ROI Adds Security Component to JavaCard Manager

COMMON 2000, SAN DIEGO—With the growing influx of online purchases over the last two or three years, credit card fraud remains a big problem for both merchants and customers.

Moving to address this need, ROI Corp. (Woodstock, Ga.) has enhanced the security features of ROI JavaCard Manager—its real-time credit card and check processing solution for the AS/400—with the introduction of Secure Payment Manager.

An add-on component to ROI JavaCard Manager, Secure Payment Manager enables end-to-end secure payment processing by encrypting the credit card number throughout the payment chain. Secure Payment Manager includes its own encryption algorithm or it can use other licensed encryption, such as RSA.

“Secure Payment Server means never having to worry about keying in card or checking numbers for Internet e-commerce,” says Charles Pecchio, president and CEO of ROI Corp. “Internet users are concerned about the security of payment transactions. With ROI JavaCard Secure Payment Server middleware on the AS/400, a merchant can encrypt credit card, debit card, and checking account numbers. So, now a merchant can offer end-to-end security for e-commerce payments.”

In cases of credit card fraud, the cardholder’s liability is limited to $50 if they have properly reported the card as lost or stolen. “The credit card holders are the ones who really wanted this,” says Pecchio. “They want complete security and do not want the credit card number seen at all.”

Despite the fact that the AS/400 is renowned for its security, Pecchio says the biggest problems in online transactions occur at the merchants’ sites. “The weak point is the middle, and that’s where the hackers are going because the information is not encrypted,” he says. “Plus, employees can go to green screens and get someone’s credit card number.”

Secure Payment Manager also gives merchants a means to protect their investment. In retail transactions, the financial institution is responsible if the transaction turns out to be fraudulent. However, when the card is not present—as is the case with Internet, mail order, or phone card transactions—it is the other way around, with the merchant being held responsible for fraudulent orders.

According to Pecchio, the highest credit card fraud occurs in downloadable digital content, which happens when someone buys something over the Internet. In fact, ROI says the rate of online fraud can be as high as 27 percent for merchants selling downloadable digital content and 7 percent for those selling hardware such as laptops.

One of the ways Secure Payment Manager helps to solve the problems with fraud is through Address Verification Service (AVS). The merchant transmits the customer’s zip code and address for comparison to the issuing bank’s billing address. If mismatched, the merchant can refuse the transaction.

Other requirements will soon be imposed, including a CVV2 standard. The CVV2 are the numbers on the back of the card, where the person endorses the card with their signature. Because the code is not embossed on the card or included in the magnetic stripe, possession of the card is the only way to have access to the number. The number will be required for all transactions.

Secure Payment Manager is compatible with all version of ROI JavaCard Manager and is immediately available at no charge to existing customer.

Related Editorial:

  • A Wake Up Call for Security
  • Secure/Net Combats Internal Security Threat
  • ROI Adds Java to AS/400 Credit Card Processing

    Related Information:

  • ROI Corp. (new window)
  • JavaCard Product Overview (new window)
  • Must Read Articles