CenPOS, a fast-growing payment processing technology, released a new feature for merchants to enable the automatic collection of CVV at the point of sale for key entered transactions including a failed magnetic stripe read.  The update supports the new Visa rule for card present transactions.

Effective October 15, 2011, merchants that prompt for and validate the Card Verification Value 2 (CVV) on any Visa CPS Key entry transaction (not to be confused with CPS Card-not-present) will no longer be required to take an imprint of the card to prove that the consumer was present at the time of the transaction. More importantly, merchants that implement this new procedure will no longer be liable for charge-back reason code 81 (Fraud Card-Present Environment).

The CenPOS privilege in the Virtual terminal can be dynamically enabled or disabled by the merchant administrator. When enabled, the Virtual Terminal will automatically prompt for the CVV on any and ALL manually entered transactions. If in a retail environment with an attached signature capture terminal, the customer will still be prompted for their signature as usual.

Currently when the magnetic stripe fails during a face-to-face transaction, the merchant key enters the account number and must manually imprint the card to prove the card was present during the transaction for protection against fraud chargebacks. Effective for new transactions processed on or after October 15, 2011, merchants may include Card Verification Value 2 (CVV2) in the authorization request for Visa U.S. Domestic key entered face-to-face transactions when the magnetic stripe cannot be read by the terminal.
In order to qualify for chargeback protection against reason code 81 “Fraud-Card Present” the transaction must meet the following criteria:

• Authorization Approval
• U.S. Domestic Transaction
• Card Present with magnetic stripe failure only
• Transaction was keyed entered
• CVV2 was included in the authorization request
• Signature obtained on the sales draft and retrieval request properly fulfilled

The following transaction types are excluded from the chargeback protection:

• Quasi Cash
• Cash Back
• Manual Cash Disbursement
• Betting, including lottery tickets
• Casino Gaming Chips
• Off-Track Betting and Wagers at a Race Track
• Visa International transactions

These merchants must continue to obtain an imprint of the card when the magnetic stripe cannot be read by the terminal for the protection against fraud chargebacks.

At what point does it make financial sense to convert from a Paypal to a regular merchant account? I frequently recommend new small businesses start out with a Paypal account initially. There are factors you need to consider in making this decision, including risk of chargeback and whether you’ll be in front of your customer at the time the payment is needed. Below we examine two  business scenario’s and solutions. Both have customers that pay mostly by check or cash so credit card volume is low.

• A home improvement company meets with customers in person. Multiple salespeople are in the field so traditional wireless devices could be expensive. Some customers make a decision later and fax over their signed contracts.
• A boat towing service company has a fleet of part time captains that respond to emergencies on the water. Most customers pay cash so the credit Traditional wireless devices are impractical due to the number needed and inability to withstand weather elements.

All companies have their service personnel call in the credit card information for an approval over the phone, or they key enter it back in the office later.

Charge slips are impractical and expose the company to risk of a data breach whether through internal or external theft. Paypal is month to month, enabling new businesses to test the waters and build credit card volume before seeking prices from traditional merchant services companies. On the negative side, deposits to your bank account will usually take 3-5 days.  A merchant account will deposit funds to your bank in 1-2 days automatically, and deduct fees once per month.

Paypal is $30 per month plus the table below:

Paypal -month to month, no application fee. Deposits to your Paypal account, then you have to manually transfer it to your bank account which takes 3-5 days. Fees are deducted from every transaction, so you receive net transaction deposit. Some find this to be inconvenient for accounting.

Merchant account- Usually a 3 year agreement, and penalty for early termination and application fee may apply. Deposits to your bank account in 1-2 days and fees are deducted via ACH monthly.

How much will a merchant account cost? All credit card processing fees are based on interchange rates.  There are hundreds of rates. Hardly anyone charges $30/mth, so if your volume is low, be sure to include this when calculating your effective rate.

PAYPAL VS MERCHANT ACCOUNT FEE COMPARISON

The chart below shows examples of multiple scenarios of credit card processing for card not present transactions.  Foreign cards can have a major impact. Paypal charges 1% for foreign bank issued cards and most merchant accounts will pass through the extra fee which varies from .4% to .6% depending on the card brand. The chart assumes NO foreign cards which is a bit unrealistic.

Every situation will vary by number of transactions, types of transactions and actual merchant account fees. For your convenience, you can download the excel spreadsheet above and put in your own numbers. This spreadsheet is offered FREE for your convenience. It may not be used for commercial purposes, nor modified and distributed without express written permission from 3D Merchant Services.

Click to download the xls file Paypal vs merchant account fee calculator .

Hurricane Irene is wreaking havoc for businesses with limited phone and internet capabilities who need to process electronic payments. Our hosted payment technology provides the ultimate disaster relief capability because not only can merchants continue to process transactions, but they’ll have business continuity both before and after the disaster. What’s your back up plan?

DISASTER PROCESSES FOR A MERCHANT-  OVERVIEW OF BEFORE & AFTER SCENARIO:

Before disaster- Dial up terminal > authorization > print receipt which customers signs and you store for at least 180 days, the amount of time allowed for disputes.

After disaster: The use of limited phone line for customer service can interfere with ability to run operations, plus merchant needs power for printing receipts after authorization. More than likely the merchant manually imprints the card data and batch processes at a later date. This increases risk associated with accepting payments, including potential internal fraud and identity theft.

Before disaster with CenPOS technology- hosted terminal > authorization via internet >  customers sign signature capture terminal,  merchant sends receipt to the USB receipt printer, and CenPOS electronically stores signed receipt for retrieval for 7 years, covering both the amount of time allowed for disputes and any IRS needs.

After disaster with CenPOS technology, there are  multiple options:

• Attach a card reader to mobile device-ipad, iPhone, Droid. Card is swiped and customer signs on the device; a receipt is emailed automatically.
• Attach a card reader to laptop with satellite internet, and print 2 copies of receipts to the USB receipt printer; one for internal records and one for the customer. The transaction is electronically stored for retrieval for 7 years.
• Route calls to a temporary call center where operators take orders over the phone. Receipts are emailed to customers. Key entered transactions are automatically routed to meet card not present requirements, with proprietary technology to mitigate risk associated with card not present transactions, and reduce associated payment processing fees. Because CenPOS is an intelligent solution, even if you need to hire unskilled temporary help, you’ll avoid costly errors and mitigate risk because our solution automatically gathers the required data needed and passes it through to the processor.

In every case above there is no disruption to the merchant, who will use the SAME Virtual Terminal for all transactions both before and after the disaster. This simplifies recovery later because all receipts and transaction records remain in the same virtual location, with the exception of any offline signed receipts.

How can payment proessing technology improve the fan experience and finacial operations for professional sports teams? Fans want instant gratification. At the lowest level it’s simply a quick checkout at the stadium food line. At a higher level, it’s handling the larger purchases such as season tickets or paying the suite bill at the end of the night.  For executive management, there is signficant infrastructure at all levels to see data.

With virtually no investment,  teams and sports venues can have more information at their fingertips and improve their fan experience.

IMPROVING THE FAN EXPERIENCE

• Accept payments anywhere, any time. Whether you’re in a stadium parking lot, at a restaurant promoting the team, in the stadium isles, or closing out suite services for the evening, it’s all possible. Connect a card reader to an iPhone, iPad, Droid, or computer, and pay no additional fees for mobile payments (above whatever your device plan is). Collect an electronic signature and email the receipt or send it to print to a receipt printer, wireless printer, or network printer.
• Accept all types of payments- check, credit/debit. Anybody can do this, but can they do it from any location?
• Lost receipt? No problem. Cashiers can bring up the old transaction with the original credit card holder name and refund it back to the card.
• Reduce customer service phone time for questions about transaction history.  Find answers to payment questions instantly with 7-year search capability by a wide variety of search fields.
• Eliminate suite holder payment issues and reduce THEIR TIME spent on making payments.   With secure tokenization of credit/debit/ check information, the Suiteholder can give out the unique token to the host, which is worthless if stolen or lost.  No more reimbursement delays for employees hosting events. No cardholder risk of giving out credit cards or card numbers to remote employees. Minimize bill questions with instant email receipts to the card holder. Plus, multiple cards can be kept on file so that the suiteholder can have different cards for different department charges.
• When a bill needs to be paid to receive tickets or merchandise, the customer can click on an emal link and pay via check or crecit card.

IMPROVE BILLING EFFICIENCY

• Electronic Bill Payment & Presentment reduces the float time from invoice to collection.
• Instantly collect on any outstanding amount due without requiring special login.
• Steer customers to pay via lowest cost methods with rewards, discounts and incentives.

IMPROVE YOUR BOTTOM LINE

• Most sports teams have excellent price plans for merchant accounts so they pay very little over interchange. But what system is in place for to improve interchange qualification, which makes up 98% of your costs? Eliminate staff errors, hardware and software limitations from influencing how much you pay on each transaction.
• HR insights- 24/7 records of employee efficiency with recorded transaction types and times.  Who’s most efficient? Who’s hardly working? Hard data for employee reviews.
• Mitigate risk of internal and external fraud with merchant defined rules.
• Reduce risk of chargebacks from disputes with signature capture.
• Reduce financial report preparation with automated report writer.
• Automatically distribute reports via email to any personnel.
• Create a report hierarchy that makes sense for your needs.
• o   Do you want to view by revenue source? Location?
• o   View financial reports in real time with dynamic drill down.
• Real time reports provide instant financial insights.
• Reduce inefficiencies with 7 years of data available on demand for instant retrieval.
• Reduce inefficiencies by using a hosted platform- instant updates to reflect legislative changes, card association rules, HR changes.
• If you use check processing services, there is a more cost effective way to mitigate risk and reduce fees paid by setting up rules to automatically route checks based on associated risk.
• Where are your fans coming from? Measure marketing results. Geomap shows  you cardholder location for every transaction you enter a zip code.
• PCI DSS Compliance. Most sports teams have a higher standard to meet to be in compliance, yet like most organizations, staff actions are not always according to the playbook. Minimize errors by providing a solution to secure data by whomever collects it.
• Comprehensive payment solution for larger sponsors and suiteholders who have multiple payment methods and departments making payments.
• Reduce the pain of changing suppliers. Minimal effort needed to change banking, processors etc.

Do you take orders over the phone? How can you defend against chargebacks? You’re not going to like the answer I outline below because the burden on merchants is nearly insurmountable.

RULE NUMBER ONE.  You must have a MOTO* merchant account. If you run a card absent transaction on an RETAIL account, you will automatically lose because you won’t be presenting the transaction according to the rules of the merchant account with an in-person signature or pin entry AND card swipe or manual imprint. * MOTO is an abbreviation for mail order / telephone order; Faxed orders fall under this rule as well.

RULE NUMBER TWO: If the payment was made via a web page or ecommerce shopping site, the merchant must have an ECOMMERCE merchant account.

What if you accept credit cards via the internet and MOTO? Ecommerce presentment rules generally include MOTO requirements, but MOTO presentment rules do not include all Ecommerce presentment requirements.  You should read the rules carefully as it applies to your particular situation and NOT rely on this article.

Below are excerpts of the relevant rule from Visa and the condition I most often see cited on merchant chargeback forms. (Other cards have similar language. Please note the Visa International Operations Guidelines book is over 1100 pages so to keep this brief, this is a very narrow look, with text beginning from page 836.  Excerpts may be taken out of context to provide insights and should not be replied upon.

Reason Code 83 Fraud—Card-Absent Environment
Overview: Time Limit: 120 calendar days
Cardholder did not authorize or participate in a Card-Absent Transaction or Transaction was
processed with a Fictitious Account Number or no valid Card was outstanding bearing the Account
Number on the Transaction Receipt.

Chargeback Conditions – Reason Code 83
1. Cardholder did not authorize or participate in a Card-Absent Environment Transaction.

Representment Processing Requirements – Reason Code 83
b. Evidence of Imprint and signature or PIN  (Yes, it really says this under card not present!)
d. For Chargeback Condition 1, compelling evidence that the Cardholder participated in the
Transaction, excluding U.S. Domestic Transactions.

Further,

8. Mail/Phone Order or Electronic Commerce Transactions, if both: This provision applies to U.S.
Domestic Transactions (This only applies in the U.S. Region.)
a. Merchandise was shipped or delivered, or services were purchased (This only applies in the
U.S. Region.)
b. Issuer was not a participant in the Address Verification Service on the Transaction Date and
Acquirer received an Address Verification Service response code “U” (This only applies in the
U.S. Region.)

Additional Information – Reason Code 83
1. “Signature on file” notation is not an acceptable signature.
2. Pencil rubbing of the Card or a photocopy of the Card is not considered proof of a valid Imprint.

CARD ABSENT CHARGEBACK PREVENTION TIPS:

• When a merchant account is opened merchants are issued a metal plate with their required merchant account identifying information to use with imprinting forms.  Don’t toss is into a drawer. Buy an imprinter (about $25 from most office supply stores) and some voucher forms, put your plate in and keep it secured but handy in case you need it.  If you don’t know where your plate is, call your processor and ask for a new one. To mitigate risk, run the form through your imprinter, fill in all the information and then send the form to your customer. They must a) rub a pen across it to simulate as if the imprint mechanism ran across it. b) sign the form. This creates additional burdens to the merchant for PCI Compliance, since the imprint would have to be stored for 180 days, the current allowable chargeback time. But think of the burden of proof trail you’ll be able to produce- the form is sent to the customer address, the card must  pass AVS verify (address on card matches address mailed to), and you have a signature.
• To save time, merchants frequently only partially fill in the form, but this is not sufficient. All fields must be completed and the customer must sign.
• Ship merchandise with signature required, only to addressee.
• Shipping address and billing address must match. (You will lose automatically if they don’t unless you have special supporting document signed by the customer stating their desire to have shipped to a 3rd party address.)

Editors note: This article primarily addresses card absent,  not ecommerce.  A merchant solution to help mitigate risk is Cenpos. Here’s a few ways you can use CenPOS tools:

• Restrict user permissions for transactions.
• Set additional requirements to pass a transaction over merchant defined thresholds.
• Set up email alerts for notification of transactions over thresholds.
• Restrict types of cards accepted and rules for acceptance.

Is a pencil rubbing of the credit card or a photocopy of the credit card OK to defend against chargebacks? Yes, but only if the merchant has an imprint of the card on a credit card voucher form that is fully completed and signed by the customer.

Is a faxed approval form for the charge amount OK to defend against chargebacks? No. The merchant must have an imprint of the card on a credit card voucher form that is fully completed and signed by the customer.

Your credit card terminal goes down or your wireless unit can’t get a signal, but you’ve got customers lined up to buy. Is a pencil rubbing of the credit card or a photocopy of the credit card OK to defend against chargebacks?

No. The merchant must have an imprint of the card on a credit card voucher form that is fully completed and signed by the customer.

Below are excerpts of the relevant rule from Visa and the condition I most often see cited on merchant chargeback forms. (Other cards have similar language. Please note the Visa International Operations Guidelines book is over 1100 pages so too keep this brief, this is a very narrow look. Link t

Visa Chargeback Reason Code 81 Fraud Card-Present Environment

Chargeback Conditions – Reason Code 81
pg 825 One of the following:
1. Cardholder did not authorize or participate in a Card-Present Environment Transaction.

CHARGEBACK PREVENTION TIPS:

• A signature and imprint or magnetic stripe card data is required on all retail merchant accounts with a Terminal ID that is set up for retail  presentment. For most merchants, this means they need two merchant accounts- one for card present or retail, and another for card not present or MOTO if they have key entered transactions and the card is absent.
• To save time, merchants will only partially fill in the form, but this is not sufficient. All fields must be completed and the customer must sign.
• When a merchant account is opened merchants are issued a metal plate with their required merchant account identifying information to use with imprinting forms.  Don’t toss is into a drawer. Buy an imprinter (about $25 from most office supply stores) and some voucher forms, put your plate in and keep it secured but handy in case you need it.  If you don’t know where your plate is, call your processor and ask for a new one.

Editors note: Two merchant accounts will help mitigate risk because card absent aka card not present requirements differ from card present. For example, depending on the transaction method,  address verification and or security code may be required. Merchants with a single dial up terminal that has two merchant accounts my experience costly errors when the salesperson or cashier processes the transaction on the wrong account. It happens.  I see it all the time when I review statements and dig for downgrade reason codes. One solution is automated merchant account switching via Cenpos.

May brings the usual April interchange update. There are two noticeable bumps for MasterCard. An overall assessment increase to .012% for all transactions over $1000, and up to .04% more for WorldCard. Full article and link to 2011 Interchange Rates and Criteria.

BUSINESS CREDIT CARDS: The typical interchange rate to merchants for corporate cards is 2.2% or 2.4%.  The non-qualified rate is a whopping 3.17% on MasterCard, which can be avoided with proper interchange management. Depending on your business type, you may qualify for large ticket (minimum $1000) rates which can save you up to 1%. To manage these business card fees, check your merchant statement PENDING INTERCHANGE CHARGES to see what rates you’re hitting. If your eyes glaze over at the complexity of interchange fees, merchant discounts etc, read the 3D Merchant Services blog or email a request to be included in our next interchange insights webinar. TIP: With our payment platform you can automatically offer discounts to your customers if they use lower cost debit cards.

MOBILE PAYMENTS: We’ve officially launched our app for iphone, itouch and ipad. This enables you obtain swipe rates from the field, including signature capture or you can key enter. Receipts are emailed to customers. For service companies, you can swipe the card the first time, then re-bill via a secure token for subsequent charges. In both cases you qualify for the lowest rate, plus mitigate risk with the initial swipe. Droid is available for key entry only, with retail swipe coming by June 30.

Payment Card Industry (PCI) COMPLIANCE AND DATA SECURITY: The number of 2010 data breaches exploded in companies with 11 to 100 employees. A key commonality is simply the opportunity was there. Read the full 2011 Data Breach report which includes insider theft so you can identify your own weaknesses and take corrective action. Your company is not PCI Compliant and protected under Safe Harbor unless you can prove you’ve been compliant continually, not just when you completed an annual report. Trust me, all parties will look for ways for you to assume the full burden of costs associated with any data breach.  Every operation I visit or speak to has weaknesses so please put this on your priority list!. Need help? Call and lets discuss.

What’s in your merchant statements?  Multiple locations are now achieving over 90% pin debit penetration using our universal processing platform, CenPOS. Way to go!