Posted July 25, 2016 by FreedomPay

The ABC’s of Payment Security

Every day we swipe our credit cards at gas pumps, grocery stores, or other kiosks to purchase products or services. Unfortunately, hackers can break into this technology to steal personal information during the payment transaction.

To safeguard the consumer’s personal information against theft, payment security solutions have matured, and now use data encryption during the transaction process. This newer form of technology has expanded so quickly, in fact, that many of the important industry acronyms and terms need clarification.

Today, merchants need to secure their payment environments; however, navigating the complex payment security landscape requires a basic foundation of how the system works. That’s why we will detail many of the most important terms you need to understand. You’ll quickly gain a foundation for understanding payment security.

Securing payment transactions requires maintaining compliance with the payment card industry (PCI) security standards. These standards protect card information during and after the transaction. Vendors must establish and maintain a secure network. Within the network, cardholder data needs to be secure and protected against hackers trying to steal valuable credit card information.

Keeping the payment systems and applications secure requires regular anti-virus updating and maintenance. Merchants need to limit access and use control measures that restrict access to cardholder data. Unique IDs must be assigned to each person who can access cardholder data. The network needs consistent monitoring and testing to ensure the systems and processes remain secure. All access to the cardholder data and network resources needs to be tracked and monitored. Merchants must maintain an information security policy to keep cardholder data secure.

A point-of-sale solution called point-to-point (P2PE) encrypts data from the point-of-interaction (POI), for example, the card swipe, until the data reaches the secure decryption environment. This means even if somebody managed to “intercept” your information before its final destination, they would only get gibberish.

Point-of-Interaction (POI) payment devices should meet SRED (Secure Read and Exchange of Data) and PTS (PIN Transaction Security) standards. Ideal systems also offer a validated decryption environment that utilizes a PCI SSC (Payment Card Industry Security Standards Council) approved Hardware Security Module (HSM), as well as a secure distribution channel to ensure chain-of-custody is maintained. Finally, a P2PE Instruction Manual (PIM) that guides the merchant on POI device use, storage, return for repairs and regular PCI report is essential.

Another solution for securing cardholder data, in addition to end-to-end encryption, is called tokenization. This solution replaces the primary account numbers (PAN) with a surrogate value called a token. The reverse process to redeem a token is called de-tokenization. With this solution, it’s not feasible to determine the original PAN knowing only the surrogate value. The tokens within the merchant applications and systems may not necessarily require the same level of security protection associated with the use of PANs. Because tokens are stored instead of PANs, the amount of cardholder data is reduced, ultimately reducing the merchant’s Payment Card Industry (PCI) Data Security Standards (DSS) requirements.

A smart card, called EMV, stores the data on magnetic strips and integrated circuits. EMV represents EuroPay, MasterCard, and Visa. The user physically inserts the card into a reader. These payment cards are often referred to as “Chip and Signature” cards, or “Chip and PIN” depending on the authentication method used by the card issuer. Chip and Pin requires the PIN code at the end of the transaction. This EMV-enabled hardware communicates with the credit card’s processor chip to determine authentication. Chip and Signature cards require a signature to validate the user’s identity.

Another set of communication protocols that enable smartphones or other mobile devices to transmit data is called near-field communication (NFC). This allows two electronic devices to communicate within four cm of each other. These protocols enable payments via smartphones using solutions like Apple Pay and Samsung Pay.

To help a merchant determine what needs to be done to become PCI compliant, a merchant can take the Self-Assessment Questionnaire (SAQ) and submit it to the acquiring bank. This way, an expert can help identify any requirements that are missing.

Payment industry protocols change very quickly. Understanding some of the common payment security language helps merchants eliminate confusion and begin to demystify some of the new payment security criteria so they’ll know what questions to ask to help their customers.

FreedomPay is an industry leader in payment solutions: experts who can help you build a solid foundation for understanding payment security. Visit FreedomPay online or contact us today to find out how we help merchants solve all their payment needs!

Posted July 21, 2016 by FreedomPay

Mobile Phones as Money: The Rise of NFC Payments

The telephone has come a long way within 140 years, since Alexander Graham Bell first rang his assistant with the immortal words, “Mr. Watson, come here, I want to see you”. The invention of the phone, has since been shrunk down to fit into the palm of one’s hands, and equipped with more computing power than NASA used to send Apollo 11 to the moon. Today, people use their mobile devices to navigate through cities, connect to the internet, watch their favorite movies and catch Pokemon characters. But with the advent of contactless payment technology, the telephone is now causing a seismic shift in that which forms the bedrock of commerce itself… money.

Contactless payment uses near-field communication (NFC) technology, which allows two devices, like a phone and a reader, to communicate with one another. A customer, need only to hold up a phone an inch from the reader to purchase anything from coffee to clothing. Transactions are lightning fast, but best of all, more secure than traditional payment methods. FreedomPay is a company that has emerged as a leader in the data encryption that makes contactless payment more secure.

Over the past several years, FreedomPay has provided merchants with secure transaction solutions through Point-to-Point encryption (P2PE) services. In fact, the company was the first in the United States certified in this cutting-edge encryption by the PCI Council. FreedomPay has pioneered everything from cashless solutions to mobile payments, virtual and remote terminals, payment processing, intelligent analysis, routing of promotions, incentives, and customer relationship management services. Simply put, FreedomPay allows retailers to serve their customers with the most scientifically advanced transaction technology available.

iSC480-applepay-retail-ss342667361 Shield

American consumers are quickly taking advantage of contactless payment methods enabled by NFC. The “My Starbucks Rewards” loyalty program, which utilizes mobile payment, grew 28% between 2014 and 2015, and has amassed more than 10 million members. Starbucks estimates that these shoppers account for 30% of all business in North America, and enjoy faster service along with perks like free drinks.

Speed and unmatched security are the two biggest features driving the adoption of mobile payment. Deloitte predicts the number of NFC-enabled devices used for making in-store payment will rise steadily in the medium term. American Express finds that contactless transactions are 63% faster than cash, and 53% faster than credit card payments.

What makes a NFC transaction more secure than a traditional credit card payment is that a customer’s mobile device sends a unique code (called a token) to the merchant’s NFC-enabled reader. The actual credit card number is never sent, so in the event of a security breach, a hacker would only acquire useless alphanumeric code.

Everyday, the number of customers using mobile payments continue to grow, and in time, will become the preferred method of transaction. FreedomPay’s Commerce Platform integrates payments, incentives, and loyalty programs within a retailer Point-of-Sale system, with no new hardware required. It can even target special offers directly to a customer’s phone, while they’re shopping. The future of currency is here. Contact FreedomPay to discover how our transaction solutions can prepare your business for today’s new money.

Posted July 12, 2016 by FreedomPay

The Future of Campus Security

College campuses are known as places where diverse cultures meet and a melting pot of information and experiences are shared. Included in this melting pot of diversity are the different credit cards that thousands of students, faculty, staff, alumni, and guests use every day.  Protecting the sensitive financial information of credit card users on campus is an essential aspect of campus security and failure to detect a cyber financial threat could yield harsh consequences for the less cautious of schools. Choosing a different solution for each payment type can appear to be a daunting task due to the wide variety of payment options on campus.  However, if an integrated and ubiquitous payment system like the FreedomPay Commerce Platform were integrated onto your campus, campus payment security could be centralized and more focused. 

Customers going through a university book store

Vanderbilt University is a perfect example of how implementing an advanced secure commerce platform with EMV, NFC, and PCI-validated P2PE can promise top-tier protection,cut financial fraud, and reduce the scope for PCI DSS compliance. By installing validated P2PE(Point-to-Point Encryption) payment terminals across campus, Vanderbilt is investing in thefuture of their security, allowing students, staff, and guests to pay securely without compromising their financial integrity. They state, “The solution was well planned by FreedomPay and tested in advance.  We did a self-install with remote support from FreedomPay.  When we encountered a challenge during the implementation, FreedomPay worked with CBORD and pushed out an update to resolve the issue.” 

It’s hard to overstate the importance of PCI-validated P2PE systems. The PCI Council urges the deployment of validated P2PE solutions if high-level payment security is a priority. P2PE is essential because it encrypts card data, leaving its content useless to would-be hackers,while it travels from the merchant’s system through the transaction cycle (King, March 2016). Another point to be considered is the importance of deploying payment devices with NFC support for the mobile wallets that more students are becoming familiar with. Deloitte predicts that “… the volume of NFC-smartphone transactions and the range of spend value to increase steadily over time as consumers become more familiar with the process, and more banks and merchants in more markets accept this form of transaction” (Deloitte, 2015). With an increase in usage of mobile wallets, millions of more instances of cyber fraud will occur and security will be more important than ever. Because of this looming financial threat, creditors are pressuring banks to enforce penalties on colleges that don’t comply with certain security standards (Mills-Senn, 2015).  

With the threat of penalties and the potential disaster of cyber fraud, campuses have never needed to focus on credit card security more than they do now. Most campuses payment systems and “security” designs are outdated and susceptible to hackers. The intelligent admin understands that investing in their campus’s future can only be achieved if their students’ future is secure. By investing in a ubiquitous and centralized payment security system with FreedomPay, credit card breaches will be the last thing you worry about as an admin.  

Posted July 05, 2016 by FreedomPay

FreedomPay: Experts in Point-to-Point Encryption (P2PE)

To steal credit card information, thieves once used the imprint of credit cards from the carbon copies they dug out of the trash. Technology has given way to a whole new kind of credit-card theft. FreedomPay provides retailers with a whole new kind of credit-card security.
16042227002_1d00e0771d_bFrom Kmart and Dairy Queen to Home Depot and Amazon, retailers of all kinds and sizes have fallen victim to the large-scale theft of customer credit card information.  Today, there are lots of points where card data can be exposed as it travels through a retailer’s systems and networks. Hackers use malware and other techniques to steal this data and sell it for use in card-not-present and online fraud.

To protect against theft of credit card data being stolen from retail networks, P2PE—Point-to-Point Encryption—scrambles card data from the moment it enters your payment device all the way through the transaction cycle. This means it’s unreadable and useless to anyone without the proper key to decrypt it. P2PE secures the original data, and if this data is stolen in transit, makes it very difficult for criminals to do anything with it. P2PE thus devalues cardholder data stolen from retailer systems, significantly offsetting the impact of large-scale database breaches.

When implemented in conjunction with the use of EMV chip cards at the physical point-of-sale, and tokenization for protecting stored data, PCI-validated P2PE provides the best protection for your customers’ data.

With over a decade of experience in commerce technology, FreedomPay has pioneered the innovation of transaction solutions, including payment security, rewards, and customer-loyalty services.

FreedomPay’s P2PE solution—fully audited and validated according to the PCI Security Standards—supports traditional and emerging payments technologies like EMV, and integrates into point-of-sale systems and payment processors. With the coveted PCI validation, merchants employing the FreedomPay P2PE solution can reduce their scope for PCI compliance and can conduct their business with the assurance that no cardholder data flows through their systems.

To learn more about how FreedomPay can help PCI compliance and other details, visit our website at https://corporate.freedompay.com/.