In This Issue
Chargebacks Simplified
Service Providers, QSAs, and PCI...Know the Rules
Scammers Never Sleep
ProPay News
Quick Links

Join Our Mailing List!

Protection.  It's not something that one often thinks about with respect to business and business strategies, but as the payments industry becomes more regulated to prevent fraud and data theft, it is something that companies are beginning to consider more frequently.  


Chargebacks are the bane of many merchants.  With the best will in the world, it is nearly impossible to eradicate these from your merchant business.  However, there are some tips that can put merchants in a better position to dispute chargebacks.


Many are familiar with the requirements of the PCI DSS, but understanding the relationship between your business and your service providers can help clarify your compliance obligations.  Further,  understanding card brand operating regulations, not just the security standards, can help clarify merchant and service provider obligations.  

Lastly, businesses are often just as susceptible to con artists and social engineers as individuals.  Understanding the the most popular scams can help owners protect their businesses. 


As always, please feel free to forward this newsletter to anyone that you think might be interested. 

The ProPay Team
Chargebacks Simplified
by Drew Petersen, AVP, Risk Management

A chargeback occurs when a cardholder contacts their card-issuing bank and requests that a transaction be reversed. The card-issuing bank should find out as much information as they can from the cardholder and determine whether or not issuing a chargeback is the correct solution.  Once the card-issuer has determined a chargeback is the next logical step, the transaction in question is reversed and the funds are debited from the merchant and given back to the cardholder on a temporary basis.  At this point, the merchant who processed that transaction has the opportunity to dispute the chargeback and recover the funds.


There are several reasons a cardholder may request a chargeback, ranging anywhere from fraud to non-receipt of merchandise or services.  There are different chargeback timeframes and requirements based on the reason for the chargeback. For example, a chargeback on a VISA® card for non-receipt of merchandise or services can be issued up to 120 calendar days after the agreed upon delivery date.  Most chargebacks have similar time frames, therefore it would be in the merchant's best interest to store documentation validating the charge for a period that is sufficient to meet these time frames.


The documentation that becomes most important depends on the reason for the chargeback.  When a cardholder claims they did not authorize a transaction, it's highly valuable to be able to produce a cardholder signature showing their authorization.  In an eCommerce transaction, it's important to validate that the products ordered were delivered to the cardholder's verified address (This is one reason the Address Verification System is so important).


It's easy to become lost in all the different rules and regulations surrounding chargebacks.  Each card brand seems to have their own reasons, timeframes, and requirements. While it would be beneficial to know each of these regulations, it's just not feasible for most merchants to do so.  When dealing with credit and debit card transactions, merchants need to consider every type of documentation to verify they are working with the cardholder, receive their authorization, and deliver the products or services as agreed upon.  If the cardholder still wishes to issue a chargeback, at least the merchant has placed themselves in the  most advantageous position to resolve this issue and recover the funds.  If a merchant is not able to fulfill their obligations, they should communicate that with the cardholder and refund the transaction.

Service Providers, QSAs, and PCI...Know the Rules

by Chris Mark, Exec. Vice President, Data Security and Compliance

Understanding the role of service providers and where liability lies for non compliance with the PCI DSS can be a difficult proposition for many small merchants. Qualified Security Assessors (QSA) and Approved Scanning Vendors (ASV) may exacerbate the situation by inadvertently providing misleading or inaccurate information. Ultimately, the liability for compliance with the card brand rules (PCI DSS) or a compromise of data will fall on the merchant. For this reason it is imperative that merchants understand the specifics of who is responsible for what component of the PCI DSS, as well as how they can ensure that they (the merchant) are protected in the event of a data breach or other event. While this newsletter does not allow for an in depth discussion of the rules, ProPay's Blog; "The ProPay Perspective" has a number of articles on the topics. For the convenience of our readers, I have listed the relevant postings.



The ProPay Perspective Blog: Service Providers...Know the PCI Rules

The ProPay Perspective Blog: PA DSS...Know the Rules

The ProPay Perspective Blog: PA DSS...Know the Rules version 2

The ProPay Perspective Blog: PCI Rules and Regs, Who Can Make Me Comply

Visa Payment Application Security Mandates

Scammers Never Sleep 

by Dr. Heather Mark, PhD, Senior Vice President, Market Strategy

While most of us occasionally take a break to catch our breath and reconnect with the world around us, it seems that scammers never sleep. Rather, they are constantly looking for new ways to trick people out of their hard earned money. Most frequently we hear about scams that target consumers, but it's important to note that small businesses, in fact any business, may be equally susceptible to fraudsters and scammers.


The Better Business Bureau recently released a list of the scams projected to be among the most prevalent in 2011. Not surprisingly, data breaches and identity theft topped the list. One might be surprised to find data breaches on the list of scams, but not all breaches are the result of an attack on technology. Very often, data breaches occur as a result of social engineering. Social engineering occurs when a person gains the trust of a business owner or employee and convinces them to provide the data thief with access. In that way, the data thief doesn't have to circumvent technology, but can metaphorically walk out the front door with the sensitive data.


Another scam that recently came to light centers on financial assistance for small businesses. Companies offer to aid small business owners in getting grants and loans. These companies then charge service fees to the businesses for this assistance. The FBI recently conducted a raid on three companies offering to help small business owners obtain grant monies.


Unfortunately, business owners must remain vigilant for scams of all sorts in order to protect their business. Although the BBB and other resources have detailed some of the most prevalent scams targeting businesses, scammers and criminals are creative and new schemes are constantly evolving.


The best defense against these scams is you - ask questions and don't be afraid to say NO.


ProPay Provides Merchants with Multiple Mobile Payment Processing Options

Scott Nelson, Vice President, Marketing

You're a mobile merchant on the move, or in other words, a mobile sales professional, ProPay provides a powerful suite of mobile processing options. Over the next few months you'll see even more mobile offerings from ProPay. Today, ProPay offers the following mobile payment processing options.


ProPay Mobile - Merchants with a Smartphone and a ProPay Account can now process credit and debit card transactions virtually anytime, anyplace. ProPay Mobile is automatically available to all ProPay merchants. Merchants can log-in to, with their ProPay credentials, begin processing payments, check account balances, or move funds. ProPay Mobile enables merchants to accept credit or debit card payments anywhere their Smartphone's can connect to With ProPay Mobile merchants can:


  •         Process credit or debit cards in real time
  •         Transfer funds from their ProPay accounts to a validated bank account
  •         View account balances, transactions in process, total monthly amount processed

In addition to the ProPay Mobile optimized browser, ProPay offers merchants additional mobile solutions that enable merchants to accept and process credit and debit card payments on the go including:


MicroSecure™ Card Reader - The MicroSecure Card Reader is a small, easy to use swipe device that provides real-time credit and debit card processing and authorization when connected to an internet enabled computer. If internet access is not available, the MicroSecure Card Reader provides store-and-forward capabilities for capturing the payment data and processing those transactions later. The MicroSecure Card Reader encrypts payment card data at swipe to ensure that it is secure through transmission and processing. Merchants also have the option to store the payment data in ProPay's secure data storage service for other transactions such as repeat billing.


ProPay/VeriFone PAYware Mobile™ Bundle - Recently, ProPay partnered with VeriFone® to offer a mobile processing bundle that includes a ProPay Merchant Account and VeriFone's PAYware Mobile device. Merchants receive a robust merchant account and the ability to accept and process credit and debit cards using their iPhone 3 or 3GS.


IVR Phone Processing - ProPay's IVR Phone Processing service provides a simple, secure, and cost-effective credit and debit card processing option which is accessible 24 hours per day, 365 days per year via a toll free number. This solution is ideal for any mobile business that needs a real-time credit or debit card authorization. Transactions are immediately approved or declined.


Create your opportunity to make a sale with ProPay's suite of mobile payment processing options. To learn more click here.

DISCLAIMER:  ProPay, Inc. provides this newsletter only for general information or educational purposes.  Nothing herein should be relied upon without seeking the advice of an attorney or other professional appropriate to the subject matter.  While ProPay, Inc. strives to ensure information in this newsletter is accurate and current, ProPay, Inc. does not guarantee or represent that the information is correct, complete, or up-to-date; nor shall ProPay, Inc. be liable for any indirect, incidental or consequential damages (including lost data, information or profits) sustained or incurred in connection with the use of, operation of, or reliance upon any information contained in this newsletter.