Russian hackers have found a way of exploiting a merchant account security vulnerability using the pre-authorization request to discover the amount of credit available on compromised credit cards. These hackers operate a handful of checker sites to be used by identity thieves as a service which allows these criminals to easily discover the amount of available credit on a card, so they know how large a charge they can place on it. Pre-authorization checks are done frequently, for instance when a credit card is swiped at a restaurant, and unless a consumer monitors activity on their account in real time, an illicit pre-authorization check may go completely undetected.
One thing that consumers can do to counter this kind of attack is to sign up to be alerted by email whenever there is any activity on their account; in fact, this is most often how banks are alerted that a merchant account is being used for card checking. These criminals count on the fact that merchants, issuing banks, and acquiring banks do not share pre-authorization information. If they did, the patterns of illicit activity would be easy to detect. If a bank is informed by a customer that the activity is occurring, most likely originating from another jurisdiction, the bank will do little more than try to sell the customer additional fraud protection services and return any funds that were fraudulently obtained if illicit charges actually cleared.
(more…)
Merchant account aggregation is when several merchants are grouped by a credit card payment service provider under a master merchant account. It may afford service providers with a way of offering cut-rate service, but is actually against Visa and Master Card rules and is not PCI compliant. Merchants who hold accounts with an aggregator can find their service suspended with no explanation if credit card companies discover that accounts are being aggregated. There is actually no question that the credit card payment service provider will be caught if they are aggregating; it is only a matter of time. Banks participating in aggregation can receive huge fines, and the funds in an aggregation account are frozen making it unlikely that the balance of the merchant accounts can be recovered.
(more…)
Intuit has created a free merchant account application which allows users to accept credit card payments right on their iPhone. Features of the application allow users to text or email receipts directly to customers and can even be linked with Intuit’s QuickBooks program, which is designed to simplify bookkeeping for small business operators. The requirements for running the application include an iPhone or an iPod Touch running OS 2.2.1 or newer, and QuickBooks 2009 is required for integration with the accounting program. But, even though the iPhone application is free, users are required to sign up for Intuit’s GoPayment merchant account to make use of it, and this service is not free. GoPayment requires a one time setup fee of $59.95, and users must also pay a $19.95 monthly service fee. On top of this there is monthly minimum fee of $20, the transaction or pre-authorization fee is $0.23, and the discount rate can be as high as 2.44 percent.
(more…)
