Merchant Information Media
2016 Security Updates
In 2016, you may need to do an update to your terminal and/or browser. This should be easy and we can rapidly walk you through what needs to be done. The updates need to get done by October 1, 2016. Here is a description of what is happening and why.
The first security update pertains to most merchants. The change is to the security certificate used to verify you are who you say you are when you send Internet communications. The update is from SHA 13 to SHA 2. Why is this happening? Because unfortunately, hackers and criminals have broken SHA 1. SHA 2 has been released to handle that. This guideline tells you what you need to do based on how you are set up to take payments.
The second security update is to your Internet browser. When browsers send and receive data, when the URL has an ‘s’ at the end of the “http” making it “https”, they are sending it securely, meaning they scramble the data so that no one else can intercept and read it.
They use something called the TLS3 protocol to do this. If you regularly update your browser version, you are probably already using a version which supports TLS Version 1.24. Below is a list of browsers that support TLS Version 1.2.
- Google Chrome Version 30 and higher
- Google Android 5.0 and higher
- Firefox Version 27 and higher
- Microsoft Internet Explorer and Internet Explorer Mobile Version 11 and higher
- Microsoft Edge (Windows 10)
- Opera Version 12 and higher
- Apple® Safari Version 5 and higher
At some point before October, you will want to verify that you’re using an updated version of your preferred Internet browser. The card brands (Visa®, MasterCard®, Discover®, AMEX®, etc.) have mandated these changes so that card numbers don’t get stolen when that data is travelling through the Internet. These need to be done in order to continue processing cards.
Also in October, MasterCard is introducing a new series of Bank Identification Numbers (BINs)5. What that means is that some MasterCard cards will now start with a “2” instead of the usual ‘5’. In order to be sure that you can process these cards, Customer Service will need to update you.
These changes will help protect your security and allow you to process all the cards that customers want to use. So stay tuned for a call from your Customer Service Rep contacting you to make these changes.
1 A protocol is a set of rules between two communication points for the relay of digital information.
2 SHA stands for Secure Hash Algorithm. It is basically a formula (algorithm) that scrambles (encrypts) data sent from one place to another.
3 TLS stands for Transport Layer Security
4 For more information, go to https://en.wikipedia.org/wiki/Template:TLS/SSL_support_history_of_web_browsers.
5 BIN stands for Bank Identification Number, and is the first four to six digits of a credit card. The bank identification number identifies the financial institution issuing the card. It is critical to the correct matching of transactions to the issuer of the charge card. The first number in the series designates which card “brand” is being used: 2 (new) and 5 = Mastercard; 3 = American Express; 4 = Visa; 6 = Discover.
Welcome and congratulations on obtaining your new merchant bankcard processing account. Your credit card processing services will be provided by UMS Banking (United Merchant Services of California, Inc.) and powered by the authorization processing of Global Payments Direct, Inc. Together, our goal is to ensure that you have all the information necessary to help your business grow. We encourage you to study both the Card Acceptance Guidelines, provided for you on this page, as well as the Card Services Terms & Conditions.
- Click here for regulatory issues you need to be aware of.
- The CFPB is issuing this Compliance Bulletin to the industry to remind entities of their obligations under the Electronic Fund Transfer Act (EFTA) and Regulation E when obtaining consumer authorizations for preauthorized electronic fund transfers (EFTs) from a consumer’s account.
Additional Information for Merchants
For payment security and fraud management, take a look at MasterCard’s Resources page. We have provided a link to their website for your convenience: Tips from Mastercard
- Internet certificate guidlines (SHA-2 requirements) and how to avoid an interruption of processing after December 2016
- American Express Card Acceptance
- Accepting MasterCard Unembossed Cards
- MasterCard Card Identification Features
- Visa Card Identification Features
- Discover Card Identification Features
- Truncation Requirements
- Diners Club Transactions Processed as MasterCard Transactions
- Digital Wallet Guidelines for Merchants by Visa
Frequently Asked Questions
If you have a problem or question not answered on this page, please contact Help Desk Support
- I'm getting communication errors on my Verifone VX terminal?
Unplug the power from the back of the terminal (If you have a pin pad, do NOT unplug the pin pad). Leave it unplugged for 5 seconds then plug it back in. If the terminal is still getting communication errors, please check phone line.
- Why is my VX series terminal printer not printing anything?
Omnis use thermal paper, which only prints on one side. Make sure when you replace the paper, you have it feeding up from the bottom of the roll (like a carpet), rather than from the top. It also does not feed through the roller, simply hold a portion of the paper over the screen and close the door.
- Why don't I see the deposits in my account?
Visa/MC/Discover generally take two business days to deposit, Amex takes three days.
- What do I do if I get a 'Call' or 'Call ND' message?
Call the voice authorization center for approval and then run the transaction through the terminal as a forced sale/post authorization/offline sale.
- What do I do when I get 'No Line' message?
The machine is not picking up a dial tone from the phone line. Check to make sure you can hear the tone, if you can, contact your phone provider and make sure you have analog lines.
- What do I do if I get 'Service Not Allowed' message?
You are not currently set-up to run the card-type you are attempting to charge.
- Why would my terminal issue a decline?
The cardholder does not have enough funds to cover the cost of the purchase.
- Why would my terminal issue a decline Cvv2?
The 3 digit verification code from the back of the card did not match or was bypassed.
- Is there any terminal maintenance I need to do?
No, but it’s always safer to have the terminal plugged into a surge protector.
- What do I do if my terminal does not print a receipt?
DO NOT rerun the sale until you run a detail report to see if the sale actually went through. You can also try a reprint.
- Why can't I get the machine to read a credit card's chip?
The chip on the card may be damaged or compromised in some way, or there may be a problem with the terminal that will require a reboot or possibly a replacement. Alternatively, you may have outdated software in your terminal which will need to be updated. If the problem persists, please contact our helpdesk at (800) 866 1881.
- What should I do if I think I've been compromised?
Contact UMS immediately at (800) 324-8323!
- Not able to get into GAA, BusinessView, or G2.
Please contact our helpdesk at (800) 866 1881 so that we can help you get the appropriate database access.
- Not able to log into USA Epay.
Call them directly at (866) USA-EPAY, (866) 872-3729.
- Where can I order supplies?