-present fraud more difficult. While EMV cards, because of their embedded microchip and associated security features, are more resistant to fraud at the point of sale, nefarious types shift their efforts to CNP fraud.

What can retailers do?

There are several strategies retailers can implement to keep credit card chargeback fraud from ruining the holiday season.

Read the full article...

19 Ways to Avoid a “Holiday Hangover”

By Karisse Hendrick, Editor-at-Large,

19 Ways to Avoid a “Holiday Hangover”In 19 days, Christmas will be in the rearview. Until then, the Thanksgiving weekend and Cyber Monday broke records for online sales volume creating momentum that e-commerce and m-commerce merchants hope to continue throughout the season. Because daily order volume at this time of year typically dwarfs the rest of the calendar, it is harder to detect fraudulent orders. Sales promotions change frequently, sometimes making good customers appear risky. And, with consumers spending more this month than usual, many merchants experience a spike in declines. It can be a stressful time of year for those focused on payments, fraud and security. And, while most of your preparations for the holiday season were put into motion months ago, there are simple, easily implemented strategies many merchants use that can reduce that stress and help avoid a hangover that could extend well into the New Year. In honor of the 19 days that will take us beyond the holiday, here are 19 of our favorites:

Read the full article...

Parcel Forwarding: Fly-By-Night or Totally Right?

By Karisse Hendrick, Editor-at-Large,

Parcel Forwarding: Fly-By-Night or Totally Right?Parcel or freight forwarding is a service used by millions of international consumers to obtain foreign goods that may not directly ship to their country. These consumers obtain an address in the country they wish to purchase from (usually the United States, though it does happen elsewhere) and use it as their shipping address when ordering online. A forwarding service then ships the products, including the correct customs paperwork, to the foreign consumer who made the purchase. The immediate benefit of shipping to these customers is obvious: more reach and availability for customers to place orders can mean more sales. However, there are risks merchants should educate themselves about, which, in tandem with best practices from industry leaders, can help retailers attain a balance between increased sales and minimized risk.

Read the full article...

Selling B2B? Remember 2 & 3

By Karisse Hendrick, Editor-at-Large,

Selling B2B? Remember 2 & 3In e-commerce, the B2C (business-to-consumer) space hogs nearly all the attention. However, according to a recent study by Forrester Research, B2B (business-to-business) e-commerce sales will reach $780 billion in the U.S. this year—more than twice the $304 billion predicted for retail e-commerce by the end of 2015. With larger budgets and bigger needs, businesses prefer to make purchases online for everything from office supplies to break room snacks to manufacturing supplies. While companies are making the bulk of these purchases on Websites, the next five years will bring change. According to a study by Frost and Sullivan, the B2C marketplace model favored by Alibaba and Amazon will make the leap to B2B, contributing to an expected $6.7 trillion dollar B2B market worldwide by 2020. Merchants rushing to fill this need, however, must be aware of certain challenges that can make serving the B2B market more costly than it should be.

While it is just as important to accept cards for B2B purchases as it is for B2C transactions, most merchants overlook a setup in their B2B payments process that could lead to significant cost savings. While the steps for processing card payments is the same for B2B and B2C, there is a different set of data requirements for corporate cards that ensures the card-holding company has information it needs for tax exemptions and balance sheets. If merchants do not supply this information at the time of the transaction, those transactions are downgraded and charged a higher rate of interchange by the issuing bank.

Read the full article...

Before and After the Storm; 5 Ways to Prepare For the Holidays and Follow up After

By Karisse Hendrick, Editor-at-Large,

Before and After the Storm; 5 Ways to Prepare For the Holidays and Follow up AfterThe candy corn has been replaced by candy canes and mall Santas everywhere are getting their red suits trimmed with white fur out of storage. The holiday season is just around the corner and CNP merchants are gearing up for more Web traffic, more packages being shipped, more payments being processed and more opportunities for fraud. Black Friday, the traditional start of the holiday rush in the U.S., is two weeks away and, while that doesn't seem very far away, it's just enough time to make a few changes to your business to that will leave you better prepared to face the coming onslaught.

Read the full article...

Guest Perspective: The Hidden Problem of Friendly Fraud

By Monica Eaton-Cardone, CIO and Co-Founder of Global Risk Technologies, exclusively for

Guest Perspective: The Hidden Problem of Friendly FraudDon't be fooled by the seemingly benign term "friendly fraud." To a business, there's nothing friendly about it, just as in war, there's nothing friendly about "friendly fire." In the latter, troops are mistakenly targeted by their own side while in the former, e-commerce merchants are taking hits from the very same customers that their growth depends on. Have no doubt, friendly fraud can blast holes right through any business.

In Europe, e-commerce is growing at close to 20 percent per year—faster than the U.S.—with revenues in 2015 expected to reach $202 billion. In order for this trend to continue, consumers must be able to buy with confidence. It's also vital that merchants can sell with forecastable and sustainable profits. Yet globally, the actions of "ordinary" consumers are costing merchants $11.8 billion each year in friendly-fraud losses according to Visa, compared to $2.7 billion in identity theft. In 2014, each dollar of fraud cost the merchant $3.08—a figure that's rising and threatening to overwhelm businesses. To prevent shrinking profits, merchants need to understand this threat, identify wrongfully filed chargebacks and move quickly to mitigate their exposure to additional expense and risk.

Read the full article...

Trick or Treat? 4 Ways to Sweeten a Scary Time for Merchants

By Karisse Hendrick, Editor-at-Large,

Trick or Treat? 4 Ways to Sweeten a Scary Time for MerchantsWhen CNP merchants and their fraud departments think of the holidays, they aren’t usually worried about the one that comes in October. Their eyes are on the end of the year and the long hours ahead of them battling the increased fraud that comes with more transactions. But the monsters and ghouls of their nightmares are right around the corner and Halloween is a good time to remember a few lessons that are valuable all year long, but can be especially helpful when the weather turns crisp. So, be afraid. Be very afraid. But be prepared.

1. Reviewing CNP orders is a lot like trick-or-treating. All those cute little ghosts, goblins, superheroes and princesses that knock on your door are anonymous, and you never know which one is going to egg your car. Your customers may also be wearing disguises such as IP proxies, pseudonyms and fake e-mail addresses and it’s not always easy to tell. The bloodstained zombie at your door could be harmless, while the cutie in the fairy costume may have bad intent. It may be tempting to be cautious and skeptical, especially after being hit by a large amount of fraud. But, canceling good orders can sometimes have more of a negative impact on your bottom line than you may think.

Read the full article...

Is EMV Card Reissuance Infecting Subscription Merchants?

Netflix not the only one feeling the burn of increased declines

By Karisse Hendrick, Editor-at-Large,

Is EMV Card Reissuance Infecting Subscription Merchants?Last week, a consequence of the U.S.’s shift to EMV card technology impacting card-not-present commerce made headlines—just not the one everyone had anticipated. On-demand Internet streaming-video provider Netflix attributed less-than-expected subscription volume to the mass re-issuance of cards with chip technology. Thus began a very public debate about whether Netflix was sounding a legitimate alarm, with many more subscription companies to follow, or blaming a convenient scapegoat to explain earnings that might not have pleased all its investors. used the kerfuffle as an opportunity to reach out to subscription experts—merchants, service providers and issuers—to determine if Netflix’s claim is plausible and could become a trend affecting other subscription companies. And, if so, how merchants can minimize the impact.

Understanding the issue

Netflix has attributed its dip in subscriptions to “involuntary churn” due to the reissuance of EMV cards. Involuntary churn is when a subscriber wants to remain a customer, but can’t, for reasons such as...

Read the full article...

Q&A: Raj Karkara of Talks Payment Innovation

By D.J. Murphy, Editor-in-Chief,

Q&A: Raj Karkara of Talks Payment InnovationLast month, Salt Lake City-based online retailer became the first merchant in the U.S. to integrate a Swedish online payment provider that had been making waves first in its native Scandinavia and, more recently, across Western Europe. Klarna is an online payment method focused on conversion that enables consumers to make online purchases using an email address or a ZIP code and to complete transactions after receiving their goods. Klarna pays the retailer and assumes the transaction risk. It is widely viewed as an innovative way to pay for things online.

The announcement was important for Klarna as a first step toward eventual success in the U.S. What it says about, however, is somewhat different. Nearly two years ago, as the wider world was just learning about a new, anonymous way to pay for things online called Bitcoin, became the first major e-commerce Website in the world to accept the digital currency.

An often-paraphrased saying states: “Once is an accident, twice is a coincidence, three times is a trend.” While it may not be a trend yet, Overstock is well on its way to establishing an identity as a retailer willing to take chances with innovative payment methods that might scare others. And, according to Raj Karkara, senior director of OLabs (’s incubator for new businesses, new markets and new product development), the company has its eyes wide open to spot the next innovation that can make it easier for their customers to pay and cement payment innovation as a central part of its culture.

In a recent email conversation, Karkara answered questions from about online payments and the role innovation plays when choosing them.

Read the full article...

Guest Perspective: 10 Steps to Optimize Online Ordering/In-Store Pickup

By Tim Laudenbach, Vice President, eBureau

Guest Perspective: 10 Steps to Optimize Online Ordering/In-Store PickupIn the pursuit of a seamless shopping experience for their customers, many merchants have begun to offer in-store pickup of products ordered online. Consumers love it because they avoid shipping fees, can see and touch products before taking them home and can get their stuff sooner. Because the offering leads to increased customer satisfaction and revenue, making the decision to offer this option is relatively easy. Executing without adding unnecessary risk and costs, however, can get complicated.

Early adopters of the service saw great returns. They also experienced fraud attacks they had never considered. The fact that the e-commerce and in-store systems were often not integrated with one another created gaps fraudsters could leverage. They found they were able to pick up an order even after it was flagged for fraud by the online system and send other people to pick the order up, limiting their exposure.

Here are 10 steps to achieving a stellar customer experience while minimizing business risk.

Read the full article...

3 Ways Merchants are Causing Unnecessary Credit-Card Declines

By Karisse Hendrick, Editor-at-Large,

3 Ways Merchants are Causing Unnecessary Credit-Card DeclinesA recent article on TC-40 reports looked at one reason issuers might decline a CNP purchase, perhaps leading to confused customers and lost sales. While having a high number of cardholder fraud claims (which are reported on the TC-40) is a likely cause of high declines, there are other actions merchants take or do not take that can lead to a high incidence of authorization declines by issuers. In this article we discuss three more ways that merchants may inadvertently be causing declines on cards that would otherwise be authorized and the steps they have taken to greatly increase revenue and retain their customer base.

Read the full article...

TC-40: This Hard-to-Get Data could be the Key to Understanding Credit-Card Declines

By Karisse Hendrick, Editor-at-Large,

TC-40s: This Hard-to-Get Data could be the Key to Understanding Credit-Card DeclinesHere is a real-life scenario that has confounded many merchants: An online gaming company began to experience a spike in declines. This caused unhappy and confused customers to call their issuing banks. They had more than enough credit to cover the low-dollar authorizations, so why couldn't they make their purchases?  The banks told these customers this merchant was associated with fraud and the charges were declined for their protection. These customers wanted to pay, had funds to pay, but their bank was not letting them, frustrating both the customer and the merchant.

A look into the decline logs told the merchant several issuers were declining all its transactions—a perplexing state of affairs because its chargeback volume was minimal. The company finally, through one of the card brands, found the declines were based on something called their TC-40 report. The gaming company, like many merchants, has no inkling of the existence of TC-40 reports. So, what are they, why do they cause declines, where can a merchant get theirs and how can they use it to increase authorizations and customer satisfaction?

Read the full article...

5 Ways to Keep Subscription Billing From Being a Recurring Nightmare

By Karisse Hendrick, Editor-at-Large,

How to Keep Subscription Billing From Being a Recurring NightmareMore and more card-not-present merchants are introducing membership and subscription-billing models to capture loyalty and to increase revenue over standard one-time transaction billing. Once the domain of print periodicals and jelly-of-the-month clubs, now products as varied as streaming music, genealogy research, razors and makeup are available—and in high demand—as subscription services.

While setting up payments for a traditional business model can be relatively simple, ensuring that consumers who sign up for a subscription will continue to be successfully billed for the service is critical to a recurring biller's success. And to do that, payments must be at the forefront of the merchant's mind from the beginning. With input from leaders in subscription-billing payments management, has compiled a list of items to consider when managing payments for recurring billing.

Read the full article...

Guest Perspective: Without Mobile Virtualization, Mobile Payments Are Risky Business

By Dror Nadler, Senior Vice President of Sales & Strategic Alliances, Cellrox

Without Mobile Virtualization, Mobile Payments Are Risky BusinessWith companies from Apple and Google to Wal-Mart and Starbucks jumping into mobile payments, it's time we pause to ask: are these apps and mobile wallets actually secure?

The answer is no.

Apple Pay's vulnerabilities were widely reported this spring. Multiple media outlets, including the Los Angeles Times, carried reports this spring that Apple Pay fraud rates could be as high as $6 per $100. Security expert Cherian Abraham of Drop Labs was the first to identify a hole in the Apple Pay card provisioning process. Abraham explained that hackers were loading iPhones with stolen card-not-present information and turning them into usable stolen credit cards via Apple Pay. The card issuers' verification processes are too easy to spoof, especially when hackers have picked up social security numbers and contact information alongside the credit card number.

Last week, Google launched Android Pay—its secure payment API and answer to Apple Pay—and we expect the process will repeat itself. Hackers will swing at the piñata and eventually a few will connect, exposing vulnerabilities and leaking the goods inside.

Currently, there is no obvious fix to these problems—and the risk of fraud is simply too high. I would argue that to bring mobile payments toward more acceptable levels of risk, we need to isolate all mobile payments using mobile virtualization.

Read the full article...

Back to the Basics: A CNP Payments and Fraud Primer, Part 4

By Karisse Hendrick, Editor-at-Large,

Back to the Basics: A CNP Payments and Fraud PrimerAs kids, many of us dream of becoming a fireman, a ballet dancer, a ball player or a pop star. A card-not-present payments and fraud professional? Not so much. For most, ending up in your current career was a happy accident. There are no college courses that prepare you to set up or manage CNP payment processing, nor are there are any standardized courses on fraud management. Because there’s no clear career path, everyone comes to their job with a varying degree of understanding regarding the plumbing of the industry.

Chargeback ProcessAt, we often are asked for a basic explanation of the overall payments process by individuals throughout the ecosystem and at many levels of experience. A review of basic information can help merchants understand the partners they need and help providers better understand the role they play in the ecosystem.Last time we looked at antifraud technology and how to effectively evaluate fraud tools. Today, we take a look at the chargeback process. If this is a review for you, pass it along to someone you think it will help. We have developed an infographic to accompany this article you can print out and refer to often. If you don’t need it as a resource, someone in your organization does.

The Basics of CNP Chargebacks

The chargeback process can be confusing and frustrating for merchants. Mastering it, however, can not only decrease financial losses, but also improve customer service and create opportunities for process improvement.

Read the full article...

Back to the Basics: A CNP Payments and Fraud Primer, Part 3

By Karisse Hendrick, Editor-at-Large,

Back to the Basics: A CNP Payments and Fraud PrimerAs kids, many of us dream of becoming a fireman, a ballet dancer, a ball player or a pop star. A card-not-present payments and fraud professional? Not so much. For most, ending up in your current career was a happy accident. There are no college courses that prepare you to set up or manage CNP payment processing, nor are there are any standardized courses on fraud management. Because there’s no clear career path, everyone comes to their job with a varying degree of understanding regarding the plumbing of the industry.

Fraud ToolsAt, we often are asked for a basic explanation of the overall payments process by individuals throughout the ecosystem and at many levels of experience. A review of basic information can help merchants understand the partners they need and help providers better understand the role they play in the ecosystem.Last time we looked at the basics of merchant processing fees. Today, we examine antifraud technology and how to effectively evaluate fraud tools.If this is a review for you, pass it along to someone you think it will help. We have developed an infographic to accompany this article you can print out and refer to often. If you don’t need it as a resource, someone in your organization does.

Evaluating Fraud Tools

The products and systems fraud professionals employ on a daily basis to protect their companies mostly sit within the payment authorization process. Some tools are utilized before the purchase, in tandem with the authorization process and post-authorization. Best practices dictate performing fraud prevention methods prior to...

Read the full article...

Back to the Basics: A CNP Payments and Fraud Primer, Part 2

By Karisse Hendrick, Editor-at-Large,

Back to the Basics: A CNP Payments and Fraud PrimerAs kids, many of us dream of becoming a fireman, a ballet dancer, a ball player or a pop star. A card-not-present payments and fraud professional? Not so much. For most, ending up in your current career was a happy accident. There are no college courses that prepare you to set up or manage CNP payment processing, nor are there are any standardized courses on fraud management. Because there’s no clear career path, everyone comes to their job with a varying degree of understanding regarding the plumbing of the industry.

At, we often are asked for a basic explanation of the overall payments process by individuals throughout the ecosystem and at many levels of experience. A review of basic information can help merchants understand the partners they need and help providers better understand the role they play in the ecosystem. Last time we looked at the payment, authorization and settlement process. Today, we examine the basics of merchant processing fees—what they are, how they are structured and when you can negotiate them. If this is a review for you, pass it along to someone you think it will help. If you don’t need it as a resource, someone in your organization does.

Understanding Merchant Processing Fees

While each partner in the CNP payments process has a separate fee structure, the most complex statement a merchant receives every month is likely from its payment processor. Understanding these fees, and which fees are negotiable, is vital from a cost perspective. 

When online and mobile merchants partner with a payments provider to accept cards, it is important to remember...

Read the full article...

CNP Series Report - Back to the Basics: A CNP Payments and Fraud Primer, Part 1

By Karisse Hendrick, Editor-at-Large,

Back to the Basics: A CNP Payments and Fraud PrimerAs kids, many of us dream of becoming a fireman, a ballet dancer, a ball player or a pop star. A card-not-present payments and fraud professional? Not so much. For most, ending up in your current career was a happy accident. There are no college courses that prepare you to set up or manage CNP payment processing, nor are there are any standardized courses on fraud management. Because there’s no clear career path, everyone comes to their job with a varying degree of understanding regarding the plumbing of the industry.

At, we often are asked for a basic explanation of the overall payments process by individuals throughout the ecosystem and at many levels of experience. A review of basic information can help merchants understand the partners they need and help providers better understand the role they play in the ecosystem. Payment Authorization ProcessThis overview of the payment acceptance process is the first in our “Back to the Basics” feature article series. If this is a review for you, pass it along to someone you think it will help. We have developed an infographic to accompany this article you can print out and refer to often. If you don’t need it as a resource, someone in your organization does.

The Payment Acceptance Process

The payments acceptance process is the foundation of the payments and fraud industry. It is the lifeblood of card-not-present commerce because it is the process by which merchants get paid. As such, it is important to fully understand this process to know what partners you need, their role in the overall process and also to troubleshoot any payments issue you may have. It is easiest to picture the process as a conversation. Two of them, actually, and when they are complete...

Read the full article...

Guest Perspective: The Ripple Effect of Identity Theft

By Ryan Wilk, director of Customer Success, NuData Security

The Ripple Effect of Identity TheftAs a society, we hear about data breaches all the time, but we rarely hear about what happens to the stolen data afterwards. We may not think much of losing one username and password combination, or having to cancel a credit card, but each piece of data doesn't just disappear. It gets collected and combined into the tool of choice for today's fraudsters—one that's so difficult to overcome that we've had to rebuild how we do Internet security. 

Data privacy is dead. Since 2005, more than 675 million data records have been involved in data breaches in the U.S. alone, according to the Identity Theft Resource Center. Retailers, healthcare providers, universities and even the U.S. government have experienced massive network security breaches contributing to that number. These records include incredibly personal data such as a person's Social Security number, name, address, phone number, credit card number, name of local bank branch and so on. Data thieves sell this information to aggregators, who cross-reference and compile full identities – called "fullz" on the data black market, which I will come back to later. This increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches.

With this level of information, fraudsters can...

Read the full article...

CNP Series Report: EMV and PCI

Security and fraud are two sides of a very important and paradoxical coin for card-not-present merchants and the ecosystem of companies that support them. Simultaneously, they're intimately entwined and completely separate. One feeds the other: a seemingly unending parade of network security breaches is providing criminals around the world the ammunition to turn increasingly creative fraud techniques into quick profits. E-commerce and other card-not-present merchants live in constant fear of network security breaches, which they hope never come, and in the constant presence of fraud, which they battle every day to protect their bottom lines. Over the next few months, the industry will undergo major changes that affect both. This summer will examine security and fraud for card-not-present merchants in the U.S. in two multipart series: one on the shift to EMV—a card-present technology that could have a devastating effect on CNP fraud, and the other on the new PCI rules aimed at shoring up network security.

CNP Series Report - EMV Part 4: Take it From Me

By Karisse Hendrick, Editor-at-Large,

EMV Part 4: Take it From MePreviously in this series, we explored the reasons for implementing EMV chip-enabled cards in the U.S. market, the possible effect on CNP fraud and how tokenization and encryption technology can improve card security in the CNP environment if CNP fraud does surge. In this final article, various players in the card-not-present ecosystem from merchants to the card brands share their thoughts and predictions on what EMV will mean for the card-not-present environment. Will the U.S. experience the increases in CNP fraud other countries did? Or, are U.S. companies using more advanced fraud-prevention strategies than companies in other markets were when they made this shift? And most importantly, what should CNP merchants do now to prepare for a possible increase in fraud? 

EMV and CNP Fraud: Cause and Effect?

While it's a fact that CNP fraud surged in Europe and other markets after EMV was implemented, not everyone believes the causal link is firmly established.

Read the full article...

CNP Series Report - PCI Part 3: Third-Party Crashers

By Jeff Man, Security Strategist and Evangelist, Tenable Network Security, exclusively for

PCI Part 3: Third-Party CrashersWhen PCI DSS v3.0 was first published in November 2013 there was a lot of attention given to what many considered to be the biggest change to the standard at the time, which was the greatly expanded definition of penetration testing and the requirement for companies subject to PCI compliance to implement a documented penetration testing methodology (covered in the first installment of this series). But as time has passed and events have unfolded, the new requirements that are directed at service providers might prove to be the most important and meaningful changes made to the PCI DSS to date.

There have been numerous payment card breaches in the past eighteen months that were successfully conducted through the exploitation of a third party. Probably the most well-known was when Target was breached through an HVAC provider, but there have also been breaches perpetrated through point-of-sale vendors, and just in the past week, a company that “provides a proprietary transactional software platform” was blamed for the intrusion that shut down photo processing Websites at CVS, Costco and Walmart Canada.

While one might be able to see why an HVAC company might not be considered when evaluating security for PCI compliance, it gets harder to extend that benefit of the doubt to a point-of-sale provider or a transactional software platform.

Read the full article...

CNP Series Report - EMV Part 3: Don’t Get Token to the Cleaners

By Katie Flood,

EMV Part 3: Don’t Get Token to the CleanersFor those in the CNP payment space, the words on everyone’s lips this year have been, “EMV is coming.” It’s not quite “Winter is coming,” but it does carry a certain portent of doom, a sense that our collective destiny is tied to the arrival of EMV. No doubt there is some truth to this: Once fraudsters can no longer use stolen cards in stores, it stands to reason they won’t simply throw in the towel. Rather, they will seek out easier targets for their criminal activity, with e-commerce being the most obvious.

The extent of this problem remains to be seen, but regardless of what happens in October and beyond, tokenization is expected to be a major security solution in CNP payments environments going forward. Tokenization is the process by which a piece of data with value (e.g., a credit card number), is fed through an algorithm to generate a piece of data which has no inherent value. The benefit to e-commerce merchants is reduced risk and PCI scope.

‘Hurts the Criminal Element’

Tokenization is not new to the CNP payments space—many CNP merchants have been implementing it in some form since shortly after PCI standards were issued in 2004. But the present need for increased security has made tokenization more relevant than ever. According to David Lott, payments risk expert in the Retail Payments Risk Forum at the Federal Reserve Bank of Atlanta, “the overall goal is that once all transactions are tokenized, it really hurts the criminal element, and this could cause them to move their attacks away from the payment systems and into other areas, because the cost and effort required to defeat this will have gone up considerably.”

Read the full article...

CNP Series Report - PCI Part 2: Card-Not-Present vs. Card-Present Requirements

By Jeff Man, Security Strategist and Evangelist, Tenable Network Security, exclusively for

PCI Part 2: Card-Not-Present vs. Card-Present RequirementsWhen the PCI Security Standards Council (PCI SSC) published version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) in November 2013, there were several changes the organization felt were significant enough to warrant a grace period.  That reprieve came to an end June 30, 2015, when those changes morphed from “best practice” to “requirement.” There are five new requirements found in PCI DSS v3.0/3.1 that went into effect on this date. The first article in this series focused on the new penetration testing methodology requirement (11.3). This week will focus on two requirements that, together, apply to all merchants subject to PCI compliance.

There are two new requirements in PCI DSS Version 3.0/3.1 aimed at specific audiences. The first—6.5.10, "Broken authentication and session management"—is for merchants engaged in card-not-present payment acceptance, primarily through the use of e-commerce servers. In contrast, 9.9, "Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution," is focused on the physical security of payment acceptance devices used for card-present merchants. Of course, many merchants offer multiple payment acceptance methods, so adherence to both of these new requirements would be required, in those cases.

Read the full article...

CNP Series Report - EMV Part 2: CNP Fraud Surge Post-EMV - It’s Logical

By D.J. Murphy, Editor-in-Chief,

EMV Part 2: CNP Fraud Surge Post-EMV - It’s LogicalThe scenario facing U.S. card-not-present merchants is the result of impeccable logic. As the payment card system evolved, first in the U.S. and then around the world, fraud naturally followed. That fraud took many forms but perhaps the most lucrative was accessing the increasingly voluminous mountains of illegally obtained account information (courtesy of those data breaches you might have heard something about), using that information to produce easily duplicated counterfeit magstripe cards and walking into stores to buy products with the fake cards that could quickly be sold for cash.

In nation after nation, however, that road to quick cash was closed to criminals with the introduction of the EMV standard and chip & PIN transactions at the point of sale. Replacing the magnetic stripe on the card with a chip made counterfeiting them nearly impossible. Logic, however, does not dictate that the criminals leveraging that particular scam close up shop and live out their lives as law-abiding citizens. They simply took the information they already had access to (from the aforementioned breaches) and applied it in the next-easiest way. Between the time EMV technology was conceived and the time it was implemented—first in the U.K. and Europe, then around the world—a new opportunity emerged for criminals to put stolen payment card information to productive use: e-commerce. And EMV does not account for fraud perpetrated via e-commerce—or any other card-not-present channel.

There was one place left in the world, however, where counterfeiting cards was possible long after it was severely curtailed everywhere else: the United States.

This fall, after a decade of resistance by merchants and issuers that would face the increased costs associated with upgrading POS systems and manufacturing chip cards, EMV implementation in the U.S. reaches its most important milestone: liability for card-present fraud will shift from issuing banks to merchants, if the merchants are not equipped to handle EMV transactions.

Read the full article...

CNP Series Report - PCI Part 1: New Penetration Testing Requirements

By Jeff Man, Security Strategist and Evangelist, Tenable Network Security, exclusively for

PCI Part 1: New Penetration Testing RequirementsWhen the PCI Security Standards Council (PCI SSC) published version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) in November 2013, there were several changes the organization felt were significant enough to warrant a grace period.  That reprieve comes to an end tomorrow, June 30, 2015, when those changes morph from “best practice” to “requirement.” There are five new requirements found in PCI DSS v3.0/3.1 that go into effect on this date. This article will focus on the new penetration testing methodology requirement.

Write This Down

Version 3.0/3.1 is a significant overhaul of the previous PCI. Perhaps the most significant change is the expansion of the PCI DSS 11.3, requiring a documented penetration testing methodology that:

Read the full article...

CNP Series Report - EMV Part 1: The Long Run

By Karisse Hendrick, editor-at-large,

EMV Part 1: The Long RunWhen it comes to credit cards, the U.S. market has been utilizing the same magnetic-stripe technology for the last 40 years to transmit payment data from the cardholder to the card-present merchant. As with any 40 year-old technology, time has caught up with and passed it by in some ways, including how the industry handles security and fraud. One of the biggest pain points that magnetic-stripe credit cards pose is how easy it is to counterfeit cards for use in card-present environments to make fraudulent purchases. According to some reports, counterfeit-credit-card fraud accounts for approximately 40 percent of total credit-card fraud in the U.S.

Due to this large expense, as well as growing security concerns, the card networks have been driving the adoption of EMV (Europay, MasterCard and Visa) chip enabled credit cards for the last four years. But, there has been a bit of a chicken-and-egg standoff between the card issuers and card-present merchants...

Read the full article...

Guest Perspective: Emerging Markets - Revenue Opportunity, Growth Drivers & Tapping into Local Spending

By Andrew Schneider, President and Co-Founder, Emergent Payments

Emerging Markets - Revenue Opportunity, Growth Drivers & Tapping into Local SpendinThere has been a monumental shift in the economic importance of emerging markets to e-commerce in the past decade. Markets and regions including China, South East Asia, Latin America and India have become significant, high-growth contributors to the global economy and the opportunity is ripe for global merchants to participate and compete for increasing emerging market spending. This is true for general e-commerce merchants but particularly for digital merchants such as online services, games, entertainment and e-learning that can tap into broadband distribution to reach global customers.

Market Size

Global business-to-consumer e-commerce worldwide is forecasted to reach $1.7 trillion in sales this year, driven by emerging market growth. This represents a 17 percent CAGR in 2015 and is primarily attributable to the Asia-Pacific region—notably China, Indonesia and India—where sales are expected to reach $681.2 billion, outpacing North American sales. Last year, it was estimated that Asia-Pacific spending would claim over 46 percent of digital buyers worldwide.  Other global markets that are significant contributors to double-digit global growth include Argentina, Mexico, Brazil and Russia, among others.

Market Drivers

What is driving this significant growth and what can we expect in the future? A recent EY report outlines four dynamics at the root of this shift towards emerging market e-commerce dominance:

Read the full article...

Account Takeovers: What Companies Should be Doing to Protect Their Customers

By Karisse Hendrick, Editor-at-Large,

Account Takeovers: What Companies Should be Doing to Protect Their CustomersWhile the list of companies victimized by account takeovers is long and getting longer, when the organizations that accept your federal tax returns and serve up your morning brew are targeted, headlines—and attention—will follow. Account Takeover (ATO) is the term used when a fraudster uses a legitimate customer’s credentials to log on to their account and make purchases. In some cases, the customer’s stored payment method is used, while in others, the fraudster is using the account to make the purchases appear legitimate. This fraud attack method has been increasing in popularity over the last several years as merchants became more vigilant and began using better fraud detection for standard credit-card fraud.

The impact to both the company and the customer can be more detrimental for ATO than traditional credit card fraud. For the company, because this fraud is much more difficult to detect, the financial impact can be devastating. Customers have an expectation their accounts are safe. When their accounts have been compromised, they often blame the company more than the fraudster who used their account. Also, the customer may be at risk for more account takeovers with other companies, since many use the same logon credentials for multiple accounts. Many fraudsters are counting on exactly that.

Read the full article...

Guest Perspective: 'Security is a Journey' - What Businesses Need to Know about Complying with the Upcoming PCI DSS Requirements

By Don Brooks, Senior Security Engineer, Trustwave

Improve Security: Strategies to Reduce Your Cardholder Data FootprintThe next month will be a busy time for any business that stores, processes or transmits payment card data since some of the changes in the latest versions of the payment card industry data security standard, PCI DSS 3.0 and 3.1, will be mandatory beginning June 30. Businesses and their third-party service providers must adhere to the requirements, or they risk falling victim to a breach in addition to facing costly fines.

Here are the requirements businesses must follow:

Read the full article...

Guest Perspective: Strategies to Reduce Your Cardholder Data Footprint

By Troy Leach, Chief Technology Officer, PCI Security Standards Council

Improve Security: Strategies to Reduce Your Cardholder Data FootprintData breach investigation reports continue to find that companies suffering compromises were unaware that cardholder data was present on the compromised systems.  If you can limit exposure of payment data in your systems, you simplify compliance and reduce the chance of being a target for criminals. By limiting the locations of cardholder data in your network, you can drastically reduce the number of systems to protect, which means your security efforts become more focused and more manageable. And better security will mean simpler compliance efforts. Below I’ve included some best practices for reducing the cardholder data footprint...

Read the full article...

Guest Perspective: Software-Based P2PE a Stronger, Better Approach

By Dave Oder, President and CEO, Shift4 Corporation

Software-Based P2PE a Stronger, Better ApproachThe vast majority of last year’s widespread data breaches were preventable. While merchants were busy checking boxes to ensure they were compliant with the standards dictated by the Payment Card Industry, security risks were proliferating.

Checking boxes isn’t enough. There needs to be a new solution. PCI’s Security Standards Council has been in dialog with PCI members for almost four years regarding the different methods of point-to-point encryption (P2PE). So far, PCI has only validated hardware-based P2PE solutions that require P2PE hardware at the merchant location and a hardware-based key management and decryption tool—known as an HSM, or hardware security module—at the other end. They later released a hardware-hybrid standard that allows for decryption operations outside of an HSM, but still required the HSM to handle key management.

Only merchants with in-house “switch” solutions have these set-ups, and for those who don’t...

Read the full article...

Guest Perspective: For SMBs, Encryption and Tokenization Before EMV

By Joe Wysocki, Executive Director of E-Commerce, Heartland Payment Systems

For SMBs, Encryption and Tokenization Before EMVIn payment and technology circles, it is widely understood that EMV deployment in the United States is a major milestone in 2015.  EMV - Europay, MasterCard and Visa - is a global standard for payment cards with embedded chip technology used for authenticating card-present transactions and the cardholder. U.S. card issuers are migrating to this technology primarily to combat counterfeit card fraud.

It is also a generally held view that EMV is not the panacea technology for all of the ways a merchant or business accepts payment. EMV will certainly help to validate that the consumer is the cardholder by way of Chip and PIN when presented at the sales counter, as well as ensure that the card was issued by a financial institution and is not counterfeit. However, chip technology does not extend itself to the merchant’s online or card-not-present (CNP) environments. Furthermore, EMV does not address other pressing security issues afflicting merchants...

Read the full article...

The Public Trust

Municipalities Large and Small are Grappling with New Requirements, Challenges for Information Security

By Carl Brown,

The Public TrustThe popularity of making municipal payments online is like a wave that's slowly building. Just like in the retail world, more and more people are being drawn to the ease and convenience that municipal online payments provide.

But lurking in the depths of that wave are sharks in search of prey – cyber thieves looking for personal, sensitive information that they can latch onto and turn to their criminal advantage. Keeping these predators at bay is an ongoing battle that any entity that accepts online payments faces, including—perhaps especially—cities and towns.

Whether online payments are processed in-house or handled by a vendor, municipalities are ultimately responsible for the security of the information tied to those payments...

Read the full article...

The Evolution of 3D Secure

Applying New Techniques to an Existing Technology Can Boost Antifraud Effectiveness

By Karisse Hendrick, Editor-at-Large,

The Evolution of 3D SecureOnline-fraud prevention is a continually moving target. As fraud tools become more sophisticated, fraud tactics and attacks also evolve to find undiscovered vulnerabilities and ways to continue to profit from using stolen credit-card data. While the main focus of a fraud strategy is to protect the bottom-line by canceling fraudulent orders before they result in chargebacks and lost product, there is little guarantee that all those orders would result in chargebacks if not canceled. Companies must ask themselves if they would rather risk more loss for the sake of potential sales, or risk sales for the sake of preventing fraud.

But some companies have found a way to reduce fraud and increase top-line sales...

Read the full article...

Campus Security

PCI-DSS and Other Standards Make Securing University Networks More Complicated, Leave them Vulnerable

By Joe Bush,

Campus Security CNP FeatureA 2014 survey of higher education IT professionals by the SANS Institute revealed the extent to which colleges and universities are concerned and able to be vigilant against data breaches. Their concern is well-placed: Institutions of higher learning gather increasing amounts of data about their alumni, staff, students and their parents.

The SANS Institute, a private company that teaches security information and certifies trainees, got responses from 300 analysts, administrators and senior-level managers on questions about their challenges balancing the need for openness in a naturally collaborative educational culture with protecting sensitive data.

While higher education institutions are easy to overlook as cyberattack targets, The EDUCAUSE Center for Analysis and Research (ECAR) revealed 562 reported breaches at 324 unique institutions between 2005 and April 25, 2014, with most of them involving...

Read the full article...

Carrier Billing: An Evolution Toward the Mainstream

By Ray Ramillosa, Vice President of Marketing, Boku

Carrier Billing: An Evolution Toward the MainstreamLast year, a mobile payments trade publication referred to carrier billing as "The World's Most Popular Mobile Payment." That’s a bold assertion when the term “mobile payments” has been used so loosely that it can be equally applied to everything from peer-to-peer money transfers to purchases made with mobile in stores to online purchases made through mobile websites and mobile purchases made in-app.  Popularity can, of course, be defined in many ways and carrier billing is quite popular when looked at through the lens of number of users worldwide, but rather than focus on the claim itself, it is worth explaining what carrier billing is and what lies ahead for this emerging form of mobile payment. 

The only ‘100% mobile’ mobile payment

Whereas most forms of mobile payments are actually some hybrid of a mobile transaction funded by a credit card or bank account, carrier billing is the only form of mobile payment that lets consumers charge a purchase directly to their mobile phone bill using their mobile phone number or have the cost of a purchase deducted from their prepaid minutes balance.  Given that 75 percent of the mobile subscriber population in the world uses prepaid phones, carrier billing leverages one of the most widely distributed cash top-up networks in the world, which is critical to digitizing cash. 

Millions of people around the world use carrier billing to make payments. Surprisingly, a significant chunk of carrier billing volume today is generated by...

Read the full article...

Don't Think You Have a Fraud Problem? Think Again.

You May Not be Looking in the Right Place

By Karisse Hendrick, Editor-at-Large,

Don’t Think You Have a Fraud Problem? Think Again.With the volume of card-not-present transactions rapidly increasing, fraud and other risks to revenue unique to card-not-present transactions also are on the rise. While more companies than ever have made a decision to dedicate resources to measuring, identifying and preventing fraud losses, there are still companies out there that think they do not have a fraud problem.

Given that fraudulent orders blend in well with legitimate orders, it is entirely possible for a company to have a fraud problem without knowing it—until, that is, it grows large enough to come to the attention of the card networks.

Often, the problem is you don't know what you don't know. But, even if you legitimately don't have a problem with fraud, there are still ways you can lower decline rates, overall chargeback rates and payment processing fees. 

It's important to ensure that you don't have fraud losses that you may not know about.  To that end, here are some simple steps you can take that may uncover fraud where you think none exists.

Read the full article...

LiveEnsure: Driving Home the Difference between Identification and Authentication

By Joe Bush,

LiveEnsure: Driving Home the Difference between Identification and AuthenticationChristian Hessler says his company's identity is tied into the very idea of identity, and how it differs from authentication.

Hessler founded LiveEnsure, a startup trying to revolutionize interactive user authentication on smart devices, and he draws a distinct line between identity and authentication. The difference drives the company's mission, says Hessler.

LiveEnsure triangulates location, device and customized user behavior to authenticate users, and Hessler says none of the information is shared, broadcast or stored. It boasts 1,200 system deployments in 80 countries with 8 million end-user authentications since early field engagements began in late 2013.

According to the former CTO at two firms and senior engineer at Sun Microsystems, the fundamental problem with traditional authentication and what he calls "the general history of this security puzzle," is that...

Read the full article...

School Is In Session

Online Payments Increasingly Important, Challenging for Colleges and Universities

By Joe Bush,

School is in Session CNP FeatureSoutheast Missouri University announced in late January that beginning May 1 it will accept credit cards for online payments with a 2.5 percent service fee.

In a world gone wired, from home-based computers to device-driven Web access and applications for everything, and a generation that can't remember a world before the Internet, it makes sense that higher education has moved student payments of tuition and fees from standing in line at the bursar's office to entering payment-card information at a payment portal.

Southeast Missouri University joins schools like...

Read the full article...

Apple Pay and the Future of Mobile Payments

A great step forward, but no challenge to the status quo

By Andrea Dunlop, Vice President, Card Services at Optimal Payments

Apple Pay and the Future of Mobile PaymentsApple launched Apple Pay on iPhone 6 to industry-wide acclaim and many media outlets proclaimed it a tipping point for mobile payments. But, what’s most interesting is, rather than revolutionizing payments in the three months since its launch, Apple has found a place in the existing payments ecosystem. Rather than introducing a competing system, like it did with the record industry and iTunes, Apple Pay is an enabling technology, working with the major card networks and banks to get their cards onto Apple mobiles for in-store and on-line payments. To gain widespread adoption and use, however, Apple Pay will still need to overcome some hurdles.

An insight into the technology

The three key features of Apple Pay on the iPhone 6 are...

Read the full article...

My Kind of Town

Payments experts and City Treasurers discuss the challenges municipalities face accepting online payments
By D.J. Murphy, Editor-in-Chief,

My Kind of TownAs consumers become increasingly comfortable with shopping for—and paying for—retail products and services online, every entity that accepts payments is evaluating whether going online could potentially save them costs or make it easier for their customers to make payments. Municipal governments, more and more, are engaging in this evaluation process.

While the U.S. is climbing out of recession and into recovery, many of its cities and towns still are struggling with budget shortfalls and are looking for any way to increase revenues. Some city officials are looking at antiquated, paper-based payment systems and intuitively understand a more efficient system could save them money in the long run. Many have made the move to online payment acceptance already, but are working with multiple vendors for different types of payments and want to consolidate online payments to increase efficiency (hopefully saving them money) and to meet the increasing demand of their citizenry that wants to pay online.

In the end, the most important considerations for municipalities are...

Read the full article...

Trends From NRF: Omni-Challenges & Omni-Opportunities

By Karisse Hendrick, Editor-at-Large,

Get Better in 2015"Omnichannel" is a term that gets thrown around quite a bit—especially at this week's National Retail Federation (NRF) Big Show in New York City. Omnichannel seemed omnipresent on the NRF's two massive expo floors with vendor after vendor seeking to provide retailers with the technology that will enable a modern customer experience. But, omnichannel means more than just accepting orders in your physical store, online, through your call center or via a mobile device. Luckily, it emerged as a theme in several sessions, as well, with experts to guide omnichannel neophytes looking to be educated on what it all means.

At one of those panels, Tom Cole, partner at retail consulting firm Kurt Salmon, described it like this: "Omnichannel is defined from the customer's point of view. It is a seamless experience: the same products and services, engagement capabilities and level of service, regardless of the channel that the customer purchases on."

The reason most retailers who traditionally have siloed their retail store, e-commerce, m-commerce, and call-center environments now are racing to provide an omnichannel experience is because...

Read the full article...

Guest Perspective: Toward a Proactive Approach to Preventing Online Fraud

By: Ryan Wilk, Director of Customer Success, NuData Security

Get Better in 2015Research firm eMarketer predicts that by 2018, e-commerce will account for 8.8 percent of the total retail market worldwide, or $2.5 trillion. This represents an increase of more than a trillion dollars in just three years. Retailers and service providers have cause to rejoice, but there is equal reason to be cautious. "Friendly fraud" alone, in which people buy items online and then dispute the charges, costs merchants $11.8 billion a year, according to Visa. Fraudsters are enjoying the online shopping boom at your expense.

Even though identity theft is one of the fastest-growing and most lucrative types of crime, many companies that do business online have not protected themselves and their customers to the full extent possible. Traditional online security measures are no longer adequate, and companies need to understand what new methods are now available in order to defend against loss of revenue and brand reputation.

The Current State of Fraud Detection: The Reactive Approach

Rather than proactively protecting against online fraud, e-commerce merchants place their fraud detection tools after the point of transaction and end up reacting after the fact. This means that most e-commerce merchants are...

Read the full article...

Get Better in 2015

By Karisse Hendrick, Editor-at-Large,

Get Better in 2015The beginning of a new year is a chance to start fresh—to do new things or just do the things you were doing, but do them better. 2014 was a year of highly publicized data breaches and record sales in the card-not-present space, which meant a record amount of credit card fraud. We also saw new payment methods emerge such as Bitcoin, new mobile wallets, and companies focusing on global expansion more than ever before. Another year has come to an end, but innovation and change in this industry will continue, as always. In that spirit, we have compiled a set of New Year’s resolutions for card-not-present merchants. If you’re already following these suggestions, you’re ahead of many in your field. If not, please consider them as a way to learn from the accomplishments—and mistakes—made by others before you.

In 2015, I resolve to:

Read the full article...

Be Your Own Fraud Team - Tips for Small Businesses Trying to Fight Fraud

By Karisse Hendrick, Editor-at-Large,

Be Your Own Fraud Team - Tips for Small Businesses Trying to Fight FraudAs e-commerce fraud has increased explosively over the last 15 years, most medium to large card-not-present companies have tapped their available resources and invested in teams and tools to protect themselves. But, as larger companies have become better at pinpointing fraud, criminals have moved on to smaller, usually more vulnerable, companies. 

The cost of even one fraudulent order can have a much stronger impact on a smaller business than on a larger one. But, because most of these companies don’t have dedicated fraud teams, tools or processes—unless they’ve been burned before—it can be difficult to know the right steps to take, even if they come across an order that seems suspicious.

What does fraud look like?

As fraudsters become more sophisticated, fraudulent orders are looking more like legitimate orders. However, there are a few things to keep in mind as you look at an order that can help you tell the difference.

Read the full article...

Guest Perspective: 3D Secure or not 3D Secure?

As more sophisticated methods of online authentication evolve, a tried and true remedy—one not without critics—continues its own evolution. Noam Grinberg, head of risk management at payments experts SafeCharge, discusses the merits and future of the 3D Secure protocol.

Guest Perspective: 3D Secure or not 3D Secure?Internet shopping is fuelled by impulse from end users. “I see it, I want it, I buy it on my one-click ordering page.”

Herein lies the dilemma for merchants. How do they offer their consumers maximum security from online fraud together with a fast and seamless shopping experience? These two things do not sit easily together. Do merchants offer more complex payment pages with greater security and risk losing customers who are impatient to buy but frustrated at not being able to get through the purchase process easily? Do consumers stop shopping if they don’t have the correct passwords at hand or do they take a security override option if it’s available and put themselves, and the merchant, at greater risk of fraud? Is there a compromise, ensuring quick shopping, maximum security and minimum frustration?

3D Secure, or as it’s officially known 3 Domain Secure, is an XML-based protocol available as an additional security layer for e-commerce retailers to help minimize the risk of online fraud. Essentially, it provides an additional authentication and security layer for online payments.

The major benefit to an online merchant is that, by using 3D Secure, if a transaction subsequently turns out to be fraudulent, the merchant is not liable. Merchants are protected by the card issuer against chargebacks for fraud because the issuing bank takes on the liability if 3D Secure is used.

3D Secure is not a panacea for all a merchant’s antifraud problems...

Read the full article...

Guest Perspective: Increasing Holiday Sales Conversions – It's a Matter of Trust

By Stacy Fassberg, Vice President of Marketing, PayItSimple

Guest Perspective: Increasing Holiday Sales Conversions – It's a Matter of TrustRetailers have reason to be merry as the 2014 holiday shopping season approaches. The National Retail Federation ("NRF") forecasts that sales in November and December will increase by 4.1 percent to $616.9 billion. Even better for online retailers, (NRF's digital retail division) predicts that online sales will see an increase of 8-to-11 percent over last holiday season to as much as $105 billion, with 56 percent of all consumers planning to do at least some of their holiday shopping online.

But even with all this optimism in the air, e-commerce retailers still need to determine how to capture as much of this holiday goodwill as possible. Even after you win the battle to drive traffic to your Website and get that all-important "add to cart" click, the reality is that upwards of 70 percent of consumers abandon their shopping carts.

The reasons are myriad, and some you certainly can't control. At the same time, there are numerous factors you can influence...

Read the full article...

Survive Thanksgiving (and the Rest of the Winter) Like a Pilgrim

By Karisse Hendrick, Editor-at-Large,

Survive Thanksgiving (and the Rest of the Winter) Like a PilgrimIn 1621, America’s first European immigrants (the Pilgrims) celebrated their first Thanksgiving. The three-day feast was a Native American tradition held to express gratitude for a successful harvest. It was also a time to prepare for the harsh New England winter that was on the way. As the busiest shopping season of the year kicks off Thursday, many card-not-present retailers are engaging in their own preparations for the (hopefully!) crushing sales volume that marks the beginning of winter.

The more sales there are, however, the more fraud there will be. Fraudsters know their orders will be harder to spot due to the high transaction volume, but also because many good orders will have characteristics similar to fraudulent ones (high-dollar transactions, shipping to a different location, etc.). To stay competitive and retain a great customer experience in the face of huge volume, orders must be processed quickly and not held up for extensive fraud reviews.  As fraud managers, your life for the next month will be crazy. There will be little sleep and a lot to do. To help you cope, we polled some of the country’s largest e-retailers to find out how they ensure the survival of their sanity despite this insane season.

Read the full article...

Data Breaches: Ripples Turn to Waves for Merchants Downstream

By Karisse Hendrick, Editor-at-Large,

VAT Changes Will Impact E-Commerce in EU More than ever before, headlines naming large U.S. retailers as victims of a data breach have been topping the news. As both consumers and as professionals in the card-security industry, we all hold our breath when a new breach is announced. But, the media does not focus its attention on the after-effects of a breach, and how the data that is stolen is used for financial gain. Although credit-card numbers often are used to create counterfeit cards, fraud patterns in the wake of breaches indicate stolen data also is used at card-not-present merchants. In order to be prepared for millions of pieces of fraudulently obtained identifying data deluging your Websites and call centers, it is important to acknowledge and be aware of the impacts to your business this breached data has on the incoming fraud.

Not all attacks are yielding credit card numbers. If that information is not included in the data compromised in an intrusion, it is easy for other businesses to assume there is no threat to their bottom line. In our new reality, however, that is unfortunately not true. Exposed e-mail addresses, usernames and passwords can be just as damaging (if not more) to your business. The way fraud will present itself to your business is dependent on the actual data that was stolen. To get you thinking about this, we have compiled examples of how data from recent breaches may be impacting your business.

Read the full article...

Guest Perspective: Ensure Optimal Fraud-Team Performance during the Holidays to Improve Top- and Bottom-Line Growth

By Eido Gal, CEO, Riskified

VAT Changes Will Impact E-Commerce in EU With the holidays around the corner, most merchants are deep into their preparations for the online shopping rush – ordering more merchandise, ramping up logistics and fulfillment operations, increasing server capacity and hiring more customer service reps. They’re dotting their i’s and crossing their t’s to ensure the holiday shopping season kicks off without a hitch.

The holidays are an intense season for anyone in e-commerce, but those in charge of reviewing incoming orders for fraud really have their work cut out for them. Not only is there a dramatic increase in the overall volume of orders, but Riskified’s data from previous holiday seasons shows that fraud on entry increases significantly over this period. It may be that fraudsters take advantage of the fact that merchants are overworked and swamped with orders. Alternately, it may just be that stringent returns policies on sales items lead consumers to commit “friendly fraud” - claiming they did not authorize a purchase because they want to return the item. Whatever the reason, handling these orders correctly is a challenge.

The problem most merchants face is telling the difference between potentially fraudulent and blatantly fraudulent orders. Caught between a rock and a hard place, some merchants feel declining a questionable transaction is safer and less costly than approving a bad order. Safer, yes. Less costly? Not necessarily. By nature, we are risk averse, and more likely to remember a chargeback than an order we rejected. But if merchants stop to consider it, they may find they lose more revenue due to fear of fraud than they do to actual fraud.

A properly prepped fraud team, armed with the right tools, can help merchants recapture revenue from borderline transactions they might ordinarily decline. Here are four steps merchants can take to ensure optimal performance during the holidays:

Read the full article...

VAT Changes Will Impact E-Commerce in EU

by Karisse Hendrick, Editor-at-Large,

VAT Changes Will Impact E-Commerce in EU Beginning January 1, 2015, a large percentage of e-commerce merchants based in the European Union will face major changes in how VAT (Value Added Tax) is assessed. These upcoming changes will impact e-commerce merchants delivering goods electronically (digital goods), broadcasting and telecommunications companies, but will not apply to companies that ship physical goods to consumers.

Until now, VAT has been based on the country in which the merchant is located within the EU. After the first of the year, the tax will be calculated based on the country where each consumer is located. In addition, the new laws will require businesses to track and document the location of their consumers and have them on record for 10 years. Adding to the complexity, all 28 European member states have different regulations, languages and penalties for not complying with these new mandates.  

The European commission has stated that the intent of this law is to "even the playing field" for businesses located in all countries, including merchants based in countries that have lower VAT rates for businesses.  E-commerce merchants outside the EU have been required to track and account for VAT based on their consumer's locations for digital-delivery transactions since 2003 and will continue to be required to do so.  

The mandate allows for each merchant to define how they determine the country in which a consumer is located...

Read the full article...

Fraud is a Zombie, Not a Dragon

by Karisse Hendrick, Editor-at-Large,

Fraud is a Zombie, Not a DragonWhen it comes to fighting fraud, a lot of companies, especially when first faced with this issue, approach the problem as if they are fighting a dragon. They see fraud as a big scary animal that can be vanquished once and for all, as long as they don their special armor and arm themselves with the right tools. Once that battle is over, they expect to return to the village as the conquering hero, often thinking that once the large issue is resolved, it’s resolved for good.

But, in reality, fighting fraud is a lot more like fighting zombies. While armor is important, they can attack you from all sides, anywhere that you’re vulnerable - and many times, they find this vulnerability before you do. If you prepare to fight zombies, rather than the dragon, you know one weapon will not be enough. You need a variety, sometimes picking up anything and everything you have to defend yourself. Unlike having only one beast to battle, zombies keep coming - forever. Once the first set of monsters is taken down, another group arises, a bit mutated and more adapted to the single tools and approach that worked so well previously.  And, perhaps the biggest difference of all is there will be no ticker tape parade when you return to your village (IF you have the time and wherewithal to do so).  It will be a continuous and thankless job, but one that you know needs to be done to protect your people.

Read the full article...

No Wallet, No Phone, No Card Required – But Ya Gotta Have Heart

By D.J. Murphy, Editor-in-Chief,

No Wallet, No Phone, No Card Required – But Ya Gotta Have HeartThe emerging trend of fitness wearables, a passion for taking friction out of payment transactions and melted chocolate coalesced over the past year into a startup that hopes you never have to take a wallet—or a phone—out of your pocket to pay for things ever again.

FitPay, a California-based company, was conceived when CEO Michael Orlando, a payments veteran from CyberSource and authentication technology company Jumio, went on a bike ride. Orlando and a friend planned a long ride with a stop for refreshments, so he took along a pouch with his phone, a credit card and a chocolate energy bar. When the pair finished their ride on the hot California day, Orlando’s hopes for a cold beer were dashed when he opened the pouch and his energy bar had melted over his phone and the card, rendering both of them useless.

“Why,” he thought, “do I need all this stuff?”

Discussions commenced that day on a solution for payment that would enable a consumer to wear a device that recognized and authenticated the user immediately upon entering a store and enabled payment based on that authentication without the consumer ever lifting a finger other than to pick up his or her purchase off the shelf. When Orlando found wearable technology that authenticated the user by their electrocardiograph (ECG) signature and paired it with beacon technology gaining traction in retail environments, FitPay was born.

Read the full article...

SimplyTapp Rides NFC Resurgence

By D.J. Murphy, Editor-in-Chief,

SimplyTapp Rides NFC ResurgenceWhen Apple made its enormous iPhone 6 announcement last month, including the unveiling of Apple Pay, it seemed to finally validate NFC as the technology enabling in-store mobile payments. Until that moment, the dominant narrative regarding NFC consisted almost entirely of obituaries. And, indeed, several high-profile wallet initiatives for Android devices that leaned on NFC seemed stalled. But those wallets relied on storing payment details on the device in a secure element and squabbles among handset makers, carriers, issuers and merchants about who would control the information bogged the process down. And, while Apple Pay seemed to clear the air, NFC might be no further along if a company based in Austin, Texas had not developed a solution to the secure-element conundrum and then shared it with the world.

While Apple Pay has gotten large chunks of the ecosystem on board for its solution, it does not address Android devices, which by some measures account for more than three-quarters of smartphone users worldwide. To help capture that market, and give issuing banks a way to work around the ongoing turf wars, SimplyTapp developed the workaround that enabled a mobile app to access payment details stored in the cloud called Host Card Emulation (HCE). Without HCE, the world might still be talking about other technologies more suited to making mobile payments at the POS..

According to Doug Yeager, CEO of SimplyTapp, issuing banks that were interested in mobile contactless payments could partner with one of the major wallets, but they felt like they were being shut out because they didn’t have access to the secure element contained in the SIM cards of Android devices (and Android was the only game in town at the time).

Read the full article...

Bob Russo: Breached!

By D.J. Murphy, Editor-in-Chief,

Bob Russo: Breached!News of network security breaches large and small continue to emerge seemingly weekly. Kmart and JPMorgan Chase are only the most recent to feel the pain and, if the Department of Homeland Security is right, the news is not going to change any time soon. In the wake of any of these breaches, talk inevitably turns to the state of the affected company's PCI compliance. Also inevitably, the companies are found to have been PCI compliant at the time of their last assessment, but their compliance did not prevent the intrusion. At times like this, payment industry and security experts talk about how breaches highlight the difference between compliance and security and how PCI compliance alone cannot protect your business. And, these admonitions are not restricted to security vendors trying to sell you a solution. The head of the PCI Security Standards Council agrees with them.

PCI assessments are a snapshot in time, says Bob Russo, general manager of the PCI Security Standards Council since its inception in 2006. PCI compliance is a starting point, not a goal. Constant vigilance after attaining the basic level of security ensured by PCI compliance, he says, is the only way to limit your exposure. In fact, at the most recent CNP Expo, Russo used a very personal story to illustrate his point that "this is really about security. This is not about compliance."

I'm the perfect example. I think I'm PCI compliant in my life. Really. I live in New York City. In my house I have an alarm system. I have a video surveillance system with a DVR that goes 60 days. I have what's known as security screen doors. It's like a jail. It's decorative, but you need a key to get in and a key to get out. And I have a dog. So I think I'm PCI compliant in my life.

Yet, two years ago, I was robbed.

Read the full article...

Protecti Takes Risk out of High-Value Transactions

By D.J. Murphy, Editor-in-Chief,

Protecti Takes Risk out of High-Value TransactionsThe growth of e-commerce has been explosive and well documented and the array of products available online is ever expanding. But, for one class of consumable, online trade is fraught with concerns for buyer and seller: very high-priced items. Certainly there are luxury items like electronics and jewelry being offered by established retailers that don’t present a large problem. The reputation of the retailer and the zero-liability policies of major credit cards are the mechanisms by which trust is established.

And, for companies like this, traditional merchant acquirers or online payment providers like PayPal or Stripe work great. But around the world there is a growing segment of buyers and sellers being connected through online marketplaces who are strangers to one another and don’t enjoy that level of trust. There is an entire e-commerce payments infrastructure that such marketplaces could take advantage of, but a lack of trust makes it difficult on both sides to risk selling or buying very expensive items.

Enter Protecti, the brainchild of Australian Simon Lenton. Lenton began his career as an attorney specializing in banking, finance and commercial litigation. And, if there is one thing an attorney becomes accustomed to, it’s resolving disputes, especially over money. Lenton had a close friend order and pay for an expensive item online, never to receive it. He knew there was a way to structure a transaction so that each party had the proper incentive to hold up their end of the bargain. When he noticed the rise of online classified sites connecting buyers and sellers for things like cars and even large-scale home improvement projects, he knew his idea had a home.

Read the full article...

Guest Perspective: New Strategies for Fighting Online Fraud

By Ryan Wilk, Director of Customer Success, NuData Security

6 Ways to Cut Chargebacks and Boost ProfitsIn 2013, the FBI’s Internet Crime Complaint Center received 262,813 consumer complaints with an adjusted dollar loss of $781,841,6111, which is a 48.8 percent increase in reported losses since 2012.

The work of preventing online fraud is expensive, not to mention difficult. Businesses of all sizes must do all they can to safeguard sensitive data so it doesn’t fall into the wrong hands. Because online fraudsters are continually coming up with new schemes, fraud managers have to stay on their toes. Part of their job is to stay apprised of current best practices and tools to help them protect their organizations and their customers. For three of the latest best practices in Online Fraud Detection (OFD), read on.

Read the full article...

Guest Perspective: 6 Ways to Cut Chargebacks and Boost Profits

By Frank Stornello, Chief Marketing and Strategy Officer, Verifi

6 Ways to Cut Chargebacks and Boost ProfitsTo improve your bottom-line results e-commerce merchants need to implement a holistic chargeback-management solution that not only prevents chargebacks, but also actively reclaims lost dollars to fraudulent chargebacks. Verifi recommends six best practices for successful chargeback management:

1. Improve Internal Processes

Merchants should optimize several internal processes to minimize chargebacks. For example:

  • Gather information you need to build your case when representing chargebacks.
  • Improve customer service by making it easier for customers to contact your company. Consider extending hours of operation making it easier to reach a live person by reducing hold times and automated menu options. You don’t want customers to get frustrated, hang up and choose to call their issuing bank instead.
  • Institute internal fraud monitoring that includes monitoring IP addresses or high-value transactions to prevent fraudulent chargebacks before they occur.
  • Use chargeback notifications to learn quickly when a customer is disputing a charge. Notifications enable you to address chargebacks proactively without tightening up fraud control so much that you turn away good customers.

2. Prioritize Which Chargebacks to Fight and Represent

Read the full article...

Guest Perspective: Why Apple Pay Will Disrupt Mobile Payments

by Gregory Raiz, CEO of Raizlabs

Why Apple Pay Will Disrupt Mobile PaymentsApple will eat the credit card industry one bite at a time in the same way that they ate the music industry. With the Apple Pay announcement, they took the first bite.

Apple customers have shown that they outspend Android users by a wide margin. According to IBM, Apple users outspent Android by 500 percent last Christmas. Sales and transaction sizes on iOS e-commerce products are significantly higher than Android apps. Apple customers have shown themselves to be highly desirable to merchants. Payments have been a point of frustration for many merchants, and the idea that Apple can bring simplicity and security is a glimmer of hope.

The Apple Pay ecosystem will cover two core areas of converging interest: payments in brick and mortar stores, and in-app payments for goods and services.

The exciting thing about Apple Pay is that it’s an integrated solution. Customers will scan their existing credit cards and bank cards and the Apple Pay technology will import their information from partnering financial institutions. Initial launch partners will include American Express, Bank of America, Citi, Capital One, Chase, Wells Fargo and many others. Apple claims the participating institutions will cover over 83 percent of the issued cards in the United States.

The technology will use the NFC chips in the upcoming iPhone 6 and Apple Watch products.

What can we expect over the next six months?

Read the full article...

Guest Perspective: "Step Back" Before Choosing Fraud Tools

By Tom Donlea, Director of Risk Services, WhitePages PRO

Step Back Before Choosing Fraud ToolsThis summer, the sports world was dominated by news of LeBron James’ return to the Cleveland Cavaliers. It’s had me thinking of fraud prevention in basketball terms. As any avid hoop fan (like me) knows, when a player wants to make a shot, but is being blocked by a larger challenger, he or she can drive toward the opponent and then step back to create space to make a stellar jump shot.

Having monitored the fraud-prevention space for nearly a decade (and basketball for even longer), I can’t help but draw similarities. As with the step-back shot, there are some key questions merchants should step back and consider in order to make space for their next shot: the job of choosing a new fraud platform.

At some point or another, it will be time to revamp your order-verification system. Any seasoned fraud-prevention specialist will know that this maneuver happens every now and again with management. And, this isn’t a decision facing only established companies. Startups and smaller business may only be using very basic AVS and CVV checking, but are ready to upgrade.

How do you know when it’s time to add more robust fraud and chargeback defense tools? Before you recreate the wheel, or spend unnecessary time or money adding complexity to your order processing, here are some questions to “step back” and ask yourself:

Read the full article...

Guest Perspective: ‘What Do You Mean I’m Considered High Risk?’

To e-commerce entrepreneurs, being classified as a high-risk business often comes as a surprise

By Chris O’Donnell, Senior Copywriter, Instabill

What Do You Mean I’m Considered High Risk?An entrepreneur has an idea for an e-commerce startup. With big plans in his head and dollar signs in his eyes, he applies for a merchant account and is about to launch. Then, however, he gets the news: The business is classified as high risk and, as such, finds its application either declined or approved with substantial trading restrictions.

Most e-commerce businesses are deemed high risk, especially startups, and therefore end up paying higher transaction fees, have substantial reserve deposit requirements imposed and may have limited processing allowance/capability.

It often comes as a shock to e-commerce business owners.

“We get that reaction probably two or three times a week even though we are known as a credit-card processor of high-risk merchants,” said Wendy Jacques, sales manager at Instabill, a global credit-card processor based in Portsmouth, N.H. “Merchants are often unaware they are considered high risk. So we do our best to explain to them that anytime a merchant is dealing with e-commerce, where there is never a credit card present, they’re going to be considered high risk. This includes point-of-sale merchants that expand their sales via the internet.”

Read the full article...

Analysts: How Will Amazon Make Money in mPOS? It Won’t

By Joe Bush

Analysts: How Will Amazon Make Money in mPOS? It Won’tLast week, Amazon expanded its payments offerings to include a mobile-card-acceptance solution rivalling a similar product first popularized by disruptive startup Square and quickly copied by PayPal, Intuit and a host of others. Amazon entered the fray with an extremely low introductory rate to entice merchants to try its new product, but even when the promotion ends, the company’s per-transaction price will still undercut the current industry leaders. One problem: Even Square, an acknowledged industry leader in mPOS and the company that virtually invented card acceptance for micromerchants, reportedly is finding it increasingly difficult to make a profit. So how does Amazon intend to do so?

According to industry experts, the answer is simple: it doesn’t.

“It is safe to say Amazon has no intention of making money in mobile acceptance anytime soon,” says Gil Luria, a managing director covering financial technology stocks at Wedbush Securities. “They are very used to taking the long view and accepting losses for up to seven years in a new business they enter.”

Amazon announced the credit and debit card reader and app for small businesses, named Amazon Local Register, with great fanfare and an introductory transaction fee of 1.75 percent. When the introductory period is over, the regular rate will be 2.5 percent, compared to PayPal and Square’s 2.75.

Read the full article...

Can the Card Brands Protect My Business from Fraud?

Can the Card Brands Protect My Business from Fraud?For e-commerce merchants struggling with fraud and chargebacks, there are a multitude of vendors to turn to. The virtual pages of are chock full of solutions leveraging the very latest technology from machine learning, to big data analytics to biometric authentication methods.

Most security and antifraud experts advise a combination of solutions layered atop each other for merchants to truly mitigate their risk of fraud. But what about merchants who either cannot afford a comprehensive solution or want to keep it simple. Is there anyone a card-not-present merchant can turn to if they don’t want to sift through an expanding universe of providers?

Despite a relationship that can sometimes be characterized as contentious, one place a small (or even not-so-small) business might turn is to the card brands—names at least familiar to all card-not-present merchants. All four of the major card networks at least offer recommendations and advice on their Websites. They also offer tools (some free, some for an extra fee) that merchants accepting their cards can leverage to help control fraud. Here’s a sample of what each can deliver for card-not-present merchants.

Read the full article...

Visa Checkout: What’s in a Name?

By Joe Bush

Visa Checkout: What’s in a Name?Of all the features included in Visa’s Digital Solutions suite, one is brand new, has a name and is up and running. And, it could launch Visa into the online payments space in a more comprehensive way.

Of the collection of offerings the company announced last week that enable secure payments across a wide range of Internet-connected devices, Visa Checkout is the one that got its own announcement. On July 16, Visa introduced the replacement for, launched in 2012. Marketing the service as a “digital wallet,” however, fell flat with consumers looking for something simpler.

Amanda Pires, Visa’s vice president of communication for emerging markets and innovation, calls Checkout “entirely re-imagined and re-engineered,” saying the main contrast with is increased simplicity for consumers. The switch is in effect for the U.S, Australian and Canadian markets.

Pires cites several changes that make Checkout faster or simpler, including:

  • Reducing the number of payment screens to just two, eliminating the need to re-enter shipping and billing addresses.
  • For financial institutions and merchants, reduction of time needed for platform integration from months to weeks.
  • An intuitive checkout experience to encourage conversion.

Read the full article...

Law-Enforcement Vets Improve CNP Antifraud Efforts at Growing Number of Retailers

StubHub case shows investigation and prosecution can work with technology to reduce fraud

By Chuck Brown

IdentityMind Expands Bitcoin Compliance Technology to EUEric Boles had the inside track as he worked with authorities to crack open an international cybercrime ring that accessed more than 1,000 StubHub accounts to commit fraud. The results of that investigation to date were made public last week with the arrest of 7 suspects.

With a background as a U.S. Secret Service agent before joining StubHub as senior manager of its Global eCrime Investigations Unit, Boles and his team had aggressively pursued other fraud cases with the intent of having the perpetrators prosecuted. And his Secret Service background definitely worked in his favor as he collaborated with police and prosecutors in this latest probe.

Prosecuting cybercrooks and making them pay for their crimes is yet another weapon in the CNP arsenal; yet it appears that not many companies are taking advantage of this very powerful tool.

“We realized early on that focusing solely on mitigation of fraud would never stem the tide of malicious activity. It’s a zero-sum-game. It’s whack-a-mole,” explains Boles, who joined StubHub, an eBay-owned company based in San Francisco, two years ago. “Eventually, the cost of doing business would be too great, as cybercriminals continued to proliferate within the commerce ecosystem.

“The only true way to combat threats from cybercriminals is to raise the cost of the attack for the attacker. One great way to raise the stakes is to hold those committing cybercrime accountable for their actions. The best tool available to us in this fight is the legal system. If fraudsters didn’t believe they were above and beyond the law, there wouldn’t be nearly as many cybercriminals to contend with. We set about changing the way we looked at the prosecution of cybercrime.”

Read the full article...

HCE minus SE = ‘Hosed Card Emulation’

By Siva Narendra, CEO, Tyfone, Inc.

HCE minus SE = 'Hosed Card Emulation'Mobile commerce has ushered in the convergence of e-commerce and the more traditional and dominant physical world. Into this environment comes a popular “new kid in town” called Host Card Emulation (HCE). HCE is being promoted for software-based security applications – but that continues to proliferate the basic problem of storing sensitive credentials in the cloud that has proven inadequate time and time again. Compounding the problem, HCE also requires all this sensitive information for security to be stored and managed by an entity other than the HCE provider. The HCE model may appear to be an elegant technical solution that circumvents the need for a hardware-based Secure Element (SE). However can the payment industry really enable secure mobile payments without hardware-based security?

Throwing Out the Baby with the Bathwater

There are two distinct ways to move money in payments today: “Card Present” (CP) transactions that originate at the physical point-of-sale and “Card Not Present” (CNP) for e-commerce. Fraud levels in the CP world are much lower than the CNP world. Based on 2012 data from the U.S. Census Bureau, eMarketer and the Nilson report found CNP fraud in the US accounted for $1.9 billion out of $220 billion in sales, or 0.9 percent. All categories of other fraud totaled $4 billion out of $4.35 trillion in sales – only 0.09 percent. In addition, CNP fraud is growing at a much faster pace than CP fraud according to FICO.

Although CP fraud levels are far lower, the payment industry has concluded that more secure storage of payment information is required in the form of hardware-based security; hence, the global migration to EMV-based smart card SEs for CP transactions.  If hardware-based security is the proven solution where fraud is lower, why would anyone expect the CNP scenario to not require something just as effective?

Read the full article...

Rippleshot Follows the Money to Pinpoint Fraud

By Joe Bush

Rippleshot Follows the Money to Pinpoint FraudNoticing through analysis that credit-card data stolen in breaches is often used over a long period of time, the founders of a Chicago-based antifraud startup decided to attack fraud by studying merchant data to find the original data breach source of fraudulent cards.

Rippleshot was founded in 2012 by Randal Cox, Lucas Ward, Cahn Tran and Yueyu Fu, each with more than 15 years in payments or big-data analytics. They think their approach will enable merchants and financial institutions to spot breaches earlier and reduce fraud at its source.

“When I talked to fraud departments in issuers and processors they said the same thing; these breaches can go on a really long time,” says Ward, the company’s COO. “Figuring out how long is a really difficult problem. Two or three years ago we were seeing these kind of breaches where people were stealing a bunch of cards on an ongoing basis and then laundering them in small lots for quite some time.

“It’s obviously accelerating now where they’re stealing larger and larger amounts of cards, and we’re seeing with our data 50 percent of the breaches are from Tier 3 and Tier 4 merchants, smaller, and they’re never getting caught.”

Rippleshot does not monitor network traffic, and it does not manage fraud, says Ward.

“We’re profiling the merchant’s network,” he says. “That’s what allows us to focus in on whether or not the fraud we’re seeing is related to an actual merchant. We can go down to the individual (POS) terminal level, which matters more for the brick and mortar. The locus of what we’re looking at is all about the terminal and not about the customer.”

Read the full article...

Who Speaks for Bitcoin?

By Joe Bush

Who Speaks for Bitcoin?The rise of bitcoin and other digital assets is nothing if not compelling, its origins as worthy of a feature film as Facebook’s. But will the ending of worldwide success be the same?

Early adopters of Bitcoin and other alternative currencies based in technology, like Ven and Ripple, have high aspirations. They see the potential of a decentralized currency to help the globe’s under-developed economies. They also see the potential of nearly fee-free online payment transactions as have investors and forward-thinking brands like DISH Network and There has, however, been scandal; and suspicion from government regulators around the world has followed each scandal.

These digital assets have at the least a perception problem, and before they can turn the payments world upside down, they need to show very important people in governments and business that they are on the level.

To tout the benefits of bitcoin in Washington and other world and economic capitols, they need lobbyists, and today, there are two associations to choose from to do the job. The Bitcoin Foundation is the most well-known, but it boasts as much infamy as fame:  members have been associated with the controversies involving Mt. Gox, Silk Road, and others. The bitcoin technology is sound and improving, tainted by association with some bad apples, and industry observers say the foundation’s mission is more focused on the development and maintenance of bitcoin’s open-source protocol than digital assets in general.

The second group could be a more likely candidate...

Read the full article...

Guest Perspective: The Future of Data Breaches

By Michael Hagen, CEO, IDchecker

Guest Perspective: The Future of Data BreachesWith the recent resignation of Target CEO Gregg Steinhafel, the story of the Target breach soon will probably fade away into darkness. Target will likely implement new anti-fraud services and spend millions of dollars on both hardware and software. I would say it will take a few years for customers to fully regain trust in the company, which will always be associated with “the big data breach” regardless that it was a third-party vendor responsible for the data compromises.

Will these measures prevent it from happening again? I don’t believe they will. This is not an article about Target; nor is Target the latest victim in a never-ending series of attacks aimed at separating customers from their hard-earned money. The fact of the matter is, attackers will always find their way into systems that offer a high enough reward—they will devote the resources to make it happen. One look at the anatomy of the attack on Target and you can see how determined the attackers are to make things work to their advantage.

With e-commerce growing year after year, breaches like this will happen more often. The public is aware of data breaches, yet at the moment there is little they can do to prevent them. Merchants ask their customers for all sorts of data and store it behind their own firewalls. They often think: the more data we have on our customers, the more value we create. This might be true on one hand, however on the other, they become valuable targets for fraudsters and hackers.

CardHub provides a fantastic all-in-one resource for fraud statistics, and I’d like to highlight some points:

  • Credit card and debit card fraud resulted in losses amounting to $11.27 billion during 2012.
  • In 2012, the U.S. accounted for 47.3 percent of the worldwide payment-card fraud losses, but generated only 23.5 percent of total volume.
  • Retailers incur $580.5 million in debit card fraud losses, and spend $6.47 billion annually on credit- and debit-card fraud prevention annually.

$6.47 billion is spent annually on fraud prevention and yet annual losses amount to $11.27 billion. This adds up to a cost of approximately $18 billion which makes me wonder if it is even worth storing personal data behind firewalls in this way. Perhaps we could store... 

Read the full article...

Guest Perspective: Playing Offense vs. Chargebacks

By Monica Eaton-Cardone, Co-Founder

‘Guest Perspective: Playing Offense vs. ChargebacksThe term “chargeback” has become anathema in the merchant community. Visa and MasterCard spearheaded the concept in an effort to eradicate the identity theft and fraud aimed at consumers that accompanied the growth of e-commerce. Successful consumer-education initiatives armed innocent consumers with a weapon that promised a defense against these crimes. But, the power to reverse charges made to their accounts provided consumers with a powerful offensive tool to use against merchants in battles over the proper exchange of goods and services.

Although this seemed like a great idea at the time, the subsequent abuse of the chargeback option has resulted in a friendly-fraud epidemic harming not only merchants, but the very consumers the programs were designed to help. An increase in disputes generated by friendly fraud equates to higher costs borne by merchants.

The most visible effects of friendly fraud are higher merchant fees and the loss of merchandise value from non-recovered products. Those effects deplete retail profit, causing merchants to increase retail prices in an effort to recoup their losses and, ultimately, the consumer pays the bill (Ironically, one of the drivers of friendly-fraud induced chargebacks is buyer’s remorse centered on price-points consumers consider “too high.” But, the more these types of chargebacks infiltrate the marketplace, the less likely prices will be reduced, leading to…more friendly fraud!).

While “friendly fraud” sounds innocuous, it’s actually insidious. For every $100 in chargebacks filed, the average merchant pays $270 in related costs. Also, Visa and MasterCard may levy fines or rescind a merchant’s ability to process credit or debit cards if their chargebacks exceed 1 percent of transactions in a given month. For e-commerce business owners, no credit-card processing means no business.

Read the full article...

Listen Up: Pindrop Security Uses Audio Technology to Fight Account Takeover Fraud

By Joe Bush

Listen Up: Pindrop Security Uses Audio Technology to Fight Account Takeover FraudThere is a man operating somewhere in northern Europe who makes approximately $1 million per month over the phone. A bad man.

He uses easily obtained personal information to take over accounts by fooling call-center personnel using what’s known as caller ID spoofing to commit phone fraud. It gets much less notoriety than security breaches like Target’s in late 2013, but phone-fraud detection company Pindrop Security’s research shows that phone fraud is real, growing and damaging.

“He’s a machine,” Pindrop Head of Marketing Matt Anthony says of the European fraudster. “He figures out all the answers to any potential knowledge-based authentication questions, he does it to four or five accounts at a time and then he hammers institutions. If someone tags him, he hangs up and dials again, and starts all over again.”

Anthony’s company fights this type of fraud with technology developed by co-founder and CEO Vijay A. Balasubramaniyan, whose PhD thesis in 2008 drew the attention of bank executives, who urged him to market it. The technology compares the unique sounds in a phone’s audio signal against a database to pinpoint location, whether the call is from a landline, cell phone or voice over internet protocol (VoIP), and even the type of operating system of the calling device.

Read the full article...

Guest Perspective: ‘Puzzling’ Developments in Fraud Automation and Manual Reviews

By Chris Logel, Regional Loss-Prevention Manager, Shoe Carnival

‘Puzzling’ Developments in Fraud Automation and 

Manual ReviewsLike the assembly line and the machine age before us, automation is the future of online sales and merchants that have not already automated their fraud decisioning should at least be exploring how. Every order—good and bad—leaves behind an invaluable trove of data that can be analyzed and compared to other similar orders to help automate accept or reject decisions on future orders. And, any merchant can leverage these pieces of data to solve the puzzle of rooting out fraudulent orders without holding up legitimate ones.

The first step in this process is to sub-categorize orders into different profiles such as high-dollar, moderate, low-dollar, mobile, overnight, etc. Different rule sets and decisions can mean different things to different order profiles. Analyze orders from different profiles; take a sampling of good orders, suspect orders and chargeback orders. Once you get a sizable amount of orders you will see similarities in all different profile rules. These rules and similarities can be used as identifiers to make decisions on your orders.

Remember, all of these footprints are meant to be viewed as positive signs as well as negative. This information is invaluable to determine accepted orders as well as rejected orders.

Take a common sense approach to interpreting these rules and orders, always keeping in mind how consumers act in the real world. For example, would the average person spend more money in shipping than the item costs? Look at these samples as if you were the customer. Learn your order flow so that you can make necessary adjustments during known peak times so that more orders flow through with less friction. You might even want to establish special “holiday” rules you can turn on and off as needed so that your analysis is consistent with the changes made on your site during those times.

Read the full article...

McIlroy Empowers E-Commerce Consumers Young and Old

By Joe Bush

Sarah McIlroy is engaging about engagement.

So strongly does she believe in the power of social media that she is building a second start-up around it, named, and is using crowdsource fundraising tool Kickstarter to help finance it.

McIlroy, who will deliver a keynote address at the 2014 CNP Expo on May 20, founded and ran FashionPlaytes from 2008 to 2013. The site, mainly targeted at girls aged 5 to 12, meshed crowdsourcing, sharing and e-commerce to attract more than 1 million users who spent 30 minutes on the site per visit and returned twice a week.

“I attribute much of the FashionPlaytes audience engagement to the vibrant, engaged voices of our girls—they kept content fresh by posting, sharing, commenting, and designing, giving the community a reason to come back,” says McIlroy. “They influenced our product decisions, often creating some of our best-selling graphics and garments, and we’re hoping to leverage much of this for EllaSole.”

Read the full article...

Guest Perspective: Surviving the Shifting Sands of Acquiring

By Ralph Bianco

Surviving the Shifting Sands of AcquiringDuring my 30-year career I’ve experienced payments from nearly every perspective—I’ve worked with card brands, issuers, acquirers and third-party processors for consumer, corporate and private label payment products. If this broad experience has taught me anything, it is to embrace and encourage change as a catalyst for innovation. Even I, however, am amazed at the accelerating pace of change in the past decade and what it can enable.

Several primary drivers are forcing payment companies—particularly acquirers—to think differently about their industry and their competition: the evolution of the Internet and consumer adoption of mobile devices.

The Internet has evolved from a collection of static Web pages and minimal interaction to today’s Web 2.0 characterized by dynamic page content, a high level of consumer interaction, the rise of social media and early stage mobile adoption. The evolution will continue with more sophisticated integration with mobile, new ways to interact, new business models and new disruptors. For payments, Web 3.0 means smarter artificial intelligence systems, location-based systems and data mining for better real-time purchase suggestions and more effective fraud tools.

Rapidly increasing mobile adoption will persuade more and more retailers to leverage transactional and social data, digital wallets and location-based services that support sophisticated incentive programs.

What Makes this so Relevant?

So, in light of this rapidly changing environment, what happens to acquirers? Acquiring is already the most complex part of the payment transaction. And, given the regulatory and compliance environment, processing complexity, and risk relative to where pricing is today it’s significantly underappreciated.

Read the full article...

Biometric Payments Online

By Tom Goldsmith,

Biometric Payments OnlineTwo-factor authentication has been the holy grail of online payment acceptance and processing from the appearance of the first e-commerce Web sites – and like the mythical grail, a workable system has been nearly impossible to find despite been many false trails.

The two-factor concept is based on the fundamentals of authentication. A customer can verify his or her identity three ways: using something the customer knows (password or pin), something she has (a card or some other physical token), or something he is (a physical characteristic, such as a fingerprint). Combining two of these factors for authentication vastly improves the accuracy and security of the process.

There is a downside, of course. Using two-factor authentication is slower and less convenient for customers and, especially in a card-not-present environment, can discourage customer spending.

For nearly a decade, researchers and technologists have focused attention on biometrics (something the user is) as the essential second factor for authenticating identities. After all, biometric characteristics are something the user always has easy access to, are difficult or impossible to counterfeit, and unique to the user. In some face-to-face transactions, we use a crude form of biometrics when we produce photo IDs to establish our identity. In highly secure facilities, fingerprints, palm prints, eye scans, voice recognition and similar biometrics have been employed for years.

Where online payment transactions are concerned, none of those techniques have been feasible to date, but the situation may be about to change...

Read the full article...

Guest Perspective: Explaining Omnichannel

By Liz Gulsvig, Forte Payment Systems

Explaining OmnichannelIf ever you have found yourself scrolling through retail news on your desktop, maybe on a lonely afternoon, a hint of caramel drizzle in your beard from the frothy macchiato you so carelessly sipped, office blinds tilted upwards, your wingtip oxfords from Allen Edmonds indenting the supple leather of your reception loveseat, you may have heard it. The latest buzzword, for the merchants out there that haven’t heard it, is omnichannel.

Omnichannel is a recent trend continuing to gain momentum in the retail space. With recent endeavors from Staples, Best Buy and others, it’s been dubbed the “future of digital commerce” by Forbes and has emerged as a requirement for retailers intending to move forward with a customer-driven focus.

Omnichannel is the seamless, integrated sales experience that unifies all channels: brick-and-mortar, e-commerce, mobile, catalogs, telephone, whatever. All of it.

When a retailer employs more than one channel, such as having a Website, a catalog and a physical store, they are considered multichannel. Omnichannel takes multichannel to the next level by integrating the channels, so the retail sales experience isn’t separated or choppy. The customer should experience a single view, even though they may be using multiple channels. There should be no interruption from channel to channel. Bill Davis describes the distinction in an article published this past fall on the Brick Meets Click blog: “In omnichannel, a retailer is working toward a 360-degree view of its customers’ purchases across all channels, in multichannel they’re just offering customers a selection of channels to choose between.”

Read the full article...

Brian Krebs: An Uncommon Interview

The world first heard about the Target security breach this December because of Brian Krebs. At the height of the Christmas shopping season, his work led to the disclosure that the retailing giant’s POS system had been hacked and had been feeding the payment-card information of millions of Target shoppers to cybercriminals for months. After following up the Target story by breaking the news that luxury retailer Neiman Marcus also had been penetrated, Krebs was named as the source in just about every early story concerning the breaches. He was first on these stories and his ensuing coverage detailing the hows and whys has been comprehensive.

The investigative journalist has been on the Internet- and network-security beat for a decade, with the Washington Post and on his own. Even before his December scoop, his KrebsOnSecurity blog had become an indispensable source for the timeliest and most accurate information on cybercrime and the threats it presents to consumers and businesses.

With interest concerning security—and the role it plays in card-not-present fraud—running extremely hot, securing Krebs as a keynote speaker at the CNP Expo in Orlando, Fla. this May was a coup. As a preview, D.J. Murphy, the editor-in-chief of, sat down with him recently and had him answer some questions instead of asking them. Our conversation ranged from Target and the lessons learned—or not learned—by retailers facing the threat of more breaches, to the differences between being compliant and being secure, and more.

Q&A with Brian Krebs: The First Word in Security

Brian Krebs: An Uncommon You occupy an unusual space in journalism. Coming from a mass media outlet, you moved to a very specialized one that provides real intel for security professionals, but that also informs consumers concerned about the security of their personal information. Who benefits more from your writing, consumers or business professionals?

Brian Krebs: It's a mix of both and I strive to create a balance. Even if I did nothing but these merchant breach stories, these are stories that affect merchants and they affect businesses. But, everybody carries credit cards and everybody shops at retailers. Sometime the message for consumers seems like a broken record: don't reuse passwords, try to use your credit card instead of your debit card, keep an eye on your credit report. But, you really can't talk about it enough. I know you've broken big stories in the past. But, do you consider the Target breach the most significant story you've broken?

BK: It's not a unique story. We've seen these big retail breaches before and we've seen the fallout from it. In the past, nothing really changed. Somebody got fined, somebody paid a lot of money. But, I think the Target story has gotten legs for a number of reasons. The biggest is, there are a lot of people in law enforcement, in the response community and in the intelligence community who are getting all kinds of indicators that this is not a single incident. There are multiple groups perpetrating these breaches and they have hit a ridiculous number of merchants.

Read the full article...

Smartphone + Cloud Storage = Payment Security

By Greg Gresh, CEO of ZNAP North America

Smartphone + Cloud Storage = Payment Security With millions of consumers exposed to the threat of identity theft by recent data breaches at Target and Neiman Marcus, the debate about how to solve payment security problems in the U.S. continues. The outcry from concerned citizens has even prompted the government to consider regulatory action: lawmakers at a Senate Judiciary Committee hearing on the breaches recommended establishing a federal standard requiring business to notify customers more promptly in the event of a breach. As far as preventing these incidents in the first place, Target said it will upgrade the point-of-sale terminals at all of its U.S. stores by the end of 2014. The updated terminals will be compatible with EMV card technology, a more secure payment card system that is widespread in Europe. But making the switch is expensive for retailers—Target estimates its price tag around $50 million—and, more importantly, may not solve the problem.

In many cases, hackers gain access to consumer data via point-of-sale (POS) systems, which manage the terminals where information is transmitted from customer to retailer via credit or debit card. These systems are often where hackers and thieves strike. For example, PayPal president David Marcus (who uses an EMV chip card) recently speculated that he was a victim of “skimming” during a visit to the UK after which thieves used his credit card information to make fraudulent charges. Skimmers typically steal information at the point of sale using a card reader or keypad overlay that transmits data to hackers, and as David Marcus illustrates, are not thwarted by EMV security.

Read the full article...

Bitcoin: Bubble to Bedrock? - Part IV

A case could be made that Bitcoin—its rise and fall and rise again—was the payments story of 2013. But in the early stages of 2014, the debate had shifted from volatility and concerns of illegal activity to merchant acceptance and consumer adoption. The demise of the world’s largest Bitcoin exchange, however, brought dormant concerns back to life. Recently, embarked on a three-part series on Bitcoin and its spasmodic progress toward legitimacy. The Mt. Gox meltdown, which happened in the interim, obliges us to extend the series. So, in the spirit of author Douglas Adams, we present Part IV of our trilogy:  a look at recent upheaval and whether Bitcoin is undergoing an existential crisis or a bump in the road toward greater adoption.

Part IV – So Long and Thanks for All the Bitcoin?

By D.J. Murphy, Editor-in-Chief,

Bitcoin: Bubble to Bedrock? - Part 4When this series of articles was conceived nearly two months ago, the environment surrounding Bitcoin was somewhat different than it is now. Mt. Gox’s difficulties were coming to light, but the complete havoc was weeks in the future. Much of the news at the end of 2013 and into 2014 was about the increasing ranks of online retailers willing to accept Bitcoin, despite the publicity around black-market Website Silk Road that trafficked in illegal products paid for by Bitcoins, which was shut down by law enforcement in September. With online discounter leading the way, Bitcoin was beginning to make inroads in repairing a public perception that tended to characterize the cryptocurrency as a refuge for outlaws.

If you are a fledgling currency, however, and your largest exchange stops trading, shuts down, admits to actions that could only be construed as gross incompetence or outright fraud and declares bankruptcy, hard-won stability tends to vanish quickly.

In one sense, it might seem that Bitcoin is back to square one. Elected officials and law enforcement sensing an opportunity are making noises about the current and future legality of the currency. Countries all over the world and many U.S. states are considering regulatory and statutory limits on Bitcoin. And consumers just don’t know what to think.

But, Bitcoin infrastructure and funding in Bitcoin startups is significantly farther along than it was even last fall when the Silk Road debacle cast a temporary shadow on the budding payment method. Powerful financial interests like Internet pioneer Mark Andreesen continue to back Bitcoin companies and the number of ventures trying to leverage the cryptocurrency’s growing popularity are surging.

So, have the events of the past few months—especially the loss or theft of around 850,000 Bitcoins (7 percent of the world’s supply)—irrevocably shaken the faith Bitcoin was painstakingly building? Or has that faith translated into an environment that can shake off Mt. Gox simply as growing pains?

Read the full article...

Crashing Waves: Security Breaches, Fraud Detection and What’s Next for CNP - Part III presents a three-part series stemming from a conversation with industry executives about the recent spate of massive security breaches that have exposed the payment-card information of more than 40 million U.S. consumers. The breach did not occur in a vacuum—there were warning signs. And, the story is not over. While news from Target, Neiman Marcus and Michael’s is devastating, the next 18 months could be worse. And, beyond that are even more waves that will rock the CNP industry. Part III of the series looks at the post- EMV landscape in the U.S. The POS may be protected, but the storm in CNP has just begun.

Part III – The Next Wave

By D.J. Murphy, Editor-in-Chief,

Crashing Waves: Security Breaches, Fraud Detection and What’s Next for CNP - Part IIIThe spate of recent security breaches—in addition to creating headlines no business wants to deal with—has been an unmitigated disaster for retailers, card issuers and service providers up and down the payments value chain. Just about every one of them can point to real financial impact from the events that began unfolding in the last year and continue to threaten them into 2014.

Under the network mandates, after the liability shift for EMV comes along in October, 2015, the hope is news of this sort will slow down and the pressure on many of those companies will ease somewhat. But, for merchants that accept card-not-present payments and the companies that support them, the forecast could be not only continued unsettled conditions, but a full-on storm to rival what the industry at large just went through.

In Part II of this series we looked at the next 18 months and the prospect that the security breaches of recent months could become even more frequent as fraudsters race to gather information at the POS before the EMV standard becomes prevalent in the U.S. But, then what?

Read the full article...

Bitcoin: Bubble to Bedrock? - Part III

A case could be made that Bitcoin—its rise and fall and rise again—was the payments story of 2013. But in the early stages of 2014, the debate has shifted. While attention still is being paid to its volatility as an investment, increasingly, the focus is on merchant acceptance and navigating what could be a thorny regulatory environment (though recent events may introduce significant turmoil into the Bitcoin ecosystem that could claw back some of the hard-won gains in positive perception from the past few months). presents a three-part series on Bitcoin and its spasmodic progress toward legitimacy. In Part III, we look at the merchants that have already made the decision to accept Bitcoin. Why are they taking part in this unproven experiment at this stage?

Part III - ‘The Question We Asked is Why Wouldn't We?’

By Katie Flood

Bitcoin: Bubble to Bedrock? - Part IILike any currency, Bitcoin is valuable because people agree to value it. Unlike most currencies, however, Bitcoin has been around for only five years, is unregulated and unbacked by any government, and has no tangible, physical form. At this stage of the game, even the most optimistic Bitcoin enthusiasts acknowledge that it is a risk. So why would a business accept Bitcoin before it becomes . . . well . . . accepted?

One of the largest and most prominent Bitcoin adopters is online discount retailer, which began accepting the currency in January 2014. Director of Communications Judd Bagley says that for their company, adopting Bitcoin was partly a philosophical decision. CEO Patrick Byrne sees Bitcoin as having some of the virtues of gold, and he wanted to show support for a currency that is not government-controlled but rather peer-to-peer, with a mathematical limit to the amount in circulation. Accepting Bitcoin also makes business sense: As a discount merchant, has only about a 2 percent profit margin on items they sell, so credit-card processing fees are a significant cost. Bitcoin transactions allow the company to avoid these fees. At this point, is immediately converting its Bitcoin back into dollars through Coinbase, since its suppliers do not accept the currency. Though Bagley declined to give a number, he assured us that the exchange rate with Coinbase is “quite a bit less” than the fees credit card companies charge.

Read the full article...

Guest Perspective: Unlocking the Riddle of Cardholder Authentication—Mobile Payments Opens the Way

By Bill Clark, President and CEO, Spindle

Unlocking the Riddle of Cardholder Authentication—Mobile Payments Opens the Way It used to be that the consumer signature was the primary authentication tool used at point-of-sale. You transacted a purchase by card, you signed a slip of paper, and the clerk matched your signature, on the spot, with the one on the back of your card, thus authenticating your identity. Have you—or has anyone you know—made such a purchase lately? Most clerks don’t even look at your signature, let alone match it to the scribble on the back of the card. Instead, they sometimes ask consumers to present a driver’s license for identification during the transaction; and, in some cases, CVV numbers are even being asked for at point-of-sale. It’s all in an effort to ensure a cardholder’s identity, which is a process more easily and flexibly handled on a secure mobile payments platform.

Authenticate the Cardholder, Not Just the Card

Today, there is a growing concern among merchants that the need to improve authentication is paramount, but the extra steps they seem to be taking are hardly airtight measures for reliably verifying consumer identity. In reality, such market-wide inconsistency and basic lack of procedural discipline in authentication has rendered credit-card purchases nearly as non-restrictive and unprotected as regular cash purchases, with no one effectively verifying that the true cardholder is the person who is actually present and holding the card.

Read the full article...

Crashing Waves: Security Breaches, Fraud Detection and What’s Next for CNP - Part II presents a three-part series stemming from a conversation with industry executives about the recent spate of massive security breaches that have exposed the payment-card information of more than 40 million U.S. consumers. The breach did not occur in a vacuum—there were warning signs. And, the story is not over. While news from Target, Neiman Marcus and Michael’s is devastating, the next 18 months could be worse. And, beyond that are even more waves that will rock the CNP industry. Part II of the series examines what’s in store for the next year and a half and what’s driving a continued spike in card-not-present fraud attempts.

Part II – EMV a Culprit in Breaches?

By D.J. Murphy, Editor-in-Chief,

Crashing Waves: Security Breaches, Fraud Detection and What’s Next for CNP - Part IIA few weeks after we flipped the calendar to 2014, while security still dominated the headlines, the FBI quietly circulated a report among retailers warning them to prepare for the worst. The law enforcement agency said attacks like the ones disclosed in December (and subsequent intrusions at arts-and-crafts retailer Michael’s and White Lodging Services, a hotel management company that runs Hilton, Marriott, Sheraton and Westin hotel properties nationwide) “will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it.” The FBI estimated in the report that there are at least 20 undisclosed security breaches funneling data into the hands of cybercriminals waiting to profit from it.

In Part I of this series, we detailed how an antifraud technology provider was able to see sharply growing amounts of fraudulent transaction attempts on its e-commerce merchants that indicated the availability of high-quality stolen payment-card information flooding the black market. While they did not know the source of the information, this turned out to coincide with the massive breaches at Target and Neiman Marcus. And, when news of the FBI report became public, fraud and risk-management executives were not surprised by the headline number.

Read the full article...

Bitcoin: Bubble to Bedrock? - Part II

A case could be made that Bitcoin—its rise and fall and rise again—was the payments story of 2013. But in the early stages of 2014, the debate has shifted. While attention still is being paid to its volatility as an investment, increasingly, the focus is on merchant acceptance and navigating what could be a thorny regulatory environment. presents a three-part series on Bitcoin and its spasmodic progress toward legitimacy. In Part II, we look at efforts to change the perception of Bitcoin from outlaw currency to trusted medium of online exchange. Some companies are betting big on Bitcoin, what are they doing to allay the fears of consumers and regulators?

Part II – Putting a Shady Past in the Rearview Mirror

By Carl Brown

Bitcoin: Bubble to Bedrock? - Part IIDespite some recent slippage in traction related to illicit activity and concerns that it has little or no regulation, Bitcoin appears to be making slow progress toward becoming a legitimate digital currency. Several businesses are convinced that this is the universal currency of the future that happens to be experiencing growing pains right now.

One of those businesses is BitPay, an Atlanta-based startup founded in May 2011 that’s providing infrastructure for the virtual money. The company announced in December it had processed more than $100 million in transactions in 2013. BitPay handles transactions for approximately 14,000 companies across 200 countries, with about half of those firms located in the United States.

Bringing legitimacy to the Bitcoin world is going to take time, concedes Stephanie Wargo, BitPay's vice president of marketing.

Read the full article...

Buy Now! Converting Shoppers to Buyers and Buyers into Sales

By Tom Goldsmith

Race between Technologies Clouds Future of Mobile Payment Nearly every online merchant has experienced the frustration of seeing how little Web site traffic actually translates into sales. The trick, of course, is to convert the curious browser into a shopper, the shopper into a buyer and a buyer into a completed sale.

Merchants spend a tremendous amount of energy and resources to the art of transforming browsers into shoppers and then into buyers. There are many ways to do that, and they’re typically familiar and well-tested. Friendly site navigation, sparkling marketing copy and great customer service will take a merchant so far, but getting a buyer to complete a sale requires an entirely different strategy.

Ralph Dangelmaier, CEO of Waltham, Mass.-based BlueSnap, which bills itself as “a smarter payment gateway,” says that while the statistics on buyer conversion aren’t very good, in part because it’s difficult to separate true buyers from window shoppers, the challenge is real. And, he views his company’s mission to help merchants tackle it.

Read the full article...

Crashing Waves: Security Breaches, Fraud Detection and What’s Next for CNP - Part I presents a three-part series stemming from a conversation with industry executives about the recent spate of massive security breaches that have exposed the payment-card information of more than 40 million U.S. consumers. The breach did not occur in a vacuum—there were warning signs. And, the story is not over. While news from Target, Neiman Marcus and Michael’s is devastating, the next 18 months could be worse. And, beyond that are even more waves that will rock the CNP industry. Part I of the series will examine the increase in fraudulent activity in advance of the breach disclosures—what some knew, when they knew it and how they came by the information.

Part I – The Storm before the Calm

By D.J. Murphy, Editor-in-Chief,

Crashing Waves: Security Breaches, Fraud Detection and What’s Next for CNP - Part IWhen news of the Target security breach first reached the ears of the public, it confirmed rumors that many in the security community were hearing and what Boise, Idaho-based antifraud technology provider Kount had been seeing for months. There had been a huge uptick in e-commerce transactions the company was able to identify as fraud, but that were utilizing very high-quality information that would confound most fraud filters and rules-based engines. As they moved into the holiday season, what Kount was seeing made it apparent that a huge breach had occurred. They weren’t, however, able to identify where the tsunami of data causing these fraudulent transactions were coming from, just that their merchant clients were at risk.

Read the full article...

Bitcoin: Bubble to Bedrock? - Part I

A case could be made that Bitcoin—it’s rise and fall and rise again—was the payments story of 2013. But in the early stages of 2014, the debate has shifted. While attention still is being paid to its volatility as an investment, increasingly, the focus is on merchant acceptance and navigating what could be a thorny regulatory environment. presents a three-part series on Bitcoin and its spasmodic progress toward legitimacy. In Part I, we present a pessimistic view that has endured despite the hype. Will Bitcoin’s volatile changes in value hinder its effectiveness as an online currency?

Part I - Determining the Value of Bitcoin as Currency

A Editorial

Bitcoin: Bubble to Bedrock? - Part IAlthough Bitcoin is primarily a form of currency, providing a source of value used as a medium of exchange within a transaction, people have a number of interests in Bitcoin that extend beyond this use.  However, for the card-not-present payments industry, the question is can we extract the value of Bitcoin that comes from these secondary uses of the product, subsequently allowing an analysis of Bitcoin’s value that is derived purely from its use in monetary transactions?

Beyond payments, Bitcoin has two major sources of value.  The first is as an investment.  Speculation in currency is certainly nothing new, but the rapid rises and crashes in the price of a Bitcoin has made this a particularly interesting investment.  Recently, Bitcoin hit an all-time high, each selling at just over $1,200.  When compared to its value only 12 months ago—under $15—it is easy to see why Bitcoin’s investment potential has garnered such attention.  However, while it is certainly possible to argue that this increase in price is based on Bitcoin’s value as currency for payment, is interested in the source of that value, not the result.  Whether or not buying and holding Bitcoins is a sound investment is irrelevant to us and to the e-commerce industry in general.  Rather, we are focused on the value of buying and using Bitcoins.

Read the full article...

Race Between Technologies Clouds Future of Mobile Payment

By Patrick Peterson,

Race Between Technologies Clouds Future of Mobile PaymentThe competition has narrowed between quick-response (QR) codes and near field communication (NFC) chips. Many retailers expect a winner to emerge and claim a majority of the market enabling consumers to use their smartphones to make purchases. But the winner might not arise quickly and might not arise at all, because neither technology seems to have a clear advantage in the contest.

"There is so much disruption and uncertainty that (merchants) don't want to spend a dime developing into one of these because it could be a completely wasted effort," said Marc Castrechini, director of software development for Merchant Warehouse, a Boston company that provides payment systems for online and brick-and-mortar retailers.

Read the full article...

Q&A with Nuno Sebastiao, CEO, Feedzai

Q&A with Nuno Sebastiao, CEO, FeedzaiAs a supplier of cutting-edge fraud prevention technology to the payments ecosystem, Nuno Sebastiao, CEO of Feedzai, has been front and center as the industry begins to leverage mobile technology to evolve past the traditional credit-card/banking infrastructure.

Feedzai is riding the wave of Big Data, providing fraud protection to retailers and payment providers based on the real-time processing of exponentially increasing volumes of data. The San Mateo, Calif.-based company’s technology creates consumer profiles based on a constantly updated transaction and information history that can be compared to each new transaction.

Experts and observers like to talk about “disruption.” From his ringside seat, Sebastiao says it looks more like evolution. Regardless, it’s change. Merchants have been increasingly adversarial with the card networks and issuing banks because they feel the costs of card acceptance are spiraling out of control.

Read the full article...

Escardgot: Leading the Charge for Universal Cards

By D.J. Murphy, Editor-in-Chief,

Escardgot: Leading the Charge for Universal CardsAs mobile wallets continue to evolve—and as what were formerly considered breakthrough technologies fail to gain traction as quickly as hoped—pundits and opinion makers are beginning to ask, “what consumer problem do they really solve?”. For everyone who believes it just isn’t that hard to pull a card out of a real wallet, a new movement has begun to take shape: the introduction of universal cards. The cards combine a form factor with which consumers are incredibly comfortable and the ability to access several payment methods and/or loyalty cards in one device.

Read the full article...

Riskified: Fraud Free, Guaranteed

By Katie Flood

Riskified Fraud Free, Guaranteed When the founders of Riskified, an Israel-based risk management company, sat down to work out their business model, their goal was to achieve safer, more profitable e-commerce for their merchant clients. According to co-founder Eido Gal, they realized that merchants are losing money on card transactions in three ways: through chargebacks, declining good sales, and the expense of their anti-fraud system itself, whether external or in-house. Gal recalls that these profit-loss points “were the points we envisioned [addressing] when we started Riskified and how we decided on our business model: To be the turnkey solution that takes the transactions and approves or declines them, and guarantees transactions that we approve.

Read the full article...

What's in Store for 2014?

Predictions2014 As the calendar turns over yet again and we near the middle of the decade, the issues surrounding the card-not-present space continue to evolve. Mobile payments, security breaches and the continuing shift to true omnichannel experiences continue be top of mind for CNP merchants and the companies that serve them. We’ve invited several of our readers, including retailers and service providers, to make predictions or pass along their thoughts about the coming year. What issues will dominate the list of concerns for those engaged in the CNP payments space? Our experts tell us what’s on their mind.

Read the full article...

Contact Solutions: From IVR to Antifraud

A mountain of data enables new line of business for call-center company

By Katie Flood

Michael Boustridge “Operator...operator...OPERATOR!” If you’ve ever found yourself on a phone call to customer service that sounded like this, you’re not alone. Many inept interactive voice response (IVR) systems leave frustrated customers begging to speak with a real person who can solve their problem. Such phone calls represent a huge cost to companies, both because they have to pay customer service agents to handle them, and because many customers choose to drop their company altogether out of frustration with poor service.

Enter Contact Solutions, whose aim is to help businesses provide such excellent self-guided service that their customers never feel the need to talk to an operator. Over the last ten years, their IVR platform has provided billions of calls to their clients. They also recently launched My: Time™, a mobile customer care solution that allows customers to access a business’s customer service from their mobile devices at their convenience and in the manner of their choosing, whether by voice, text, email, photo or even video.

Read the full article...

Guest Perspective: Peak Preparation

By Coby Montoya, Associate Manager, Americas Risk, PayPal

Peak PreparationHaving worked in e-commerce for 10 years now, I find myself using the word “peak” more often than “Christmas” or “the holidays” to describe the time between Thanksgiving and Christmas. Retailers—offline and online—make the bulk of their sales during this short time frame. Whenever I browse articles about e-commerce peak preparation, they tend to focus on the threat of fraud and reminding e-tailers not to let their guard down because the fraudsters are sneaking in with the good customers. I think this is the wrong message. Ecommerce companies need to do the opposite. Let your guard down but in a calculated way.

Read the full article...

Cortex MCP: Connecting Merchants and Consumers in New Ways with Mobile

By D.J. Murphy, Editor-in-Chief,

phoneIn March of 2013, veterans of the payments industry brought Cortex MCP, a mobile payments technology provider, out of stealth mode with a platform it intends to use to “flip commerce on its head.” Co-founders Shaunt Sarkissian, the company’s CEO, CTO Michael Arner, and Rob Stringer, vice president of product development, hail from mPOS pioneer ROAM Data and credit their experience in payments at the physical point of sale with providing them a holistic understanding of payments they say many executives running mobile wallet companies lack.

“In the mobile wallet space I think there are a ton of people who come from other verticals who might not understand the intricacies and interconnectedness of the payments space,” says Sarkissian, who also spent time at CyberSource and founded Sarkcom Corporation, whose patents form the basis of Cortex’s platform.

As a result, he says, there is a disconnect between the available technology and what merchants and consumers actually need it to do.

Read the full article...

EmailAge: Leveraging Email Addresses to Reduce Fraud

Accertify Partnership Shows Way Forward for Phoenix Company

By D.J. Murphy, Editor-in-Chief,

EmailAgeNot quite two years ago, Rei Carvalho and several other founders—a group with deep experience in payments and fraud mitigation—sensed an opportunity in the space to attack card-not-present fraud using a data point that nearly every consumer has, but no company yet had leveraged: email. They developed a proprietary algorithm for evaluating an online identity based on the email address a consumer provides when making a purchase at an e-commerce site or filling out a loan application and used it to launch EmailAge. The company—entirely self-funded—decided to focus on analyzing email addresses because, in many cases, they are more closely tied to an individual than a phone number and no one else was doing it, according to EmailAge CEO Carvalho.

“There are lots of tools out there to validate a physical address, telephone and SSN numbers or device ID, but the one thing that’s common to everyone is an email address,” he says. “There wasn’t anything in the marketplace that did a good job of validating or verifying the credibility of that email address. Our customers are finding that analyzing email addresses is a very effective way of identifying potential fraud and are using our solution as an additional layer of security to help reduce their overall fraud risk.”

Read the full article...

Guest Perspective: Who Can You Trust in Retail Transactions?

Establishing a new standard of trust in the digital age

By Ori Eisen, Chief Innovation Officer, 41st Parameter & TrustInsight, a part of Experian

Ori EisenThe world is dominated by digital. Consumers have grown accustomed to the convenience of technology and are addicted to the devices that provide every day necessities and on-demand entertainment right at their fingertips. Meanwhile businesses are struggling with how to move quickly and adapt to this digital revolution while maintaining safe business practices. Today, more than half of all U.S. consumers use smartphones, and have become increasingly comfortable using all kinds of devices for a wide range of activities like purchasing their morning latte, transferring funds into their savings account, booking travel and even purchasing big-ticket items. Banks and retailers know that offering their services digitally—especially through mobile—is becoming the primary way to foster closer ties with their customers.

But still, there remains a common (and tenuous) thread in the digital world that enables peace-of-mind for legitimate transactions between consumers, banks and retailers: trust. Trust is much easier to establish in the offline world where consumers are recognizable and goods are transferred physically, but extremely difficult to replicate in the digital world.

Read the full article...

The Card-Acceptance Conundrum: ISO or Gateway?

Where Do Growing CNP Merchants Turn for Merchant Services?

By Staff

conundrumEvery day, many small merchants reach a tipping point. They’ve outgrown their current method for accepting payment and it’s time to figure out how to accept major credit cards. For many merchants—especially online entrepreneurs—figuring out how to take that next step is a challenge.

“A small merchant is focused on building a business, getting customers, creating products,” says John Rante, chairman and CEO of BluePay Processing, a company that focuses on technology-driven payment solutions. “They’re often surprised at the all the things they have to consider when they reach the point where they’ve outgrown the micro-payment or third-party solutions like PayPal, or Square.”

One of the first considerations for most merchants is cost, but paying for card processing services shouldn’t be a road block.

Read the full article...

Guest Perspective: Avoiding the Five Fatal Mistakes of Mobile Payment Systems

The secret to earning wide acceptance by consumers and merchants

By David Pipe, Chief Marketing Officer, MPayMe

Five Fatal MistakesOne of the great things about my career for the past 20 years is that I get to travel the world. This has provided me a unique perspective on the developing landscape allowing consumers to make financial transactions with their smartphones. I’ve noticed the same five mistakes are being made in multiple markets around the world.

Virtually all competitors in the space are moving in the wrong direction. The five mistakes are: limiting the function only to payments, using single-channel solutions, trying to replace the consumer's wallet, not looking beyond retail and missing international opportunities.

A significant amount of money is being invested and these investments could be put at risk by the five mistakes, which are easy to avoid by expanding your company's view of the market and broadening your goals.

Read the full article...

Report: 93% of Online Merchants Experience Cross-Border Profitability

By D.J. Murphy, Editor-in-Chief,

Payvision/ SurveyAs the Internet evolved into a selling tool, its potential to allow retailers to reach international markets they never before thought of selling into became apparent. The ultimate promise of e-commerce became a world without borders. In reality, there’s no such thing. Differences in currency, culture, communication and regulation make operating an e-commerce business across borders daunting. But, the opportunity to sell their goods and services to new markets made up of billions of potential new customers can make navigating those challenges worth the effort.

A new report based on a recent survey describes the current environment facing cross-border aspirants in each of the major regions worldwide and confirmed the notion that, for companies that make the leap, cross-border e-commerce is very profitable. Dutch PSP Payvision partnered with to poll nearly 500 online merchants, acquirers, MSPs, ISOs and PSPs to gauge their experiences and perceptions about cross-border e-commerce. Significantly, half of the survey’s merchant respondents already engage in cross-border e-commerce. And, for more than 93 percent of those merchants, the strategy has proven profitable. In addition to the headline number, the paper’s analysis concluded that the road to cross-border e-commerce profitability depends on partnering with a global acquirer.

Read the full article...

Taking Account Takeover Protection to the Next Level

By Garient Evans, Director of Identity Risk Solutions, ID Analytics

GTSA consumer’s email address, phone number and home address associated with their credit-card account just changed in your processing system. Did the consumer initiate the request or did a criminal just take over their account?

Account takeover is a persistent issue that costs companies millions each year. It will continue to grow with the proliferation of publicly available personal information, the increasing number of data breaches and an increasing number of online black markets for private data. Moreover, the increased adoption of EMV payment technolo­gies intended to thwart card-present fraud at the point of sale is expected to actually accelerate the migration of fraud activities towards exploiting weaknesses associated with a company’s e-commerce and other self-service offerings.

With more fraudsters determined to commit account takeover, and a growing availability of sensitive data to perpetrate the crime, organizations are looking for ways to shore up the gaps in their account takeover defenses.

Read the full article...

Why MCX Should Focus on CNP, Not POS editorial

MCXMany of the problems that stalled the Google and Isis mobile payment solutions still exist, and likely will affect MCX.  Particularly significant, merchants are generally not yet equipped with the hardware necessary to accept mobile payments at the POS.  These merchants are willing to support the technology, but don’t have the (relatively expensive) equipment necessary to do so.  Also, very few consumers are actively seeking an alternative to card-based payments at the POS.  This means that even though the technology is useful to consumers, it will take a significant amount of work to convince them to adopt it.

At the POS, these problems are significant enough to potentially derail the program.  However, both of these problems are easily overcome if MCX decides to initially focus on card-not-present (CNP) e-commerce solutions. In addition to avoiding these problems, focusing on CNP transactions would offer a number of unique opportunities for MCX and the merchants that implement its solution.

Read the full article...

Report: Fraud Rates Declining but Cost of Fraud Growing

By D.J. Murphy, Editor-in-Chief,

While fraud as a share of revenue is declining, its cost to merchants—especially online and mobile merchants—continues to rise, according to a new report from antifraud technology provider LexisNexis Risk Solutions. Rather than simply total up the replacement costs of goods lost to fraudsters, for the past five years, LexisNexis and its research partner Javelin Strategy and Research have tried to assess the full range of costs involved when merchants fall victim to fraud.


In 2013, for every dollar lost to fraud, it cost merchants $2.79, up from $2.69 last year and $2.32 in 2011. For online merchants, however, every $1 in fraud cost $3.10—a frightening thought for fraud and risk managers who have seen fraud in other countries explode in card-not-present channels after they implemented EMV, which the U.S. is on course to do in the next few years. As Jim Van Dyke, CEO of Javelin, puts it: “So, the space that’s been hit the hardest is going to actually get hit harder yet in the next year or two.”

Read the full article...

Guest Perspective: Who Really Needs Visa and MasterCard? (Reprise)

By Ralph Bianco, Payments Industry Veteran

Ralph BiancoAs a senior vice president at MasterCard in the late ‘90s and early aughts, I had a ringside seat for the rapid and significant consolidation of U.S. financial institutions and payment processors. At the time, to create a sense of urgency within the company and a call to action in response to the rapid changes in the payments industry, I wrote a thought piece titled “Who Needs MasterCard?” In it, I wondered if MasterCard was really focused enough on the underlying business and the opportunities and challenges that our ever-changing environment presents.

More than a decade later, we continue to bear witness to change in the industry, whether it’s driven by new technology, consumer demand, competition or regulation. Whatever the reason, change is continuous, but my question from all those years ago still stands (albeit from a different perspective). Are the card brands responding effectively and appropriately to a changing environment?

In a new era, with new challenges and new opportunities, the question is no longer “who needs MasterCard?” It’s “who needs MasterCard or Visa?” To be clear, I am not suggesting that no one actually needs these payment brands. Over the years I have worked for and/or very closely with MasterCard and Visa. I have the highest regard for their products, capabilities, brand strength and global reach. I am suggesting there is some value in looking at these institutions in light of the current business environment, from a global perspective and within the context of the worldwide and real-time processing capabilities that exist today.

Read the full article...

Avoiding Whack-a-Mole: How to Stay Ahead of Online Gaming Fraudsters

By Katie Flood, staff

whackamoleIn most massively multiplayer online role-playing games, players pay to maintain an account and they may also pay to purchase currency within the game, which typically comes in the form of points, coins, skills, power, or weaponry. Most gaming companies offer a free-to-play option for beginners, but to create an ongoing game or to advance within the game, players must sign up for a paid account. Gaming merchants’ revenue thus depends on consumers’ interest in playing the game and their willingness to purchase currency within the game in order to progress.

So, when it comes to risk management and fraud prevention for the companies that create and run online games, practices that degrade the game pose as much of a threat as those that scam gamers. Bert Wolters is director of Risk and Fraud Mitigation at Adyen, an online payment solutions company that works with a number of online gaming companies. Wolters recalls one client whose game was invaded by Chinese hackers who were intermittently shouting “Buy Viagra!” at other users over their headsets. This sort of in-game spam is a serious problem, Wolters explains, because “we want to give players true, immersive experiences in the game, not trashy spam.” Most users aren’t going to put up with this random screaming for long, and once they leave the game, it’s hard to bring them back.

Read the full article...

Cracking the Cashless Vending Code: Telkey Solutions

By D.J. Murphy, Editor-in-Chief,

vending machineBefore 2007, Swedish mobile payments company Telkey Solutions was nothing more than a few patent applications and an idea to enable consumers to use their mobile phones to make purchases at vending machines, car washes, laundromats and a host of other self-service machines and kiosks. Founders of the company, based in the Stockholm suburb of Täby, had a notion that devices equipped with NFC would be widely available in a few short years, but “we were way too early,” according to CEO Niklas Magnusson.

Luckily, the company’s patent pending technology didn’t (and still doesn’t) rely solely on NFC to transmit information between devices. Telkey, and its CoinCode product, can use a number of mobile technologies—including SMS, Bluetooth or WiFi—for its mobile temporary access codes (mTAC) to work in the coin-operated machine space. Magnusson says, while it was early days for mobile payments, the vending industry in Sweden at the time was ready for CoinCode becauseconsumers were beginning to pay for transit using SMS. Awareness that you could use your phone to pay for things was growing. And, the company offered an easy hardware upgrade for machine operators. Simply installing an inexpensive PIN pad on the machine enabled it to accept payments via text message.

Read the full article...

Shopify Simplifies Credit-Card Acceptance for E-Commerce Merchants

By D.J. Murphy, Editor-in-Chief,

Louis KearnsSince its inception as an e-commerce platform in 2006, Shopify’s goal has been to make the experience of selling online simpler for its merchants. On Monday, the Canadian company launched Shopify Payments, which integrates credit-card acceptance directly into the platform. So, a merchant that builds its online store using Shopify no longer has to outsource the payment function to a third party. Tightly integrating payments into its e-commerce platform has been a goal of Shopify’s for some time, according to Louis Kearns, director of payments at Shopify.

“It was always something that our founders and executive team had in the back of their mind to provide a better overall payment experience to our customers,” Kearns tells “As Shopify grew, we were trying to make commerce simpler and better across the board. Payments is just one of those things our customers expect to be taken care of for them when they create a Shopify account.”

To accomplish the integration and ease the headache for their merchants of applying for merchant accounts or setting up their own gateways, Shopify had to become a Payment Service Provider (PSP) with its own banking and processing relationships.

Read the full article...

Guest Perspective: Integrating NFC and the Cloud in a Mobile Commerce World

By Robert Martin, Ph.D., Senior Vice President and General Manager, Attended Merchant Solutions, Apriva

Rob MartinThroughout the history of technology, there have been significant debates between opposing factions advocating a particular philosophy or approach—be it hardware- or software-based—as the be-all and end-all solution for that particular market. In the mobile commerce space, the perceived need to back a victor seems to be just as passionate. In one corner are the supporters of NFC (Near Field Communication). They support the idea of keeping payment credentials stored in a secure element on the device, and fervently believe this technology offers merchants and consumers the best possible option to accelerate adoption rates among retailers, merchant services providers and consumers.

On the other side of the equation sits the pro-cloud crowd. They are equally supportive of their approach to mobile commerce and can offer up very compelling proof points in terms of flexibility, ease of deployment, and lower operating costs. But, while each side makes a strong case, there really shouldn’t be any debate at all.

Read the full article...

Mobile Fraud: Basic Data Still in Short Supply

By Staff

Mobile Survey 2013While users of mobile devices routinely express concern over the security of mobile payments, the data that might confirm or alleviate their fears is tough to come by.

Security experts and even the Federal Trade Commission (FTC) have issued warnings and offered up various likely fraud scenarios, from intercepted Web traffic to stolen phones. And, although experts are trying to get a handle on the level of payments fraud committed using mobile devices, right now that’s difficult if not impossible.

“The truth is that most merchants don't have the ability to determine whether a given transaction originates on a mobile device,” says David Montague, president and lead consultant with The Fraud Practice, based in Sarasota, Fla. “That makes it very difficult to identify what, if any, trends might be surfacing with regard to mobile payments fraud.”

Read the full article...

Bitcoin: Speculative Investing Fad or Real E-Commerce value?

By D.J. Murphy, Editor-in-Chief

bitcoinLast week, over an astonishing few days, the exchange rate for Bitcoin, the decentralized virtual currency that had been enjoying a run up in value for several months, went crazy. So crazy, in fact, that comedian Stephen Colbert devoted an entire segment to the issue on his Comedy Central show on Wednesday night, entering Bitcoin in the mainstream pop-culture zeitgeist.

Read the full article...

Staples Velocity Lab: Ideation to Innovation at Warp Speed

By D.J. Murphy, Editor-in-Chief,

Staples Velocity LabYou may not know it, but Staples, the big-box office-supplies chain that introduced us to the “easy button,” is an e-commerce juggernaut. In fact, the company ranked second on the most recent Internet Retailer list of the top 500 U.S. e-commerce retailers, trailing only in online sales. But, as focused as Staples is on reaching customers through the online channel, sales in its brick-and-mortar locations still account for 60 percent of its total sales revenue.

That relative balance means the company believes it is uniquely positioned to understand and leverage all of its assets—technological and traditional—in omnichannel efforts that are beginning to define retailing.

Read the full article...

MasterCard’s Digital Wallet Reaches Next Stage of Evolution with MasterPass

By D.J. Murphy, Editor-in-Chief,

MasterPassAt the recent Mobile World Congress summit in Barcelona, MasterCard unveiled the next generation of its digital wallet. The company has rebranded its PayPass Wallet Services as MasterPass and enhanced the service to give merchants a flexible way to offer the omnichannel shopping experience they want to deliver to consumers, according to Ed Olebe, group head of MasterPass Services for MasterCard.

Olebe calls MasterPass an evolution of PayPass Wallet that saw the service morph from a wallet enabling e-commerce or in-store checkout to a service that looks at digital commerce “more holistically.” He notes a dichotomy that emerged between MasterCard’s merchant partners and issuer partners that were leveraging PayPass Wallet.

Read the full article...

Guest Perspective: The Future of Payments - We Need a Paradigm Shift

By Bill Deichler, Manager, Payment Methods, Murphy Oil USA

Cutting Credit Card CostsWe are all very familiar with the history of plastic for payments—first credit and then debit cards. Historically payment cards were a financial institution play to help merchants expand both the frequency and the amount of its customers’ purchases. It has rolled along pretty smoothly for a number of decades.Then came the rapid increase in product pricing (interchange)—especially in the petroleum sector—and the cost of those card purchases grew to unacceptable levels.

To handle this unfair expense, merchants, one of the most entrepreneurial segments of our economy, went begging for regulation. And they got it. But, now where are we? It's time to reimagine the cost structure of the payments world and it looks like it will be up to merchants to lead this effort.

Read the full article... Brings Women in Payments Together

By D.J. Murphy, Editor-in-Chief,

W.netOnly a few days after a massive blizzard blanketed the northeast United States with up to three feet of snow, a group of professionals navigated the partially plowed streets of Boston to mark the expansion of an organization dedicated to supporting women working in the electronic payments industry. (Women Networking in Electronic Transactions) was founded in 2005 to give women working in the male-dominated payments workforce access to and support from highly successful trailblazing women who had come before them.

The networking group runs what it calls LINC (Local Interest Network Circle) events in seven geographical regions where payments professionals can gather in person to socialize, network and inspire each other in an environment they might not experience on a daily basis. Since the organization’s genesis, LINCs have sprung up in Atlanta, Chicago, New York, Northern California, Phoenix and Texas.

Read the full article...

After the Dust Settles: N.J. Fraud Ring Raises Questions for Acquirers, Merchants

By D.J. Murphy, Editor-in-Chief,

U.S. Attorney Alan FishmanWhen news broke recently about a massive credit-card fraud ring based in New Jersey, the headlines screamed about the $200 million in losses that U.S. Attorney Paul J. Fishman said could grow as knowledge of the extent of the sophisticated scams grew. Instead of targeting consumers and buying big-ticket items with stolen credit card information, however, the 18 men charged in federal court mostly defrauded financial institutions, getting tens of thousands of credit cards issued to more than 7,000 false identities.

Even more problematic, the thieves allegedly created dozens of completely fictitious businesses that were able to receive merchant accounts and card-acceptance capability, highlighting what some in the industry are calling “woefully inadequate” underwriting coupled with market conditions in which shrinking margins are ratcheting up the pressure to onboard merchants quickly.

Read the full article...

George PeabodyGuest Perspective: Another Run at 3-D Secure and Issuer Liability in E-commerce

By George Peabody, Payments Innovation Road Trip

Recently, I spoke with Mark Nelsen, Visa's head of risk and authentication product development, who is responsible for the new Visa Consumer Authentication Service (VCAS). Announced November 26, it is a service targeted toward issuers but, in my view, the larger potential beneficiaries are the e-commerce and m-commerce merchants, although some integration work will be required on their part to take advantage of the service. A skeptic might call VCAS "son of 3-D Secure." It appears to be a big improvement, though, on its parent's shortcomings.

Read the full article...

Ring in the New: CNP Ruminations for 2013

2013 PredictionsAs 2012 has given way to 2013 we at thought it was time to turn some space over to the many constituencies that comprise our readership. The priorities, challenges and opportunities for the year ahead vary widely for the merchants taking card-not-present payments and the medley of service providers that support them. We’ve invited several of them to make predictions or pass along their thoughts about the coming year. What issues will dominate the list of concerns for those engaged in the CNP payments space? What’s in store for e-commerce and mobile payments in 2013? Our experts tell us what’s on their mind. 

Read the full article...

Multi-Channel Retailing Ushers in New ERA for D2C Marketers

  By D.J. Murphy, Editor-in-Chief

Affinity Oversees Evolution of Card-Linked Offers

By D.J. Murphy, Editor-in-Chief

FreeMonee Makes 2013 the ‘Year of the Gift’

Optional Language Choice: Spanish Spanish | French French

By D.J. Murphy, Editor-in-Chief

WhitePages PRO Taps Phone Data and More to Identify CNP Fraud

Optional Language Choice: Spanish Spanish | French French

By D.J. Murphy, Editor-in-Chief

FICO Identifies Growing Threat of CNP Fraud 

By D.J. Murphy, Editor-in-Chief

Merchant Groups Aiming to Speed up Process in Interchange Settlement Battle

Objecting merchants can sign on with unusual move

By D.J. Murphy, Editor-in-Chief

The Devilish Details of the Interchange Settlement Proposal: What’s a Merchant to Do?

By D.J. Murphy, Editor-in-Chief

Semafone Turns CNP Industry’s Attention Back to the Telephone

Optional Language Choice: Spanish Spanish | French French

By D.J. Murphy, Editor-in-Chief

MeS Acquisition Driven by Technology not Geography

By D.J. Murphy, Editor-in-Chief

Q&A with Adyen’s Roelant Prins and Peter Caparso

Optional Language Choice: Spanish Spanish | French French

By D.J. Murphy, Editor-in-Chief

GlobalCollect Eyes Expansion in Latin America

Optional Language Choice: Spanish Spanish | French French

By D.J. Murphy, Editor-in-Chief

Dwolla Provides Fast Access to Cash at Low Cost

Optional Language Choice: SpanishSpanish | FrenchFrench

By D.J. Murphy, Editor-in-Chief

Chase Paymentech Eyes Holistic Approach, Mobile

Optional Language Choice: SpanishSpanish | FrenchFrench

Moving Beyond the Device: Three-part Executive Summary

Optional Language Choice: SpanishSpanish | FrenchFrench

Moving Beyond the Device: Three-part Executive Summary

Optional Language Choice: SpanishSpanish | FrenchFrench

Moving Beyond the Device: Three-part Executive Summary

Optional Language Choice: SpanishSpanish | FrenchFrench

ThreatMetrix: Fighting Fraud with Device Identification

Optional Language Choice: Spanish Spanish | French French

Special Feature: Post-Durbin Winners and Losers

Optional Language Choice: Spanish Spanish | French French

Think Locally, Act Globally

Optional Language Choice: Spanish Spanish | French French

Fraud Management Solutions, Buy Versus Build, a Case Study

Optional Language Choice: Spanish Spanish | French French

Digital River Puts Wealth of E-Commerce Experience to Work

Optional Language Choice: Spanish Spanish | French French

Accertify Leverages American Express’s Global Reach

Optional Language Choice: Spanish Spanish | French French

Kount 'Quietly Doing the Laundry'

Optional Language Choice: Spanish Spanish | French French

CNP Meets Brick-and-Mortar with AisleBuyer

Optional Language Choice: Spanish Spanish | French French

The CNP Spotlight – Retail Decisions

Optional Language Choice: Spanish Spanish | French French

Secure Remote Payment Council Finishes Year One

Optional Language Choice: Spanish Spanish | French French

PCI and Tokenization: Are Either the Answer for E-Commerce Merchants?

Optional Language Choice: Spanish Spanish | French French

Protecting Customer Data from Internal and External Threats

Optional Language Choice: Spanish Spanish | French French

Does Durbin’s Debit Deal Really Help CNP Merchants?

Optional Language Choice: Spanish Spanish | French French

Reducing Chargebacks through Effective Billing Descriptors

Optional Language Choice: Spanish Spanish | French French

Is My Business Generating Enough Chargebacks?

Optional Language Choice: Spanish Spanish | French French







Leverage all our platforms—, the CNP Report, the CNP Expo, dedicated email blasts and more—to effectively build your brand and communicate your key message

Download our Media Kit




Stay up to date regarding upcoming events in the CNP universe

View the calendar