Merchant Information Media
2016 Security Updates
In 2016, you may need to do an update to your terminal and/or browser. This should be easy and we can rapidly walk you through what needs to be done. The updates need to get done by October 1, 2016. Here is a description of what is happening and why.
The first security update pertains to most merchants. The change is to the security certificate used to verify you are who you say you are when you send Internet communications. The update is from SHA 13 to SHA 2. Why is this happening? Because unfortunately, hackers and criminals have broken SHA 1. SHA 2 has been released to handle that. This guideline tells you what you need to do based on how you are set up to take payments.
The second security update is to your Internet browser. When browsers send and receive data, when the URL has an ‘s’ at the end of the “http” making it “https”, they are sending it securely, meaning they scramble the data so that no one else can intercept and read it.
They use something called the TLS3 protocol to do this. If you regularly update your browser version, you are probably already using a version which supports TLS Version 1.24. Below is a list of browsers that support TLS Version 1.2.
- Google Chrome Version 30 and higher
- Google Android 5.0 and higher
- Firefox Version 27 and higher
- Microsoft Internet Explorer and Internet Explorer Mobile Version 11 and higher
- Microsoft Edge (Windows 10)
- Opera Version 12 and higher
- Apple® Safari Version 5 and higher
At some point before October, you will want to verify that you’re using an updated version of your preferred Internet browser. The card brands (Visa®, MasterCard®, Discover®, AMEX®, etc.) have mandated these changes so that card numbers don’t get stolen when that data is travelling through the Internet. These need to be done in order to continue processing cards.
MasterCard Changes
Also in October, MasterCard is introducing a new series of Bank Identification Numbers (BINs)5. What that means is that some MasterCard cards will now start with a “2” instead of the usual ‘5’. In order to be sure that you can process these cards, Customer Service will need to update you.
Summary
These changes will help protect your security and allow you to process all the cards that customers want to use. So stay tuned for a call from your Customer Service Rep contacting you to make these changes.
1 A protocol is a set of rules between two communication points for the relay of digital information.
2 SHA stands for Secure Hash Algorithm. It is basically a formula (algorithm) that scrambles (encrypts) data sent from one place to another.
3 TLS stands for Transport Layer Security
4 For more information, go to https://en.wikipedia.org/wiki/Template:TLS/SSL_support_history_of_web_browsers.
5 BIN stands for Bank Identification Number, and is the first four to six digits of a credit card. The bank identification number identifies the financial institution issuing the card. It is critical to the correct matching of transactions to the issuer of the charge card. The first number in the series designates which card “brand” is being used: 2 (new) and 5 = Mastercard; 3 = American Express; 4 = Visa; 6 = Discover.
Merchant Resources
Welcome and congratulations on obtaining your new merchant bankcard processing account. Your credit card processing services will be provided by UMS Banking (United Merchant Services of California, Inc.) and powered by the authorization processing of Global Payments Direct, Inc. Together, our goal is to ensure that you have all the information necessary to help your business grow. We encourage you to study both the Card Acceptance Guidelines, provided for you on this page, as well as the Card Services Terms & Conditions.
Merchant Regulatory Requirements
- Click here for regulatory issues you need to be aware of.
- The CFPB is issuing this Compliance Bulletin to the industry to remind entities of their obligations under the Electronic Fund Transfer Act (EFTA) and Regulation E when obtaining consumer authorizations for preauthorized electronic fund transfers (EFTs) from a consumer’s account.
Additional Information for Merchants
For payment security and fraud management, take a look at MasterCard’s Resources page. We have provided a link to their website for your convenience: Tips from Mastercard
- Internet certificate guidlines (SHA-2 requirements) and how to avoid an interruption of processing after December 2016
- American Express Card Acceptance
- Accepting MasterCard Unembossed Cards
- MasterCard Card Identification Features
- Visa Card Identification Features
- Discover Card Identification Features
- Truncation Requirements
- Diners Club Transactions Processed as MasterCard Transactions
- Digital Wallet Guidelines for Merchants by Visa
Frequently Asked Questions
If you have a problem or question not answered on this page, please contact Help Desk Support
- I'm getting communication errors on my Verifone VX terminal?
- Why is my VX series terminal printer not printing anything?
- Why don't I see the deposits in my account?
- What do I do if I get a 'Call' or 'Call ND' message?
- What do I do when I get 'No Line' message?
- What do I do if I get 'Service Not Allowed' message?
- Why would my terminal issue a decline?
- Why would my terminal issue a decline Cvv2?
- Is there any terminal maintenance I need to do?
- What do I do if my terminal does not print a receipt?
- Why can't I get the machine to read a credit card's chip?
- What should I do if I think I've been compromised?
- Not able to get into GAA, BusinessView, or G2.
- Not able to log into USA Epay.
- Where can I order supplies?