October 3, 2016

Since the October 2015 liability shift, EMV remains frustrating for retailers and confusing for consumers—not a good proposition leading up to the next liability shift in October 2017.

October 3, 2016

ALEXANDRIA, Va. – One year after the October 2015 liability shift took effect for retailers to accept Europay MasterCard Visa (EMV) chip cards inside the store, thousands of chip readers have yet to be activated. To make matters more frustrating, the next liability shift—for fuels dispensers—is one year away.

Convenience retailer investments in EMV are not preventing fraud because chip cards in the U.S. are not enabled for PIN authentication, which is the most effective way to combat fraud, ensuring the customer using the card is the owner of that card. In the United States, the convenience store industry processes 160 million transactions each day and invests billions to reduce fraud at the point of sale. For example, many retailers pay to use customers’ ZIP codes to verify a transaction to protect their customers and their business. Retailers have real incentives to eliminate payment card fraud because they, according to the Kansas City Federal Reserve, absorb 80% to 90% of all fraud losses on credit and debit card transactions.

Convenience retailers will spend more than $7 billion on EMV—or just under 70% of industry pre-tax income for 2015—to upgrade and replace software and equipment to accept chip cards, but the card companies prevent retailers from requiring the use of PINs to verify the cardholder and protect against fraud. Without the protection of a PIN number on transactions, consumers and retailers are vulnerable to fraud.

Leading up to the October 2015 deadline, the card networks were late providing the necessary software specifications to accept EMV transactions. Retailers then needed certification from each card network before they could activate EMV. There were bottlenecks for both, compounded by the fact that the card networks set a liability shift timeframe without regard to the ability of equipment manufacturers and software providers to actually meet the deadline—a problem that will undoubtedly turn out to be even worse at fuel dispensers.

Nearly a year ago, NACS Board member Jared Scheeler, managing director of The Hub Convenience Stores Inc., testified before Congress that his chain of four North Dakota convenience stores had spent roughly $134,500 to install POS and pump card readers that accept EMV chip transactions. At that time, NACS estimated that the average transition cost would be more than $26,000 per store, compared with an average profit of $47,000 per year.

Since the October 2015 EMV liability shift, many retailers have also been experiencing an outrageous increase in chargebacks, mostly erroneous. Counterfeit chargeback liability is unknown, and has not been divulged by Visa and MasterCard, despite industry efforts for clarification.

Last week the Merchant Advisory Group (MAG) sent a letter to Visa and MasterCard regarding ongoing challenges with the EMV transition for in-store deployments, and highlighted concerns regarding the feasibility of the payments industry being ready for the October 1, 2017, liability shift for fuel dispensers.

“Compounding the financial burden for small merchants is the liability shift already in place for in-store EMV transactions under which chargebacks have far exceeded expectations. And for larger retailers with many stores and multiple pumps at each location, the expense is staggering,” MAG wrote in the letter.

The NACS Show is just two weeks away, so if you want to learn everything you can about EMV, its hurdles and how to prepare for the next October 2017 liability shift, do not miss out on the education, guidance and discussions that will take place during the event.

Here’s how you can maximize your time at the NACS Show learning more about EMV:

  1. Participate in Technology Edge.
  2. Attend EMV-focused education sessions, such as “Are You Prepared for EMV?”
  3. Meet with vendors at the expo.
  4. Talk to members of Conexxus and industry experts at the Technology Edge Solutions Center.
  5. Talk to NACS government relations staff and general counsel in the NACSPAC Lounge.

On Capitol Hill, most of the efforts have so far focused on the aftermath of a data breach and notification requirements. NACS is urging policymakers to consider not only what happens after a data breach occurs, but also how to prevent breaches and fraud from happening in the first place. Protecting against fraud should be a top priority for all forms of payment, including mobile payments, and the best way to authenticate transactions is through a PIN or more advanced means.

NACS is advocating that retailers should have the option to require PIN on credit and debit card transactions and those that occur on a mobile device—the same protection banks require at ATMs.

PIN is the most secure authentication technology currently available and can be implemented now. All EMV chip-card readers are PIN-enabled with encryption security. When PIN is required, whether a card number or the card itself is stolen, a PIN protects consumers against fraud.


Fast-Food Veggie Revolution in C-Stores

September 28, 2016
The industry, known more for its fried foods and meat-heavy items, has started to embrace vegetables.
September 28, 2016

ST. LOUIS – What’s the hottest trend in fast food? As unlikely as it seems, it’s vegetables, Business Insider reports. “We’re going to see more vegetables, said Dan Kish, head chef at Panera. He pointed out that the fast-casual chain is trying to balance meaty menu items with more veggies.

“We’re going to see culinary treatments of those vegetables in ways that bring out their flavors without adding a lot of other things to it—so keeping things as natural as possible,” Kish said. “Upping the percentage of vegetables in your diet—[it] is part of our job to help you with that.”

With its emphasis on customization, Taco Bell allows nearly any dish to be made meatless. In 2015, the Mexican chain launched a vegetarian menu that lets customers swap meat for beans and rice. “Vegetarian has been really big for us recently,” mostly because of the push by millennials, said Missy Nelson, the fast-food chain’s dietitian and product developer.

Other chains are embracing vegetables too by branching out beyond tomatoes and iceberg lettuce. For example, Chick-fil-A and McDonald’s have started testing broccolini and kale in menu items. “They didn’t feel iceberg lettuce was a nutritious green, and they didn’t feel good about eating it in a salad,” said Jessica Foust, corporate chef for McDonald’s.

Consumer demand is driving these changes, as more Americans slash meat consumption. Plus, more veggies on the menu also appeals to the average consumer, who wants to eat more plants. In addition, vegetables cost less than meat, which is good for the restaurant’s bottom line.

Scan Data Rebates Equal Big Money

August 3, 2016

We are so excited that our Scan Data customers are receiving their rebate dollars!  Join our customers across the US that are participating in the InsightRS Scan Data Service  [SDS] Rebate Programs offered by Altria PM and RJ Reynolds.

InsightRS SDS collects the appropriate data and submits to inRhythm and MSA.  This allows you to take advantage of this great opportunity for more profit from your tobacco sales.  Using our automated daily process, we submit the necessary data for you to comply with the program requirements.  We only collect 25% of your rebate for providing this service.  Most importantly, this will require no additional effort from you.



InsightRS SDS Website – Click Here!


Water Water Everywhere!

August 3, 2016

Bottled Water is the trend and big seller.  Depend on backOffice™ Software for proper pricing and inventory.  How about a mix and match promotion?  Keep your shelves hydrated!

More information on backOffice™ Software here

Great information from NACS Online.


Concerns about health and lead contamination in drinking water are likely fueling the trend.
August 3, 2016

WASHINGTON, D.C. – Bottled water will outshine soda for the first time in U.S. history in 2016, spurred by its convenience and fears over tap water, Bloomberg reports. A previous report found that bottled water consumption grew 120% between 2000 and 2015.

The nation’s largest bottled-water producers (Coca-Cola Co., Dr Pepper Snapple Group, Nestle Waters and PepsiCo Inc.) point to Americans desiring portable, calorie-free beverages, but predict the trend will continue because of concerns over contaminated drinking water.

Communities in Flint, Mich., Newark, N.J., and Washington, D.C. are struggling to replace corroded pipes that have leached lead into tap water. “Concerns in places like Flint do bring bottled water to people’s attention as a safe and sealed source of drinking water,” said Jane Lazgin, a spokeswoman for Nestle Waters North America. The U.S. Environmental Protection Agency forecasts a whopping $384 billion is needed to maintain or replace essential components of the nation’s water infrastructure over the next decade or so.

Euromonitor expects Americans to down 27.4 gallons of bottled water in 2016, 1.2 gallons more than carbonated soft drinks. That switch hasn’t impacted the bottom line of soft drink manufacturers because many of them have expanded into bottled water.

For more on packaged beverages (including bottled water), read “The Workhorse” in the August 2016 issue of NACS Magazine.

Visa Security Alert Threat Landscape: Pin Pad/POS Skimming

June 3, 2016

Incident Details

Visa Global Payment System Risk is aware of increasing incidents involving suspects placing skimming devices on point-of–sale (POS) terminals for the purpose of collecting payment card information, including PIN numbers. Perpetrators use this information to create counterfeit cards re-encoded with the stolen card information and make unauthorized ATM withdrawals. The primary targets for these recent skimming events are self-checkout terminals in supermarkets. However, any POS terminal may be at risk, including those that are often unattended, such as terminals near deli counters, coffee stands, etc. The perpetrators are mobile and will target multiple stores within a geographic area for a period of time before moving on to a new location. Most entities targeted are using payment devices that have not yet been upgraded to accept EMV cards.

Placement of Skimming Devices

Skimming devices can be placed at any time of the day but placement usually occurs during slower times of business when the perpetrators can go undetected by employees or other customers. The perpetrators will usually work in teams of two or more with one person being a lookout, one person placing the skimming device on the POS terminal and another creating a barrier so that no one can observe the skimming device being placed. Perpetrators have been known to use large items such as packs of paper towels to block the view of POS terminals. In some instances, it was reported that the suspects created a distraction in the store by faking a medical incident or causing commotion that distracted the attention of store personnel away from the POS terminals. The skimming devices will mimic the look of the front of the POS terminal.

Recommended Inspection & Response Actions

1. Prevention Through Device Inventory Management

  • In accordance with PCI DSS Requirement 9.9, ensure implementation of security controls to protect POS devices from tampering and substitution. Examples include:

Maintain a list of devices including the device serial number or other method of unique identification. 

Keep a list of device location either by store or physical location within the store itself (i.e., self-checkout, deli counter, manned checkout). 

Train personnel to be aware of suspicious behavior and to report tampering or substitution of devices.

 Verify the identity of any third-party persons claiming to be repair or maintenance personnel, prior to granting them access to modify or troubleshoot devices.  

2. Physical Inspection of POS Devices

  • Implement security procedures to inspect POS devices at least twice each day and at random times.
  • Physically examine the device. Skimming devices are typically attached with minimal adhesive allowing them to be place and removed with ease, so devices may be detected by giving the front of the POS/PED a good grab-and-pull. Weighing the devices may also identify tampering.
  • Please note some skimming devices are Bluetooth enabled and data can be captured without the device needing to be recovered.
  • When inspecting devices, use backup security personnel to monitor from a distance as suspects may watch compromised terminals and suspects are trained in counter surveillance to avoid detection/arrest.

3. Device Recovery Response

  • If a skimming device is discovered on a POS terminal, do not handle it, as evidence may be damaged.
  • Notify local law enforcement and the FBI or USSS office so they can recover the skimming device.
  • Protect any video surveillance that may be used to identify any perpetrators and confirm timing of when the device was placed on the POS terminal.
  • Initiate incident response procedures and notify your Acquirer so that Visa can assist with the investigation.


Information from VISA April 2016

For other questions, please contact Cyber Intelligence & Investigations via email at

Additional Resources:

What To Do If Compromised



Support for older versions of Internet Explorer Ended

May 31, 2016

What is end of support?

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10.

Internet Explorer 11 offers improved security, increased performance, better backward compatibility, and support for the web standards that power today’s websites and services. Microsoft encourages customers to upgrade and stay up-to-date on the latest browser for a faster, more secure browsing experience.

What does this mean?

It means you should take action. After January 12, 2016, Microsoft will no longer provide security updates or technical support for older versions of Internet Explorer. Security updates patch vulnerabilities that may be exploited by malware, helping to keep users and their data safer. Regular security updates help protect computers from malicious attacks, so upgrading and staying current is important.

Potential risk of using older versions of Internet Explorer:


Without critical browser security updates, your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information.


Businesses that are governed by regulatory obligations such as HIPAA should conduct due diligence to assess whether they are still able to satisfy compliance requirements using unsupported software.

Lack of ISV Support

Many Independent Software Vendors(ISVs) no longer support older versions of Internet Explorer. For example, Office 365 takes advantage of modern web standards and runs best with the latest browser.

Click here to read more


Chargebacks on Credit Cards Happening NOW! #EMV

May 10, 2016


Chargebacks are on the rise following the October 2015 EMV liability shift, and convenience retailers are fighting back.
May 10, 2016

NEW YORK – Beginning with the October 2015 EMV liability shift, retailers that have not upgraded their payment terminals to accept EMV chip-card transactions are

on the hook

for counterfeit transactions, writes the Wall Street Journal, and this particular cost of fraudchargebacks—is adding up.

The news source reports that chargebacks among small and medium-size merchants increased 15% in Q4 of 2015 from a year earlier, according to a Strawhecker Group survey, adding that the volume of chargebacks has likely increased even more since then. Although the group didn’t put a dollar figure on the chargebacks, other experts put the total around the tens-of-millions of dollars mark.

Since the October 2015 EMV liability shift, many retailers are experiencing an outrageous increase in chargebacks that are mostly erroneous. Mike Lindberg, payment solutions manager at CHS Inc., commented during the Conexxus Annual Conference last week that some smaller retailers have reported a $10,000 to $15,000 increase in chargebacks per week, while larger retailers are experiencing $1 million in chargebacks per week.

I can’t imagine what will happen at the pump come October 2017,” Lindberg warned.

The No. 1 chargeback reason code since October 2015 is

merchandise not received,”

he said, which in theory makes no sense for the big box retailers. Some retailers are even seeing multiple chargebacks on the same credit card, and indicating that there is very little interest from card issuers or acquirers to help solve this costly problem.

Due diligence, however, can pay off. Convenience retailers experiencing a higher volume of chargebacks can successfully reverse the charges on challenge because convenience retailers aren’t within the October 2015 liability shift specification for type and applicability (i.e., the fuel dispenser).

“The banks will hopefully learn from the first October 2015 liability shift what is chargeable, because right now it’s a

‘charge it all back and see what gets challenged’

approach,” said Gray Taylor, executive director of Conexxus. He previously told NACS Daily that this approach to chargebacks “will have dire consequences for small to mid-size retailers, who can scarcely afford dedicated chargeback staff.”

NACS Online article found here

%d bloggers like this: