The rise in APR was attributed to First Premier’s decision to offer a 59.9 percent APR for all Centennial Classic credit card applicants. Previously, the bank offered both a 23.9 percent and 59.9 percent rate to its new cardholders. 

Industry experts suspect that the move is an attempt by First Premier to make up for future losses in revenues due to the new legislation.

You will be happy to learn that these days there is less hassle when setting up credit card payments online. In the past, companies were required to open a merchant account through a bank in order to be able to accept credit cards. Today, several services enable you to accept credit cards online without opening your own merchant account.

With more than 50 million users worldwide, Paypal is probably the most widely used such service. The company’s Payflow service is a turn-key solution with several added advantages such as recurring billing and fraud protection.

If you still want to take actual credit card payments online, a merchant account service is your best option. To open an Internet merchant account, you must fill in a merchant application and provide support documents. First, you must supply proof that you established a checking account for your Internet business. If you have sole proprietorship, you can open either a personal checking account or business checking account. If you opt for a personal checking account, the account must be in the name of the sole proprietor. If your internet business is a corporation, you must set up a corporate checking account.

This account will be used to deposit sales generated through your internet merchant account, but also to withdraw fees such as online payment gateway fees.

Previously, California consumers had been complaining about the swipe fee some merchants charged customers who paid with a debit card. Businesses are prohibited by law to charge customers for paying with a credit card, so debit card users claimed discrimination.

On the other hand, business owners cited the high interchange fees they are charged by payment processors. Usually, merchants have to pay 1% to 2% of purchase price to the debit card issuer. They reasoned that they were simply passing their debit card fees on to the consumers.

The burden on business owners might change. Recently passed legislation is set to reduce the amount retailers have to pay for debit card purchases. The Credit Card Accountability, Responsibility, and Disclosure Act empowers the Federal Reserve to set a fee cap for debit card use.

Meanwhile, Governor Schwarzenegger said he opposed the bill to end debit card fees because it would harm businesses and consumers. If businesses could not charge extra to debit card users, they would simply pass along their extra debt to all consumers. They would be forced to increase their prices for goods and services, thereby affecting all customers, not only those who pay with debit cards.

Interestingly, Visa, which controls about 75% of the country’s debit card market, supported the bill.

As such it is important to be aware of the core elements of the PCI’s Data Security Standard (DSS). According to the PCI website, the following are the current fundamental principles and requirements:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

How can business owners avoid becoming victims of credit card fraud? Start by understanding the fraudsters’ methods, then learn to stay a step ahead of them. The following are commonly used methods of credit card fraud:

1. Malware attacks: Malware is software that allows hackers access to the victims’ computers. Undetected access allows them to steal passwords, bank information, and credit card numbers. Frequently updated anti-virus software keeps these attackers at bay.
2. Phishing and SMSishing: You’ve heard the warnings again and again: never open a file you don’t recognize. Phishers pose as genuine businesses, such as banks or social networking sites. They send official looking emails and SMS’s that prompt recipients to confirm passwords and account information. Avoid being scammed by deleting suspicious-looking emails without opening them.
3. Credit card skimming: Skimmers steal credit card information from legitimate transactions. Unsuspecting customers hand their credit card to a dishonest merchant, who uses a small skimmer device to read and store the credit card’s numbers. The merchant then uses the information to purchase something, or sells the information to others. Skimming is difficult to spot and avoid, but business owners should carefully examine their monthly credit card statements for suspicious charges.
4. Site cloning: Fraudsters might clone an entire website, or just the order form page of a merchant site. Victims enter all their information, including name, address, and credit card number, thinking they are making a valid purchase. They don’t realize they are directing their I.D. to a thief.
5. False merchant sites: False sites easily dupe customers into providing their credit card information. They simply advertise their wares at ridiculously low prices, then request full credit card details from those who want to access the site. The take-home message? Do not freely provide your credit card number, unless you are certain you are buying something legitimate.
6. Credit card generators: Using mathematical algorithms, this software imitates patterns of existing credit card numbers to create thousands of new credit card numbers. Many are actually valid numbers and expiration dates. Again, a meticulous review of credit card statements will reveal whether a generator, or anyone else, has misused your credit card number.

(Image Credit)

First, the standards development lifecycle and feedback process has been extended to three years (from two years) starting from this October. According to PCI the additional year “provides extra opportunities for stakeholder input and feedback, a longer time period for the feedback to be submitted and more merchant friendly start date to implement, along with longer sunset periods for existing standards.”

Here is a brief rundown of the anticipated changes:

• Clarification that PCI DSS Requirements 3.3 and 3.4 apply only to PAN. Align language with PTS Secure Reading and Exchange of Data (SRED) module.

• Clarification that all locations and flows of cardholder data should be identified and documented to ensure accurate scoping of cardholder data environment.

• The definition of system components has been expanded to include virtual components. Requirement 2.2.1 has been updated to clarify intent of “one primary function per server” and use of virtualization.

• There will be additional clarification on secure boundaries between internet and card holder data environment.

• There will be recognition that Issuers have a legitimate business need to store Sensitive Authentication Data.

• Clarification of processes and increased flexibility for cryptographic key changes, retired or replaced keys, and use of split control and dual knowledge.

• The requirement to allow vulnerabilities to be ranked and prioritized according to risk will be updated.

• Requirements 6.3.1 into 6.5 will be merged to eliminate redundancy for secure coding for internal and Web-facing applications.

• Requirement to allow business justification for copy, move, and storage of CHD during remote access will be updated.

• Provide further guidance on PA-DSS applicability to hardware terminals.

• Add sub-requirement for payment applications to support centralized logging, in alignment with PCI DSS requirement 10.5.3.

• Combine requirements 10 and 11 (remote update and access requirements) to remove redundancies.

• Debit cards. These cards typically come with either a Visa or MasterCard logo on them. They are used much in the same way as a regular credit card, except that the transaction money comes immediately from the card holder’s bank account.
• Prepaid gift/debit cards. A store-valued card that can be used to make same store purchases up to a specified amount.
• Secured credit cards. These cards work like a regular credit card, except that a minimum deposit- usually of a few hundred dollars- is required to open the account. The available credit is then limited to the amount of money deposited. Cardholders generally pay fewer fees and finance charges with this option, and it has thus become a good credit-rebuilding tool.

 (Image Credit)

On the other side of the fence, the smallest of businesses are claiming that the move is necessary to protect those with tight profit margins- especially since they are charged high interchange fees by payment processors for all purchases made with a debit card.

New legislation, however, is poised to change the playing field. The recently approved Credit Card Accountability, Responsibility, and Disclosure (CARD) Act, includes the Durbin “swipe fee” ammendment, which requires that interchange fees be “reasonable and proportional” to the payment processing costs incurred, and empowers the Federal Reserve to set the fee cap.

With this new legislation in place, retailers will lose some of their justification for holding on to these fees. But we’ll have to wait until all the dust settles before we can tell what the impact will be.

(Image Credit)

So what will this mean for retail credit? Here are a few anticipated changes:

• No more three month“Same as Cash” Offers. Under the new legislation, all credit promotions must last six months or more.

• No more unexpect increases in interest rates. Under the new rules, customers must be at least 60 days late on their payments before a new, higher interest rate can be applied.

• The higher rate gets paid of first. Any money above the minimum payment will be applied to the expenses with the highest interest rate first.

(Image Credit)

And now that the U.S. is finally beginning to jump on the bandwagon with mobile banking and payments, this sector is expected to grown exponentially over the next few years- especially among younger, tech savvy consumers. According to a study conducted by Mercatus LLC, a Boston-based consulting firm, more than half of U.S. consumers, and almost 80 percent of those between the ages of 18 and 34, will use mobile financial services within five years.

Could another credit bubble be looming?

(Image Credit) 

*Source: Demos.org, April 2008