Default HubSpot Blog

Current Articles | RSS Feed RSS Feed

Authorize.Net Phishing Scam | Beware

Posted by Alex Neir on Thu, September 06, 2012 @ 01:44 PM
Authorize.Net Scam
Authorize.Net, a leading payment gateway provider has recently released a statement pertaining to a phishing scam that is currently in circulation via email.

The subject line for the fraudulent email is “Successful Credit Card Settlement Report”. The email explains that the business’s online service has expired and must be renewed immediately or service will be cut off.  The email asks for the business to verify the account and to renew. A link is provided to login to the Authorize.net account.

Following the link and providing the login name and password is what the scam is after. Once that information is provided the scammer then has access to the business’s Authorize.Net account and can cause damage.

It is vital that this email not be responded to and that the attempt is reported to Authoriz.net. If you or any of your employees have responded to the email please contact Authorize.net immediately to determine if any fraudulent activity has been made.

As a general rule, never respond to email requesting information pertaining to sensitive information. It is best to contact the company that appears to have sent the email to verify the authenticity of the communication. 

Tags: Credit Card Fraud, Fraud Protection, Fraud Alert

Master Card Fraud Alert

Posted by Alex Neir on Tue, June 05, 2012 @ 11:24 AM
Master Card Fraud Alert

Master Card has announced a fraud alert. If you have received a “Master Card Security Alert” via email asking you to preform a credit card test transaction, please call Master Card immediately.

Apparently the criminals are asking unsuspecting businesses to conduct a credit card test in which the details of the transaction are to be sent to an email address that is not associated with Master Card. The intent is to acquire merchant transaction information in order to complete fraudulent transactions and refunds using stolen credit card information.

You should never receive an unsolicited phone call, email, social media request or fax request from Master Card. If you are contacted by someone that claims affiliation with Master Card, please do not respond and report the inquiry to Master Card at datasecurity@mastercard.com.

Tags: Credit Card Fraud, Fraud Protection, Master Card Fraud Alert

Chargeback Compliance | Part 2 of 2

Posted by Alex Neir on Fri, October 21, 2011 @ 08:10 AM
Chargeback

Chargeback Compliance:

If the customer or issuing bank alleges that the merchant has violated Visa and MasterCard Operating Rules then it is considered “Out of Compliance” and the merchant will not be protected by the chargeback process. The issuing bank must certify that a financial loss did or will occur as a result of the rule(s) violation. Each side has an opportunity to present their case to the Visa and MasterCard Analyst assigned to the case. Compliance cases are filed within 90 days (Visa) and 180 days (MasterCard) from the transaction date. The date of a Retrieval Request ( the date of violation) is 90 days for Visa and 45 days for MasterCard from the date the issuing bank received notice from its cardholder of a violation (Date of Discovery)

Examples of Chargeback Compliance violations include:

  • Failing to properly disclose “limited refund” or “return policies” to the cardholder at the time of the transaction.
  • Preparing two or more transaction receipts to avoid authorization for a single transaction.
  • Quality of service received from a travel and entertainment merchant.

Chargeback Compliance Filing Procedures, Fees and Penalties:

If you, the merchant, face a Compliance Violation claim, then you will be required to complete a Visa and MasterCard Compliance form and provide a description of the grievance, and submit copies of all supporting documentation. The issuing bank is required to provide the merchant with a Pre-Compliance letter, 30 days prior to filing, in attempt to settle the matter. As with a standard Arbitration, there is a Filing fee of $150.00, a Review fee of $250.00 paid by the losing party. Further, a $100.00 fine may be assessed for each technical violation found against the opposing party.

Criteria used for Chargeback Compliance Violation Decisions:

The arbitrator will consider the following when determining financial liability ~

  • Was there a rule violation and a resulting financial loss
  • Was the cardholder’s complaint reasonable
  • Should the disputed amount be allocated between the two parties

When facing a Chargeback, Arbitration or Compliance claim keep in mind…

When a merchant is facing a Chargeback claim, Arbitration request or Compliance Violation charge, the most important thing to remember is to respond quickly and accurately with sufficient supporting documentation to defend your business. Failure to respond by the stated deadlines is an automatic forfeiture of the transaction which means you will lose the full transaction amount and could be subject to fines.

 

For more information on chargeback compliance please call (800)917-8026.

Tags: Chargeback Compliance, Credit Card Fraud, Chargeback Defense, Chargebacks

Chargeback Overview | Part 1 of 2

Posted by Alex Neir on Tue, October 18, 2011 @ 12:40 PM
Chargeback

CHARGEBACK OVERVIEW | Part 1 of 2

What is a Chargeback?

A Chargeback is the process whereby a customer disputes a credit card charge. The chargeback usually occurs after the customer receives their billing statement and does not recognize the charge, is dissatisfied with the quality or service, or did not receive what was guaranteed. Generally, the customer will call the credit card company directly to initiate the chargeback without prior notification to the merchant.

What is the Chargeback process?

The bank has a time limit by which to initiate a chargeback. Within 120 days of the transaction date, the merchant will be advised that the cardholder or bank is claiming a mistake has been made and is attempting to have the charges removed from their statement. The merchant’s account is then debited for the amount of the charge and the merchant must provide evidence that the transaction was valid and in compliance with Visa and MasterCard rules and regulations.

Typical Chargeback justifications:

  • Authorization not obtained for transaction
  • Fraudulent or Duplicate charges
  • Dispute over Quality, Service or Delivery
  • Refund credit not received

5 Steps in the Chargeback Cycle:

  1. Presentment: The Presentment is the date at which the sale or transaction occurs.
  2. First Chargeback: When the customer disputes a charge to their Credit Card Company or bank and the bank responds with a retrieval request to dispute the transaction. The First Chargeback is the point at which the merchant and their bank receive notification from the cardholder’s issuing bank. The merchant has 7 days to rebut, however, the merchants account is debited for the disputed amount until the chargeback is resolved.
  3. Second Presentation or Re-presentment:  The Second Presentment occurs when the merchant’s bank receives supporting documents from the merchant to substantiate the charge and, provided the documentation complies with Visa and MasterCard requirements, the chargeback is remedied. In some cases additional documentation may be required. If the chargeback is cleared then the merchant will be credited back the disputed amount and a letter will be sent to that affect. If the documentation does not satisfy their requirements then the merchant will receive a letter from Visa and MasterCard stating their decision and reasoning. This process can take up to 45 days.
  4. Second Chargeback: If the second presentment is rejected by the cardholder, the issuing bank files a second chargeback. At the time of the Second Chargeback the merchant can dispute the cardholders claim and, if necessary, escalate to Arbitration.
  5. Arbitration: Arbitration is the process the merchant and cardholder/issuing bank resort to when they cannot reach agreement through the chargeback process. All parties have an opportunity to present their case to a Visa and MasterCard analyst. Arbitration cases must be filed with Visa and MasterCard within 45 days of the Second Chargeback being issued. A Visa and MasterCard Arbitration form must be completed, along with a description of the grievance, and copies of all documentation submitted during the chargeback process. The losing party could be liable for fines of up to $500.00.  Additionally, there is a Filing fee of $150.00 and a Review fee of $250.00 paid by the losing party (fees subject to verification). Either party can be assessed a $100.00 fine for each technical violation against the opposing party.

Who Wins?

If you end up in Arbitration, there are several criteria the arbitrator will consider. Split decisions happen when one party offers a reasonable compromise or solution to the disputed charges. Merchants usually get an unfavorable ruling if:

  • The merchant fails to address the issues raised by the cardholder
  • The merchant fails to sufficiently prove that the dispute was unreasonable
  • The merchant fails to present sufficient documentation to support their case
Maxx Merchants offers numerous tools to help prevent and manage chargbacks. If you would like more information please don't hessitate to call out friendly staff at (800)917-8026.

Tags: Credit Card Fraud, Chargeback Defense, Chargebacks

PCI Compliance – What it is and why it’s important

Posted by Alex Neir on Fri, July 08, 2011 @ 12:24 PM
PCI Compliance

PCI Compliance – What it is and why it’s important

What is PCI compliance?

PCI compliance boils down to compliance with a set of rules defined as the PCI DSS or Payment Card Industries Data Security Standard. The PCI Security Standard has been established by the major credit card associations as guidelines for the collection of credit card information. These guidelines have been established to prevent fraud and to minimize credit card security threats.

In order to achieve PCI compliance a business must have dedicated policies and procedures in place that define how credit card holder information is collected, transmitted and stored. If a technical system is used to collect credit card holder information, the system must demonstrate encrypted transmission and storage.

Why is PCI Compliance important?

Let’s face it, as credit card carrying consumers we all have sensitive  data about ourselves collected transmitted and stored many times every day. With all that information being collected by so many individuals, businesses and charities it is very important that information is protected. As identity theft continues to grow the tolerance for mismanagement of credit card holder information is disappearing. The major credit card association have begun to institute large monetary fines for businesses that are found to have compromised credit card information.

Get compliant by selecting a vendor that manages your PCI compliance for you. Maxx Merchants is 100% PCI compliant.

 

Click me

Tags: PCI Compliance, Credit Card Fraud, Merchant Account Education

Beware of anyone using a Square credit card reader

Posted by Alex Neir on Wed, March 16, 2011 @ 12:35 PM
Square Credit Card Reader

Beware of anyone using a Square credit card reader

The Square credit card reader is a piece of hardware that attaches to smart phones and tablets that allows merchants to accept credit card payments.

It was announced that the Square credit card reader can easily be used to skim credit card information from unsuspecting customers. The issue is centered around the fact that the Square credit card reader does not encrypt the credit card information before it is sent to the device it is attached to. The fact that the credit card information is not encrypted allows anyone that is swiping the card to store the information for their own use.

The scenario can play out like this. The criminal orders a Square credit card reader from Square’s website. In a matter of less than an hour the criminal can develop an application for their smart phone or tablet. The application has the ability to store the card information that is normally encrypted and sent to the bank for authorization. You hand your card over to purchase an item from the criminal. They now have the card number, expiration, CVV code and all your personal information stored on their device. That information can be sold or used for their own purchases at a later time.   

Most if not all credit card swipe devices for smart phones and tablets have encryption built into the device’s hardware. This is a critical as it maintains the trust of consumer that their credit card information is safe when the credit card is handed over for purchases. Square has effectively undermined that trust and should be held accountable.

Do not purchase from merchants using the Square credit card reader. If you are a merchant using the Square credit card reader you should switch immediately. The device is not PCI compliant (to put it lightly) and you could be held responsible for breach of card holder data.

Tags: Credit Card Fraud, Credit Card Skimming, Square Credit Card Reader