Delay in Compliance Action for Visa Stored Credential Framework

From the Visa Merchant Business News Digest, October 17, 2017.

In the 1 September 2016 edition of the Visa Business News, Visa introduced new rules related to credential-on-file transactions, including merchant disclosure requirements and transaction identifier requirements went into effect for merchants and acquirers on 14 October 2017.

However, based on stakeholder feedback, and after assessing market readiness and taking into account the holiday season system freeze, Visa will extend the time to make the necessary system changes until 30 April 2018.

While the rule is still effective as of 14 October 2017, Visa will not take any compliance action or assess non-compliance assessments to non-compliant entities prior to 30 April 2018. Entities that comply with the rule by 30 April 2018 will not be required to submit a waiver request to Visa.

https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html

End Visa bulletin.

The stored credential framework applies to all merchants that store credit cards. Note, while some stakeholders were not ready as per the above statements, CenPOS was. CenPOS replaces other payment gateways, for example authorize.net, as well as solutions such as BillTrust, while enabling customers to keep their acquirers and other partners.

Christine Speedy, CenPOS authorized reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

Quickbooks Payment link on Statements

Is it possible to have the payment link on statements as it is on invoices emailed to customer?

Yes, businesses using a desktop or self-hosted version of Quickbooks Enterprise and other versions can use the custom text field in the template set up to create a link. Customers click from the statement to a self-service portal to pay all invoices. This is not available with Intuit Merchant Services, but is supported with our third party module. The link from the invoice is to pay the specific invoice, no login required.

Are you tired of following up on late or past due receivables? Does it take weeks and months to get paid? Do your customers ‘lose invoices’? Do you want to qualify for low level III interchange rates for purchasing cards? Boost cash flow, efficiency and profits virtually overnight with the best alternative to Intuit merchant services for Quickbooks. Compatible with QuickBooks 2015 and 2016 Pro, Plus, Enterprise versions. (Not Quickbooks online.)

Adding a Pay Now Button Link To Quickbooks Statements

  1. Non-Intuit merchant account required to accept credit cards. Christine Speedy will help you with a wholesale account if you don’t already have one.
  2. Sign up for a CenPOS account with Christine Speedy.
  3. Install the supplied module.

Benefits

  • Send invoices the way your customers want- text or email
  • Automated reminder collections built-in
  • Quickbooks updated automatically when customers pay
  • ACH, wire, and Paypal, also supported
  • 3-D Secure supported to shift card not present fraud liability to issuer
  • For retail, full cashiering supported for 100% financial transparency.
  • EMV chip and pin, chip and signature supported
  • Smart rate selector reduces merchant fees

It’s quick and easy to get started with our Quickbooks credit card processing module so employees can get right to work without disruption.

Note: This article was accurate at the time written. Solutions are continually updated. Contact us for the latest facts.

Christine Speedy, CenPOS authorized reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

Credit Card Authorization Form Q&A Webinar November 8 2017

 credit card authorization formWhat’s the best credit card authorization form?

Learn best practices for 2017 and 2018 card not present credit card processing based on the latest Payment Card Industry Data Security Standards (PCI compliance), Visa, MasterCard and other rules. This webinar is ideal for credit managers and any entity that is currently using paper credit card authorization forms, or encrypted digital forms.

Christine Speedy will review related compliance rules, including PCI and October 14 Visa Stored Credential rules, consequences for non-compliance, and solutions to replace traditional paper credit card authorization forms. Live Q&A.

Register now for the credit card authorization form webinar Nov 8, 2017 11:00 AM in Eastern Time. TIP: For PCI Compliance, you need a current web browser and you’ll need one for this webinar too. Read this article and take the free browser test.

Christine Speedy, CenPOS authorized reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

ICVERIFY Alternatives 2017

ic verify replacement alternativeICVerify Software is still in use in 2017, even though it was end of life back in 2015.  Alternatives are abundant, but none are comparable to CenPOS for meeting business to business (B2B) companies.

What does ICVERIFY Software end of life mean?

First Data sales, product development and support have ended. Continued use of the product will invalidate a merchants PCI Compliance.

What happens if my ICVERIFY Software stops working?

You will get zero support. If you cannot open due malfunction, you’ll have no access to records. If you’re acquirer shuts down your ability to send transaction data, and this is happening frequently because it’s not PCI Compliant, they will not turn it back on. If your acquirer finds out you’re using ICVerify in 2017, you will get shut down. It’s imperative to migrate to new solution as soon as possible.

What are alternative solutions to ICVERIFY?

A cloud payment gateway is required. There’s no software to install. You can use a payment gateway via integrated or non-integrated options, which include mobile app and virtual terminal via secure web site. ICVERIFY was a buy once and use forever product. Payment gateways have transaction fees. Many businesses make the mistake of using the one with the cheapest fee or the one that their developer or consultant is familiar with because they’ve used it for a decade or more. Are you using the same cell phone you did 10 years ago? The cheapest fee could result in the highest actual cost or inefficiency. For example, most gateways do nothing to help merchants reauthorize after an authorization expires. That matters because even though the issuer may approve the transaction, it won’t qualify for the best rate, which could be half the cost of the non-qualified rate.

What is best alternative payment gateway to ICVERIFY for a B2B company?

I’m not going to waste your time listing all the cloud payment gateways on the planet like First Data Payeezy, authorize.net, Payflow Pro, Paytrace, Cybersource, Orbital, 3Delta Systems, or 3DSI and their differences. Each has bits and pieces but none has the whole package of solutions B2B companies need. CenPOS is the only solution I know of today that will get merchants compliant with all these critical items:

  1. Comply with 2017 Visa stored credential framework and mandates. It’s complicated. CenPOS automates compliance with things like sending the merchant initiated or customer initiated use of stored credential flag.
  2. Eliminate paper credit card authorization forms with multiple digital ways to accept payments and store cards, including text and email. Sure, some gateways offer a hosted pay page, but can they generate a PCI Compliant authorization form automatically for those that still like paper?
  3. Automate authorization management, including requirement for preauthorization and settlement match and renew expired authorizations for card not present transactions.
  4. Automate compliance to qualify transactions properly for level 3 interchange rates for corporate, purchasing and business cards. Supporting level 3 is not enough, it’s complicated.
  5. Mitigate fraud risk with a layered approach, including supporting 3-D Secure, which shifts fraud liability to issuer.
  6. Encrypted Virtual Keypad (EVK) to reduce PCI Compliance scope and burden. (No card data touches your system for phone orders; avoid key logger dangers.)
  7. Audit trail as required for PCI. Every user, every touch. Available minimum 7 years.

What else makes CenPOS the best alternative payment gateway to ICVERIFY for a B2B company?

  • Graphically pleasing, easy to use. It’s like marrying the coolness of Apple design with an Amazon buying experience. People love it. Customers are happier (proven by our clients conducting their own studies).
  • Wire transaction support with electronic bill presentment and payment services. Stop the madness associated with matching deposits to invoices and getting paid the wrong amount.
  • Reports. Dynamic search and view online or download; robust custom reports, alerts and distribution. So much faster to research anything!
  • No capital investment. We make companies more profitable virtually overnight.
  • Deposits equal receivables, not net of fees. Other services are mixed. For example, authorize.net echeck service takes it’s fees out of your deposit so then you have to do some accounting magic to reconcile.

Will I be able to port over my existing data? Yes. Per PCI Compliance rules, merchants need to securely remove sensitive cardholder data from all systems. Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. You can find one here https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors.

Ready to get started with CenPOS? Contact Christine Speedy right now at 954-942-0483.

Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

Test and fix TLS 1.0 to TLS v1.2 for merchant non-compliance notice

To keep your data safe, the Payment Card Industry Security Standards Council (PCI SSC) has mandated a security upgrade impacting all merchants where web browsers can be used in the payment process. Acquirers and payment gateways have set various deadlines in advance of the required PCI TLS v1.2 Security Protocol Upgrade by  2018. Either hardware may need to be replaced or software updated.

Recently, multiple vulnerabilities have been uncovered. Criminals are using the vulnerabilities at massive levels over prior years. Security company Zscaler blocked an average of 8.4 million SSL/TLS-based malicious activities per day in the first half of 2017 for its customers on its Zscaler cloud platform. That’s why all merchants need to upgrade to the most current version of TLS (Version 1.2) and should do so as soon as possible. Because this is an absolute necessity, merchants are getting emails about hard stop dates; if not fixed, merchants will not be able to process transactions after the deadline.

TLS Deadlines vary by acquirer and payment gateway.

  • Chase Paymentech, September 30, 2017.
  • Authorize.Net, February 28, 2018.
  • CenPOS, January 15th, 2018.
  • First Data varies by solution. Datawire will remove SSL v3, TLS v1.0, and TLS v1.1 on February 15th 2018.

TLS 1.0 and TLS 1.1 need to be disabled from browsers, servers and related applications. SSL 3.0 should have been disabled years ago.

Do not rely on server host companies or consultants to do this for you. It’s up to merchants to maintain PCI Compliance. If you get a notice of non-compliance from your acquirer and use a virtual terminal, test your browser below.

FREE Test SSL/TLS for Browser and Servers and updating TLS for card not present transactions:

Free SSL and TLS test from Qualys. https://www.ssllabs.com/ssltest/index.html.  If you get a YES next to TLS 1.0, SSL 3, or SSL 2, then hardening is needed.

Try updating your browser and then run the test again. If the browser is current, go to your web browser settings or preferences and disable SSL and TLS 1.0. Run the same test on your web site. If you get a yes, go to your host administration and disable in security settings.

What is TLS Security Protocol?

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) are both frequently referred to as “SSL”. When you go to a web page and the URL is “https”, the S stands for secure, and the domain host has a security certificate installed and enabled on the web host. Websites use TLS to secure all communications between their servers and web browsers. For example, when a merchant logs into a virtual terminal using a web browser, or a customer makes a payment online via a hosted pay page or ecommerce shopping cart.

 

Christine Speedy, CenPOS authorized reseller, 954-942-0483. B2B cloud payments solutions and CenPOS enterprise cloud payment solutions expert. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.