EMV (which actually stands for Europay, Mastercard and Visa) uses a digital chip to encrypt card data, much more secure than the current magnetic strips. The push will mainly be for bricks-and-mortar stores to update their technology to read the cards by 2015. However, bricks-and-mortar updates have very serious ramifications for online merchants.

Randy Vaderhoof, Executive Director of the independent nonprofit Smart Card Alliance, spoke with me by phone today to explain how fraudsters migrate to online fraud when offline security is increased. Thus, financial institutions abroad, particularly in the U.K., have issued hand-held readers the size of a calculator to customers with EMV cards. Customers then scan their card, which issues a one-time password they have to enter to verify any online transactions. Some banks have also issued a “display” card, which are battery-powered cards with a display and button the cardholder can press to generate a one-time password.

There’s no news yet on what card manufacturers or financial institutions will be offering cardholders for online transactions, but subscription sites should start thinking now of how they can increase their security and decrease card-not-present fraud, which is likely to increase in the near future.

Recently, a U.S. District Court for the Eastern District of Texas banned the use of “remotely created payment orders” by Landmark Clearing, Inc. “Remotely created payment orders” allow merchants to enter a client’s name and bank number into a form and are cleared like a paper check, except that in lieu of a signature, the words “Authorized by Account Holder” or “Signature on File” appear. Federal banking regulations require the creator of a remotely created payment order to have the express authorization of a consumer to process the debit, but they are not subject to a lot of oversight, which makes them susceptible to fraud.

The FTC seems to have been tipped off by the exceptionally high chargeback rates Landmark’s clients were producing, sometimes higher than 80%. But the FTC didn’t just go after the merchants — they went after Landmark as well for promoting a service for merchants “with a high percentage of overall returns”.

Landmark is now banned from processing remotely created payment orders. Which means that sites that rely on recurring billing should be 1) seeking to reduce their chargeback rates as much as possible and 2) keeping an eye on their payment processor to make sure they’re on the up-and-up.

For tips on how you can reduce credit card declines and chargebacks, take a look at this on-demand video on our sister site, Subscription Site Insider.

Dwolla lets consumers pay bills and make purchases with the cash in their bank account when shopping online, a previously credit and debit-only platform. According to Business Insider owner and founder Ben Milne started Dwolla after losing $55,000 a year in interchange fees while running his first start-up.

By networking with financial institutions, Milne was able to create a platform that lets people pay for purchases through their bank account, including recurring payments. This can be good news as retailers no longer have to deal with card expiration dates or interchange fees (Dwolla bypasses the dreaded ACH system). People who get paid only get charged $0.25 (that’s right, a quarter) for every transaction, no matter how small or large.

However, it’s unclear whether there are any additional bank fees, and if not, whether it will remain that way. Also, payments may not go through if consumers don’t have enough money in their bank account, causing frustration for both you and your consumers. And since you don’t own the customer’s bank info, you cannot transfer it if you are sold, which has been a major problem for membership sites using other payment alternatives, such as PayPal.

In an unusual spin on typical membership site offers, Blokely offers weekly auto-renew subscriptions as one of its options. We predict this will be a nightmare for the payments processing department. The offer is strongly positioned as £2.50 pounds per week vs £3.95 per month, presumably to push men to a what-the-heck upsell. They’d do better, though, if they offered £3.50 pounds per week vs £3.95 per month, because then the savings are more overt. And, as every subscription marketer knows, really obvious works really well.

According to AllThingsD.com, 100 million Verizon subscribers will be able to use the new service to shop on any Internet-connected device, including a PC, phone or tablet. Subscribers will have to sign up for a Serve account through American Express, which can be funded by any bank account or credit card.  One potential hurdle  is that online retailer will also have to integrate Serve in order to take these payments. These various steps could make the road to widespread adaptation bumpy.

“Yes, they have to be Verizon and a Serve customer, but we are preloading a number of devices — smartphones or tablets — with the Serve app, and when you preload there’s a much greater uptake,” said Dan Schulman, group president, Enterprise Growth, American Express told AllThingsD.com. Amex’s deal with Verizon isn’t exclusive so American Express could be partnering with other mobile companies soon.

If you’re interested in learning more about credit card processing and accepting mobile payments for your subscription site, we have a collection of great payment processing resources at our sister site SubscriptionSiteInsider.com

• Reduction in fraud.  Netswipe turns a “card not present transaction” into an “online card” present transaction. A card present transaction lowers the risk of fraud significantly.
• Works with your existing payment provider.
• Customers might be more likely to complete a transaction? This is up for debate as the only data so far is from a focus group run by Jumio which concluded 79%  completed a transaction with Netswipe vs. 48% without.

One question I immediately asked when reading about Netswipe: Is this solution PCI compliant?  Here’s what Jumio says on its site: “If you use Netswipe Scanning or Netswipe Recycle Swipe you will need to demonstrate that your system can handle this data securely and that you are taking full responsibility for your PCI DSS compliance. One part of this is the need for us to see a clean Vulnerability scan being made on your systems.”

• Braintree is an all-in-one  solution – offering merchant account, gateway and recurring billing.
• The company is big on avoiding deceptive pricing and fee structures and offers a “truth in pricing” guarantee.
• Braintree takes PCI Compliance very seriously and it looks like it does a good job getting you set up with PCI best practices right away.
• Braintree doesn’t lock you into a contract and doesn’t charge a cancellation fee if you terminate your account.

Are you using Braintree as your payment solution? Give us your feedback below.

Sony said yesterday that its PlayStation Network had been hacked, exposing 70 million users’ personal information, such as name, address, email address and birth date. The company also said that hackers “may” have gotten the credit card numbers subscribers used for the Playstation acounts — but they can’t be sure.

If card data *has* been exposed, there could be large-scale account cancelations and card reissues — which means some of the cards in your subscriber file may become invalid and cause billing declines later this year. Such huge breaches have accounted for tens of millions of re-issuances in years past, wreaking havoc on subscription sites and recurring billing merchats.

As with the big Epsilon email breach in early April, I’d advise you to keep a close eye on your subscription billing in the next few months to watch for increased payment declines due to invalid card numbers.

While Epislon and many of its affected clients – including Capital One, US Bank, LL Bean Visa Card, Citi, and JP Morgan Chase – were quick to reassure customers that the hackers gained no other sensitive information such as credit card numbers, this breach could still have big repercussions on anyone in the recurring-billing and online subscription industry.

The reason: The hackers are likely to follow-up their email harvesting operation with targeted “phishing” scams, which send bank customers phony but official-looking email notices that ask people to update their account information. Unsuspecting customers who respond will inadvertently hand over their login info or even their credit card data to thieves, who then will use that information to hijack credit card accounts until the customer or the bank realizes that their account has been compromised and cancels those cards.

And as SecurityWeek reported, having stolen names and email addresses that can be tied to a specific bank makes it more likely that these phishing scams will succeed:

“Being able to send a targeted phishing message to a bank customer and personally address them by name will certainly result in a much higher “hit rate” than a typical “blind” spamming campaign would yield.”

If that happens, there’s a good chance that some of the credit cards in your subscriber database will suddenly become invalid, leading to payment declines when you try to bill affected customers for monthly or annual subscription/membership fees. These wide-ranging security breaches are a major problem for the recurring-billing industry: In 2009 there were 498 major breaches that caused 72 million credit card accounts to be closed and re-issued, according to payment processing consultant Paul Larsen.

We’ll be following the news to alert you of any major announcements from banks about card re-issuances that stem from the email breach. In the meantime, plan to monitor your subscriber or membership billing closely in the coming months for a rise in payment declines caused by invalid credit cards numbers.

It’s also a good time to revisit your strategy for handling declined cards. If you’re not yet signed up for account updater programs offered by the major credit card networks and card issuers, ask your payment processor if you can get access to these programs, which allow you to check your subscriber credit-card database against a master list of re-issued credit card numbers.

Also make sure you have a communication plan in place for reaching out to subscribers whose cards are declined. For example, Subscription Site Insider uses a three-message email series to ask subscribers to provide a new credit-card number whenever a payment is declined due to a card-on-file that’s no longer valid.

It’s no fun when unrelated security breaches suddenly make more work for your finance or renewal-marketing teams, but it’s a lot worse to lose good subscribers due to bad credit cards.

VeriFone is one of the mobile payment apps recently delisted, according to a report by StorefrontBacktalk. It’s unclear how many other payment apps were similarly delisted, because the PCI Council did not publish a complete list.

The delistings followed an announcement earlier in 2011 by the PCI Council that it would no longer approve any new mobile payment apps as PCI compliant while it develops a comprehensive set of standards for securing mobile payment transactions according to PCI-DSS, PA-DSS, and PTI Standards. The council did not offer a timeframe for completing or releasing its mobile payment guidelines, but StorefrontBacktalk speculates the process could take several months.