Apple Pay Expands to Canada

Flag_of_Canada.svg

If there wasn’t any before, Apple Pay’s recent expansion has given merchants throughout the country of Canada a strong incentive to provide point of sale solutions compatible with the service. Although Apple Pay isn’t necessarily a service that is new to Canada, May 2016 marks the first time that customers will be able to make transactions with cards not exclusive to American Express.

For those that aren’t familiar, Apple Pay is a relatively new mobile payment feature powered by Apple that allows customers to pay for goods and services through their iPhone, iPad, or Apple Watch. Launched in October 2014, the application is synced with a user’s credit card and is utilized by holding your device near the contactless reader on a merchant’s POS system. The application then requires a user’s fingerprint Touch ID to authorize the transaction, and is a replacement for traditional ‘Chip and Pin’ or ‘Chip and Signature’ security methods.

Although Apple Pay has been available in Canada since November 2015, it has only recently become available for merchants that process cardholders not affiliated with American Express.

On May 10, Apple Pay’s services were expanded to customers of Royal Bank of Canada, Canadian Imperial Bank of Commerce, ATB Financial and Canadian Tire Bank. This expansion now supports Visa, Mastercard, and Interac, servicing a majority of cardholders in Canada. Services will be further expanded to TD Canada Trust, Scotiabank and the Bank of Montreal in order to fully accommodate Canada’s ‘Big 5’ banks, as well as two additional credit unions (iMore).

Apple Pay has potential to make a big splash in the Canadian market, primarily due to its cooperation with banking institutions. American Express is infamous for charging higher processing rates than its competitors, so Apple’s expansion beyond AmEx as sole proprietor of mobile transactions greatly increases its potential consumer base. In terms of customer protection, LoyaltyOne’s Senior Director of Research and Development believes that Apple Pay’s combination of security and branding are among its strongest selling points in foreign markets.

“Trust and security has remained a big issue with digital wallet adoption to-date, but studies show that consumers are more likely to adopt a mobile wallet platform and engage with the app if they trust a brand, and because banks are some of Canada’s most trusted brands, they are well-poised to get the most out of this digital trend,” says Berry. (MobileSyrup).

Having anticipated this major market shift, CoCard is fully equipped with a number of POS solutions that can quickly and efficiently service Apple Pay users in the United States. For more info about Apple Pay devices, call CoCard today at (800) 317-1819 or email at info@cocard.info.

 

Read MoreRead More
Tips for Preventing a Data Breach

Tips for Preventing a Data Breach

 

Tips for Preventing a Data Breach

 

When you think about data breaches, your mind probably jumps to the highly publicized incidents of companies like Target and Home Depot. Small business might think they don’t need to take security measures–but that’s not the case. Small business are as susceptible to data breaches as large corporations, and may actually be at greater risk.

Stephen Cobb, a senior security researcher at ESET, says that hackers like to target small businesses because they have more digital assets than a single customer, and not as many security measures put into place as a large enterprise. According to QSR magazine, small businesses like restaurants, are data-thief magnets because they process an abundance of credit cards and often use POS equipment.

Protect your small business with these data breach prevention tips from Chip and Terminal:

 

1. Be Proactive

  • Routinely check your POS systems to make sure they haven’t been tampered with.
  • Don’t wait for a problem to arise. Perform regular vulnerability assessments- once a week is advisable. These tests should be conducted on all systems associated with your network.

 

2. Make sure your credit card processing network is secure

  • Be sure adequate firewall and virus protection measures are put into place.
  • Avoid combining your network with your in-store free Wi-Fi. Make sure any open Wi- Fi networks your customers may use is on a separate network from the one where you process your credit cards.
    • If your devices are not properly installed, configured, and managed, you are taking on a large risk.

 

3. Hold your employees accountable

  • Train your employees on proper security measures. Creating a culture in your business that is more security-minded can help eliminate mistakes that may lead to a data breach. If your employees are knowledgeable and diligent in regards to your network’s security, they will be better able to notice atypical behavior.
  • Discuss with your employees the best way to optimize credit card security. Remind them that handling credit cards and physical cash is similar. There is a lot of responsibility that comes with handling money and information. Limiting how much employees handle credit cards out-of-sight can help prevent dishonest employees from stealing customer information.

 

4. Switch to EMV acceptance

  • EMV technology in the U.S. is catching up to the rest of the world after the 2015 EMV mandate. The chip that is embedded in EMV cards is encrypted and creates a new code every time the card is used to make a purchase, making the card unable to be replicated and more secure than a simple magnetic stripe card.
  • If a fraudulent charge has been made with an EMV enabled card, but a merchant doesn’t have the technology to process an EMV card, the merchant must accept the charge as a loss. Because of the liability shift it is critical that merchants invest in a processing system that accommodates EMV chips, whether they choose an EMV- enabled terminal or Point- of- Sale system.
  • The prevalence of EMV cards makes a data breach less likely because it is a lot harder for hackers to target individual cardholders as well as the businesses that accept them

 

If you would like more information on how to update your POS system and how to be more secure, including switching to EMV compliant technology, contact us at 800-317-1819!

Read MoreRead More
EMV-compliant card reader.

EMV Pocket Glossary

silver American express chip card shown dipped, or being processed, in an emv terminalWith the liability shift here, we know that you’ve already got a lot on your plate. So we’re going to just take it easy and go over a few terms you may have already seen or will see as you continue to learn about EMV. This list can serve as a simple pocket reference during the transition. Print it out even, and refer to it as needed when reading your next article or blog post about EMV. We want the transition to be worry-free.

EMV: Short for Europay, Mastercard, and Visa, the developers of the card

Chip-enabled card: A credit card enabled with a microchip; also referred to as “chip and pin” or “chip and signature”, depending on the cardholder verification method

Fraud: the criminal use of a person’s credit card information to make unauthorized transactions

With the transition to EMV terminals, the US aims to decrease fraud. The US currently accounts for nearly half of all worldwide fraud. On a positive note, the EU has decreased card fraud by 80% since completing its transition to EMV cards, which means the US transition should be successful.

Liability shift: Starting October 1st the responsibility for fraudulent transactions switched to the party with the least EMV-capable technology

If fraud occurs with a non-EMV bank card, the bank is responsible. If fraud occurs as a result of a merchant’s POS system that can’t accept EMV-cards, the merchant is responsible. Only 20-30% of merchants are expected to use EMV-capable terminals by October 1st, with the remainder throughout the three to five-year transition period. So if you’re not there yet, don’t freak out. COCARD can work with you to determine a POS system that is right for your company’s needs.

Transaction authorization: When a chip card goes through rules set by the card-issuer to determine whether the transaction can be authorized; transactions can be authorized either online or offline

Card authentication: the process of making the card authentic or unique by providing a one-time code for the transaction

If someone does manage to actually steal this code and use it, the transaction would be declined since the code was already used.

Cardholder verification (CVM): how the issuer and merchant verify that the cardholder and the person with the card are one and the same. An EMV-terminal might require a pin, signature, or for low risk transactions, no verification method.

Mag-stripe card: Cards with a magnetic stripe on the back. Much of the world has already switched completely to EMV-cards, and the full-scale transition in the US is currently underway. Cardholder data on mag stripe cards is easy to steal using a simple card reading machine.

Cryptogram: A one-time code created during online authorization; a cryptogram validates that the chip and issuer are not counterfeit

That’s it. We hope that this glossary of terms is short and sweet, and that it provides simple definitions for terms that are often times used when discussing EMV.

And now that October 1st has come and gone we’re sure that your still standing strong. So don’t worry. Instead, continue to read up on EMV and take the information that is most valuable to you as a business owner. If you’ve got any questions, we at COCARD will be happy to assist. Feel free to give us a call at 800-317-1819.

Read MoreRead More
Cartoon illustrations of an EMV Chip Card reader and EMV Credit Card

The EMV Files: A Conversation with Chip and Terminal

Cartoon illustrations of an EMV Chip Card reader and EMV Credit Card

Last week we introduced Chip and Terminal, who have a lot to say about EMV, mainly because they are the main components in EMV technology. So we were lucky enough to be able to book a slot on their busy schedule this fall season to interview them and ask them a few questions. Personally, we think they’d be great on Bravo, but they might have competition with a real housewife or two.

COCARD: Hi Chip. Hi Terminal. We’re so glad that we could ask you two a few questions about EMV. Really, we’re honored. Could you just start by telling us a little bit about yourselves?

Chip: Sure, well I’m Chip, and I’m the small chip that’s embedded in credit cards with EMV technology. Banks have already started transitioning to cards including yours truly, and plan on having all cards in the US utilizing EMV technology within five years.

Terminal: I’m Terminal, and all cards containing chips, will be dipped into terminals to be read. I like to say that I give new meaning to dipping the chip. I provide a one-time code to authenticate the card. Because of this, your data is protected, preventing a person from stealing a code that is only good for one transaction.

COCARD: So when did you first realize that you worked so well together, that you were a great team?

Terminal: I’ll take this one Chip. We’ve had a couple of countries really benefit from EMV technology. There’s the UK, which reduced fraud by more than half between 2004 and 2013 upon implementing EMV cards. Then there’s Canada, eh, that started the EMV roll-out in 2003 and reported fraud of $29.5 million (CAD), down 79% from 2009, which was $142 million (CAD). So I would say that it’s taken some time to see the effects, but in the past few years, we’ve really seen the impact that EMV cards have had in reducing fraud for many countries around the world.

COCARD: EMV is new for many business owners. So I’m sure you understand how such a change might make people anxious. What would you say to assuage the fears of business owners everywhere?

Chip: Well, first the sky is not falling. It might seem like it, but it’s not. The proof is that it’s already been successful in other places, and the US is simply one of the few developed nations that has not adopted this technology. EMV, through its authentication process, is really what makes these cards, our cards, more secure. So they are a safe and secure way to pay for things. We think that any business owner can appreciate the feeling of comfort that security brings.  The big thing for business owners to remember is that banks have a five year plan and that only 21% of US cards will have the embedded chip by the October 1st liability shift..

COCARD: Anything else you’d like business owners out there to know?

Terminal: We just want you all to stay informed. Keep learning. The more you know, we think the less you’ll feel out of your element with something that can benefit your business.

COCARD: Thanks Chip. Thanks Terminal. You were both great. We appreciate that you were able to take time out of your busy schedules—you two are in high demand—to spend a few minutes with us at COCARD. Have a great day.

Chip: You too.

Terminal: Yeah, thanks COCARD.

Read MoreRead More

Don’t Get SLAMMED!

dont_get_slammed

Dictionary

slam
noun ˈslam

Definition of SLAM
1
:   switching business owners from their current merchant services provider to another service provider without the business owners knowledge or authorization.  

Examples of SLAM

“He/she called for software support and was slammed by another provider”

Don’t be slammed

To Learn More About SLAM

 Call COCARD at 800-317-1819 or email support@cocard.info

Read MoreRead More

A Sky Without Limits, or Infinity and EMV

CHip-B-W-968x1024Chicken Little once said that the sky is falling.  Yet it still remains intact above us.  So while the transition from magnetic stripe to EMV might seem like a shift of cataclysmic proportions, the sky is not falling.  Your company will successfully transition from magnetic stripe to EMV (many already have), and next time you look outside your window, you’ll see the billowy clouds resting above, and not on the ground.

Yet we also understand that with anything new comes fear.  It’s normal.  So we’ve put together a few facts to calm your nerves.  We want you—the sagacious business owner that you are—to continue to make calm, smart decisions over the course of the transition.

Are you with us?  Well, here goes:

  • A transaction using EMV technology will take around 60 seconds compared to under 2 seconds with a magnetic stripe card. Magstripe cards are swiped and provide the terminal with the credit card number and expiration date, which can be easily copied by a card reader.  EMV terminals, on the other hand, require customers to “dip” the chip and verify customer data, which takes just a short while longer.  During this time, the Chip and Terminal begin a conversation.  Chip says, “Please authorize this transaction.”   Terminal replies, “I’ll need to make sure you’re valid.  I’ll also need to provide your card with a special code unique to this transaction because we can’t have any fraudsters trying to take your info.”  Chip responds, “Sounds great.”  Terminal says, “Now please sign, or enter your pin number.”  EMV takes a few more seconds than a magstripe transaction, but your data is more secure. 

 

  • Don’t panic. Although EMV has been adopted in Europe for over a decade, cards in the US still have a magnetic stripe.  Card companies have accounted for the ongoing transition by allowing terminals to still accept magnetic stripe cards. Card issuers expect the full transition to take anywhere from three to five years.

 

  • The term “liability shift” sounds pretty intense, like if you’re not prepared, the earth will shift, and you’ll fall off the edge of it. Oh, Copernicus.  Well, flat-earth jokes aside, the liability shift is not that cruel.  It is simply a method to eliminate fraud.  Starting October 2015, the party—either the business or banking institution—with the lesser technology will be responsible for the cost of fraud.  Instead of thinking of the liability shift as a way for others to make money off of your hard work, think of it instead as a way to ensure all parties are working together to eliminate fraud, which cost US consumers $16 billion last year alone.

 

In short, the sky is not falling, and EMV is not the end of the world.  Instead, it seems to be the beginning to new possibilities for business owners.  It might be an uncharted territory, but EMV will provide companies with the tools to chart their own course by allowing them to directly address fraud, a concern that leaves many involved feeling powerless.  So next time you look at the sky, we at COCARD hope that you view it with possibility, and nothing less than that.

Read MoreRead More