Payment Processing


Element is Named the Best Channel Vendor by Business Solutions Magazine for the Third Year in a Row

Bcv-20122010, 2011 and now 2012. For the third year in a row of Element Payment Services has been selected by Business Solutions magazine as one of the Best Channel Vendors. Value Added Resellers (VARs) and Independent Software Providers (ISVs) who participated in the Business Solutions' annual survey ranked Element as a top payment processor for its innovative and reliable technologies, and service and support.

Being honored for this award actually marks the fifth award in a row for Element Payment Services from Business Solutions magazine. In addition to the Best Channel Vendors, Element has also received the Best Channel Product 2010 and 2011 awards.

Receiving the Best Channel Vendor award is a direct product of Element and the dedicated team, working to achieve their mission to reduce the burden of PA-DSS and PCI DSS compliance requirements for their software providers and customers, while providing the best possible service. Element works to develop and provide technologies that enable its partners to stay ahead of the payment industry’s security requirements and offer best-in-class solutions to their customers.

Business Solutions magazine partnered with Penn State University to conduct the survey and analyze the results. The web-based survey of nearly 4,300 of the most active VAR subscribers drew nearly 11,000 votes, continuing the tradition of this being one of the largest surveys of it s kind, across categories that included service/support, features, innovation and reliability. Once the votes were analyzed and compiled, the top vendors were awarded as the 2012 Best Channel Vendors. Of all vendors that are included, only the top five percent of selected vendors were honored with this award, making this an exclusive list of winners, of which Element is included.

Element Payment Services is recognized for its 2012 Best Channel Vendor award in the January 2012 issue of Business Solutions Magazine, as well as on the Best Channel Vendors Feature page, year-round.

For more information on Element and their award winning payment processing solutions, contact us today.


Part 2 - 12 Holiday PCI Compliance Tips, Questions and Advice and Security Best Practices to Get You Ready for the New Year

Card swipePCI compliance tips five through eight

5. I heard that PCI DSS is too hard

Understanding and implementing the 12 requirements of PCI DSS can seem daunting, especially for merchants without a large security or IT department. However, the PCI DSS standard mostly calls for good, basic security practices. Even if there was no requirement for PCI compliance, the best practices for security contained in the standard are steps that every business would want to take anyway to protect their customers’ sensitive data and continuity of operations. There are many products and services available to help meet the requirements for security and PCI DSS compliance.

When people say PCI DSS is too hard, in many cases the complaints are in fact around cost. However, the business risks and ultimate costs of non-compliance, can vastly out-weigh any PCI DSS implementation costs, including fines, legal fees, and especially lost business. Implementing PCI DSS should be part of a sound, basic security strategy. This holiday season ensure that your business meets the PCI DSS Compliance standard by making achieving compliance part of your ongoing business plan and budget.

6. What are the penalties for noncompliance of the PCI Requirements?

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. This PCI compliance fine can then be passed on downstream until it eventually hits the merchant. The acquiring bank may then also either terminate the merchant relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic, especially to a small business. This holiday season, make sure you are familiar with your merchant account agreement, which should outline your exposure.

7. If I’m running a business from my home, am I a serious target for hackers?

Yes, home users are arguably the most vulnerable, as they are usually not well protected. Adopting a 'path of least resistance' model, intruders will often zero-in on home users and will often exploit their 'always on' broadband connections and typical home use programs such as chat, Internet games and file sharing applications. This holiday season make sure you identify and fix any security vulnerabilities on your desktop or laptop computers.

8. What information should I routinely check to spot a fraudulent card?

  • Check the Expiration Date: The card is valid through the last date of the month. Do not accept an expired card.
  • Check the Valid Date: Some cards will have this feature, in which the card is not valid until the date shown. Do not accept an invalid card.

Check the Four Digits: The first four digits of the embossed card number must match the four digits pre- printed above or below that number.



Visa Releases PCI Compliance Level Stats – Results are Up and Down

New_visa_big_logoOn June 30 of this summer, Visa made compliance statistics of merchants’ public, detailing PCI Compliance figures for those working to achieve Level 1, Level 2 and Level 3 compliance. On Monday, October 31, 2011, the card brand released the most recent compliance numbers. The released results were mixed, with a positive trend for Level 1 merchants, but with an overall decrease for Level 2 and Level 3 compliance. It should be noted that the card brand has continued its practice of not reporting compliance numbers for Level 4 compliance, rather just announcing for this reporting period that Level 4 compliance is “moderate.”

Each PCI Compliance level is determined by the number of transactions that a merchant processes each year, as well as whether the transactions occur online, in a brick and mortar location or a combination of both. For Level 1 merchants more than six million Visa transactions must be processed a year; Level 2 merchants process from one to six million transactions a year; Level 3 merchants handle 20,000 to one million online Visa transactions a year; and Level 4 merchants process less than a one million Visa transactions per year.

The statistics were positive for Level 1 merchants, as a 98 percent compliance rate was reported. This number was up from the 97 percent compliance rate that was announced earlier in June 2011. These numbers were based on 407 retailers, which was also an increase compared to earlier this year when only 377 retailers were included in the reporting.

The PCI compliance numbers for Level 2s and Level 3s weren’t quite as encouraging. Level 2 merchants dropped from 96 percent compliance down to 91 percent. There were more Level 2 merchants accounted for in this report, with 1,060 compared to 881 in the summer report, which may have attributed to the decline in this case. Level 3 merchants saw a decline from 60 percent to 57 percent from October 2011 to June 2011 respectively. The number of Level 3 merchants being reported is the largest of the three groups, with 3,049 merchants, up 25 from the last reporting period. Compared to the other PCI compliance levels, these numbers may be alarming, though Level 3 tend to be new entry merchants, starting with a relatively low level of PCI DSS compliance, attributing to these percentages.

As the card security industry continues to push the need to achieve PCI compliance, it is somewhat concerning that the numbers overall are in a decline, as it would be expected that numbers in any group would show steady signs of improvement. There are still details that Visa is not reporting on, which could allude to the compliance decrease, though many are left speculating what exact causes can be pointed to.

For more information on how you can help your business achieve you PCI Compliance Level download our PCI compliance guide.


What do you Really Know About Tokenization? Released Tokenization Guidelines Help Explain.

PCI-SSC-LogoAt times, there can be confusion in the industry surrounding tokenization, a process designed by technology providers, as a means to secure cardholder data while providing merchants with the functionality needed to run their businesses. Last week, the PCI SSC tried to clarify any questions surrounding this technology with the scheduled release of the PCI Data Security Standard (PCI DSS) tokenization guideline. The guidelines are designed to provide merchants with a better understanding of how they can incorporate tokenization into their card payment security strategy, as well as how their efforts relate to, and impact compliance with the PCI DSS.

At its simplest level, tokenization technology replaces a primary account number at the point of sale with a surrogate value called a “token” to improve data security. Subsequently, if tokenization is used properly, a merchant would not need to retain the primary account number in the payments system used at the business once the transaction is processed. This results in a minimized amount of data a business would need to keep on hand, ultimately bolstering the security of credit card transactions, while limiting the cost and complexity of meeting compliance requirements at the same time.

Unlike several of the other well-known technologies in the industry, tokenization does not have standards. So while the technology provides a great level of value, some merchants still need help knowing the best practices on how to incorporate tokenization so it works most optimally for their business and their customers. It is important to understand that tokenization is not an alternative to the standards, as merchants still have to comply with the PCI DSS.

The tokenization guidelines released by the PCI SSC should help merchants understand the options surrounding the technology, and how it fits their business’ needs. These guidelines will also benefit tokenization service providers and assessors, clarifying how the technology can limit or eliminate scope by transferring the responsibility of storing sensitive cardholder data away from the merchant to a payments technology provider. This is especially valuable as it also simplifies the PCI DSS assessment process by limiting the number of requirements applicable to the merchants’ environment. 

To learn more about this technology, download our tokenization white paper or contact Element today.


The Element Express Processing Platform Recognized as a 2011 Best Channel Product By Business Solutions Magazine

BCP_2011_logo_tile On August 1, 2011, Element’s Element Express Processing Platform solution was selected by Business Solutions magazine as one of 2011’s Best Channel Products. Value Added Resellers (VARs) and Independent Software Vendors (ISVs) participating in Business Solutions' annual survey ranked the Element Express Processing Platform as a leading payment processing technology, making it one of only three solutions in this category. Being honored with the 2011 Best Channel Products award makes this the fourth consecutive award for Element Payment Services from Business Solutions magazine since the survey debuted in January 2010. Element’s past awards include Best Channel Vendor in 2010 and 2011, and the Best Channel Product in 2010 and now in 2011.

The Element Express Processing Platform is a purpose-built payment engine, architected for an evolving industry with a Service Oriented Architecture (SOA). Using Element’s Web services or XML interface, ISVs can easily integrate software applications with Express, incorporating its robust suite of PCI compliant technologies, which include point-to-point encryption (P2PE) and tokenization.  ISVs and merchants have long relied on Express to deliver innovation, reliability and simplified payment processing.

Business Solutions magazine partnered with Penn State University to conduct and analyze the survey of its subscribers. As part of the Web-based survey, VARs/ISVs were asked to rate a product’s richness of features/functionality, product reliability/durability, ease of integration, ease of upgrading and the VAR’s/ISV’s ability to service. The 2011 Best Channel Products recognition was given only to the top few vendors who scored highest in the product categories. This is a new format from years past where many products were selected for each category, making this award even more competitive.

1,490 VARs/ISVs participated in the survey, casting a total of 11,711 votes, making it one of the largest surveys of its kind, especially at this level of detail.

Receiving its fourth straight award from Business Solutions magazine is representative of Element’s dedication and commitment to providing its software partners and their customers with solutions that help reduce risk, liability, and cost, while easing the burden of PCI compliance. 

Contact us today for more information on the Element Express Processing Platform solution and how Element can help your business. 


Fed Announces Final Durbin Amendment Rule – TSG Analysis

Durbin-amendment-rulling The Federal Reserve announced their final ruling on debit card interchange fees and routing. The finalized rules affect all banks issuing debit cards, pre-paid cards, and payment card networks, as well as merchants who process debit and prepaid card transactions. However, small issuers (banks and networks under $10 billion in assets), government programs and gift cards are exempt form the ruling.

Throughout the years merchants have become increasingly restless over the rising debit card transaction fees and regulations. According to the 2009 Nilson Report, $1.21 trillion in purchases were paid for by debit cards and processed through Visa and MasterCard networks, which generated $19.7 billion in fees paid to debit card issuing banks by merchants. The Durbin Amendment fought to cap these fees and regulate the control that banks and networks have over debit card transactions. 

The Durbin Amendment is a component of the Dodd-Frank Wall Street Reform and Protection Act sponsored by Senator Richard Durbin (D-Ill.). The Amendment was successfully passed to cap debit card fees for merchants. This victory for merchants offers some relief from high fees and creates a competitive market, allowing merchants to shop around for lower transaction prices.

The final ruling on debit interchanges implements a base fee cap of $.21 with an allowance of $.05 to account for fraud protection costs. An additional proposed rule is in discussion that allows banks to charge an additional $.01 per transaction if they meet specific fraud prevention standards.

The final limitations on payment card networks included:

  • Disallowing issuers or payment card networks the ability to restrict merchants to route debit transactions over any other network that processes such transactions.
  • Networks are not allowed to prohibit setting defaults for PINs or signatures.

In addition, networks cannot prevent merchants from offering payment by cash incentives, and networks cannot prevent merchants from imposing a $10 transaction minimum or prevent merchants from setting maximum transaction amount limits. (TSG Takeaways)

These debit interchange rules and limitations on payment card networks go into effect October 1, 2011. The official document can be found on the website.

Element Payment Services is a supportive resource for your payment processing questions. For help understanding how the Durbin Amendment affects your business, contact Element today. 


Highlights from the 2011 Electronic Transactions Association (ETA) Annual Meeting and Expo

A dialogue with Apple co-founder Steve Wozniak kicked off the 2011 ETA Annual Meeting and Expo held this year in San Diego, Calif. May 10 - 12. Wozniak explained that payment processing at Apple is not a top priority and that Apple is waiting until they can do it right – “I think they'll hold off and not make any moves until they know they can do it right” (The Green Sheet). Wozniak also discussed the future of mobile payments, suggesting that "tap-and-go technology is so compelling that it will be in everyone's hands within just a few years" (The Green Sheet). He believes that Near Field Communications (NFC) technology will be the next big thing for mobile payments.

The conference also featured keynote speaker, former Sen. Christopher Dodd, D-Mass., co-author of the Consumer Protection Act of 2010 and the Dodd-Frank Wall Street Reform. Dodd touched upon the Durbin Amendment and the looming debit interchange regulation. Dodd went on to encourage ISOs, MLSs and their partners to reach out more to their local politicians to fight against further legislation. Dodd feels that it would be easier to contact them directly, saying “I can assure you that if you were to invite your member of Congress to come to your business to learn what you do and about your issues, you'd have a lot more luck than anyone standing in the halls of Congress trying to [lobby] staffers" (The Green Sheet). However painful, regulatory and PCI compliance issues are not going away. Critical security measures are put in place to protect consumers and stay current with technology. 

Mobile payments was the hot topic for this year’s meeting, since more and more people have smart phones and are using them to shop, therefore making mobile card acceptance, couponing and security high priorities for merchants. Visa took the opportunity at the expo to announce its mobile wallet plans that feature "a range of customized mobile payments services that address the specific requirements of geographic markets around the world" (Visa). People are excited for mobile wallet solutions and it came through at the show. 

ETA 2011 had a lot of hype around a new certification program was promoted. Visa’s new Certified Payments Professional program, which had officially launched in February 2011, is designed to be the industries first professional certification process for sales agents and others engaged in the distribution of electronic payment products and services.

ETA attendees noted that this year’s show seemed to be a bit quieter, with fewer people and less industry news as compared to past expos. However, ETA contacts say that attendance and exhibitor numbers had increased. Overall, attendees reported to be pleased with the quality of the interactions and networking opportunities.  

The Electronic Transactions Association is an international trade company that represents companies who offer electronic transaction processing products and services. The ETA encourages businesses to network within the electronic payments industry through education and advocacy. The three-day meeting and expo was open to international electronic payments professionals and business owners.


CardSense™ PCI DSS Compliant Payment Technology

The release of CardSense™ has the industry buzzing about the new PCI Compliant technology that helps merchants and providers reduce credit card processing risk and fees. CardSense allows merchants to identify a customer’s card type before processing the transaction, resulting in risk mitigation, lower transaction fees, and secure handling at the point of sale.

Businesses, large and small, in industries, including lodging, rental car, retail and healthcare, can greatly benefit from pre-authorization identification of card types. CardSense™ easily provides this service without complicating or jeopardizing PCI compliance requirements. “CardSense allows customers to make informed decisions about how they accept payments,” said Sean Kramer, president and CEO at Element Payment Services. “As a result, customers will be able to more effectively manage processing expenses, which will improve overall operational costs.”

Earlier this year, Bluebird Auto Rental Systems (BARS), a leading provider of enterprise management software for the auto rental industry, effortlessly integrated CardSense™ into their RentWorks application. “CardSense was an anxiously awaited addition to RentWorks, and customer adoption of the technology has exceeded our expectations,” says Angela Margolit, president at BARS.


CardSense™ works by evaluating Bank Identification Numbers (BINs), a set of numbers that are issued by the credit card companies to identify the financial institution. BINs are a part of every MasterCard and Visa card number as well as account numbers to identify the type of card, i.e. credit card ranges and PIN-debit card ranges. Visa and MasterCard make these ranges available to member financial institutions in the form of BIN range tables. CardSense™ is a hosted, server-based, BIN management service allowing merchants to differentiate between credit, PIN-debit, prepaid, and FSA/HSA cards.

Adding CardSense™ to your suite of processing technologies is easy. After Independent Software Vendor’s (ISVs) business management software is incorporated with Element’s Express Processing Platform to support CardSense™, merchants simply swipe or manually run a customer transaction as usual. The business management software then allows the merchant to decide how to process the transaction: as a PIN debit, prepaid debit or a healthcare card.

CardSense™ does not require additional hardware to utilize and is designed to be fully integrated into any point-of-sale (POS) system. To get started with CardSense™, email or call an Element Payment Services customer service representative at 1.866.435.3636.


Save The Date for The 2011 PCI SSC North American Community Meeting

PCI-security-standards-meeting Don’t for get to put it on your calendar! The 2011 PCI Security Standards Council North American Community Meeting is coming up on September 20-22, 2011 in Scottsdale, Arizona at the Westin Kierland Resort, Spa and Villas.

The PCI SSC annual community meeting is a great opportunity to get the latest news and updates on the card data security industry from the experts. Each meeting brings together global leaders from across the payment chain to share insight and feedback on their experiences in protecting payment card data. With the number of people implementing or helping implement the latest PCI DSS and PA-DSS mandates, the PCI community is an ideal forum to learn and share what has worked for you and to have your voice heard on what the PCI Council should consider in future revisions. 

Join leaders from across the security, payments, finance, retail and technology fields at this two-day meeting filled with networking opportunities and informative sessions led by PCI Council and industry experts.

Each of the meeting’s sessions provides extensive opportunities for questions and answers with representatives from each of the payment brands. This meeting also offers an exclusive opportunity for Participating Organizations (PO), Qualified Security Assessors (QSAs), Approved Scanning Vendors (ASVs), PIN Transaction Security (PTS) produce providers and Payment Application QSAs (PA QSAs), to come together and gain the latest insight into current and future Council programs and resources.

Also be sure to come see Element, as we will be in attendance as an exhibiting member company in the Vendor Showcase.

If you aren’t yet registered for this industry event, register now, to save your spot.


PCI Compliance Going Mobile? May Need to Wait Until 2013 for an Update

PCI-compliant-mobile-phones Advancing technology has turned our cell phones into more than just a wireless communication device. Now loaded with cameras, the Internet and endless amounts of applications, our smartphones have become more of a personal computer we can hold in the palm of our hand. But with these advancements come the accompanied risks. Especially when it comes to using a phone as a payment device; a use we have seen skyrocket with the advanced abilities of the phones.

There are rumors coming from the smartphone industry, that Apple, Google and other mobile device manufacturers are advancing the payment abilities of the phones, making them into virtual wallets. While this is a beneficial function for smartphone users from a convenience standpoint, it adds a new challenge to payment security. These advancing abilities to make mobile payments has peaked the interested of the PCI SSC, as they look to secure these mobile payment systems. An initial step, taken in March 2011 by the PCI SSC, was to delist several mobile payment applications that had previously been approved as PCI compliant. This move was decided to allow the council time to work on security standards specific to the changing mobile applications, to ensure the proper requirements were put in place in order for these applications to be deemed PCI compliant. The PCI council also announced that it would no longer approve any new mobile payment applications until a new, comprehensive set of standards are in place for securing mobile payment transactions.

The PCI Council, however, does plan to issue some guidance on PCI compliance for emerging technologies over the next several months, since there are few best practices in place to protect credit card data flowing in and out of a mobile environment. Merchants can also reference guidance documents to gain data on these best practices.

The formal guidelines are scheduled to be put in place with the release of PCI Version 3.0, but this won’t be until 2013, when the PCI SSC plans to update the PCI DSS 2.0. This update version will offer more guidance and reference to emerging technologies.

The current state of the mobile payment industry makes the mobile environment vulnerable, and a prime target for cybercriminals - at least for the time being. Whereas before mobile devices were a place where valuable data may be stored, it seems these devices are becoming a location where this type of data is almost guaranteed to be stored. Consumers should be aware of these risks when using mobile devices to store sensitive data to best protect themselves against security risks. Sites that want to accept mobile payments are also exposed to compliance risks until further notice.

While technology continues to advance and trend toward a mobile platform, the PCI SSC remains active to help companies and consumers secure and protect sensitive data. While we wait for these security requirements to be put in place, it is important for those using mobile platforms to take precaution when it comes to using or sharing sensitive card data. To learn more about what you can do to protect your valuable information, contact us today or download our PCI compliance guides.

Search Blog

Your email address:

Bookmark and Share


About PCI DSS Compliance Blog

Email Us

PCI Compliance Resources

Industry News on Twitter

Visit Element on