Intrix Blog: OpenSSL Heartbleed bug does not affect Intrix

By Suzanne Coleman, CTO

April 9, 2014

It was announced this week that a major vulnerability has been identified in some versions of OpenSSL, and this vulnerability can result in leaking data over what were thought to be secure connections.  A Security Advisory issued by the OpenSSL Project can be found at: https://www.openssl.org/news/secadv_20140407.txt

I ntrix Technology does not use any of the affected versions of OpenSSL in the Intrix Payment Gateway, or in its entry point software (for example, the Intrix Virtual Terminal, the Intrix Hosted Payment Solution, the Intrix SOAP API).  Intrix TranScend software does not use any of the affected versions of OpenSSL.  Since Intrix does not use the affected versions of OpenSSL, this vulnerability does not affect Intrix customers when using Intrix systems.

Other vendors’ software may contain this vulnerability, and there are unconfirmed reports that some Yahoo passwords have been obtained by exploiting this vulnerability.  So, what should you do?

If you use any system that connects to another system using SSL (secure socket layer), and is used to process or transmit any data that is considered sensitive, you should contact the vendor and ask if they are vulnerable to this bug.  If they are, they should already have a remediation plan that they can provide to you.

Additional information:

OpenSSL is an opensource toolkit commonly used by application makers when needing to provide Secure Socket Layer (SSL) connections. SSL connections are used when 2 computers or systems need to communicate via the internet in a secure manner.  URLs that start with HTTPS (notice the “s”) are secure “SSL encrypted” connections between your browser and the site to which you are connected.  The connections are made secure by encryption, and it is the encryption library that has the bug.  For more information on what OpenSSL is and how SSL works, there are many references available, including this site at DigiCert: https://www.digicert.com/ssl.htm.

A variety of sources are providing information about the HeartBleed.  As always, one should verify the source of the information before taking action based on that information.   One such source of information is http://heartbleed.com/.

Intrix Technology considers security our top priority.  Upon learning of this issue, Intrix immediately verified all products to ensure that Intrix environments and products are secure.

FacebookLinkedInGoogle BookmarksTwitterRedditBookmark/FavoritesShare/Bookmark

Intrix Blog: Digital Transactions Opinion Piece: “The Time is Now for EMV”

By Jeffrey Connors
February 21, 2014

There’s been a lot of buzz regarding the onset of EMV in the U.S. payments infrastructure.  As a matter of fact, we at Intrix blogged about it a couple of months ago in an effort to keep our merchants informed about the technology and what they will need to do to prepare.  And so I was delighted to see a very insightful opinion piece entitled “The Time is Now for EMV” in the January issue of Digital Transactions. The piece, by Erik Vlugt of VeriFone Systems, Inc., advises that merchants should start getting ready now.

He says, “The 2015 EMV liability shift may appear to be a concern for the future; but in reality merchants needs to have EMV on their agenda right now.”

He goes on to say, “As with other emerging standards, technology, and trends, EMV will be met with some skepticism.  But sooner rather than later, merchants must come to the realization that EMV is unavoidable and will ultimately lead to a much more secure payments ecosystem.

“And merchants that choose to procrastinate may find themselves unable to absorb the liability they will be exposed to after 2015”

To that, we’re in total agreement.   Intrix embraces the move to EMV as an added measure of security and protection for all of us in payments.

You can read the entire article here.

Intrix Blog: Let Private Sector Deal with Fraud: Another View

By Jeffrey Connor, CEO
January 20, 2014

The industry is best positioned to address criminal tactics, says Jason Oxman, CEO of the Electronic Transactions Association, in a recent opinion piece in USA Today.   We agree with Jason.  At Intrix, we’re already taking steps to address the constantly shifting tactics of criminals.

Let us know what you think about the article.

Intrix Blog: QSR SmartChain: “Perplexed by Payments”

By Jeffrey Connors, CEO
November 26, 2013

lock.and.cardPaul Gereffi from QSR magazine recently interviewed me for the November SmartChain section about PCI Compliance and Merchant Solutions. The article focuses on the latest in payment processing and PCI Compliance technology and solutions for the quick service and casual dining business.  Paul and I focused on EMV and how they will affect merchants.

 

Here is an excerpt of the interview:

There are many issues regarding the onset of EMV into the U.S. payments infrastructure that have yet to be fully understood, says Jeffrey Connors, chairman and CEO of Intrix Technology. While proponents tout that EMV technology could potentially result in the reduction in counterfeit cards, increased security of online payment transactions with real-time transaction approval, lower charge-back costs, and the possibility of reduced PCI compliance costs, there is an initial cost for those implementing the system.

“Some of these changes give me pause for concern,” Connors says. “Operators are intensely concerned about costs, especially if consumers aren’t demanding it, but two different card systems can’t stay.”

The affected parties each have differing concerns. Consumers are mostly concerned about convenience and only feel the impact of EMV technology when they travel overseas and, sometimes, can’t use their cards unless they have the chip. Merchants chafe at the expense of having to buy new terminals. Technology providers have to build new protocols to support chip technology. Processors want to limit their risk and benefit the most from it, so it’s natural for them to drive the switch aggressively.
Merchants, however, might very well be content with the current system, and there seems an innate resistance to change, especially by American consumers and retailers. Processors need to do a better job of selling the benefits of the new technology, Connors says.

“They want to be sure it’s a better system, and so far there’s been a communications gap,” he says. “Some question the timing and sense of urgency. Providers need to do more to communicate the benefits to merchants to increase their trust that this will help them.”

Probably the greatest advantage is that it’s virtually impossible to create a successful counterfeit EMV card. An EMV card’s security credentials are encoded by the card issuer at personalization, stored securely in the EMV card’s chip, and cannot be accessed by unauthorized parties. As a result, the cards help prevent card skimming and card cloning, one of the common ways magnetic stripe cards are compromised and used for fraudulent activity, Connors says.

Further, the liability shift from the processor to the merchant might be what ultimately drives the change. This could result in substantial penalties for fraudulent transactions on non-EMV compliant terminals.

For Intrix, the adoption of EMV chip cards means their processing payment platforms were mandated to have the capability to accept EMV payment transactions earlier in 2013. Their EMV roadmap includes adding support in the Intrix Payment Gateway in order to process the additional data that is included in chip transactions, including the cryptographic message that makes each transaction unique. On the Merchant Services side, Intrix offers EMV-enabled POS terminals, and Intrix is working to make EMV a smooth transition for their acquirers and their merchants. Moving full speed ahead, Intrix embraces the move to EMV as an added measure of security and protection for all in the payments industry.

“Our industry has to win the trust and communications battle with merchants and increase their credibility with customers,” Connors says. “EMV technology is going to be the standard and will be better for everyone in the long run.”

* This excerpt was posted with permission from QSR® magazine.

Intrix Blog: CNP Report says U.S. CNP Fraud Growth Accelerating, Promises to Get Worse with EMV

By Jeffrey Connors

While one of the greatest advantages of EMV is that it is virtually impossible to create a successful counterfeit EMV card, it does little for card-not-present (CNP) fraud.

As EMV moves into the U.S. payments infrastructure, CNP fraud is one of the issues that have yet to be fully understood.  CardNotPresent.com’s CNP Report has an interesting article on what’s going on in this area.  The stats show the growth rate of card-not-present fraud in the U.S. was nearly double that of counterfeit fraud in the last 20 months, and that’s before the coming EMV migration threatens to siphon even more fraud to CNP channels.  Interesting.

Here’s the article: 

credit-cardsThe growth rate of card-not-present fraud in the U.S. was nearly double that of counterfeit fraud in the last 20 months, and that’s before the coming EMV migration threatens to siphon even more fraud to CNP channels, according to data and analytics firm FICO. The San Jose, Calif.-based company that pioneered consumer credit risk scores said the companies in its Falcon Fraud Manager Consortium showed a 25 percent bump in card-not-present fraud between January 2011 and September 2012, while fraudulent transactions using counterfeit cards at physical locations grew by 14 percent.

“CNP transactions are very convenient for consumers, but CNP fraud can be especially complicated to combat,” said T.J. Horan, vice president of global fraud solutions at FICO. And, he continued, “as EMV standards get implemented in the U.S., we know that fraud will migrate as it has done in other regions of the world.”

The FICO numbers confirm a trend seen in other research: that card-not-present fraud is on the rise. Experts also agree that attention to this area of fraud needs to ramp up considerably given the experience of other countries that have migrated to the EMV card standard. In just about every geography where EMV has been introduced, fraudsters have turned to the card-not-present channel, where detection becomes more difficult.

As Jim Van Dyke, CEO of Javelin Strategy & Research put it in a recent interview with CardNotPresent.com: “So, the space that’s been hit the hardest is going to actually get hit harder yet in the next year or two.”

Blog: EMV is Coming—Is Your Business Ready?

By Suzanne Coleman
August 27, 2013

I was recently reading Gennifer Biggs piece in Business Solutions  about how VARs can benefit from EMV adoption when it struck me that there are many issues regarding the onset of EMV into the US payments infrastructure that have yet to be ironed out and/or fully understood.

The term EMV,emv-card which stands for Europay, MasterCard and Visa, refers to a global standard of authentication for credit and debit card transactions.  It is defined as a “set of specifications for smart-card payments and acceptance devices, developed to ensure interoperability between chip-based payment cards and terminals.”  Most of Europe, Mexico, Brazil, and Japan accept chip and PIN cards today, and another 50 countries are in the midst of migrating. While 45% of the payment cards in circulation and 76% of global POS terminals accept EMV payments, the U.S. is still preparing for the switch.  As Biggs points out, we need to understand that EMV is coming, and it’s not optional. The impact of EMV on card-present fraud rates in Europe has been startling.  While card-present fraud used to be far higher in Europe than in the US, this is no longer true  In Canada, debit card losses are at their lowest rates since 2003, due largely to the adoption of EMV.

Why the Change?

EMV is moving us from magnetic stripe cards to more intelligent devices such as integrated circuit or “chip cards.” There are four key reasons for making this change:

  • Reduction in counterfeit cards
  • Increased security of online payment transactions
  • Lower chargeback costs
  • Potentially reduced PCI compliance costs

EMV cardholders will be able to use their cards at any EMV-compatible payment terminal, easing global travel concerns. EMV technology also supports enhanced cardholder verification methods, which increases the security of online payment transactions.

The greatest advantage, however, is that it’s virtually impossible to create a successful counterfeit EMV card. An EMV card’s security credentials are encoded by the card issuer at personalization, stored securely in the EMV card’s chip and cannot be accessed by unauthorized parties. As a result, the cards help prevent card skimming and card cloning, one of the common ways magnetic stripe cards are compromised and used for fraudulent activity.

For Intrix, the adoption of EMV chip cards means our processing payment platforms were mandated to have the capability to accept EMV payment transactions earlier this year.  Our EMV roadmap includes adding support in the Intrix Payment Gateway in order to process the additional data that is included in chip transactions including the cryptographic message that makes each transaction unique.  On the Merchant Services side, Intrix offers EMV-enabled POS terminals today.  Intrix is working to make EMV a smooth transition for our acquirers and their merchants.  Moving full-speed ahead, Intrix embraces the move to EMV as an added measure of security and protection for all of us in the payments.

In the coming months, Intrix will keep our merchants informed about this technology and what they will need to do to prepare. In the meantime, if you have questions regarding the EMV Smartcard, please contact us at 877-440-1306, or fill out our form online.

About Suzanne

Suzanne Coleman, Director of IT at Intrix Technology, is a payments industry veteran, having run development, IT and Operations for payment processing systems and gateways for more than 10 years.  Prior to Intrix, Suzanne was COO at Maas Global Solutions.  Prior to that, Suzanne was Director of Application Development at First Data Corp for a number of years, working primarily on the First Data Global Gateway.  Prior to moving to the payments industry, Suzanne led engineering organizations at Hewlett Packard, TransAmerica and other companies, in a variety of markets including systems management solutions, real estate information systems, and others.

Blog – The “Gift of Giving”—5 Reasons to Embrace Gift Cards

By Phillip Head

July 10, 2013

Considering the positive effects on top-line sales and customer loyalty, gift cards have become a staple among major retailers.  However, many small to midsized merchants have not capitalized on the explosive growth of these cards.

Gift and loyalty cards are reusable, stored-value cards that allow merchants an electronic alternative to paper certificates.  They are an easy, cost-effective way to help increase your business and reward your best customers.gift-card

According to CEB The TowerGroup’s seventh annual gift card report, the gift card market passed the $100 billion mark at the end of 2012, with predictions of sales exceeding $138 billion by the year 2015.   This growth alone is enough to whet the appetite of merchants, but industry analysts stress that gift cards have other benefits that are even more impactful to a merchant’s long-term business.  Experts point to the following five payoffs:

  • Gift cards can be a recommendation.

Popular destinations for gift cards include the bigger players – department stores and  electronics stores – but some of the most popular places are bookstores, restaurants  and coffee shops. For local shops, the purchase of a gift card can be one customer’s way of recommending your business to a friend.

  • Offering gift cards can lead to more business.

A gift card can bring a new or repeat consumer into your store on more than one occasion, and a positive experience can lead to that gift card recipient coming back after the card has been exhausted.

  • Gift cards are excellent marketing.

If a customer has a branded gift card in their wallet, they’ll see your logo every time they reach for money. It’s hard to argue with quality brand placement like that!

  • Choice is king.

More often than not, people are looking for value.  A gift card not only allows the recipient the ability to choose what they ultimately receive, but also affords them the   opportunity to make the dollars given last longer by shopping at the right times..

  • Gift-card redemptions often further add to retailers’ coffers.

It’s awfully hard to spend exactly $15 or $25 on items. The TowerGroup estimates that more than a third of gift-card purchases go over the face value of the card, with the average overage 133% of stored value.

Gift cards have become so prevalent that it is now essential for retailers of all sizes to offer the option.  Customers expect you to have gift cards and if you don’t you risk a lost sale.

At Intrix, we have partnered with several specialists in gift and loyalty card services to provide our merchants with outstanding expert advice and support. Because we only form business relationships with companies that provide the same top-quality merchant support that we do, you can feel confident that your gift and loyalty card programs will be managed with high levels of professionalism.

Through our alliances with these specialists, we can help you set up a gift and/or loyalty card program that fits your business and your budget. You can choose from standard, pre-designed cards customized with your business name, or design your own cards and displays with your branding, logos and more. And we’ll help you set up an overall marketing program which may include displays, presentation envelops and other accessories.

We’re here to Help

So how do you get started? It’s easy — just contact us at 720-977-2002 and we’ll help you begin offering gift cards today.

Visa’s Chargeback Changes—The Good News for Merchants

By Jesse Beaty

June 5, 2013

In the world of payments processing, chargebacks are something every merchant has to be prepared for—whether you are taking mobile payments or accepting payments online.  If a customer disputes a charge with their bank they are reimbursed the money immediately.  It’s then left up to you, the business, to fight to get your money back by proving the transaction was valid.

As of April 2013, however, Visa has made some important chargeback rule changes—changes that are good news for merchants.  The changes have two key goals in mind:

·         Reduce unnecessary chargebacks and documentation requirements

·         Reduce merchant fraud management costs

The Changes to Chargebacks

Specifically, fraud chargebacks will NOT be permitted by Visa on transactions that have been electronically read – that is swiped, dipped in or waved past a card reader.  Visa will also eliminate the requirement for card issuers to ask merchants for a copy of the receipt when a cardholder disputes a transaction.

Below is a quick look at what you can now expect.

1.      Eliminating the Transaction Receipt Requirement

If a credit card issuing bank processes a chargeback, then it will not have to request a copy of the transaction receipt before initiating a chargeback for the following types of transactions:

·         Reason Code 75 Transaction Not Recognized

·         Reason Code 81 Fraud-Card-Present

·         Reason Code 83 Fraud-Card Absent

For merchants, is important to remember that eliminating the transaction receipt requirement is only a condition for a chargeback change. In the dispute process, you may still receive a request for a copy of a transaction receipt. During the dispute process, issuing banks may still request a copy of the receipt if the bank needs to respond to a cardholder’s request or for other legal purposes.

2.      Revising the Invalid Chargeback Requirement

A credit card issuer’s chargeback is invalid for the following reasons if there is evidence that the merchant read the card electronically.

·         Reason Code 75 Transaction Not Recognized

·         Reason Code 81 Fraud-Card-Present

·         Reason Code 83 Fraud-Card Absent

An issuing bank may only use these codes to pursue chargebacks for key-entered or unattended transactions. Unless the merchant obtains the CVV2 number for U.S. domestic transactions instead of an imprint, the merchant will no longer need to provide a signed transaction receipt. Proof that a card was imprinted manually or read electronically will provide enough evidence to remedy an issuing bank’s chargeback.blog8

The Good News for You

For merchants, eliminating the retrieval request and invalid chargeback requirements means:

  • Streamlined chargebacks and documentation requirements
  • Simplified dispute resolution processes (issuing banks will not allow fraud chargebacks on electronically-read transactions)
  • Reduced back-office handling and related fraud management costs

These changes are designed to promote faster, more efficient dispute resolution for everyone. 

We’re here to Help

At Intrix, we work hard to make sure our merchants experience the best credit card processingservices possible. Part of our merchant services includes sharing our extensive knowledge. For more information on chargeback prevention or disputing chargebacks, call our customer support department at 303-440-8617 or contact us.  

FTC Releases Mobile Payments Perspectives

By Jeff Connors

May 13, 2013

 

 

I was reading the Money2020 blog the other day and came across this post by Sanjib Kalita that I found quite informative and thought I’d share with you. The post does a nice job of putting into perspective the key issues raised by the FTC report—issues that every small business involved in payments processing needs to keep in mind to stay relevant in today’s shifting landscape:

 

The Federal Trade Commission released a report today highlighting some of the key issues in mobile payments from their perspective.  The report is titled “Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments,” and is based on a workshop held by the Commission in 2012.  There were three key issues raised by this report: dispute resolution, data security, and privacy.  None of these issues are new for the payments industry.  However, the nature of mobile payments raises the importance and visibility of these risks.

Dispute Resolution:

FTC staff looked at the websites of 19 different mobile wallets.  Of the 19, 15 allowed consumer to fund mobile payments by their credit cards.  7 allowed consumers to fund by directly debiting their bank accounts.  4 solutions allowed carrier billing. 7 allowing funding by multiple sources.

Dispute resolution processes are well defined for debit and credit cards. However, they are less defined for prepaid cards or gift cards.  The Consumer Financial Protection Bureau is looking at extending protections on other cards to General Purpose Reloadable cards.  The protections in consideration are: 1) liability limits, 2) disclosure requirements for fees and expiration dates, 3) error resolution procedures, and 4) authorization standards for recurrent payments.

Carrier billing is an even less well defined funding vehicle.  Disputes for carrier billing are essentially dependent upon the good will of the carrier.  There are no statutes or regulations which enable consumers and companies to set some benchmarks.  For example, how could a consumer restrict billing on their account by 3rd parties?

Data Security:

The Federal Reserve performed a consumer survey where 42% on consumer said they were concerned about data security on mobile wallets. Given the recent news about foreign governments systematically hacking into corporate websites, this percentage could likely now be higher.  The FTC report mentioned two methods of increasing data security: end-to-end data encryption, and passwords.  Given the amount of personal data at risk, this area could represent a major pain point for consumers and companies alike.

Privacy:

The FTC mentioned two key concerns with respect to privacy: consumer ability to control what data is shared, transparency by companies about what data is shared.  In general, European consumers tend to be more protective of their privacy while consumers in the US do care about it, but are more open to sharing their data with the appropriate controls and rewards.  Given the value of the consumer data associated with mobile wallets, there will be greater business and financial pressure to use this data.

Looking Forward:

Mobile wallets as a category are still in their infancy.  The accepted consumer norms and business practices still need to be created.  The business models to create a sustainable mobile payments ecosystem remain to be proven.  Government regulators such the FTC are monitoring markets in order to ensure the fairness of the systems that are created.

 

Source:  Money2020 on Fri, 03/08/2013 – 20:35

Looking for a Merchant Cash Advance? Intrix can help.

By Phillip Head
4/23/13

paper.money

In everything we do at Intrix Technology, it is our goal to help small business merchants; from releasing new electronic payment processing software to offering a complete line of credit card processing equipment and hardware.  Recently, we added another tool to make it easy for merchants to succeed in business by getting needed capital affordably.

That new tool is our Merchant Cash Advance (MCA) program – a program that provides you with funding options.  With the Intrix MCA, you can easily obtain working capital that can be used for any business purpose.  In essence, we advance the funds and actually purchase your future credit card receivables.

Cash Advances (also known as “account receivables factoring” in the banking industry) have been around for a while, but it was not until just a few years ago that merchants could take advantage of this type of funding.  Since the payments come directly from your credit card merchant account through a percentage of each credit card transaction your business makes, the amount due on the loan can be quickly and easily paid back.

We want this to be simple, so we’re offering three MCA programs:

Platinum Program

  • Merchants with low risk characteristics
  • Must process an average of at least $25,000 per month

Gold Program

  • Merchants with medium risk characteristics
  • Must process an average of at least $22,000 per month

Standard Program

  • Merchants with medium to high risk characteristics
  • Must process an average of at least $7,500 per month

With bank loans difficult to come by, it’s no secret that small businesses are looking for alternative financing sources.  A recent guest blog talked about the difference between a small business loan and a merchant cash advance and when each funding option might be right for your small business.

As your merchant payment processing provider, we’re here to help.  If you’re thinking about a cash advance, give us a call at 877-440-1306.  We’ll help you determine if one is right for you.

 

About the Author

Phillip Head, Senior Vice President of Sales, Intrix, joined the team late last year.  Prior to Intrix, Phillip led a sales group at First Funds, a cash advance company where he helped grow the company by assisting merchants with debt funding. Earlier, he was with Accelerated Payment Technologies which was recently acquired by Global Payments. As SVP he drives nationwide sales for our payment processing solutions and is responsible for building the VAR channel and creating a telemarketing group.