Tag Archives: small business

nfc wave

NFC - Everything A Small Business Needs to Know

The payments industry is an intricate, twisted mass of old and new competitors, each vying for market share like lions on a carcass. That analogy isn’t far off, as several nationwide chains, including CVS and Rite-Aid are refusing to accept all NFC payments just to stick it to Apple. On the retailer side, a conglomerate led by Wal-Mart has released their own digital wallet, CurrentC, which was hacked and compromised almost immediately.

But what about EMV? It’s still on the horizon. In October, 2015, businesses without EMV compliant hardware will be held liable for fraudulent, card-present transactions. Card issuers will release new cards, also known as chip-and-pin cards. These cards have been active in Europe for about a decade, and the continent has seen a drastic reduction in compromised card information since then.

Confusing and irrelevant for most consumers, the payments war continues. NFC and EMV are not competing technologies - they are complementary in the payments field. A chip-and-pin card can be used in a digital wallet with no hassles. Businesses are lucky; merchant services providers have terminals that are able to accept contactless forms of payment as well as chip-and-pin.

What is NFC?

nfc logo

The Near Field Communications Logo

Near-field-communication (NFC) is a proximity-based method of communicating via radio waves between enabled devices. It’s most known for the payment industry’s recent takeoff, which includes front runner Google Wallet, Softcard, and latecomer ApplePay. However, it is also useful for transmitting large amounts of information between two devices, and can even read smart tags, which are similar to QR codes.

NFC & Security

One of the biggest obstacles to widespread adoption of NFC-based payments is the state of security surrounding the technology. This is a complicated discussion, but needless to say, NFC is secure and is here to stay.

Here are some highlights: NFC technology is only effective in a range of about 10 cm, and its zone of interaction is not spherical, it’s very specific and in only one direction (if you’ve used contactless payment methods before, you know what this is like). This is the strongest security feature of NFC technology.

While using a contactless payment method, the interaction between your phone and the terminal is a one-way transaction. The terminal simply subtracts a certain amount from the smartphone’s digital wallet, and everyone moves on.

It’s important to remember that NFC has been around for years. The technology is no longer new, instead it’s being tested and adopted for the most efficient commercial use. It’s gone through rigorous testing and isn’t always perfect, but it would never have gotten this far if it was incapable of 1) protecting payment card information and 2) providing the cheapest and most efficient platform to pay with a mobile device.

It’s even more important to remember that no technology is 100% safe. Use common sense. Don’t pay with your phone if you don’t trust the retailer. Nothing is silly when it comes to protecting your information.

Landscape for Merchants

Based on information collected during the post-Thanksgiving shopping bonanza, only a small percentage of eligible Apple Pay users are actually using Apple Pay. CVS, Rite-Aid, and others are national. They can afford to invest in new hardware that will benefit them in the long term, while not risking as much today.

Small businesses - Main Street or otherwise - do not have that luxury. Since adoption of NFC tech is not yet widespread, businesses will have a hard time justifying the expense of a terminal.

As a merchant services provider, our goal is to provide the most efficient and useful payment processing services at the lowest cost. Because of the turbulence in the industry and lackluster adoption of the new standard, our recommendation is to pass on NFC enabled terminals for now.

NFC is the direction in which the industry is headed, so don’t throw it out the window. You will need to be able to accept contactless payments, and you will need to protect the security of your customers’ information, so keep an eye on our blog or give us a call to learn what we can do for you!

If you liked this article, follow us on Facebook, Twitter, and LinkedIn.

LinkedInFacebookTwitterGoogle+Share

Small Business Saturday

Small Business Saturday is the newest addition to the post-Thanksgiving shopping extravaganza that already includes Black Friday and Cyber Monday. While Black Friday focuses on big box retailers (e.g. Wal-mart) and Cyber Monday focuses on eCommerce (e.g. Amazon), Small Business Saturday pushes brick-and-mortar businesses to the top. This shopping holiday is celebrated by your local retailers, hole-in-the-wall restaurants, and local gems.

Founded by American Express in 2010, Small Business Saturday has exploded in popularity and participation due to overwhelming support from businesses, customers, and municipalities across the country. This year’s Small Business Saturday will take place the Saturday after Thanksgiving, November 29th, 2014.

For the first Small Business Saturday, American Express gave free advertising credits to small businesses to promote themselves, as well as rebates to American Express cardholders. Since then, President Barack Obama voiced his support for the day, it was officially recognized by the Senate, and in 2012, an estimated $5.5 billion was spent at small businesses.

How to make the most of #SmallBizSat

Social

This year, American Express is promoting Small Business Saturday through its own Twitter account, and is primarily using the hashtags #SmallBizSat and #ShopSmall. Check these hashtags for events, promotions, and information about the day.

In-person

Go to your favorite coffee shop, bookstore, or boutique and ask if they are taking part in Small Business Saturday. If you’re a business owner, visit this website to register your business on the map. American Express is offering free resources, ad credit, and other promotional materials to help businesses get the word out that they are taking part.

Neighborhood Champions

Although registration is closed, Neighborhood Champions are business associations, chambers of commerce, and other organizations that support small and local businesses. Look here for a list of Neighborhood Champions in your area.

Make Sure Your Business Accepts American Express

American Express cardholders that shop at your small business will receive credits for their purchases there. If you don’t accept American Express cards, you’re not taking full advantage of the holiday! Fill out the form below for more information.

Fields marked with a * are required

External Resources

Here are some resources for business owners and consumers:

Find local businesses – this map will show you small and local businesses in your area that are participating in Small Business Saturday.

Shop Small Twitter – follow them to stay up-to-date on #ShopSmall and #SmallBizSat.

Marketing Materials – this page walks businesses through the steps needed to get free marketing materials for the day.

How to Market Small Business Saturday – some helpful tips from marketing professionals on how to capitalize on Small Business Saturday.

Follow us on Facebook, Twitter, and LinkedIn for more information concerning small and local business events and promotions.

Protecting Customer Information

In our last blog post titled Data Breaches, Data Breaches Everywhere, we talked about the big data security and the largest data breaches of 2013. They affected multinational companies and some of the largest retailers in the United States.

However, that does not mean small businesses are exempt - in 2012, about 40% of data breaches occurred in businesses with fewer than 100 employees. So how can small businesses combat this and make protecting customer information a priority? Read the second entry in this three part series to find out.

PCI Compliance

The Payment Card Industry (PCI) Security Standards Council is the governing body of payment card data security for most businesses and an advocate for protecting customer information. Founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., the PCI Data Security Standard (DSS), serves as the baseline for merchants that accept cards as a form of payment – from national department store chains to seasonal fruit stands.

In security terms, it means that your business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. In operational terms, it means that you are playing your role to make sure your customers’ payment card data is being kept safe throughout every transaction, and that they – and you – can have confidence that they’re protected against the pain and cost of data breaches.

-PCI Data Security Standards Council Website

Businesses comply with the PCI DSS by following these 12 guidelines:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Use and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need to know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

The important thing to remember is that the PCI SSC cannot enforce these rules, they simply provide information about best practices and data security.

Small Business Data Security

These are some things to watch out for while running a small business, and some simple solutions.

  1. Hacking – malicious individuals can get your information by accessing your hardware or software through lackluster protective measures. Solve this by securing your connections. Encrypt your Wi-Fi, put a password on it, and don’t give it out to just anyone. There are dozens of options that range from free to $1000’s for all types of businesses.
  2. Payment fraud – people can access your info through the POS or terminal. Solve this by controlling user access to your Point-of-Sale system or terminal. Create unique user ID’s for each employee to control their permissions, monitor their usage, and hold them accountable. Your merchant services provider can help you with setting this up.
  3. Employee fraud – not everyone is who they say they are. Solve this by running background checks and extending your interview process. And remember, fewer employees means each has a higher chance to screw up your business.
  4. Lost, discarded, or stolen documents – people can sift through your trash if it’s not shredded. Solve this by buying a document shredder. Shred documents on a daily or weekly basis, and make sure that the remnants are properly destroyed.
  5. Negligence – Target’s malware detection tool caught the attack, but it wasn’t configured properly. Solve this by turning on all security features and options. Check regularly to make sure that they are on and up to date.
  6. Third-party companies – Hackers work backwards from the point of easiest entry. Target was breached through an HVAC provider. Solve this by vetting your partners’, suppliers’, and vendors’ security measures. Their security is your security.

High Risk Merchants

High risk merchants usually pay higher rates and fees, are watched very closely for fraud, and have other stipulations stapled to their contracts. Businesses that accept card-not-present transactions, some service providers, or businesses in an industry that is heavily regulated are typically considered higher risk. The least common denominator is increased chance of fraud and increased chance of chargebacks.

It is extremely important that businesses in this category maintain the strongest level of protection for their customer’s payment card information. Their businesses are already suffering non-negotiable increased costs, by adding a data breach or fraud on top of that, they run the risk of having their merchant account shut down, or in the worst-case scenario, being put out of business.

What To Do If You Are Breached

  1. Don’t panic – Panicking leads to hasty decisions. Haste makes waste. Don’t panic.
  2. Preserve the crime scene – That’s what it is now. Preserving the crime scene means that the authorities have a better chance of finding useful information. Instead of wiping hard drives or unplugging cords, stop using your terminal, virtual gateway, or Point-of-sale system, and break out the cash drawer.
  3. Gather info from service providers (internet, telephone, security, merchant services) – they have access to information that you don’t. Make some phone calls and let them know what happened and ask what they can do about it.
  4. Legal advice – Call the police, and get yourself a lawyer. You may not need one depending on the size and scope of the breach, but that’s not something you want to test.
  5. Communicate – Tell your employees and customers. Let your service providers, third party vendors, wholesalers, and anyone else that could be effected know that your payment card security was compromised, that you are looking into it, and that you will keep them updated. As evidenced by the efforts of Neiman Marcus, Target, and PF Chang’s, an open line of communication between executives and customers is very effective damage control.
  6. Reevaluate – Something went wrong. Find out what it was, and fix it so that it never happens again. The PCI SSC has many resources for small businesses here and here.

Landscape for Merchants

The landscape for merchants is not promising. Last year was the worst in history for data breaches. Main Street businesses need to comply with PCI DSS regardless, but proactive owners and executives will add additional layers of security to protect customer information.

The best way to do this is to accept chip-and-pin cards (also known as EMV cards), by using a terminal equipped for them. 86% of financial institutions plan to issue chip-and-pin cards in the next two years. Small businesses don’t have the same luxury. By October 2015, merchants who are unable to accept chip-and-pin cards will be held liable for fraudulent transactions, something considered long overdue.

The Choice Merchant Solutions EMV Readiness Program helps merchants convert to a more secure system before it’s too late and emphasizes protecting customer information. Check back for the penultimate chapter of this series, which will tell you everything you need to know about EMV. If you’re an early adopter, or want to find out more from a qualified representative, call us at 860.296.1300 or check out our merchant processing page.

Follow us on Facebook, Twitter, and LinkedIn for more information concerning the safety of your information, and for the rest of the series.

Choice Funding

The rapidly-growing, high-volume arm of our business development suite is Choice Funding. Choice Funding is a provider of working capital for businesses small and large, in the form of merchant cash advances, as well as traditional small business loans.

Our clients use working capital to finance expansions and renovations, open second locations, or purchase high-ticket equipment.

Choice Funding account specialists take the time to learn about a business’ unique challenges and operations, and based on the industry, present tailored to business owners and executives to make the right choice for working capital.

You can learn more about Choice Funding here, or you can email us at [email protected].