October 12, 2015

No Comments

Chip Technology and Tips

How to Handle Tips and Gratuity with EMV Chip Technology

Many restaurants and hospitality service providers are wondering how to best manage tips and gratuities as the U.S. migrates to chip technology, and what options restaurant owners and other merchants in travel and entertainment can pursue. To help merchants we are providing access to a white paper that is intended to provide a high-level overview of tip processing in EMV chip environment. Please refer to payment network guidelines for specific implementation information.

As the U.S. migrates to chip, certain market segments that accept tips and gratuities via card payments must consider how to best serve their customer base without disrupting current acceptance practices. This is the cornerstone of U.S. chip migration—to ensure continued card acceptance with limited disruption to a merchant’s business…..

Please complete the form below and we will email you a link to download the complete White Paper on EMV Chips and it’s effect on Tips and Gratuity.

March 3, 2015

No Comments

Restaurant Loyalty Program Evolution

(originally published on the PosiQ blog)

For years, marketers and restauranteurs alike have been searching for ways to create a loyalty experience that is as engaging as it is effective. The first stage in the evolution of loyalty platforms came in the form of punch cards, glorified business cards that were typically stamped or hole-punched to denote how many times a guest had visited a business. After a certain number of visits, they would receive some type of reward. However, as this type of loyalty system caught on, more and more businesses began to use it and as with all things popular, the novelty of the punch card began to run dry.

Most importantly, there was no way to track whether or not these cards were driving in more customers.

In turn, the next phase in the evolution of loyalty platforms came to life in the form of digital punch cards. This form got rid of the clutter and consolidated each restaurant’s businesses into one, uniform card.

While this was great in theory, the results were relatively the same. The novelty of all card-based loyalty platforms had almost completely diminished. Customers weren’t rushing back to fill up their cards because the rewards weren’t creative or engaging enough.

So, this brings us to the fundamental question of: “why do restaurants implement a loyalty system?” In the most basic sense, a loyalty system should reward a loyal customer with something they’ll want to come back and redeem. These rewards should be significant and personal.

A vegetarian does not want a free steak.

In summary – the most effective rewards are the also most personal.

This is where small businesses have the advantage over larger chains. The customer should feel like they have a deeper, more intimate relationship with their favorite restaurant. They don’t want to feel like another number.

A loyalty system should be able to leverage customer-purchasing data to create personal rewards to strengthen the bond with their customers.

PosiqCRM’s integrated loyalty system uses data in the POS system so that tastes, patterns & behavior collected from each customer can be used to create special rewards and offers for the most loyal customers. Furthermore, our system does not make use of punch or digital cards. Rather, they use the power of mobile phones to communicate on a one-to-one basis with customers.

To learn more about how to integrate this unique rewards program directly into your POS system, contact us today!!

February 23, 2015

No Comments

2015 EMV Deadline Looms–Your Questions Answered

Most likely you’ve been hearing all about the October 2015 deadline in regard to being able to accept EMV and Chip/PIN as a merchant, but chances are you’re not 100% clear on what it means to you and your business.  We jumped on the phone with an industry expert Jason Cowan of Spark Solutions based in Salt Lake City, Utah and got the straight scoop on what all of this technology means and what restaurants need to be doing in preparation.  It’s a short but informative chat.

February 17, 2015

No Comments

The Wagon Wheel: Restaurant Employee Theft Prevention

Are you familiar with all of the ways employees can steal from restaurants and bars?  According to the National Restaurant Association, theft and fraud amount to 4% of industry sales!

One of the most common is through a trick called “The Wagon Wheel.”  How does it work?  A server starts a tab with a sandwich and a coke.  If the customer pays in cash, then the server goes into the POS system and transfers the coke off the check and closes out the tab to just the burger and pockets the cash.

Then, the next time someone orders a coke and the server starts the ticket on that tab, ultimately transferring off the coke to another tab and pocketing the cash once again.

The server is usually using frequently ordered items like soft drinks, especially too because they are servicing their own beverages.

Bartenders can do the same with alcoholic beverages as well since they are the ones preparing their own orders.

How can you protect yourself from this method of theft? Advanced POS systems will have monitors and controls in place to monitor suspicious behaviors and patterns such as low sales of server-controlled items over a period of time.

MICROS, for example, has an alert manager which can send push notifications to your phone when these things are happening.  Or, you can pull the audit and analysis report to see marked areas of concern.  One way to prevent it altogether is if the system will make an item transfer impossible without the authorization of a manager.

Need help with protecting your business against this kind of theft? Contact us today for a quote! (480) 603-3020

February 9, 2015

No Comments

Part 2, More Fraud Prevention Tips for POS

A continuance of our tips from last week from Mercury:

  • Merchants should attempt to swipe every card through a POS terminal. If the terminal cannot read the card, merchants should take a manual imprint of the card. When using a manual imprinter, merchants should check the draft for a clear impression of the card to ensure that they have captured the embossed card account number. Merchants should also complete the draft with the date, description of merchandise/service, sales tax, total dollar amount and authorization number, and get a signature.
  •  Merchants should never allow customers to tell them how to “get the transaction to go through” (for example, by doing a ticket only transaction without getting an authorization). This will result in a chargeback, and these customers will have “stolen” or obtained items for free.
  • Merchants must obtain customers’ signatures. The signature on the draft must match the signature on the back of the card.
  • If a customer’s card is unsigned, merchants should request another form of identification with a photo and signature. Merchants should request that the customers sign their cards and then compare the two signatures. If customers refuse to sign, merchants should inform them that they are unable to accept an unsigned card for payment and then request another form of payment. The card association rules dictate that card acceptors must not complete the transactions if cardholders refuse to sign the card. Visa, MasterCard, and Discover’s websites provide materials designed for merchant use and offer tips on what merchants can do to prevent fraud.
  • Use caution when taking an overseas order. Fraudulent transactions that originate overseas are on the rise. Remember that international transactions are high-risk transactions. Know your customer. Properly identify the person with whom you are dealing. Take a second look at what is being ordered and where it is being shipped. Did your customer offer you multiple cards as payment? Is the customer asking for immediate shipment? If so, you may have just detected a fraudulent transaction and saved yourself from taking a loss. There is a tremendous amount of fraud with international transactions, and it is virtually impossible to win the chargeback case. Banks outside the U.S. may not support additional security features like AVS, CVV2, and Verified by Visa. If in doubt, do not hesitate to contact Mercury and we will be happy to assist you.
  • Utilize security functions such as entering the “last four digits” of the card on swiped-card transactions and Address Verification and CVV2 code to discourage use of counterfeit cards. Verified by Visa and MasterCard SecureCode are payment initiatives designed to reduce the risk of unauthorized use of cardholder account by authenticating the cardholder attempting to make a purchase online. Authentication makes internet shopping better and safer for both buyers and sellers by reducing the merchant’s exposure to fraud and frivolous disputes, and protecting the cardholder from fraudulent use of his/ her card. Implementing Verified by Visa shifts liability away from the merchant and onto the card issuer.
  • If you are going to run an unusually large transaction, or if you need to manually key numerous transactions when you usually swipe your credit cards, call ahead to let Mercury know what you are doing. Otherwise, your account may be flagged for unusual and suspicious activity, which may cause your funds to be held.

February 4, 2015

No Comments

Part 1: 6 Tips to Prevent Fraud at the Point of Sale

Thank you to Mercury for sharing these important tips for preventing fraud at the point of sale!

  • If a photograph of the cardholder is present on the card, merchants should compare the photograph on the card with the person presenting the card.
  • Merchants should check cards for the hologram. A hologram is a three dimensional symbol in either gold or silver foil that is designed to help deter counterfeiting. The image should reflect light and appear to move when you tilt the card. NOTE: The Visa hologram is an image of a dove; the MasterCard hologram is an image of a world map; the Discover hologram has four distinct images.
  • Merchants should check cards (including the signature panel) to see if they have been altered.
  • Merchants should check the valid date (some cards are not valid until the date shown) and the expiration date on the face of the card. If the card is not yet valid or expired, the card acceptor should not accept the card and should instead ask for another form of payment. NOTE: Cards are valid through the last date of the month, unless an exact date is displayed.
  • For each card type, merchants should be aware of the first four digits and the total number of characters. NOTE: A Visa-branded card number begins with a “4” and has 13 or 16 digits; a MasterCard-branded cardnumber begins with a “5” and has 16 digits; a Discover card number begins with a “6” and has 16 digits. Merchants should check the first four digits of a card. For Visa and MasterCard, the first four digits of the embossed card number must match the four digits printed above or below that number on the front of the card.
  • The account number on the front of the card should match the number printed on the back of the card in the signature panel. For Visa, American Express and Discover, merchants should compare the entire account number imprinted in the signature panel with the embossed account number on the face of the card. For MasterCard, merchants should compare the four-digit truncated account number imprinted in the signature panel with the last four digits of the embossed account number on the face of the card. For MasterCard, merchants must contact their acquirer for instructions if: • Merchants believe there is a discrepancy in the\ signature. • The last four digits of the embossed account number do not match the four digit truncated account number on the signature panel or displayed on the terminal. • The photographic identification is uncertain. If any MasterCard does not have a MasterCard hologram on the lower right corner of the card face, merchants must confiscate the card and contact their acquirer’s Code 10 operator for instructions on card pick-up and mailing.

January 20, 2015

No Comments

Understanding PCI Compliance

By Merchant Link Staff, original article here.

Though the Payment Card Industry Data Security Standards (or PCI DSS) applies to every merchant who accepts payment cards, many merchants lack a comprehensive understanding of what PCI is, or how it’s enforced. Unfortunately, this puts these folks at a serious disadvantage when it comes time to make decisions around PCI compliance – a particular problem for new or aspiring business owners.

Here’s a look at the most common misconceptions about PCI compliance!

1) PCI is a set of industry rules – not a law.

One common misconception is that PCI originates with the government, like other security requirements such as HIPAA. But it’s important to note that PCI is a creation of the payment card brands. It is a necessity for merchants who wish to process, transmit, and store payment card data; it generally encourages wise and responsible security practices; but PCI is not a law.

The rules were instituted to help prevent payment card fraud for which the card brands were ultimately responsible. An independent entity – the PCI Security Standards Council – was established in the early years of the twenty-first century to manage the rules and educate the industry.

However, the Security Standards Council does not penalize merchants directly.

2) Non-compliant merchants are penalized by their acquiring banks.

If a merchant experiences a security breach and is found to be non-compliant with PCI rules, they may be subject to fines. Those fines may be steep, too. Depending on the circumstances, merchants might have to pay anywhere from $5,000 to $100,000 every month until they address all compliance issues. If they don’t resolve the problem satisfactorily, they could even have their ability to accept cards revoked.

But here’s the key thing to remember about PCI compliance fines: merchants are not fined by the Security Standards Council. Instead, the card brands penalize the merchant’s acquiring bank – and the bank has the ability to pass the loss along by assessing a fine on its non-compliant merchant.

This enforcement structure is important for merchants – particularly new merchants – to understand. Because acquiring banks bear the brunt of responsibility for merchants’ security efforts, they have a degree of flexibility in their PCI enforcement policies. And this adds another important consideration for merchants as they get to know acquiring banks.

3) Acquiring banks determine how a merchant must demonstrate compliance.

Since banks are responsible for enforcing PCI compliance, they can decide how they wish to verify a merchant’s compliance (and how they penalize non-compliance).

There are two main ways that merchants are asked to demonstrate their compliance with PCI: Merchants may either indicate compliance by working through a self-reporting checklist on their own, or they may be required to undergo a full audit by a certified third-party security expert known as a Qualified Security Assessor. Which style of compliance demonstration is required for a particular business is determined entirely by the relevant acquiring bank.

From the merchant perspective, both reporting styles have their advantages and disadvantages. Self-reporting may seem less daunting, but it also leaves room for error, including simple misinterpretation of the rules and requirements. Audits may take more work and be more costly, but they also give a merchant (and their bank) more certainty that the merchant is in compliance. Merchants should consider what each style of reporting would require of their business and discuss the topic with their acquiring bank.

4) PCI compliance rules can be a useful resource.

It’s not unusual for business owners to feel frustrated by rules and requirements like PCI. Few get excited by additional obligations that call for spending more time and money. But the most productive way for merchants to think about PCI is as a set of continuously evolving security best practices.

The network security landscape is in constant flux. New threats and vulnerabilities are constantly emerging. Simply keeping up with the most effective ways to protect an organization and its customers can be (and in larger businesses, often is) a full-time job. Yet security is increasingly essential for merchants – breaches can mean major financial, legal, and reputational damages.

Currently in Version 3.0, the evolving PCI rules are a resource for business owners, helping merchants keep their security measures current – and helping their customers do business with confidence. Business owners can make use of the PCI Security Standards Council’s website for small and medium-sized businesses to learn more about their particular compliance requirements and security strategies suited to their businesses. New business owners are encouraged to learn all they can about PCI, and use the resources available to protect themselves and their businesses.