The Merchant Processing Guru Fraud Alert: MasterCard Security Alert

The Merchant Processing Guru Fraud Alert: MasterCard Security Alert

MasterCard recently released an alert stating that some merchants have recently received fraudulent “MasterCard Security Alert” e-mail messages. These phishing e-mails ask merchants to conduct payment card test transactions followed by a refund to a different payment card. These e-mails also instruct merchants to send the details of the transactions to an e-mail address not affiliated with MasterCard.

This scam is being perpetrated by criminals in order to gain merchant transaction information so they can attempt to make fraudulent purchases and refunds using stolen payment card information.  If you receive any such unsolicited phone call, e-mail message, text message, or social media request from an individual claiming to be a MasterCard Security representative, do not respond. Instead, report the fraudulent inquiry to MasterCard using the following e-mail address: [email protected]

Russell Harverson has over 9 years experience in the credit card processing industry and has build a reputation for “being there” for all his merchants! The goal of The Merchant Processing Guru is to provide you with the right, cost effective processing solution for your individual business needs, no matter how large, small or different, he has done it all. He is your Guru of Merchant Processing, shedding light on the credit card processing industry. To contact him via email: [email protected]
Or call him at: 1-888-368-GURU (4878)

Posted in Alerts | Tagged , , , , , , , , , , , , , , , | Leave a comment

The Merchant Processing Guru Tip# 27: Does becoming PCI compliant make you safe from hackers and breaches of your network and data?

The Merchant Processing Guru Tip# 27: Does becoming PCI compliant make you safe from hackers and breaches of your network and data?


PCI Compliance
The Short answer is NO, it does not! So why you ask is it a requirement and so critical to my business to become compliant? Very simple, these standards cannot make you impregnable but they are a minimum standard that has been determined by the PCI Security Council for each business to achieve in order to make accessing their customer data more difficult and unattractive to hackers to attempt a breach. It is a matter of economics to the hackers just like it is for you and everyone else in business, the more resources they have to put into breaking in to a system that will yield minimal results the less likely they are to attempt to break in. The biggest issue right now as I write this post is that most of the larger more attractive business such as the national chains have not only become compliant they are implementing their own standards that go beyond the requirements of PCI. The fact that it has become more and more difficult for hackers to penetrate these larger systems has turned their attentions to the smaller, less protected businesses that have not, until now, taken this as seriously as the larger companies have.  This means that your small business has become a larger target than ever before because as cyber crime increases and the bigger fish become more difficult to breach we will see more and more small businesses fall prey to the hackers that are after quick and easy payoffs.


Verizon’s 2012 data breach investigations report stated that there were 855 data breaches in 2011, 612 of those occurring in businesses with 100 employees or less. 79% of attacks were opportunistic while 96% of all attacks were not very difficult and did not require advanced skills or resources. Also, very interestingly, 96% of the victims were not compliant with PCI requirements.


Nothing about PCI is set in stone, the whole intention of PCI is that it is an evolving standard that will continually be updated to address the continual threat of data piracy. This also means that you cannot adhere to it once and think you are compliant for good, you must continually assess and reassess your policies, procedures and networks.


Russell Harverson has over 9 years experience in the credit card processing industry and has build a reputation for “being there” for all his merchants! The goal of The Merchant Processing Guru is to provide you with the right, cost effective processing solution for your individual business needs, no matter how large, small or different, he has done it all. He is your Guru of Merchant Processing, shedding light on the credit card processing industry. To contact him via email: [email protected]
Or call him at: 1-888-368-GURU (4878)

Posted in PCI compliance | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

The Merchant Processing Guru Tip#26 PCI Compliance, updates, review & why this is critical to your business

The Merchant Processing Guru Tip#26 PCI Compliance, updates, review & why this is critical to your business

PCI Compliance
It has been two or three years since I first wrote about PCI Compliance for the credit card processing industry, which back then was still in it’s infancy and no one really knew what to expect from this new development. I will dedicate the next several posts to updating you on a review of the past couple of years, the new developments of PCI and it’s implications to you as a business.

Most business owners that process credit cards are now well aware of some (I emphasize SOME) of the requirements that PCI requires of every business that accepts credit cards as a form of payment. Some of these requirements include the “Self Assessment Questionnaire”, a scan of your network once a quarter by a PCI approved vendor and truncating your credit card receipts so only the last four digits show up on the receipt. That is about the extent of what most processors have educated their merchants on. I will tell you in the coming posts about what is not common knowledge about being PCI compliant and why not having this knowledge is hurting your chances of staying in business for the long haul.

To start with there are 12 overall requirements that the PCI Security Council has mandated every business adhere to. These requirements are not suggested policies or procedures, they are exactly what they say they are, requirements. If a breach occurs in your business and you are not compliant with just one of the PCI DSS requirement then you are not compliant in their eyes period. This opens you up to crippling fines, the cost of mandated forensic audits and of course chargebacks that could close your business for good.

My intention here is not to put fear in you as much as it is to implore you to take this seriously! Is it easy to become compliant? Surprisingly the answer really is Yes! It just takes a little effort and knowledge to get there and you can start here by reading each one of my posts to educate yourself and start taking the action required to becoming compliant.

Russell Harverson has over 9 years experience in the card processing industry and has build a reputation for “being there” for all his merchants! The goal of The Merchant Processing Guru is to provide you with the right, cost effective processing solution for your individual business needs, no matter how large, small or different, he has done it all. He is your Guru of Merchant Processing, shedding light on the credit card processing industry. To contact him via email [email protected]
Or call him at: 1-888-368-GURU (4878)

Enhanced by Zemanta
Posted in PCI compliance | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment

The Merchant Processing Guru Tip #25: The recent Global Payments breach

Image representing Global Payments as depicted...

Image via CrunchBase

The Merchant Processing Guru Tip #25: The recent Global Payments breach

On Friday March 30, 2012 Global Payments announced that their system had been breached but they were not yet sure of the extent of the breach at that time. Unlike most breaches of this kind, that are usually discovered only months after they occur and then only after Visa & MasterCard initiate an investigation due to a pattern detected by their system, this breach was detected almost immediately by Global Payments’ system and their employees were able to lock out the hackers within approx. 42 minutes. Due to the quick detection and action by Global, the breach resulted in only 1.5 million card numbers being compromised.

In light of all this I would be bold enough to say that this was a small victory for the good guys finally! It is not a matter of keeping hackers out that we should look at as the definition of victory or loss, as hackers with the determination, skill and resources being able to gain entry to any system these days is pretty much a given! But the sheer ability to detect when they have entered the system, isolate and shut them down within such a short time and with minimal loss of data is something to be applauded!

I say this with much history and data to go on. Since 2005 the Privacy Rights Clearing House has recorded more than 3000 such breaches involving more than 500 million private records. Last year alone there were 591 breaches reported! The last breach of a major credit card processor occurred in 2008 where Heartland Payment Systems lost well over 100 million card records as their system did not detect the breach for close to 90 days.

In 2007 TJ Max also lost approx. 45 million cards and CardSystems lost over 40 million cards in 2005. In most of these cases, as was the case with Global, only track 2 data was stolen which holds the credit card number and the expiration date as well as other data of little importance to hackers. The only thing they can do with this data is make charges to the card, which are 100% covered by the Visa & MasterCard guarantee. What this means to consumers is that they are not liable for any of the fraudulent activity on that card and the hackers cannot open any new accounts in their name.

Russell Harverson has over 9 years experience in the card processing industry and has build a reputation for “being there” for all his merchants! The goal of The Merchant Processing Guru is to provide you with the right, cost effective processing solution for your individual business needs, no matter how large, small or different, he has done it all. He is your Guru of Merchant Processing, shedding light on the credit card processing industry. To contact him via email [email protected]
Or call him at: 1-888-368-GURU (4878)

Enhanced by Zemanta
Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , | Leave a comment

The Merchant Processing Guru: I am very excited to get back

The Merchant Processing Guru: I am very excited to get back to giving more updates about the credit card processing industry. A lot has happened in the past couple of years, we now have a more defined PCI DSS program so I will be updating you on that. The 1099K from the IRS is another thing that is forcing a much tighter control on this industry. We have not had this much regulation put on this industry since the 9/11 commission required personal information from anyone opening a merchant account.

I hope you enjoy the new, simple layout of the site as well as my new updates. Please check back often, as I will be adding more detail about services that can help your business grow and succeed. For example, I am now offering an alternative financing program for your customers with no credit checks or applications to go through but allows your customer to pay over 3, 6 or 12 month terms while you get paid upfront.

Posted in General about Industry | Tagged , , , , , , | Leave a comment