Multichannel Sales Initiatives – Are consultants too self serving?

According to the 24th annual Retail Info Systems technology study, expanding multichannel initiatives is the biggest action item over the next 18 months, followed by a mobile enterprise / store strategy and security. 2014 and 2015 are expected to be years of hyper innovation and with the EMV October 2015 deadline looming, CIO’s and IT are right in the thick of it. retail multichannel pos initiatives chart

For merchants, checking with peers and current vendors about potential partner solutions may be inadequate. The stakes are extremely high for many of the parties that hope to capitalize on the huge investment companies will be making. Whether they have the best product or not- or even a working product- many vendors will serve their best interests first.

For example, a prospective customer was very interested in my omni-channel payment gateway and wanted to check with his current merchant processor, one of the top three largest US processors, for his input. The current vendor knew nothing about my product but concluded after a 10 minute conversation there was little value in a product like mine (no price was discussed) and would relay that to his customer. He completely dismissed there was any value in:

  • Eliminating stored credit card numbers on paper forms
  • Using tokens to recharge customers in a few clicks vs key entering every time
  • Level 3 Processing (100% B2B merchant)
  • One reporting system for all payment sources (reducing PCI burden and creating back office efficiencies for research, reports and reconciliation)

The consultant concluded that if the customer wanted to change, he had a ‘similar’ product, though admittedly not as good, nor comprehensive enough to address all the customer needs. In other words, the guy was too lazy to help the customer before, but if pressed, he was willing to sell him an inferior product. Worse, he completely failed to recognize that his own customer did place value on solving business problems.

In conclusion, so many vendors have ‘a product’ to sell in which they have a vested interest, that they will readily dismiss anything they can’t make money on. Consultants are often getting their information from the same sources so they just don’t know any better. CIO’s might be better off seeking experts outside of their current vendor resources to find the best solution for multichannel initiatives.

3D Merchant Services Powered by CenPOS
2633 NE 26th Ave Metro South FloridaFL33064 USA 
 • 954-942-0483

Top 10 Credit Card Processing & Payment Gateways- How real are reviews?

top 10 credit card processors reviewHow confident can merchants be when using services like topcreditcardprocessors.com, Top 10 Best Merchant Services, and Top 10 payment gateways? Other than gathering some educational information, buyer beware. The economic business model of how these companies exist ensures that merchants may never get the best of anything.

 

From topcreditcardprocessors.com,  “Our evaluation and ranking service provides business owners and managers with the best service solutions for online, in-person, and mobile credit card processing and check processing.”

topcreditcardprocessors.com and others like them exhibit at industry trade shows to get merchant services and related companies to sign up to advertise online with them. I’m not judging the actual data reported, but whether the BEST of anything is real when not all businesses will pay to play. For example, Chase Paymentech and First Data, certainly both top 3 merchant processors by processing volume, are not ranked because they don’t pay to advertise.

I spoke with a topcreditcardprocessors.com representative at a trade show and asked whether they’d rank my payment processing gateway that attendees were saying was the only one with real product differentiation that benefited merchants. Nope. Not without paying a monthly fee. Even if you had a number one ranking and no company was ever better, the only way to be on the list, and stay on the list, is to pay. Therefore, merchants might find interesting companies to look into, but there’s virtually no chance of getting the best of anything.

Looking for PCCharge Alternative?

Years ago, PCCharge PC POS was a very popular solution for merchants wanting to turn their computers into a POS system. With the introduction of cloud payment solutions has the time for it and PC Payment Software solutions passed?

With cloud payments, no data is ever stored at the merchant site, and there’s never any software to update. For non-integrated solutions, merchants access a virtual terminal via a secure web page. A payment gateway works behind the scenes to encrypt and transmit data securely via the internet, just like for ecommerce transactions.

PCCharge VS VIRTUAL TERMINAL SOFTWARE DIFFERENCES

  • PCCharge is installed on Windows PC’s. For PCI Compliance, merchants should update software within 30 days to the latest version. Do they? Because of license fees and simple mistakes, not all merchants use the latest version. Records are accessible on site only unless a server solution is used.
  • With Cloud Payment technology there’s no software to update and records are accessible anywhere.  (This does not negate the same merchant requirements for all other elements to meet PCI Compliance requirements.) In the event of emergency, merchants can operate instantly from anywhere.

PCCharge VS VIRTUAL TERMINAL HARDWARE DIFFERENCES

  • PCCharge supports credit card terminals, primarily with wedge swipers (mag stripe card readers), plus checks with RDM readers.
  • Some cloud payment solutions support signature capture terminals, including with pin debit, and mobile readers, in addition to wedges and RDM’s.

PCCharge VS VIRTUAL TERMINAL BUSINESS TO BUSINESS (B2B) DIFFERENCES

  • PCCharge supports level 2 processing but merchants can qualify for lower interchange rates, which comprise over 95% of merchant fees, with level 3 processing.
  • Some cloud payment solutions support level 3 processing for retail (and other channels such as MOTO- mail order, telephone order-  etc). Additionally, some cloud payment solutions have more options for token billing, variable installment, online payment management etc.

PCCharge VS VIRTUAL TERMINAL FRAUD PROTECTION DIFFERENCES

  • PCCharge?
  • Cloud technology solutions provide many options for merchants to protect against both internal and external fraud, with merchant configurable rules, real time alerts and more. The scale of protection options varies widely by solution. Dynamic solutions which vary response on the fly based on input variables (for example, the method of transaction such as key entered) offer maximum protection.

About PCCharge PC POS: PCCharge is POS Software product from Verifone.  Designed for stand-alone, client server or integrated payment processing environments, can turn any PC into a POS system.

About the author: Christine Speedy is an authorized reseller for CenPOS enterprise cloud payment solutions. CenPOS can turn PC’s and Mac’s into a POS system. CenPOS is a merchant centric omnichannel SaaS that supports level 3 processing in retail, MOTO, ecommerce and other channels, creating customer efficiencies while increasing customer engagement. For sales, call (954) 942-0483.

PCI Compliance Requirement: Stored Cardholder Data on Paper

For businesses that are still storing cardholder data on paper, are you really PCI Compliant? Meeting requirement 9, Restricting physical access to cardholder data,  is a lot harder than you may think. Here are some key questions you may face in the event of an audit, which is required in the event of a data breach.

locked file stored card data

  • Do you have a secure storage area exclusively for sensitive payment data?
  • Can you show an audit trail of everyone who accessed the secure area where the card data is stored, with date and time?
  • Is that area restricted to only those personnel who need access to that information?
  • Do you have a log to maintain a physical audit trail of visitor information and activity in any area that payments are processed, including visitor name and company, and the onsite personnel authorizing physical access?
  • Do you have a visitor badge system that expires for all visitors authorized to enter areas where cardholder data is processed or maintained?
  • Do you have an audit trail for the documents- created, removed from storage, and returned to storage, with names and dates?

Let’s face it, the requirements for PCI compliance are so cumbersome what merchant would want to store card data on paper? The argument that PCI Compliance paperwork takes more time for online solutions than with desktop terminals may be true, but the daily operational efficiencies and security gained far outweigh any extra paperwork.

What payment gateways support level 3 processing?

The following lists show what payment gateways support level III data and whether or not the gateway is independent of the merchant account. Input from readers is welcome.

Where a check is indicated, the merchant can send level III data without any special programming or integration (except API).  However, a merchant might achieve level 3 processing in another category by using an API.

PAYMENT GATEWAY RETAIL MOTO/ virtual terminal ECOMMERCE shopping cart EBPP ONLINE PAYMENTS(hosted pay page) Token Billing (recurring) API (ERP and other solutions) MERCHANT
PROCESSOR INDEPENDENT

CenPOS

BEST B2B gateway for versatility

level III retail level III MOTO level III ECOMMERCE level III EBPP level III ONLINE PAYMENTS level III ONLINE PAYMENTS level III ONLINE PAYMENTS NO NEW merchant account required
authorize.net ** not supported not supported not supported not supported not supported not supported level III ONLINE PAYMENTS NO NEW merchant account required
Payflow Pro *** not supported not supported level III ONLINE PAYMENTS NO NEW merchant account required
PayTrace level III MOTO level III ONLINE PAYMENTS level III ONLINE PAYMENTS  NO NEW merchant account required
3Delta Systems (3DSI) level III MOTO level III ONLINE PAYMENTS level III ONLINE PAYMENTS
First Data Global Gateway level III MOTO  level III ONLINE PAYMENTS level III ONLINE PAYMENTS not supported
Paymentech Orbital
level III MOTO level III ONLINE PAYMENTS not supported
Heartland Payment Systems, Inc. not supported level III MOTO level III ONLINE PAYMENTS not supported
Vantiv level III ONLINE PAYMENTS not supported

Certification to processors, including level 3 processing:

  • CenPOS: First Data (FDC Nashville), Chase Paymentech, Vantiv, TYSYS*
  • authorize.net: Chase Paymentech, FDC Compass, FDC Nashville Global , GPN, Litle, RBS WorldPay Atlanta, TSYS
  • Payflow Pro: Cielo, First Data (FDMS), Heartland, Litle, Paymentech Salem, Paymentech Tampa, Securenet, TYSYS
  • Paytrace: TSYS, Paymentech Tampa, Global East, Heartland, and Trident.

* Think of TYSYS as a hub that provides access for transactions (traffic via payment gateway) to many highways (processors). By going through the hub, a payment gateway can securely connect to many processors (Global, Heartland, First Data etc) with one certification. Some merchants may incur a per transaction fee for using a payment gateway that connects via TYSYS; this may or may not be additional to fees already being paid.

SOURCES:

** January 2014 Authorize.net update http://apps.cybersource.com/library/documentation/dev_guides/Level_2_3_SO_API/Level_II_III_SO_API.pdf (pg 10)

*** 2/28/2014 Payflow Pro https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/payflowgateway_guide.pdf

DISCLAIMER: If the information was unclear or not available, the field was left blank to err on the side of caution. Contact processors or payment gateway providers for specific details about availability and functionality. 3D Merchant Services is an authorized reseller for authorize.net and CenPOS, in addition to other services.

TERMINOLOGY:

MOTO: mail order, telephone order. This is a transaction indicator code for card not present transactions.

EBPP: electronic bill presentment & payment. A merchant delivers an electronic invoice to their customers. The customer then pays the invoice electronically.

LEVEL III data or level 3 data:  refers to the additional field data sent for processing Visa and MasterCard business, corporate and purchasing cards.

LEVEL III data or level 3 processing: refers to a merchant account that supports the acceptance of level 3 data and passes the data onto the issuers

What’s the difference between level 3 and level III? Nothing. In 2014, and recent documents, interchange rates are more frequently referred to as level 3. However, in older documentation and marketing materials, the requirements and other items referred to it as level III.

It’s critical to note that the CAPABILITY of sending level 3 data via a payment gateway, does NOT guarantee that the transaction will qualify for level 3 interchange rates. There are many rules, and how the gateway helps a merchant meet those rules varies widely. For a free consultation on key operational differences between level III gateways, contact us.

Article feedback is appreciated!

 

Ingenico telium vs Equinox signature capture terminals review

Aside from specifications, what’s the real user experience of these terminals? Signature capture terminals are rapidly growing with the increase in low cost cloud payment technology to run them. This article compares actual user experience differences. The Equinox L5200 and L5300 and the Ingenico ISC 250 touch and ISC 350 touch review highlights are below.

Ingenico, Verifone, and Equinox (previously Hypercom) are the top three terminal suppliers in the USA, per the US Department of Justice in 2011.  (Verifone wanted to buy Hypercom). They’re likely also the three leaders for signature capture terminals. Hypercom is credited with inventing credit card terminals, changing the world forever. The equipment listed here is designed to be future proof- they’re made to support current and future payment types without the need to replace equipment.

The ISC 250 is the little brother to the ISC 350. The L5200 is the little brother to the L5300. Other than the screen size and physical footprint, the units are nearly identical. Merchants have been quite happy with the cheaper (smaller) terminals. NOTE: IMAGES ARE NOT PROPORTIONALLY SIZED TO SHOW DIFFERENCES IN ACTUAL SIZE.

ingenico isc 250 signature capture terminalequinox l5200 signature capture terminalingenico iSC350 terminalL5300 signature capture terminal

ITEM INGENICO ISC Touch 250 EQUINOX L5200- BEST BUY INGENICO ISC Touch 350 EQUINOX L5300
Pricing* MSRP $891 with key injection, all cables, 1 year manufacturer warranty. Swivel stand $89 extra. Estimated final price $775 with key injection, all cables, standard 3 year manufacturer warranty, optional NFC, and optional 3 year overnight replacement included. Estimated MSRP $991 with key injection, all cables, 1 year manufacturer warranty. Swivel stand $89 extra. Estimated final price $875 with key injection, all cables, standard 3 year manufacturer warranty, optional NFC, and optional 3 year overnight replacement included.
Memory internal: 128 MB flash NAND, 64 MB SDRAMexternal: supporting up to 32 GB internal: 256 MB Flash, 128 MB SDRAMexternal: MicroSD port internal: 128 MB flash NAND, 128 MB SDRAMexternal: supporting up to 38 GB SAME AS L5200
PROCESSOR
  • main: Thunder (ARM9), 450 MIPS
  • crypro: Booster (ARM7), 50 MIPS
  • 400 mhz, 32 bit
  • video decoder
  • same as ISC 250
  • SAME AS L5200
Display Color: YesSize 4.3”Resolution: 480 x 272

Touch screen: Projected capacitive technology

Finger and stylus touch

Color: WQVGA, 18-bit, 256KSize 4.3” diagonal display, LCDResolution: 480 x 272 pixels Color 240K colorsSize 5.7”Resolution: 640 x 480, 4:3

Touch screen: Projected capacitive technology

Finger and stylus touch

Color: WQVGA, 18-bit, 256KSize 5.7” LCDResolution: 640 x 480

Touch screen: Integrated capacitive, glass top makes screen brighter and scratch resistant

Optional decorative bezel

Card Reader Standard: MagStripe, Signature Capture. EMV Chip & PIN, Chip & Sign, NFC contactless capable;
NFC supports new payment options including ewallets.
Standard: MagStripe, Signature Capture. EMV Chip & PIN, Chip & Sign capable;  Optional NFC Contactless, supports new payment options including all major ewallets. 

Same as ISC250 SAME AS L5200
PCI & APPROVALS PCI PTS V3
  • PCI PTS 3.x certified
  • EMV levels I & II
  • Interac
  • PCI Pin 2.0
  • Normative Annex A
PCI PTS 2.x certified
  • SAME AS L5200
Pin debit
  • Optional shield
  • Remote Key Injection service
  • Integrated shield
  • X509 standard public key for device and server authentication, firmware and forms authentication, SSL comm, and remote key injection
  • same as ISC 250
SAME AS L5200 
Communications USB 2.0, RS232, ethernet USB and powered USB, RS232, ethernet same as ISC 250 SAME AS L5200
OTHER
  • Lies very flat. Merchants may need to purchase an optional fixed base and stand to secure device on an angle for viewing. Consider whether this is desirable for the surface where payments are accepted.
  • Requires external power supply. It’s not a single cord but a multi-part power system that increases cable monsters and and troubleshooting problems.
  • Built in angle usually eliminates need for special stand.
  • Powered by communication method- no extra power supply (more cables) needed
  • Innovative pen bracket system keeps pen securely attached to terminal, reducing repairs and support calls. (Manufacturer statement matches our real world customer experiences.)
  • Nice size color display and lowest price signature capture terminal!
  • Glass really does make display pop and mitigate risk of ink and scratch damage.

 

  • No experience to report.
  • Requires external power supply.
  • SAME AS L5200
  • Buy the L5300 if you have the space and you want a bigger screen. Otherwise the L5200 is suitable for almost any merchant. 99% of my customers buy this unit.

 

SAM = Secure Access Module slots

* Prices include power supply, cables, software loading, debit key injection, and everything physical needed to plug in the machine and run it. (Merchants also need a payment gateway such as CenPOS to securely accept payments and run the terminals. POS software with an integrated payment gateway is not required but is an option.)

MANUFACTURE WARRANTY & REPAIR NOTICE: Because these devices are more like computers than older style terminals, it’s recommended merchants purchase either an overnight replacement solution or have additional units on hand as a back up.

  • The typical manufacturer time to repair units under warranty is 8 weeks.
  • The typical cost to diagnose a unit problem not under warranty is $150.
  • Overnight repair service must be purchased at the same time the unit is purchased. Costs range up to $299 per unit.

Data obtained from publicly available information on the respective manufacturer web sites as of March 2014. In some cases, data was not readily available to compare the exact features, however, the terminal may have them. Merchants are encouraged to conduct their own research for comparative information not covered here and for general fact checking.

3 Private Duty Home Health Care Provider PCI Compliance Mistakes

As a business owner, PCI Compliance, or payment card industry data security standards, should be a priority, but too often owners are given poor advice or simply haven’t found a way to fix the problem of collecting and storing credit card data. Here’s 3 major mistakes and how to fix them.

credit card authorization form healthcare

MISTAKE 1: PATIENT CARE MANAGEMENT AGREEMENT & INTAKE PAYMENT FORM- PAPER

Most companies have an intake form with terms and conditions for payment, which includes fields for credit card authorization with full card data.

Employers entrust home health care provider staff and contractors with people’s lives, so surely they can be trusted with credit card information too, right? Not necessarily. Whether intential or by mistake, there are many ways the data can be compromised, and as an owner, the penalties in the event of a breach leading to identity theft could be crippling.

  • What if the forms are left in a car  (lunch breaks, forgot to bring them in house overnight etc) , and they’re stolen?
  • How are forms returned to the home office for processing? Are those methods secured every step of the way?
  • The form needs to be cross-cut shred. If the right shredder isn’t provided for home offices, how can one be sure the employee invested in one?
  • Merchants can never store the CVV or security code. If the form is needed for any purpose, can the sensitive payment data be cut off and shred without compromising the purpose of the document?

MISTAKE 2:  RECURRING BILLING PROCEDURES

 There’s a variety of excuses why the paper form is needed to be kept on file so the card can be charged for each billing period, but all of them are baseless if the provider does their homework for alternative solutions.

  • Stored paper forms present significant risk. Cleaning staff, vendors and trusted employees all have potential access to the data. A top reason cited for data breaches is, “it was easy”, and this tops them all.
  • Businesses with up to 100 employees are at extremely high risk for identity theft.

Additionally, it’s just plain inefficient to manage billing by key entering the same card data over and over again.

MISTAKE 3:  ENTERING DATA INTO COMPUTER SOFTWARE

Gathering the data digitally has the potential to be an excellent solution to paper methods.

  • Do not allow payment data to be entered into a spreadsheet or other non-secured form.
  • Is the payment application part of the private duty software, such that the software is in scope for PCI Compliance? Does the software need to be updated? Is the full card information ever available to users? The architecture of the solution strongly influences security. (Recall Target & Neiman Marcus data breaches).
  • Entering the card data directly into a cloud payment solution that is segregated from the business application software provides the optimal security. (Users should still follow all other PCI procedures.

3 METHODS TO IMPROVE PCI COMPLIANCE WITH FIELD PERSONNEL:

  1. Encrypt data at the point of acceptance either with a secure swipe device or key entered.
  2. Directly enter payment data into a secure payment processing platform.
  3. Use tokenization. Tokenization replaces sensitive PAN (Primary Account Number) data with a unique identifier known as a token, which is useless to anyone who may intercept it.

How can the provider get a written authorization on paper, that is safe for the customer and safe for the provider? Contact us for a FREE Credit Card & ACH Authorization form make- over, that can be used in combination with safe, secure, PCI Compliant technology.