It's Time to Protect Your Business from Growing E-Commerce Fraud

The Covid-19 pandemic of the past year created an increase in the number of online customers as business owners closed, or limited access to their brick and mortar locations and migrated online, sometimes just to survive.

To no one’s surprise, the surge in online activity was accompanied by a major increase in the amount of e-commerce fraud. A recent study from Juniper Research* predicts those losses will total $20 billion in 2021, an 18% increase over fraud-related losses in 2020.

Cyber attackers acquire credit card information along with credentials and go on a shopping spree that costs merchants thousands in lost merchandise and chargeback fees when the order is later marked as fraud.

Here at Commonwealth Consulting Group, we’ve seen local reports of businesses experiencing as many as 150,000 - 300,000 transactions an hour in fraudulent sales resulting from automated threat actors using batches of stolen credit cards.

It's Time for Increased Security Measures

We’d like to urge our clients to work with your website developer to re-evaluate your e-commerce security, determine where you might be most vulnerable, and consider adding one or more extra layers of security checks to your payment platform.

One such security measure would be a CAPTCHA test (see below) that helps your e-commerce platform distinguish between real customers and computer BOTS, such as Google reCAPTCHA, or a WordPress CAPTCHA plugin.

What is Captcha?

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge–response test used on a variety of websites that want to verify that the user is not a robot. The most common type of CAPTCHA requires someone to correctly evaluate and enter a sequence of letters or numbers perceptible in a distorted image displayed on their screen. The CAPTCHA test helps identify which users are real human beings and which ones are computer programs or BOTS. CAPTCHA works because computers can create a distorted image and process a response, but they can't read or solve the problem the way a human must to pass the test.

Fraud Filters Can Help Protect Your Business

There are many other types of fraud filters you can set up, but some of the more common ones include:

• A daily or hourly velocity filter that controls how many sales may be submitted to your website over a certain period of time. This helps prevent fraudsters from testing credit card numbers after purchasing lists of stolen cards.
• An address verification system (AVS) where you set your fraud filters to decline or require review for orders where the billing and shipping addresses don’t match.
• A card verification value (CVV) filter that looks for discrepancies between a card’s CVV number and the one entered during checkout.
• A purchase amount filter that requires you to review all transactions that fall outside a certain range. Since most businesses know their typical transaction size, you can set the filter to alert you when a transaction is higher or lower than this amount.

Clear Messaging Reassures Your Customers

Remember, enhanced security measures are just as important for customer protection as they are for your business. Be sure to include clear messaging to let your customers know why you’ve increased security at checkout. That should go a long way toward preventing cart abandonment while lowering fraud risks.

* Morrow, Susan, and Nick Maynard. “Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2021-2025.” Research Report | Fintech & Payments, Juniper Research, 26 Apr. 2021, www.juniperresearch.com/researchstore/fintech-payments/online-payment-fraud-research-report/subscription/emerging-threats-segment-analysis-market.

 


Introducing CCGConnect

Commonwealth Consulting Group (CCG) is branching out. We have rolled out a new turnkey solution for software developers called CCGConnect that allows business applications, such as point-of-sale (POS) systems or electronic cash registers ECRs) to integrate in-store (card present) payments.

According to CCG principal, Keith Reardon, “most software companies have to spend a lot of time and resources to implement EMV chip-card transactions into their system. This type of semi-integration and PCI certification can sometimes take months, but with CCGConnect, a software company can copy and paste our coding into their system, pair a terminal, and run a test transaction in under three minutes.”

CCGConnect is delivered in the form of a software development kit (SDK) that bundles everything developers need for the software application to integrate with both current and next-generation payment terminals while remaining outside of PCI-DSS scope. The system also offers cross-border coverage; a single integration can serve merchants in both the United States and Canada.

“By integrating CCGConnect into an application,” says Reardon, “developers can eliminate the lengthy certification processes and get to market faster.” The system offers out-of-the-box connectivity with pre-certified payment terminals and no coding is required when new terminals are added.

Once copied into an application, CCGConnect automates the discovery of semi-integrated payment terminals on a merchant’s local network and establishes any required pairing. After a pairing is established, the SDK is responsible for orchestrating the flow of payment operations between the application and payment terminals. All merchant and cardholder-facing screens are provided.

For more information, click on the Developers tab.


Your Business and PCI Compliance

All businesses that store, process or transmit payment cardholder data must be PCI Compliant. If you accept credit or debit cards as a form of payment, then PCI compliance applies to you.

What is PCI compliance and how does your business comply? The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

The PCI Data Security Standard applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.

So what if your business doesn't store your customers' credit card information? You must still be compliant because you process and transmit cardholder data. The storage of card data is risky, so if you don’t store card data, then becoming secure and compliant may be easier.

You might ask whether your website's security certificate satisfies the PCI compliance requirement. SSL certificates do not secure a web server from malicious attacks or intrusions. High assurance SSL certificates provide the first tier of customer security and reassurance such as the below, but there are other steps to achieve PCI compliance.

Commonwealth Consulting Group can provide additional information about PCI compliance and we can help assure that you meet the data security standard.

Source: www.pcisecurityguide.org


Don't leave money on the table in the Visa Mastercard Settlement

One thing is certain in the $6.24 billion settlement to provide payments to merchants who accepted Visa and Mastercard at any time from January 1, 2004 to January 25, 2019: if you do not file a claim, you will get no money.

This class action lawsuit is principally about the interchange fees attributable to merchants that accepted Visa or Mastercard credit or debit cards between January 1, 2004 and January 25, 2019, and Visa’s and Mastercard’s rules for merchants that have accepted those cards.

When a cardholder makes a purchase with a credit or debit card, there is an interchange fee attributable to those transactions, which is usually around 1% to 2% of the purchase price.

Interchange fees typically account for the greatest part of the fees paid by merchants for accepting Visa and Mastercard cards. Visa and Mastercard set interchange fee rates for different kinds of transactions and publish them on their websites, usually twice a year.

In a class action, people or businesses sue not only for themselves, but also on behalf of other people or businesses with similar legal claims and interests. Together all of these people or businesses with similar claims and interests form a class, and are class members.

In the Visa and Mastercard class action suit, the Court has not decided which side was right or wrong or if any laws were violated. Instead, both sides agreed to settle the case and avoid the cost and risk of trial and appeals that would follow a trial. In this case, the settlement is the product of extensive negotiations, including mediation before two experienced mediators, chosen by the parties.

Settling this case allows class members to receive payments. You are a member of the class action and entitled to receive payment that is proportionate to the volume of interchange fees you paid between January 1, 2004 and January 25, 2019, but only if you file a claim.

As of today, the Court has still set no deadline for filing, but one is surely on the horizon. If you have taken no action to guarantee your participation in this class action suit, Commonwealth Consulting Group cannot file a claim for you, but our partners at Financial Recovery Strategies (FRS) can. What CCG can do, especially if you’ve been our client for quite a while, is to help you assemble all of the information you need to provide to FRS in order to file your claim.

Meet our partner, Financial Recovery Strategies
Although CCG is not permitted to file your claim on your behalf, you may retain the services of our partner, Financial Recovery Strategies (FRS) to help manage your claim and assist in getting back the money you overpaid. FRS is a class action recovery and cost savings firm that specializes in, among other services, class action settlement claims recovery; they are not a court-appointed claims administrator or class counsel. As such, FRS is paid on an agreed-upon contingent-fee basis only upon and from the recoveries they obtain.

How do I retain FRS to help manage my claim?
If you would like to engage Financial Recovery Services, please visit their dedicated portal by CLICKING HERE FOR THE ONLINE AGREEMENT. On that web portal, you may retain FRS by first completing the required fields and submitting the form. This will generate an email with an agreement and an authorization to file your claim. Both of these documents may be signed electronically. FRS will then work with Commonwealth Consulting Group to submit the required documents and information to obtain your recovery.

Note: After you click “Submit” on your online form, you will receive an email from Harris Love, EVP at FRS within moments. If you do not receive the email, please check your SPAM or Junk Mail folder and it should be there to finalize the process.

Do I have to use FRS to file my claim?
No. Class members have the right to file on their own. You should have received an official claim notice in the mail with details about how to register for your settlement. If you didn’t receive your notice, or if you moved your business to a new location, you may request a new notice by submitting a form HERE.

Questions?
This should pretty much sum it up for you, but if you’d like to go straight to the source for additional information, please use the links below.

Helpful Links:

Settlement Website
Official FAQ
Official Notice

Note: No claim forms are available at this time, and no claim filing deadline has been set. Class members have the right to file on their own. No-cost assistance will be available from the Class Administrator and Class Counsel during the claims-filing period. As set forth in FRS’s Class Action Summary, FRS believes that it provides services that could increase a class member’s potential recovery and that are unlikely to be provided by the Class Administrator or Class Counsel. For additional information, class members can visit the court-approved website at www.PaymentCardSettlement.com, or contact Class Counsel or the Class Administrator.


Safe Methods for Cleaning Your ATM and Credit Card Terminal

We’ve been hearing reports from some of our customers about the increased involvement of local boards of health and state health agencies in requiring cleaning of ATM and credit card terminal keypads between sales, so we wanted to offer some thoughts about the most effective way to go about meeting these requirements. If you haven’t already done so, we suggest that you visit the Center for Disease Control and Prevention (CDCP) for updated guidance for core disinfection/cleaning, disinfection of electronics, cleaning and disinfection of soft (porous) surfaces, and the timing of disinfection after a suspected/confirmed COVID-19 case.

Cleaning Best Practices

The recommended best practice to prevent COVID-19 and other viral illnesses in public areas and commonly used surfaces includes cleaning the area of any visible dirt followed by a thorough wipe down with a disinfectant.

But, remember that your ATM and credit card terminal don't take well to moisture. CCG can steer you to products, such as keypad covers, and sanitizers that take easily to repeated cleanings without damaging the inner workings of your machine.

Recommended ATM Cleaning Procedures -

ATM Cleaning DO's:

DO: wear protective gloves when cleaning ATMs.
DO: apply 70% isopropyl alcohol to a cotton or non-abrasive microfiber towel then wipe ATM screens. Follow up with a dry towel to remove streaks.
DO: clean the ATM fascia and keypad with disinfectant wipes or spray, or 70% isopropyl alcohol.
DO: apply disinfectant spray or 70% isopropyl alcohol on a microfiber towel or non-abrasive pad first, when using in place of disinfectant wipes, then wipe down the keypad and fascia.
DO: make sure cloth is damp with cleanser before cleaning.

ATM Cleaning DONT'S:

DON'T: apply 70% isopropyl alcohol directly onto the ATM screen - always apply to non-abrasive cloth or pad first.
DON'T: spray cleaners or 70% isopropyl alcohol directly onto any part of the ATM.
DON'T: power down ATMs first before cleaning, it is safe to leave them powered on during cleaning process.
DON'T: spray or apply 70% isopropyl alcohol directly on keypad - it will gradually weaken the plastic.
DON'T: soak cleaning cloths with cleanser before wiping down ATM.


Today Marks the First Day Self-Employed, Independent Contractors Can Apply for PPP Loans

TODAY MARKS THE FIRST DAY SELF-EMPLOYED, INDEPENDENT CONTRACTORS CAN APPLY FOR PPP LOANS

PPP OPENED TO ADDITIONAL EMPLOYMENT CATEGORIES
Today, Friday, April 10 marks the first day independent contractors and self-employed workers can apply for forgivable loans through the Payroll Protection Program - a $349 million segment of the $2 trillion federal CARES Act. Independent contractors receiving 1099-MISC forms and self-employed individuals are eligible to apply for these, potentially 100 percent, forgivable loans.

REQUIREMENT: You must have been in operation on Feb. 15, 2020, your business must have been harmed by the COVID-19 pandemic, and you must submit required documentation along with your loan application.

WHAT DO I NEED TO APPLY? Once you know with which lender you will apply, complete the PPP application and submit with the required documentation to an approved lender by June 30, 2020.

WHERE CAN I APPLY? Existing SBA lenders and any federally-insured depository institution, federally insured credit union, or Farm Credit System institution is eligible to make PPP loans. Other regulated lenders will be available to make these loans once approved and enrolled in the program. Consult your local lender to determine if it is participating. Visit the SBA's website for a list of eligible lenders.

A number of Chamber member financial institutions are handling U.S. Small Business Administration PPP loan applications. The Chamber has reached out to each of these members to determine availability and have learned that many are prioritizing applications from their existing customers. We recommend you contact your existing bank to determine if they are participating as lenders in the new PPP.

If you would like specific contact information for one of the banks/credit unions accepting new members, we would be happy to make an introduction. Please contact Karen Pelletier, executive vice president, via email.

FOR ASSISTANCE | In addition, the Center for Women and Enterprise, the MA Small Business Development Center Network, and MassDevelopment can aid in the application for PPP loans as well as the SBA’s Economic Injury Disaster Loan program.

DETAILS & FORGIVENESS:
• The maximum loan size is up to 2.5 times a contractor's average monthly 1099-MISC or net self-employment income for the past 12 months
• All amounts spent on the following list of items during the first eight weeks of the loan term are 100 percent forgivable: (a) to replace your 1099-MISC income or your net self-employment income, (b) interest on mortgages, (c) business rent, and (d) business utilities. Note, if more than 25 percent of this amount is used for interest on mortgages, business rent, or business utilities not all of the amount spent may be forgivable.
• The interest rate is fixed at 1 percent and the loan term is 2 years
• Loan payments will be deferred for six months
• No collateral or personal guarantees are required
• Neither the government nor lenders will charge small businesses any fees for the loans.

FOR WHAT CAN I USE THESE LOANS? You should use the proceeds from these loans on your:
• Replacement for your normal 1099-MISC or net self-employment income (capped at $100,000 on an annualized basis for each employee)
• Interest on mortgage obligations, incurred before Feb. 15, 2020
• Rent, under lease agreements in force before Feb. 15, 2020
• Utilities, for which service began before Feb. 15, 2020

NOTE: A previous version of the PPP application guidelines included language precluding companies from calculating compensation figures which reflected independent contractor fees as well as independent contractors and the self-employed themselves from applying for the loan program. Those provisions were lifted today.


Accepting Credit Cards as a Discerning Business Owner

At the end of each month, every business owner must come to grips with the reality of the costs of accepting payments from cardholders who are less loyal to cash, and more interested in earning reward points for their purchases.  A credit card processing company is responsible for defining what a business must pay each month based on many variables that include different card brands and how payments are made.

Commonwealth Consulting Group provides upfront, no-obligation assessments for businesses looking to accept electronic payments, and also for businesses looking to lower their monthly costs. We provide the hardware and software that businesses use to accept card payments.

It is crucial for business owners to understand that their credit card services provider is, in fact, a partner when it comes to the financial aspect of processing electronic payments. It's important to have a relationship of trust with any business partner. We at CCG pride ourselves on industry expertise, and excellent customer support. We offer the latest in technology and solutions, ultimately helping business owners make the most of providing their customers with the option to make electronic payments.

At CCG we help business owners become familiar with an industry that has many moving parts. We want our merchants to understand the basics of what merchant services cost, what the mandated rates are for different card brands, and, at the end of the month, exactly what you are paying for.

Here's What You Need to Know About the Visa/MasterCard Settlement

As a merchant who accepts Visa and Mastercard as a form of payment, you’ve most likely received a NOTICE OF CLASS ACTION SETTLEMENT AUTHORIZED BY THE U.S. DISTRICT COURT, EASTERN DISTRICT OF NEW YORK indicating that the Court has preliminarily approved a superseding settlement of $5.54 billion in a class action lawsuit, called In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation, MDL 1720 (MKB) (JO).

The lawsuit is about claims that merchants (you!) paid excessive fees to accept Visa and Mastercard cards because Visa and Mastercard, individually, and together with their respective member banks, violated the antitrust laws.

In short, if you’ve been accepting Visa and Mastercard anytime between January 1, 2004 and January 25, 2019, as a member of this class action suit you have an opportunity to get paid back a portion of what you have overpaid in interchange fees during the time your account has been active.

We’ve had many questions about this class action lawsuit and the pending settlement, so we are writing to share what we know.



Brief Update
In 2018, and after years of litigation and the reversal of an earlier settlement, the parties reached this superseding settlement, which the Court finally approved on December 13, 2019. Under the terms of the superseding settlement, claim forms are to be disseminated to merchant-class members as soon as the Court’s final approval becomes final, which, unless appeals are filed, would have been on January 21, 2020. Unfortunately, however, several appeals have been filed. As a result, the approval of the superseding settlement will not become final until those and any other appeals are resolved.

Who has to file a claim?
The lawsuit was filed on behalf of all merchants, and all merchants are eligible to receive a portion of the settlement. Only you may file a claim. Please note that, as of this date, the timing of the claim filing process and the determination of how much will be distributed is not yet known.

Can Commonwealth Consulting Group file my claim for me?
No. As a merchant services company, CCG is not involved in the lawsuit, so only you may file a claim and only Visa/MC can reimburse you via the settlement. Even though CCG issues the merchant account you use to process transactions, we don’t set the interchange rates so we are not a part of this suit.

Meet our partner, Financial Recovery Strategies
Although CCG is not permitted to file your claim on your behalf, you may retain the services of our partner, Financial Recovery Strategies (FRS) to help manage your claim and assist in getting back the money you overpaid. FRS is a class action recovery and cost savings firm that specializes in, among other services, class action settlement claims recovery; they are not a court-appointed claims administrator or class counsel. As such, FRS is paid on an agreed-upon contingent-fee basis only upon and from the recoveries they obtain.

How do I retain FRS to help manage my claim?
If you would like to engage Financial Recovery Services, please visit their dedicated portal by CLICKING HERE FOR THE ONLINE AGREEMENT. On that web portal, you may retain FRS by first completing the required fields and submitting the form. This will generate an email with an agreement and an authorization to file your claim. Both of these documents may be signed electronically. FRS will then work with Commonwealth Consulting Group to submit the required documents and information to obtain your recovery.

Note: After you click “Submit” on your online form, you will receive an email from Harris Love, EVP at FRS within moments. If you do not receive the email, please check your SPAM or Junk Mail folder and it should be there to finalize the process.

Do I have to use FRS to file my claim?
No. Class members have the right to file on their own. You should have received an official claim notice in the mail with details about how to register for your settlement. If you didn’t receive your notice, or if you moved your business to a new location, you may request a new notice by submitting a form HERE.

Questions?
This should pretty much sum it up for you, but if you’d like to go straight to the source for additional information, please use the links below.

Helpful Links:

Settlement Website
Official FAQ
Official Notice

Note: No claim forms are available at this time, and no claim filing deadline has been set. Class members have the right to file on their own. No-cost assistance will be available from the Class Administrator and Class Counsel during the claims-filing period. As set forth in FRS’s Class Action Summary, FRS believes that it provides services that could increase a class member’s potential recovery and that are unlikely to be provided by the Class Administrator or Class Counsel. For additional information, class members can visit the court-approved website at
www.PaymentCardSettlement.com, or contact Class Counsel or the Class Administrator.


Is Owning an ATM a Good Investment?

Automated teller machines (ATMs) were introduced 50 years ago. Although some might argue that cash use is diminishing, ATMs seem to be evolving and trending. We believe they will continue to play an important role and fill a need into the foreseeable future.

Savvy business owners should always be looking for ways to increase their revenue. Some merchants look to ATMs to increase passive income.

Brick and mortar businesses such as restaurants, gas stations, convenience stores, hair and nail salons (and more) may benefit from having an ATM. It can attract more customers and improve profitability. If a customer needs cash to purchase a lottery ticket or wants to leave a cash tip, having an on site ATM is a way to guarantee that these opportunities are not lost.

ATMs have evolved to perform a variety of functions that will only continue to expand.The United States has the highest number of ATMs per capita in the world, and the demand for ATMs is not decreasing.

Do you have customers asking the location of the nearest ATM? Have you had to turn away a customer because they wanted access to cash, but you couldn’t provide it? Maybe you have an ATM in your location, but it is not properly maintained, and is often out of cash or out of service. We can help. If you’re still reading, then the odds are high that your business will benefit from having an on site ATM. It’s not complicated. ATMs exist because there is a demand for convenient access to a customer’s cash, and the technology to make that need a reality.

Commonwealth Consulting Group is a full service provider of ATM products and services. Contact us and we will help connect you with the right solution to best fit your location, situation and needs.