Top Ten Signs You’re Identity Has Been Stolen


Millions of people fall victim to identity theft each year costing them heavy in both time and money. Catching identity theft early on is the best way to fight it.  The earlier you do, the quicker you are able to begin restoring any damage that has been done. In order to make this happen, you need to on alert for the signs of identity theft.

1. There are withdrawals from your checking account that you did not make

Often, this is the first sign of identity theft. When looking at your account, you may see purchases you did not make or checks you did not write. Before something like this takes place, put in a call to your bank and see what their procedure is for handling identity theft with regards to your checking account. You might be able to put some security measures in place that can help deter something like this from happening in the first place.

2. You access your credit report and there are accounts you did not open

This is a pretty obvious one.  You may see errors in your report like an opened credit card that you closed, but a new account opening is an alert that someone has stolen your identity.  Also be sure to go over any credit inquiries.  If you see any that don't look familiar, this is a sign someone has tried to open an account in your name. You are eligible to view your credit report for free each year, take advantage of it.

3. You are receiving phone calls from debt collection agencies

If you are receiving phone calls from debt collectors, this is a sure sign of  identity theft. On the flip side, this could also be a debt collection scam. In this scenario, the scammer tricks you into believing you owe money on a debt and they try collecting it from you.  They may even threaten arrest to get you to pay or at least divulge personal details.  Your first line of defense is knowledge. Be sure to know what your debt collection rights are.

4. The IRS has rejected your tax return

This type of tax refund scam is one of the most rampant ones because it is so simple to do.  The individual who has stolen your identity files a tax return in your name and collects the refund money from the IRS.  The only way you end up finding out is when you go to file your taxes and you are notified by the IRS that you have already filed for the year.

5. A business you frequent has notified you that they have experienced a data breach

We may have all received one of these letters at one time or another.  Whether it be a store or your bank, you are notified that there has been a data breach. When something like this occurs, you are typically offered free credit monitoring or a freeze put on your credit which will keep anyone from using your credit to apply for anything.

6. You start receiving medical bills for procedures or doctor visits you did not have

Medical identity theft is by far one of the more distressing types of identity theft.  You can find out one day that in a short span of time,  thousands and thousands of dollars worth of medical bills have been accumulated in your name.  To make matters worse, your own insurance may not even cover any medical expenses that you have for yourself because your benefits have been exhausted. There are even future implications if the thieve's medical information ends up mixed up with your own medical records.

7. You are unusually denied for a loan or credit card

If you know yourself to have a pretty good credit score and you end up denied for a loan, that is a red flag that your identity was stolen.  Go ahead and access your credit report to see the discrepancies.  Also keep in mind that if you are turned down for a loan, you are entitled to know why.

8. Your checkbook or credit card go missing

We have all looked for a checkbook or credit card and assume that it has been misplaced in your home somewhere.  This could be the case, but do keep in mind that a decent percentage of identity theft is actually committed by someone you know.  This could be a friend, family member, neighbor or any other acquaintance.

9. You get a new credit card in the mail

If you happen to receive a credit card in the mail that you did not apply for, you guessed it, someone may have applied for it using your name. Any welcome letters from credit card companies that you have not contacted is also a sign of identity theft.

10. Bills stop arriving in the mail

If you stop getting important pieces of mail like a bank statement or utility bill, this could mean someone has changed your address or someone is stealing your mail from your mailbox.

In an effort to keep your identity secure, be sure to do the following:

Simple Steps To Take In Order To Protect Your Financial Information


Many people have received notice of a data breach at some point.  With the recent Equifax breach all over the news, people are scrambling to check their bank and credit card accounts.  Unfortunately, simple everyday activities like using our debit card or even answering the phone can put your data at risk.  For this reason, it is crucial to make sure you are properly safeguarding your personal financial details.

Below are 10 simple and easy things you can do today to start safeguarding your personal information

Change your passwords if necessary

At the most basic level, you passwords for things like your bank account and personal email should be complex and non repetitive. Using your social security number or any other personal details as your password is a big no no.  You also want to stay away from using any details that are listed on any social media accounts for answers to security questions or as part of a password.  For example, if you list your hometown of New York City, someone could easily use that information to hack an account.
In an age where we do everything via our phones and computers, it may seem simple to send out personal details, but sending any bank account or social security numbers electronically should never be done.  If you really need to send these details to someone, you should use an efax service.

Slow down

When it comes to giving out financial information, the key is to slow down.  There are many scams out there that are happening everyday, especially after a major data breach occurs.  If you receive an email asking for any personal financial information, take your time reading it.  If it has any spelling or grammatical errors, it is most likely a scam.  A real company would not send out an email like this. In addition, if a company contacts you asking for information right away, pause.  Watch out for that sense of urgency that they are pushing.  Do not click on anything and delete the email.  Also beware of attachments.  They are a very simple way for scammers to give you malware or a virus on your computer. For this reason, you want to stay on top of updating your security software.

Do not answer calls from unknown numbers

Scammers are very good at what they do and they can easily spoof their number to make it seem like you are receiving a call from an actual company.  If you receive a call from a number that seems suspicious, ignore it and do not answer.  If you do answer and they start asking for information, hang up right away.

Only shop on secure websites

Prior to providing sensitive information like a credit card  number on a website, look at your browser.  If the website address starts with “https” and not “http,” you can be assured that it is a secure site.  The "s" stands for secure and means all the communication between you and the site is encrypted. If you are dealing with a smaller website, you may not have that option and the risk is a little higher.  If you are using public wi-fi like the one offered at Starbucks, you definitely do not want to enter any personal details on any websites.

Be wary of how you pay

With so much focus on security in online shopping, we cannot forget about safeguarding what we do in person.  Try keeping at most two credit cards on you at any given time that way you minimize the damage if your wallet is stolen.  When making a payment, opt to use a credit card as opposed to your debit card as you tend to have more protections at your disposal.  If someone gains access to your debit card, they can empty your account.
If you need to get cash, stick to getting it from the ATM at the bank.  Stay away from using a stand alone ATM at a restaurant or gas station.  If you do use one and your card jiggles when you put it in, there may be a skimmer there.
When paying with a check, head to the post office to mail it out.  Leaving mail with sensitive information in your mailbox leaves you open to fraud since a criminal can easily gain access to it.

Monitor your credit

With all the data breaches and identity theft occurring these days, monitoring your credit report is essential.  You should have an idea of what your credit score is and keep an eye on it for any drastic changes.  Everyone is entitled to a free credit report every year from the 3 major credit agencies (Experian, Equifax and TransUnion) and you should get one from each throughout the year that way you can compare.  Credit Karma or AnnualCreditReport are both reputable sites you can use.
If you think you may forget about checking on your credit report, you can always sign up for a credit monitoring service like LifeLock. They will notify you any time there is suspicious activity under your name. If you really think your identity may be compromised, call the credit agencies and put a freeze on your credit and think about contacting a credit repair company. You will not be able to get any credit with the freeze and you can call to remove it once you have determined there is no longer an issue.  They key takeaway is to be vigilant when it comes to your personal information.

Do not sync sensitive information to the cloud

Both Android and Iphone devices allow you to automatically sync your information which helps if your phone is lost or it breaks.  This type of convenience can cost you your privacy though. You are putting out personal information into the cloud for the world to access.

Make sure your wireless network is secure

Anytime you access the internet via a Wi-Fi network, you are at risk.  As your network's radio waves go through your walls, a hacker can set up an antenna and hack into your network from miles away and steal your information. For this reason you should always use additional security protection for your Wi-Fi network.

Do not answer chain email

Even if you have security software installed on your PC, you may still receive things like chain emails asking for personal information. Delete them and move on.  Also make sure not to download files you receive from anyone including from friends and family unless you are aware of the content and you know that it is secure.

Watch your children's online activity

Kids are always on some sort of device these days.  Make sure you are safeguarding them by installing and using parental controls software.  This lets you monitor their online activity and also keeps them from having access to undesirable web sites and potentially sharing any personal information through online communications.

Simple few Steps To Take If You Are A Victim Of Identity Theft


Below are 10 things to do when you find out you have been a victim of identity theft.

1. Close out any credit or debit cards

Call all your credit card companies as well as any debit cards to report the fraudulent charges and request that they close your accounts. You can then have them open new accounts for you with new cards.  The quicker you do this, the quicker you can put a stop to the theft's spending spree.

2. Put a credit freeze or fraud alert on your credit reports

In order to safeguard your credit, put either a fraud alert or credit freeze around your credit.  If you do a fraud alert you can expect it to last for 90 days and if you want to renew it, you can.  You also have the option to do an extended one that lasts seven years.  If you wish to do the extended one, you will need to get in touch with each of the three credit-reporting agencies (ExperianEquifaxTransUnion) and request this over the phone or do it online.
The fraud alert will require that lenders must take additional steps to help in the verification process of your identity before opening any new accounts for you.  If you feel a fraud alert is not enough protection, you can also do a credit freeze.  This will put your credit on lockdown and no one can access it.  Make sure to keep this in mind if you plan on applying for any loans or anything else where you know they will need to check your credit.  If for some reason you do need to lift the credit freeze, you can.  Just contact each agency and provide them with the pin code you were given when you initiated the freeze.  Although a freeze on your credit is a deterrent, it does not mean someone can't use your identity to commit fraud in other areas.

3. Contact the FTC

The (FTC) has a website dedicated to those affected by identity theft: IdentityTheft.gov. You can find helpful information as well as file a report directly with them.  You can also call them at 1-877-438-4338 and whatever option you choose, make sure you give as much detail as possible in your report. This report will serve as proof to the companies you are dealing with that you were in fact the victim of identity theft.

4. File a police report

In order for your Identity Theft Report to be complete, you will need to get in contact with your local police department to report the theft.  Make certain to ask for a copy of the police report as well as the report number. Your police report and your FTC Identity Theft Affidavit make up your Identity Theft Report.

5. Provide creditors with a copy of your ID theft report

Notify all creditors in writing that you are the victim of fraud and be sure to add a copy of your Identity theft report. You also want to ask each creditor to provide you and the police department with any documents that show fraudulent transactions. They may not just hand this over to you but fight for it if you need to.  This info will help track down the person that stole your identity.  Once you inform the creditors of the fraud, they should stop reporting it to the credit reporting agencies.

6. Dispute fraudulent accounts on your credit report

Get all three of your credit reports and go through them to see if there are any accounts you did not open.  AnnualCreditReport.com allows you to access them once per year for free.  If you find ones you did not open, immediately contact the credit reporting agency that shows the error.

7. Change all account passwords

Go through all your accounts and change the password.  Make sure to avoid using obvious things for your password.  Your passwords should be a combination of upper and lower case letters along with numbers and special characters.

8. Apply for a new driver’s license

If someone is using your driver's license as an ID, you will need to apply for a new number.  Just go to your nearest  Department of Motor Vehicles to get a new number and license.

9. Call your utility and telephone company

An identity thief can use your utility bill as proof of residence to open an account so get in touch with your phone and utility company to alert them.

10. Call the Social Security fraud hotline

If you think your social security number has been compromised, contact the Office of the Inspector General.  Request a copy of your Personal Earnings and Benefits Statement and look it over to see if it is accurate.

Simple Steps To Avoid Advance Fraud Schemes occurs when the victim pays money to someone.

Below are 10 things to do when you find out you have been a victim of identity theft.

1. Close out any credit or debit cards

Call all your credit card companies as well as any debit cards to report the fraudulent charges and request that they close your accounts. You can then have them open new accounts for you with new cards.  The quicker you do this, the quicker you can put a stop to the theft's spending spree.

2. Put a credit freeze or fraud alert on your credit reports

In order to safeguard your credit, put either a fraud alert or credit freeze around your credit.  If you do a fraud alert you can expect it to last for 90 days and if you want to renew it, you can.  You also have the option to do an extended one that lasts seven years.  If you wish to do the extended one, you will need to get in touch with each of the three credit-reporting agencies (Experian, EquifaxTransUnion) and request this over the phone or do it online.
The fraud alert will require that lenders must take additional steps to help in the verification process of your identity before opening any new accounts for you.  If you feel a fraud alert is not enough protection, you can also do a credit freeze.  This will put your credit on lockdown and no one can access it.  Make sure to keep this in mind if you plan on applying for any loans or anything else where you know they will need to check your credit.  If for some reason you do need to lift the credit freeze, you can.  Just contact each agency and provide them with the pin code you were given when you initiated the freeze.  Although a freeze on your credit is a deterrent, it does not mean someone can't use your identity to commit fraud in other areas.

3. Contact the FTC

The (FTC) has a website dedicated to those affected by identity theft: IdentityTheft.gov. You can find helpful information as well as file a report directly with them.  You can also call them at 1-877-438-4338 and whatever option you choose, make sure you give as much detail as possible in your report. This report will serve as proof to the companies you are dealing with that you were in fact the victim of identity theft.

4. File a police report

In order for your Identity Theft Report to be complete, you will need to get in contact with your local police department to report the theft.  Make certain to ask for a copy of the police report as well as the report number. Your police report and your FTC Identity Theft Affidavit make up your Identity Theft Report.

5. Provide creditors with a copy of your ID theft report

Notify all creditors in writing that you are the victim of fraud and be sure to add a copy of your Identity theft report. You also want to ask each creditor to provide you and the police department with any documents that show fraudulent transactions. They may not just hand this over to you but fight for it if you need to.  This info will help track down the person that stole your identity.  Once you inform the creditors of the fraud, they should stop reporting it to the credit reporting agencies.

6. Dispute fraudulent accounts on your credit report

Get all three of your credit reports and go through them to see if there are any accounts you did not open.  AnnualCreditReport.com allows you to access them once per year for free.  If you find ones you did not open, immediately contact the credit reporting agency that shows the error.

7. Change all account passwords

Go through all your accounts and change the password.  Make sure to avoid using obvious things for your password.  Your passwords should be a combination of upper and lower case letters along with numbers and special characters.

8. Apply for a new driver’s license

If someone is using your driver's license as an ID, you will need to apply for a new number.  Just go to your nearest  Department of Motor Vehicles to get a new number and license.

9. Call your utility and telephone company

An identity thief can use your utility bill as proof of residence to open an account so get in touch with your phone and utility company to alert them.

10. Call the Social Security fraud hotline

If you think your social security number has been compromised, contact the Office of the Inspector General.  Request a copy of your Personal Earnings and Benefits Statement and look it over to see if it is accurate.

Data and Intelligence to Trace Payment Card Fraud


At Black Hat on Thursday two researchers described how they were able to use intelligence, transactional data, and predictive analytics to help identify payment card fraud victims.

LAS VEGAS – Buzzwords like machine learning and blockchain have mostly been the butt of jokes here at Black Hat but researchers have genuinely been able to use intelligence and data forensics to make a difference when it comes to processing vast swathes of information on the web.

Researchers with Terbium, a dark web data intelligence company and the Royal Bank of Canada, described this morning how they were able to use intelligence harvested from the dark web, alongside transactional data, to trace the history of payment card fraud victims.

Credit card fraud remains an enormously profitable venture for attackers, who manage to rake in $10 billion each year.

By analyzing compromised cards and building up candidate groups, the researchers said can determine the point of compromise, or at least make an informed inference as to where certain cards may have been hacked.

“It’s a classic big data problem,” Cathal Smyth, a machine learning researcher with the Royal Bank of Canada's Vanguard cybersecurity team, said in a Black Hat session Thursday morning. “Often a breach can affect a large number of clients with a huge number of transactions, but there’s still a degree of uncertainty. Trying to find the right combination of candidates [victims] is like trying to find a needle in a haystack.
What the researchers elected to do was light that haystack on fire, figuratively, at least.


In one instance the researchers found a breach – but the point of compromise was spread across 10 batches of data. It had a large impact on clients but it wasn’t entirely clear where the breach took place. All that could be deduced, based on the data, was that a large number of Canadians were affected.

Eventually, after digging into the data, Smyth’s team saw transactions from a restaurant and a digital store, and observed an overlap between candidate transactions and the group, which confirmed a positive point of compromise.

One of the biggest challenges, as is to be expected, is interpreting all of the data.

"You can't assume there’s only one breach, you have to be careful with the thresholds you use but you can still make inferences," Smyth said.

Smyth and Clare Gollnick, Terbium’s CTO, said the process is a still a proof of concept but that it could be automated in time, to potentially identify victims in as little as 30 minutes.

The research is a bit like paleontology in the sense they’re going back, after fraud has happened, to identify accounts and systemic risk but could be adapted to help identify victims before fraudulent transactions have been made.


“Data is valuable and defense is necessary,” Smyth said, “using this approach it’s possible to prevent some sort of loss down the road.

What is Email Security and Data Protection ?



A DEFINITION OF EMAIL SECURITY
Email security describes various techniques for keeping sensitive information in email communication and accounts secure against unauthorized access, loss, or compromise. Email is a popular medium for the spread of malware, spam, and phishing attacks, using deceptive messages to entice recipients to divulge sensitive information, open attachments or click on hyperlinks that install malware on the victim’s device. Email is also a common entry vector for attackers looking to gain a foothold in an enterprise network and breach valuable company data.

Email security is necessary for both individual and business email accounts, and there are multiple measures organizations should take to enhance email security.

THE NEED FOR EMAIL SECURITY
Due the popularity of email as an attack vector, it is critical that enterprises and individuals take measures to secure their email accounts against common attacks as well as attempts at unauthorized access to accounts or communications.

Malware sent via email messages can be quite destructive. Phishing emails sent to employees often contain malware in attachments designed to look like legitimate documents or include hyperlinks that lead to websites that serve malware. Opening an email attachment or clicking on a link in an email can be all that it takes for accounts or devices to become compromised.

Phishing emails can also be used to trick recipients into sharing sensitive information, often by posing as a legitimate business or trusted contacts. Phishing attacks against businesses often target departments that handle sensitive personal or financial information, such as accounts payable or human resources. In addition to impersonating known vendors or company executives, attackers will try to instill a sense of urgency in phishing emails to increase their chances of success. Phishing emails aimed at stealing information typically will ask recipients to confirm their login information, passwords, social security number, bank account numbers, and even credit card information. Some even link to counterfeit websites that look exactly like that of a reputable vendor or business partner to trick victims into entering account or financial information.

ENTERPRISE EMAIL SECURITY BEST PRACTICES
There are multiple ways to secure email accounts, and for enterprises, it’s a two-pronged approach encompassing employee education and comprehensive security protocols. Best practices for email security include:

Engage employees in ongoing security education around email security risks and how to avoid falling victim to phishing attacks over email.
Require employees to use strong passwords and mandate password changes periodically.
Utilize email encryption to protect both email content and attachments.
Implement security best practices for BYOD if your company allows employees to access corporate email on personal devices.
Ensure that webmail applications are able to secure logins and use encryption.
Implement scanners and other tools to scan messages and block emails containing malware or other malicious files before they reach your end users.
Implement a data protection solution to identify sensitive data and prevent it from being lost via email.

END USER EMAIL SECURITY BEST PRACTICES
There are also some important best practices that end users should follow to ensure secure email usage. Arming your employees with the know-how to avoid risky behaviors can make a substantial impact on your company’s ability to reduce risks associated with email. Email security best practices for end users/employees include:


  • Never open attachments or click on links in email messages from unknown senders.
  • Change passwords often and use best practices for creating strong passwords.
  • Never share passwords with anyone, including co-workers.
  • Try to send as little sensitive information as possible via email, and send sensitive information only to recipients who require it.
  • Use spam filters and anti-virus software.
  • When working remotely or on a personal device, use VPN software to access corporate email.
  • Avoid accessing company email from public wi-fi connections.

By educating employees on email security and implementing the proper measures to protect email, enterprises can mitigate many of the risks that come with email usage and prevent sensitive data loss or malware infections via email.

secure online transactions . there is some tips for you and you should follow them well


Every now and then, there comes a new report regarding a fresh online security hack being unveiled and while the online world is trying to  move towards complete digitization, the fact that when it comes to optimum online security, there is a long way ahead of us is also true. Moreover, online transactions is one area on which mostly all cyber attacks are focused and while, we as consumers, have made online transactions popular as they make our lives much easier with the diversified options it offers, it is also true that everything in life comes with a risk and with online transactions, it’s bigger than we think.

The online economy is nothing but billions of dollars being exchanged almost every single day, moreover, online transactions/shopping has resulted in lower prices, unmatched ease of buying as well as incredibly diverse choices for consumers. Being confident due to the millions of transactions taking place, many of us regularly shop and bank online with any second thought. From ordering pizzas to literally buying a house and from transferring money to booking tickets online, these online transactions are the need of the hour which is also looking to practically eliminate the worry of standing in a queue or waiting, to say the least.

However, as unfortunate as it might sound, online fraud and identity theft sort of come complimentary with the popularity and ease of online transactions, thanks to clever cyber thieves as well as sloppy consumers with precarious Internet shopping habits.

When it comes to ‘how to secure your online transactions’, while there is no guarantee that you will always be safe from a cyber threat including viruses, hackers, malware and other scams, it’s more of a habitual change that you need. On that note, here we are listing six tips that you can follow to secure your online transactions.

Tips for you and you should follow them well

1. Choose your password wisely: While choosing a password, strictly follow the given instructions by banks, mutual funds, etc for choosing the same while making an online transaction (keep it complex and change it regularly). Also using anniversaries or names and a date of birth, of people who are close to you is strictly discouraged since all this could easily be guessed. Moreover, neither share a password with an outsider nor communicate it via social media.

2. Avoid phishing emails: Always Be careful about emails asking about your personal/confidential financial information. The government, SEBI, RBI or even any other regulated entities never ask for password or card numbers.

3. Beware of public Wi-Fi: Never ever resort to making an online transaction from a cyber cafe or through a public Wi-Fi or a shared system. Always prefer your home computer and also install adequate firewalls and anti-virus software. It’s also a good habit to keep your computers/laptops updated with new security patches and operating systems, always.

4. Secure Socket Layer (SSL): Always check for Secure Socket Layer (SSL) or https security on the login page of any particular bank’s website. Here, the ‘s’ after the ‘http’ indicates that a particular site is secure. Similarly, look for identity verified-signs as well as SSL security of an online shopping portal in order to protect your debit/credit card number along with your personal information. Also, check for the padlock icon in the browser window.

5. Autocomplete: Always disable Autocomplete/Password storage in your browser since they have a tendency to keep caches of sites you visit, and on prompting, could offer to save passwords for you. However, if you opt for this, you will have to enter all the passwords and URLs every time to come online, but the inconvenience is worth it as your data will be safe in case of a data theft attempt or if your system gets stolen.

6. Web browser privacy mode: This is said to be the best tool in order to keep your online transactions safe, moreover, every new browser comes with this feature. This option sets up a separate browser window that deletes all the data on the moment a particular browser window is closed while clearing caches as well as keeping your private data out of public domain.


Stay vigilant, stay safe!!
More...

Online Payment And How To Accept Payments Online


Online payment refers to money that is exchanged electronically. Typically, this involves use of computer networks, the internet and digital stored value systems. When you collect a payment over the internet, you are accepting an online payment. Online payment usually is the transaction that results in transfer of monetary funds from the customer bank or credit card account to your bank account. The online payment can be done from a credit card, checking account or other clearing house like paypal for example.

Merchants accepting online payments need to comply with a list of security requirements. The online payment specific security is designed to decrease the chance of the billing and personal information being stolen. The transfer needs to occur over secure encrypted connection. In the cases of recurring billing where customer data is stored, the merchant needs to enforce a longer list of security features and protocols that are usually referred to as PCI compliance requirements. Recurring billing systems that employ online payment procedures need to be periodically scanned for security vulnerabilities.

To accept an online payment the merchant needs to have access to an Online Payment Gateway. The online payment gateway is a service provider that is integrated with the credit card and transfers the online payment information between the merchant and the payment processor.

The typical online payment process has the following stages:

  1. Customer submits the payment information to the merchant. For example customer completes the payment form on the merchant website and submits the information.
  2. The merchant submits the payment information to the online payment gateway.
  3. The online payment gateway submits the payment to the payment processor.
  4. The payment processor authorizes the payment and responds to the payment gateway
  5. The payment gateway responds back to the merchant
  6. The merchant responds back to the customer showing if the online payment was successful or not and taking the appropriate action.

An e-commerce online payment system facilitates the acceptance of electronic payment for online transactions. Also known as a sample of Electronic Data Interchange (EDI), e-commerce online payment systems have become increasingly popular due to the widespread use of the internet-based shopping and banking.

A payment service provider (PSP) offers merchants online services for accepting electronic online payments by a variety of payment methods including credit card, bank-based payments such as direct debit, bank transfer, and real-time bank transfer based on online banking. Some PSPs provide services to process other   methods   including cash payments, wallets such as PayPal, prepaid cards or vouchers, and even paper or e-check processing.

An Internet Merchant Account (IMA) allows merchants to accept debit/credit card payments directly to their business bank account, online. Due to the stringent criteria required for an Internet Merchant Account (IMA), many smaller businesses opt for a payment processing company instead.

Using a Payment Gateway, provided by a Payment Service Provider (PSP) offers an alternative for businesses whose card-based-turnover is too low or who fail to meet the criteria for an Internet Merchant Account  (IMA).

What is Identifying Phishing ?


What is Phishing?

'Phishing' is a form of web forgery designed to steal your identity, usually for financial gain.

It works by using false pretences to get you to disclose sensitive personal information, like credit and debit card numbers, account passwords, or bank account details.

One of the most common phishing scams involves sending a fraudulent email that appears to be from a trusted company or brand. This email then directs you to a fake version of a well-known website and records any information you enter, such as your password, financial details and more.

PayPal is committed to helping shut down these sites and ensure that you're able to spot phishing immediately. We make it our job to keep your identity as safe as possible, online.


How do I know this is not a fake email?

An email really coming from PayPal will address you by your first and last name or your business name. It will not ask you for sensitive information like your password, bank account or credit card details. Most fake emails threaten that your account will be in jeopardy if you do not take action immediately. An email that urgently requests you to supply sensitive personal information is usually an attempt at fraud. Also, fake emails often contain misspellings and grammatical errors or are written in a language which you did not set as preferred for your PayPal account. Remember not to click any links in suspicious looking emails.


Be cautious of any unexpected emails that ask you for:

  1. Credit or debit card numbers
  2. Passwords
  3. Bank account numbers
  4. Your full name
  5. Driving licence numbers
  6. Postal address
  7. Email addresses



As you need to add bank or card details to your PayPal account in order to use it, we may occasionally send you emails about how to do this. However, we will only ever ask you to enter personal details on the secure PayPal website, after you have safely logged in to your PayPal account.

Did you notice suspicious activity? 
More...

What is a Payment Gateway?

When processing a credit card transaction, information needs to be sent somewhere to see if the cardholder has sufficient funds to pay for the sale. In a traditional brick and mortar transaction it’s actually the POS (point of sale) machine which takes the cardholder data, formats it and sends it to Visa or MasterCard to see if the customer has sufficient funds. 

In an ecommerce transaction the service takes place online via a payment gateway. The payment gateway receives transaction requests (that are sent online by software like Shopify) and then connects to Visa or MasterCard, and ultimately down the line to the customers card issuing bank to see if they have sufficient funds. If they have enough cash, the transaction is authorized and the funds are transferred from the cardholder into the merchant account. Often, a merchant account and payment gateway are set up in one process through the same company.


What is a Payment Processor? 
When discussing payments, the phrase “payment processor” tends to be used arbitrarily and mostly incorrectly. It's most often used by business owners interchangeably in reference to the merchant account provider, the gateway, or both (especially because the merchant account and gateway are often provided together). In technical terms, this is an incorrect usage of the term. However, it’s used this way so commonly and freely that there is in fact a street/layperson definition and a technical industry definition which is quite different.  


In industry terms, the payment processor is the services that a payment gateway sends transaction requests to. The payment processor then handles the transaction request and sends the authorization and settlement files from Visa and MasterCard and distributes them across the network to the various payment gateways and merchant account providers. The payment processor also handles other aspects of the transaction such as the handling of charge back requests and settlement. In short: Payment processor is a generalized term to refer to a company that processes Visa and MasterCard payments.

What is the Difference Between a Payment Gateway and Processor? 
As we can see above, the terms are used interchangeably, and for a layperson most often mean the same thing. Example: a processor is a company that facilitates the processing of payments on behalf of a merchant.

Why do I Need to Apply to get a Merchant Account?
Broken down to it’s most basic core, the reason you must apply and be approved in order to get a merchant account is because they have the potential to lose money every time they process a credit card transaction on behalf of your business.

Visa and MasterCard have a very clear policy that is enforced when a cardholder pays for a good or a service: 
The cardholder is entitled to receive the promised good or service. If such good or service is not delivered then the cardholder is entitled to getting their money back. 
This is one of the basic consumer protection principles that apply to credit card transactions. 
In order to mitigate this risk the credit card processor has a screening / application process. Note that most processors charge an application fee, and only some will refund the application fee in case of a decline. If you're concerned about being declined, ask if your setup fee is refundable. It’s not an unreasonable request and if your chosen processor won’t agree you can find another that will.

Watch Out for Unrealistic Promises  
When you speak to your prospective processor ask what type of documentation will be required and how long it will take to get approval. There should be concrete answers to this question. In particular, if they are making blanket promises or statements that seem unbelievable like “we approve any type of account”, (especially if you know your product or service is higher risk), you should be highly skeptical.  
This is also a point at which you should make sure you get a copy of your merchant agreement before signing the contract. If it’s seeming entirely too rosy, with no explanation of the process and little mention of supporting paperwork then consider yourself fairly warned: you may not receive what was promised.

How to Get Approved for a Merchant Account

1. Gather Your Financial Statements

Financial statements are the single best tool you can bring to the table in order to leverage the best terms of approval possible.

From time to time I work with clients that do not want to provide financial statements. It’s usually because they are a mid-sized company that is privately owned and they value that privacy. Company financials are sensitive business information. However, from a payment processing perspective this is a significant mistake. More than anything else, most underwriters will want to see financial stability demonstrated so that they know the company will continue successfully operating well into the future. 
On the flip side of this coin I work with startups that don’t have solid a financial history. Being a startup is tough and being in that situation (especially if you have a risky product) makes it hard to get approval. The underwriter knows that if a pile of chargebacks come in the merchant may have difficulty returning the funds to the cardholders. Merchants in a startup position would give anything to have a strong balance sheet because it would make a huge difference in their approval. If a business has worked hard to earn success, it's a poor decision not to leverage this successful history to get the best possible terms of approval. Use your financial statements or be prepared to put up a security reserve. You will want to provide the most recent balance sheet, profit and loss statement, and any notes from the accountant. 
A note on startups:  if you have not yet completed a year end don't fret. If trading volumes are smaller, then approval should be relatively easy to achieve (less money trading through the account means less potential risk). If you operate a startup business that is likely to do strong trading volume out of the gate you will have to leverage the other tips found below to achieve approval. It may also be helpful to work with a processor or agent that specializes in consulting with startups to help through the approval process. Some processors are more startup friendly than others.


2. Consider Your Processing History

Having a strong processing history is another extremely important tool to leverage your application. The more money you trade, and the fewer chargebacks, the stronger case you build. The logic is simple: if you've processed credit cards previously and been successful then why would that change? It wouldn’t. Always supply at least 3 months processing statements whenever available. 6 months is going the extra distance. If you trade high volumes or have a high risk product or service dig up an entire years worth of statements. It may be a bit of extra work but it will be well worth the effort if it reduces or eliminates the need for a security reserve.

Processing statements should always show the following broken down by month:
  • Number of transactions
  • Total transaction volume
  • Number of refunds
  • Total refund volume
  • Number of chargebacks
  • Total chargeback volume