Online Payment Form Security Alert

Is your online payment form out of date and a security risk? Securing online payment forms requires an annual review at a minimum. Just because a hosted paypage form still works, doesn’t mean it’s secure or PCI Compliant.

PCI Compliance requirements have steadily tightened since 2014 for pay pages and all ecommerce transactions.

Hosted paypage options:

  1. Merchant hosts the form and collects payment on their web site. Beginning with PCI 3.0, significant additional PCI burden applies. Highest risk.
  2. 3rd party payment gateway hosted pay page; Provide a link directly to customers to pay. The form is served by and submitted by the payment gateway. It significantly reduces the potential for malicious activity that could compromise cardholder data. Lowest risk.
  3. An iframe hosted paypage has the appearance of residing on the merchant web site, but the payment data is captured by the 3rd party directly on their web host. The implementation method using iframes for payments has changed over the years to meet current PCI Compliance requirements, including to combat malicious javascript and Cross-Site Scripting threats.

“If your iframe hosted paypage hasn’t been updated in the last year or so it’s likely not PCI Compliant,” Christine Speedy, Card Not Present Expert.

A payment gateway is a secure transaction engine that facilitates the transfer of sensitive information to the processor, and is required for all online payment forms. Some gateways provide online payment forms at no additional charge. Vendor selection has a significant impact on risk mitigation, payment processing fees, efficiency, and PCI Compliance burden.

A payment gateway can be proprietary to a specific processor, or agnostic and compatible with multiple processors. While one provider for both services may seem to be the best choice, there are significant reasons the opposite may also be true, including risk mitigation. Bots present a significant risk of exploitation of online payment forms and may result in profit loss if additional steps are not implemented to mitigate risk of ‘card testing’, where criminals use online forms to submit fake transactions to determine if cards are good or bad. Every attempted transaction has an associated cost with it, and adding in chargeback fees from resulting  disputes, the result could be tens of thousands in dollars in fees in a matter of hours.

If you don’t want to be the next law firm, CPA firm, hotel or distributor data breach headline, consult with a payments expert that understands the financial and risk ramifications of one payment gateway choice and implementation method over another vs ecommerce consultants or bankers that may have limited in-depth expertise to maximize your profits and mitigate risk exposure.

TIP FOR NON-TECHS: Does your online payment form look good on smart phones and other mobile devices? If not, there’s a pretty good chance your online payment page needs an update and is not PCI Compliant.


  • PCI – Payment Card Industry Data Security Standards

For PCI compliant solutions to collect online payments from your customers, contact Christine Speedy today. Get paid via your preferred methods, including ACH, credit card, wire and Paypal, while increasing security and convenience. Duplicate Transaction Settlement Error

Authorize.Net experienced an issue during a system update on October 17th that caused a subset of previously settled transactions from September to be sent for settlement again between October 17th and 18th. This issue is no longer occurring.

Authorize.Net is currently working to address any duplicate transactions in order to resolve the duplicate funding to merchants and potential duplicate transactions to their customers. We have already contacted your affected merchants and will continue to do so as we have updates.

If your merchants contact you about this issue, please advise them to NOT take any action on these transactions while we work to address them.

We will follow up with you with any further information, including information on potential reimbursements, as it becomes available.

To locate these transactions, please have your merchants follow these steps:
Log into the Merchant Interface at
Click Search from the main toolbar.
Click Search by Batch from the menu on the left.
Select October 18 and October 17 in the From and To drop-down boxes in the Settlement Date section.
Click Search.
Any impacted transactions will have a Submit Date from September 20-25.

We apologize for this error and any inconvenience it may have caused. If you have any questions regarding this email, please contact support.



Blogger Note: While uncommon, duplicate transaction and duplicate settlement issues do happen. They can emanate from anywhere in the transaction chain, though the payment gateway, or payment processor are likely more common causes. Because of that, merchants are advised to do nothing and the party that caused the problem usually reverses all the errors on behalf of merchants, typically within a day or two.

Dynamics AX Customer Payment File Import

To apply payments received from customers to matching invoices is easy with our Microsoft Dynamics AX 2012 payment processing module, no customization required. Automating payment processing, including journal entries, is essential to maximizing efficiency and accuracy. Other solutions usually only address part of the payment acceptance cycle; now with one module, revenue from all sales channels are processed and matched to your invoices.

PAYMENT TYPES: Accept cash, credit card, wire, Paypal, ACH, Remote Deposit Capture.

SALES CHANNELS: Ecommerce, Retail (US and Canada EMV), Electronic Bill Presentment and Payment (EBPP or EIPP), Lockbox and others.

While using a lockbox service is an option, is it necessary? With integrated EBPP, your clients can view and pay multiple invoices electronically with your preferred payment methods. A key to EBPP adoption is reducing friction, and with the capability for recurring customers to pay via text or email in just 2 clicks is powerful enough to drive high adoption and fast payments almost immediately. If you do receive payments in the mail, Remote Deposit Capture and batch upload capability are available.

Collections are automated on your schedule; many solutions are limited in this respect, increasing DSO due to “first of month” statement delivery or other limitations. For those customers that run into credit issues, users can set up an automated collections schedule- any amount, any dates.

Looking for Dynamics AX solutions to improve your accounts receivable and overall treasury management? Contact us today.



Oracle Micros Data Breach

Micros, a hugely popular restaurant and hospitality is the subject of a major data breach investigation. On Monday, 8 August 2016, Oracle Security informed Oracle MICROS customers that it had detected malicious code in certain legacy MICROS systems. Oracle is currently investigating the compromise.

Micros is used by many of the large hotel brands as well as restaurants. Over the last year, many in the hospitality industry have announced data breaches, though a link between the two has not been announced.


Visa Compromise Notification (Micros)

Data Breach At Oracle’s MICROS Point-of-Sale Division (

Increasing B2B Loyalty With Improved Customer Experience

b2b einvoiceThe last mile in any business to business transaction, collecting payment, can be a point of friction or a seamless part of a great buying experience. Too often, its the former due to a multiple roadblocks including paper invoicing, and accounts receivable staff availability for time zone differences.

Established family businesses often have the same customers for generations and they’re fiercely loyal. Or are they? In a Bain & Company survey of 290 executives in B2B industries throughout 11 countries, 68% of respondents said customers are less loyal than they used to be. Technology can be a game changer for increasing loyalty.

Common business to business billing scenarios for distributors without ecommerce capabilities:

  • Distributor A sends invoices via text or email and lets their customer choose their experience and how they want to pay. Pay from the email/text or login to a portal? Store and tokenize ACH or credit card or manually enter each time? Send check in the mail?
  • Distributor B sends invoices via email and requires customer to login to a portal to make payments.
  • Distributor C has an online pay page customers can use to pay any amount.
  • Distributor D send invoices via email, and customers send checks in the mail.
  • Distributor E sends invoice and credit card authorization form via email, then gets a fax back, key enters into a virtual terminal.

Which billing strategy delivers the optimal customer experience? Customers want to interact with you in multiple ways, so if you’re still doing business the same way you have for decades, customers have likely shifted some of their business, or maybe all of it, to another vendor. Price is not the likely culprit. In a retail study about millennials, just 15% always purchase from the lowest price retailer, while 38% cited convenience as a reason to not purchase. 58% said they’d take advantage of self-checkout on their own mobile device.

What does this mean for B2B distribution companies? Think like your customers. Are you making it easy to do business? Are you increasing their efficiency? What’s the opportunity cost of not updating? I once sought a new distributor for a product an existing supplier discontinued. I found one, but didn’t place the first order. Why not? They required calling in with my credit card information citing it would be more secure. We were in different time zones and the phone was busy, or the person at lunch, and it was just plain inconvenient to keep trying.

A distributor recently advised me they don’t store anything – they require a credit card authorization form for every single purchase. Talk about driving customers away! Even a simple hosted pay page can alleviate the need for paper forms, immensely increase customer convenience, and increase cash flow to boot. While increasing a credit line is a possibility, some customers use them as a tool to self-manage credit, increasing purchasing without having to interact with anyone.

Invoicing and payment technology updates are critical to garnering customer loyalty, regardless of the payment type. The more flexible the solution, the more likely each customer can interact with your business via their preferred method. Today’s technology supports a myriad of payment types, including ACH, credit card, wire and others, and multiple ways to interact for making payments from email to text and beyond. Delighted customers are more loyal and more likely to refer new business.

Christine Speedy is an authorized reseller for CenPOS, a cloud-based, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. The secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. 954-942-0483