The EMV Smart Card Reader from Vision Payment Solutions


  1. The USA is finally catching up! Europe has used credit card chip technology for over 10 years to combat credit card fraud, along with most of the other countries around the world.
  2. The credit card chip is called EMV, an acronym for “Europay, MasterCard, Visa”.
  3. As of October 2015, businesses must have payment processing equipment capable of reading EMV credit cards, or they face liability for any fraudulent EMV card transactions they run.
  4. Prior to October 2015, fraudulent credit card transactions have been absorbed by banks. The “liability shift” that happens in October means that the liability shifts to businesses if they don’t have EMV card readers.
  5. EMV chip cards are no longer swiped like magnetic strip cards. They are inserted into the business’s card reader and stay in place while the chip on the card communicates with the reader, until the transaction is complete.
  6. Many credit card issuers haven’t replaced their standard magnetic strip cards with EMV technology yet.
  7. Some EMV credit cards also require a signature, others require a PIN. The Chip & PIN version is the most popular type in Europe.
  8. Many EMV chip cards have a magnetic strip that can be swiped in older payment systems, but merchants using those systems expose themselves to liability as of October 2015.
  9. The EMV chip technology is well tested. It has been available for over 30 years.
  10. The USA is the source of 25% of the world’s credit card transactions but nearly half of the credit card fraud.
  11. Online retailers will need to step up security measures. Online credit card fraud is expected to surge after EMV credit cards become the US standard.
  12. In 2013, global credit card fraud grew to $14 billion. The US portion of that cost had jumped nearly 30%.
  13. EMV chip technology not only helps prevent fraud at the point of payment, it helps ensure consumer credit card data is not at risk in the case of a merchant breach.
  14. The EMV chip generates a unique code for each transaction that cannot be used again, making it virtually impossible for criminals to duplicate the credit card.
  15. Many EMV credit cards also support near field communication, or contactless, card reading, where the card is tapped against the payment reader.
  16. Over a billion credit cards in the USA must be upgraded to EMV chip cards.
  17. It costs credit card issuers approximately $3.50 to issue an EMV card to replace a magnetic strip card.
  18. An estimated 12 million card readers and payment terminals will have to be upgraded to protect US merchants from the liability shift.
  19. Over 40% of US retailers are expected to remain noncompliant with the change to EMV card reading technology by the end of 2015, exposing themselves to fraud liability.
  20. The required upgrade to EMV payment terminals for automated fuel pumps, and the attached liability shift to the merchant, has been delayed to 2017.
  21.  Debit cards in the US will also be upgraded to EMV chip technology, but the rollout is expected to take longer due to software changes that must also be implemented by banks.
  22. US cardholders may be unpleasantly surprised when traveling abroad with their EMV credit card. Many cards are being issued with the EMV Chip & Signature technology, which won’t work at automated payment kiosks in other countries that require a Chip & PIN card.

Merchant Processing Security Tips

While the rest of the US economy has seen its highs and lows over the past decade, the growth of the ecommerce sector has seen almost nothing but robust growth. According to statistics, more than $300 billion was spent on web sales in the year 2014, up more than 15% from the $264 billion spent in 2013. And it shows no signs of slowing down.

With the growth in credit card use comes the increased threat of identity theft, credit card fraud, and phishing scams. While there is no foolproof method for preventing these attacks, both consumers and credit card merchant services can take calculated measures to prevent the risk of credit card misuse. Here’s what the experts recommend to avoid falling victim to today’s biggest threats:

1. Research

As most security experts point out, knowing about potential security threats is half the battle. By familiarizing themselves with the potential risks when accepting credit cards, especially when it comes to their specific type of credit card merchant account, business owners can take the steps necessary to protect their consumers (and their profits) from the ever-growing threats that surround merchant processing.

2. Communicate

Communication between customers and credit card merchants is key when it comes to security. Keep your customers in the loop about your security methods and ask for their compliance. Emphasizing privacy rules and PCI standards will help to build consumer trust in the long run. Consider beginning a security campaign to educate customers about the measures required to keep their identities safe. Use texts, emails, and phone calls to better facilitate communication.

3. Record

Vigilance is key when trying to counteract security threats to your business. Security threats are constantly evolving, but there are simple methods merchants can used to counteract even the most sophisticated of attacks. By keeping thorough records and securing all of your data with password protection, you can insure your profits against potential threats. While setting up a security system is important, vigilance in maintaining records and updating your security is crucial to your success in protecting your credit card merchant account.

4. Collaborate

One of the easiest ways to ensure you don’t fall victim to credit card fraud and other threats is to work with credit card companies themselves. Many credit card companies offer fraud-protection services, which can go a long way in providing your customers with peace of mind and protecting your business. If you’ve just started accepting credit cards, make sure that your business is certified as PCI compliant, and always maintain your compliance moving forward.

With the advent of digital commerce in full swing, accepting credit cards is a must in terms of company growth. With a few extra precautions, you can protect your business from today’s most common threats and help your business see the growth it deserves.

What to Look for in a Merchant Processor

There are a lot of credit card processing services out there, and they would love to have your business. With thousands of options available, how do you choose the one that’s right for you and your company? It can be difficult, especially for new business owners, to know what to look for when choosing a credit card payment processing provider, but we have some suggestions for narrowing down the candidates.

Price is what most business owners compare first when considering credit card processing systems. The rates and fees can be tricky to compare between providers. You have setup fees, monthly fees, and transaction rates to consider, all of which can vary widely. Unfortunately, one of the most common issues in the payment processing industry is hidden fees, which are typically much higher than the usual rates. These fees are typically applied to “non-qualified” transactions. You need to know what the merchant processor considers “non-qualified” in order to know if this is a rate that will affect your particular business. Also, pay attention to the fine print if you’re offered an outstanding rate, because it may come with restrictions and limitations. Find out how long that rate is good for and if it is limited to certain transactions. What does the rate revert to later? Even a small portion of a percentage point can make a big difference in your bottom line, so be thorough.

When you like a processor’s rates, find out what you get in return for payment. Choosing an ecommerce credit card processing service is about more than simply the cards you can accept. How good is their security? Are they PCI-compliant and can they properly process EMV cards? Will the provider’s internet credit card processing solutions work with your online storefront? Can you get support easily when you need it? This is vital if the provider is located in another part of the country or if you have online sales that may occur on any day, at any hour.

If you choose a merchant processor, are you getting a full-service provider or will you have to use others to create a complete payment solution for your business? Can they handle every type of payment you wish to accept, from credit and debit cards to gift cards and checks? If you have brick-and-mortar and virtual storefronts, do they offer solutions and equipment for point-of-sale transactions as well as online and mobile credit card processing?

Who are their clients? Can you talk to others who use them to get a feel for how they do business? Even with recommendations from other merchants, use due diligence and research processors before signing up. Investigate them through such means as checking reviews and examining their Better Business Bureau data.

Look for a low cost credit card processing provider that is upfront about their fees and rates and who offers a full range of solutions to handle all your payment processing needs. Look for a company that has been in business for at least several years and has a proven track record. Finally, when you are ready to go with a merchant payment processor, start with a short-term contract. This gives you flexibility if you’re not completely satisfied with their service. Once you’ve worked with them and are happy with the results, then go for a longer term relationship.

Is Your Small Business Prepared for Credit Card Changes in 2015?

In 2015, the credit card game is going to change. In the United States, we will see the long-awaited adoption of “chip and PIN” credit cards. With this new change, businesses will need to understand the technology behind the switch to better assist their customers. This includes integrating new software as well as purchasing credit card terminals that can accept the new credit cards. Although it may seem like a lot of changes, retailers and businesses that stay up-to-date on the latest technology will be better able to serve their customers. Better customer service means more return customers and a better ROI. From small businesses to large enterprises, it is important for your business to be ready to address these new credit card changes.

What is a chip and PIN card?

A chip and PIN card is different from regular credit card in that a client’s personal information will now be held safe in a microchip rather than contained in the card’s magnetic strip. This new card encodes customer’s information and makes it even harder for thieves to steal valuable information and/or commit fraud. This means that consumers can rest easy knowing that their card information is kept safer than ever before.

Know the Deadline

Merchants must make the switch to upgraded credit card terminals that are chip and PIN compliant by October 1st. Any business experiencing credit card fraud that has not upgraded to the newer software after that point in time could be heal responsible and will be forced to pay the fraudulent charges made on the card.

Making the Switch

While it may seem somewhat difficult to switch your software, you’ll be grateful that you did so. Make sure that you take these three points into consideration when looking to upgrade your equipment.

  • Research. Find out what you can about upgrading your current terminals. Each industry has its own unique set of challenges; make sure that you understand what different options are available to you.
  • Incentives. Credit card companies are offering incentives to make the switch. American Express is extending $100 towards terminal upgrades (for merchants that make less than $3 million in payment volume)
  • Do it now. Don’t wait until the last minute to make sure that your equipment and software is up-to-date. With so many steps in the process, the switch could take longer than anticipated, and you might have to deal with paying fines.

By making the big switch, your business will have access to more advanced security measures and, in the end, will be subject to less credit card fraud.

If you have any questions about making the big switch, contact the professionals at Vision Payment Solutions.

Big credit card changes coming soon to your wallet

Credit cards and card payment terminals are going to undergo a major change in the near future, thanks to a group being formed by Visa and Mastercard aimed at increasing security in the retail and banking industries in light of the recent breaches at Target and other retailers.


This new group will include bankers and retailers, security experts, and makers of card payment terminals, and will focus on increasing security, partially through the embedding of special security chips into credit cards, and a move away from magnetic strips. These chips have been used across the world outside of the United States for many years. For now, the chips are optional, but new liability regulations will impose severe penalties for those who don’t use them next year, a move which it is believed will make them all but compulsory.


The cards themselves are not the only aspect of the new payment structure that is undergoing changes. New card payment terminals, too, are being installed at retailers across the country which will include mobile payment machines at restaurants, which will be brought to the table so that customers can swipe their own cards. Drive Thru stations at fast food restaurants will also see new card readers installed outside the window, so that customers will swipe their own card. All of this is a push to remove the handling of credit cards by anyone but the card’s owner.


It is also possible that in the future, credit cards will require the use of a PIN, similar to ATM or debit transactions.


All of these moves are an intense effort by the new group to increase the security surrounding credit card transactions and it is hoped that the new cards, new card payment terminals, and other new forthcoming security measures will help to prevent future incidents like the retail breaches that happened in 4Q of 2013.



What is a Virtual Terminal?

Tablets and smartphones are ubiquitous in this day and age, but they have yet to completely inch out computers, and laptops still hold many advantages over mobile devices. This is even true in the case of business management, where the computer often has far more storage and power to process databases, inventory tracking, and the like. It only makes sense that one should be able to use a computer to accept credit card payments.


Virtual terminal merchant services are a Web- or cloud-based version of physical credit card point of sale (POS) machines. They allow a vendor to input credit card information into payment forms on a computer, which then can be used to process an electronic transaction such as a mobile payment. It is similar to the types of forms you might see on a mobile commerce site like Ebay or Amazon.


In the past, mobile payments would be processed using a phone to call in to a processor for gaining transaction approval. In the modern era, virtual terminal merchant services are used to instantly approve transactions over the web. Sometimes these services are done via manual entry, exactly like would be done when making an online service. More common, however, are systems that use a credit card reader that plugs into the computer, either via the charger, headphone jack, or via a USB port.


The downside of virtual terminal merchant services is that as of yet many cannot accept signatures from the client. This is in contrast to mobile processing services on a handheld device, which usually take a signature via the touch screen. However, with more and more computers these days featuring touchscreen technology, this may be rectified sooner rather than later. For now, the user simply uses a checkbox or similar functionality to agree to use a typed name as a virtual signature.


The technology is advancing, but with full computers incorporating technology pioneered by handheld devices, it seems likely that virtual terminal merchant services will continue to advance and could become the ideal means of managing one’s business in the near future.

U.S. Lawmakers Call for Data Protection Standards to Avoid Breaches

In light of the recent mass data breaches at retailers across the country, which have resulted in more than 40 million credit cards being stolen, cloned, and sold through the deep web, many lawmakers are demanding that the U.S. Congress stand up and mandate the adoption of card payment solutions and security standards to stop this sort of thing from ever happening in the future.


Among those demanding the new standards is Georgia Democrat representative David Scott, who believes that Congress needs to look at the new security measures that are already being used in other countries, like the smart card payment solutions that do away with a magnetic strip in favor of a chip embedded in the card.


The magnetic strip currently featured on credit cards, he believes, is an easy and open door for unscrupulous hackers, since the technology is, at this point, practically ancient, certainly obsolete, and thereby easy to crack. The EMV smart card payment solutions would not only better encrypt data but would add an additional line of protection in the form of a required PIN entry at the point of sale.


Scott believes that Congress is anxious to take action against future hacks in the future. But others don’t believe that it is Congress’ place to mandate the use of specific technologies.  It has been noted that Visa, MasterCard, and other credit card vendors have already announced plans to shift to smartcards by the end of 2015 without legislation in place. While some lawmakers want to create a new national data breach notification law that would supersede the over 45 state laws currently in place, others have pointed out that Congress shouldn’t have the right to override tougher state laws.


There is a strong voice for private industry to create and implement new security standards for card payment solutions, without further interference from a Congress acting out of fear and panic.

Social Media Gives Insight to Mobile Payment Processing Trend

According to the second annual MasterCard Mobile Payments study, there have been roughly 13 million conversations about mobile payments on social media sites like Facebook, Twitter, and the blogosphere. Virtual terminal credit cards and similar mobile payments carry an 88% positive rating amongst business owners and merchants across the web, with the predominant attitude being that businesses that don’t accept mobile payments are going to find themselves at a distinct disadvantage in the not-too-distant future.


The results reflect a staggering amount of interest in mobile payments not just from business owners, but from consumers as well. Interestingly, the vast majority (90%) of these conversations were initiated and driven by business owners who have already implemented virtual terminal credit cards or other forms of mobile payments answering questions from smaller and newer businesses seeking advice about what they should adopt in the marketplace.


These conversations are indicative not just of a trend or new fad—they are the beginning of a new movement. The patterns of behavior when making purchases are shifting and evolving, and it’s becoming necessary for merchants to be able to accept payments on the go. E-payments, mobile credit card readers, and similar options are cost-effective and easy to use, and don’t tie merchants down to a single location as did the bulky systems of the past.


It’s only natural that this new movement would have begun, and will continue to be reflected, via social media, which is the new language of communication in the modern era. With the ability to transform a basic mobile device like a smartphone, tablet, or laptop computer into a high-powered, portable and secure virtual terminal, credit cards and debit cards are likewise becoming the currency of choice in the modern era. Nobody is asking anymore if using a mobile processing solution is a good idea. Rather, they’re taking to social media sites to ask how they can adopt this technology, and what it can do for their business.

Cybercrime-As-A-Service Led To Credit Card Breaches

Software as a service is on the rise, there’s no doubt about that. This model, in which people purchase software, security, or operating system access from cloud-based provider, using these packages through a Web-based interface rather than downloading the package to a local PC, is becoming increasingly popular among service providers as well as among end-users. Even Microsoft offers a Web-based version of its industry standard Office software, and virtual terminal payments are becoming an increasingly popular option as compared to traditional credit card readers.


It seems, however, that whenever any sort of service becomes popular, it also becomes a target for unscrupulous programmers, or hackers. The always-assumed bulletproof Mac OS has in the past few years seen more and more instances of malware and virus attacks as it gained traction in the market and became a more popular option for home users.


The same holds true for credit cards, and this is one reason why virtual terminal payments are gaining traction..


You see, now we have to deal with cybercrime as a service. The waves of card breaches last year which began at Target were the direct result of cybercrime as a service. The code for the malware was available and sold online at dark web sites, as were the millions of card numbers stolen. One could, in effect, pay another hacker to use the malware to use the software and obtain card numbers for you. This is the very definition of cybercrime as a service.


The software, purchased online, could also be easily modified for the buyer’s own purpose. The service was so efficient with an untrackable virtual currency and a ready-made, efficient black market already in place, that legitimate businesses could almost take a lesson from the model, if not the implementation. If nothing else, the means by which these attacks have been made, the marketplace in which they are germinated, is wildly efficient.


Many retailers have considered, in the face of these attacks, a switch to virtual terminal payments in lieu of credit cards. Traditionally, virtual terminals can offer more security than physical terminals, as well as combining inventory tracking and purchasing trends with card processing. With mobile malware also on the rise, this may not be an ideal solution, but then, in an era where cybercrime is rampant, there may not be a true ideal.

Legalities and standards in the payment card processing environment

The 2013 data breaches that affected many major retailers from Target to Neiman Marcus were high-profile, public, and threw an unsightly and frankly frightening spotlight on the sheer weaknesses of the security standards inherent in the current credit card payment solution model. Indeed, PCWorld magazine labeled 2013 “The Year of the Personal Data Breach.”


The current system, which uses a magnetic stripe on the credit card to store the user’s data, is outmoded, archaic, and in dire need of update and improvement. Of this there is no doubt. It is also likely that these needed updates will come in the form of new technologies and systems that represent a more efficient and secure credit card payment solution than those currently in place. What this means is that there will be a major overhaul of how credit cards work, and even what they look like.


It is also certain that in-house general counsel will have to partner with the latest in IT standards to ensure compliance with any new regulations that result from this overhaul—any major revision in standards like this is going to get complex in a legal sense. The current standards for credit card security are called the Payment Card Industry Data Security Standard (PCI-DSS), and were established in 2004 by the major credit card companies.  The standards are detailed and complex, and break down to broad directives such as building and maintaining secure networks, protecting data, managing vulnerability, implementation of access control measures, regular monitoring and testing of networks, and maintenance of information security policies. These are in addition to specialized requirements based on merchant levels based on sales volume.


In 2006, the credit card companies created the Payment Card Industry Standards Council (PCI-SSC) to manage the complexity of the PCI-DSS, and to enforce the standards in place. This council performs audits, maintains information about credit card payment solution security providers, and establishes criteria to provide certification for the Qualified Security Assessors who are the only recognized officers for compliance of the PCI-DSS.


The general counsel, or advisory attorney who specializes in compliance issues, is needed to interpret the PCI-DSS and recommend to internal IT departments the risks involved, and the consequence of non-compliance. The attorney will also conduct regular reviews of this compliance, collaborate with the company’s credit card payment solution hierarchy, and continually review not only current standards documentation, but contracts with outside institutions to ensure constant regulation.


Whether or not the future sees a revised PCI-DSS standard, or a new standard altogether which will replace the current one, IT departments along will not be able to handle the complex new security standards in place—attorneys will continue to be a vital part of the credit card payment solution infrastructure.