Due to new security requirements in Vital/Tysys files if you are key entering a transaction you MUST press the 4th button down on the left side BEFORE entering the card #.. It will say either “EFT” or “MAIL/PH” and is right under the “reports” key.
Remember this is for Hypercom terminals only.
However no matter what type of terminal you have if it doesn’t ask you for AVS info EVERY time you key enter an order let me know.
file:///C:/Documents%20and%20Settings/Bill%20Hoidas/Desktop/y_key_5d3fdf309292e61f.html
The amount of caution you use in avoiding fraud with phone, fax and internet orders is a function of your historical track record and time you want to spend. If you only get one fraud attempt and/or chargeback per year you may not want to spend a lot of time on fraud prevention especially with repeat customers. The one exception is you would of course always want to be cautious with any large order. In order to protect yourself as much as possible you’ll want an AVS match on the billing street address and zip code. Than if you get this form (attached) signed and faxed back to you with a picture state issued id you are in great shape to fight any chargeback.
—
Bill Hoidas
District Sales Manager
Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have
everlasting life.
February 25, 2008 • Issue 08:02:02
Accelerating cash advance
he merchant cash advance industry has evolved dramatically since The Green Sheet’s initial lead story on the phenomenon just over two years ago (“Merchant cash advances open doors,” Oct. 10, 2005, issue 05:10:01″). The basic concept is simple: The cash provider buys future credit card receivables, which the merchant provides as a daily percentage of those revenues.
“Say a merchant desires 100K in working capital,” The merchant “would sell 135K in future credit card sales. Twenty percent of the merchants’ daily deposit is split-settled to fund the receivables which were purchased.”
Not every transaction would be identical to this, but this is an indicative example.
While cash advances on receivables is not a new concept, advancing cash for credit card receivables of goods or services not yet purchased was rare before the turn of this century, mostly because it was risky for cash providers.
And that risk is what most providers cite when explaining the fairly hefty fee that accompanies this type of transaction – the equivalent of 17%-35% if it were a loan in the same amount as the advance.
But the fairly simple concept of taking a split off the top as the credit card payments are processed makes the repayment of the advance simpler and slightly less risky.
Funders in, funders out
“I think in the next year or two we’ll see larger ISOs and even banks entering this market.”
Woochae Chung, American Microloan Managing Director, said once the court ruled against AdvanceMe’s patent “the floodgates opened. We saw at least a dozen new companies enter the market.”
But while the court case freed companies from the threat of litigation or paying patent royalties, the liquidity crisis drove others out.
Significantly, experiences with the economic downturn in the last 90 to 120 days have negated perceptions that the industry has wide margins and plenty of room for error.
Recession wins, recession woes
Given current economic conditions, it’s likely organic business growth – which occurs when existing customers prosper and grow – will not be particularly robust in 2008.
Some firms fund merchants with a Fair Isaac Corp. (FICO) score as low as 411 or as high as 817. “The recession won’t change that on the lower end, but we are seeing more merchants with high FICOs applying,”
The recession will spur increased demand for cash advance services. “Merchants who could take out loans against the value of their home will have a harder time getting needed cash that way, and they’ll turn to merchant cash advances,” They’ll be better credit qualified applicants.
“But there will also be merchants who are hurt by the recession that will be higher-risk and will take longer to repay or even be driven out of business. Hopefully, those two trends will balance each other out, but it’s a crapshoot.”
In addition, the subprime lending industry crisis has driven a large number of former subprime mortgage brokers into the industry
The adolescent merchant cash advance industry is grappling with growth issues, too.
“In the second and third quarters of 2007, we walked away from a lot of business because we couldn’t rationalize the terms being offered merchants. That discipline paid off in the fourth quarter when we grew 75% and closed out a record year.”
Changing economic conditions have led American Microloan to change its structure; “We monitor our accounts diligently, and we’ve tightened our underwriting,” Chung said.
“A fair allocation of risk and reward is simply better all the way around.”
Fraud expansion, fraud detection
Chung has also seen two or more funding companies overlap funding for the same merchant. “No one can sustain that level of debt,” he said. “Eventually it will bankrupt the merchant.
“Funding companies have to be on the lookout for that and check to be sure that the previous funding has been repaid. It’s not good for the merchants; it’s not good for the funders. Sooner or later it will go bad for everyone.”
Application fraud is already on the rise. “From an underwriting standpoint, you really need to be utilizing your ‘A’ game,” Gardner said. “You can really take a loss if you don’t successfully filter out fraud.”
Recently instituted are a number of fraud detection procedures that include sending stealth shoppers equipped with camera phones to do random checks of inventory or count the number of POS terminals. The company also has a rigorous identity fraud detection process.
The growing understanding of the merchant cash advance business has made it easier to sell because merchants no longer need much explanation of how it works. But it has a downside.
“Unscrupulous agents have been coaching merchants on how to abuse the system: installing two or more terminals and running only a fraction of the purchases through the designated terminal, for example,”
Loans denied, cash approved
The biggest criticism the industry faces is the very high cost merchants pay for cash. And those who are eligible for traditional bank loans would probably be better off going that route.
But traditional banks are not meeting the needs of small businesses that might have few material assets but healthy receivables – mostly pledged through credit card debt.
And retailers with strong but seasonal sales may prefer a merchant cash advance because traditional loans are paid back monthly in even amounts, whereas with a cash advance, merchants’ payments are proportional to their sales. They pay more in strong sales months and less in weak ones.
“No one is denying that this is expensive capital,” The point is for some merchants, it’s the only capital they may be able to get. It’s a fraction of the cost of a consumer payday advance.”
For example a repeat customer that obtained cash advances to expand his pizza franchise. “He told me that he considered it much less expensive than his previous friends and family funding,” When you fund that way you often give away a piece of your business. The 35% he gets here can be bought out in time, and he still owns 100% of his business. Independence is important to entrepreneurs.”
2008 practices, predictions
American Microloan’s growth has remained steady, and strong, at 50% a year. Chung doesn’t anticipate that changing in 2008, though he said the default rate for the industry on the whole has risen sharply over the past couple of years. He anticipates the funders that survive the recession will be those that underwrite carefully and monitor their accounts consistently.
“It takes a challenging economy to weed out the stronger players and test their business models,”
2008 “could go either way, but I think overall it will be a positive year for the merchant cash advance industry. Demand for the product will continue to grow, especially with the recent credit crunch.
Industry leaders are forming a nonprofit trade association for the merchant cash advance industry, which they hope to debut soon. They are in the process of establishing best practices to protect merchants and cash providers.
“It’s important for the industry for cash advance companies to have a ‘MATCH list,’ to combat the serious problem of fraud,” MATCH derives from the Member Alert to Control High-Risk database. It contains information on merchants who have been terminated for cause.
“Successful cash advance providers must have three things: access to competitively priced funds; solid scoring and underwriting models; and the most critical of all, a fundamental understanding of best practices,”
“You must know your customer; understand his business; and never, ever, supply more capital than they can support … and not one dollar more.”
Cash advance is clearly a growing trend in the payments industry. But, down the road, will cash advance reach a saturation point?
If so, a different trend will likely take hold, and time will tell what that will be.
Bill Hoidas
District Sales Manager
Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have
everlasting life.
Requirement 10: PCI’s Everest
omplying with the Payment Card Industry (PCI) Data Security Standard (DSS) is a mandate for all merchants, regardless of acceptance channel and transaction volume. However, some requirements of the PCI DSS are more difficult to comply with than others.
In fact, my investigation of payment card compromises and PCI DSS audits of various merchants demonstrate that requirement 10 – track and monitor all access to network resources and cardholder data – proves especially difficult for merchants involved.
In my research of 350 card compromise cases, more than half of the merchants involved failed to comply with requirement 10. Also, during initial PCI DSS audits of Trustwave’s customers, 70% of them needed to remediate deficiencies within their network environment to comply with the 10th rule.
Follow the basics
Tracking and monitoring all access to network components and cardholder data is no easy feat. For example, the PCI DSS requires that audit trails record the following network events:
The PCI DSS also requires that for each of these events, the following information, at the least, be recorded:
Any entity that processes, stores or transmits payment card information must comply with the PCI DSS. Thus the standard’s requirements are at the front of many merchants’ minds, but monitoring and logging are basic tenets of any data security plan.
Bulk up on security
Monitoring and logging network events can strain any organization’s resources, but the difference between implementing and not implementing logging measures can determine the severity of a security breach.
Critical files, such as those containing cardholder data or other sensitive information, must be monitored for unauthorized changes. If attackers are able to penetrate a network, they may attempt to add additional user accounts with administrative privileges.
Once attackers have gained administrative privileges, many times they can then access any asset on a network and begin copying sensitive information and sending it off-site.
Regular review of audit logs would alert a merchant or network administrator to foul play. But hackers do not work from 9 a.m. to 5 p.m. It’s more likely that an attack on cardholder data will take place at 3 a.m. – the perfect time to invade a smaller merchant who doesn’t have the resources to maintain a 24/7 security staff. And without continual, real-time monitoring of the logs, an alert may come too late.
Many operating systems provide default software programs that can log this information. However, requirement 10 calls for more than just the recording of events. Merchants must also review firewall, router and wireless access points and authentication server logs at least daily for unauthorized traffic and access attempts.
To complicate matters, depending on the systems running on a merchant’s network, each device may perform its own form of logging. Without information technology (IT) staff expertise, it’s unlikely these logs would make sense to the average merchant.
Even with in-depth IT knowledge, consolidating logs from multiple devices deployed across an entire network and presenting them in a way conducive to analysis would require a full-time IT employee, if not an entire staff.
The complexity of a merchant’s environment also affects the amount of logs that need monitoring.
Without a centralized process by which event logs can be correlated, it becomes increasingly difficult for merchants to gain insight into what’s occurring on their networks. While they may have enabled logging on their network devices, they find themselves buried in log data rather than at a vantage point with actionable information.
Fortunately, a number of information security companies have developed automated solutions to help merchants address the challenges of log tracking and monitoring around the clock. By allowing an outside data security expert to take over the monitoring of logs, a merchant not only saves money, but gains peace of mind.
While merchants may be baffled by the barrage of data streaming from their network devices, an experienced data security company monitoring merchants’ logs can provide insight into the security status of their networks, and maintaining in-house staff becomes unnecessary.
To show that you’re concerned about your merchants’ needs, consider using an information security service, along with your payment solutions. Merchants will know you have their well-being in mind because you will be offering not only secure payment services and technology, but also data security solutions that protect their businesses.
Michael Petitti is Chief Marketing Officer of Trustwave and is responsible for all of the company’s marketing initiatives. He serves on the Merchant Risk Council’s board of advisers and on The Green Sheet Inc. Advisory Board. Call him at 312-873-7291 or e-mail him at mpetitti@atwcorp.com.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Back to Top