What can a merchant do to prevent losses resulting from the booming black market of identity theft rings buying and selling personal credit card information? The retail card present and ecommerce or MOTO transactions require different preventative measures to block cloned cards.

In the retail environment, the top method is for the cashier to re-enter the last 4 digits. This is a check to make sure the magnetic strip data matches the imprint on the front of the card. Scammers don’t make thousands of unique cards each with matching customer data. They typically are programming the magnetic strip data only.

A skilled con artist may try to get a cashier to key enter the transaction with some story about a problem with the mag strip, before the cashier even swipes the card. Don’t be fooled. Cashiers should never take the customers word for it. They should always swipe first. If the strip is bad, the machine will prompt to re-swipe. This is a critical decision point! If the strip really is bad, what preventative measures do you have in place to protect your company?

• This is a key entered face to face transaction. The signed receipt must be presented to prevent a future chargeback. Can you find them when you need them?
• Do you allow all cashiers to key enter any transactions? How would you know if someone key entered a $5000 transaction? Are you comfortable with that?

In the card not present environment, the top method is to verify CVV also known as the security code. Cloned cards do not have matching security codes because that is not data they can obtain. Address verification may be required to prevent chargeback’s. MOTO and ecommerce requirements do have some variances.

Do you want an alert if a transaction over a certain dollar amount, say $500, is key entered? Do you want to check for address, but only require it for transactions over a certain amount? With our universal hosted payment processing solution, there are hundreds of ways for merchants to manage risk parameters, including setting automated alerts.

A critical difference in our system for retailers is LOGICAL INTELLIGENCE. If the cashier has been given privileges to key enter transactions, then the system will automatically switch from prompting for the last 4 digits to prompting for the zip code. The merchant can control the maximum amount the cashier is allowed to key enter, and whether they want email alerts sent to management. If signature capture terminals are in place, the customer is prompted for the signature, which can be readily retrieved in the event of a chargeback dispute. (Note- all these parameters are controlled by the merchant. For example, if you don’t want to prompt for the last 4 digits, you don’t have to.)

Want to find out more? Read the CenPOS overview and request information.

This article on Virtual Terminal Solutions addresses credit card processing in a law firm or individual attorney practice. How can improve security, prevent fraud, improve PCI Compliance, and reduce time to collect payments from repeat clients?

Virtual terminals are accessed via a secure web page enabling merchants to key enter credit card or other payment information. I recently helped someone hire a specialized attorney. There was no need to meet the attorney in person, and as it turns out, the specialist wasn’t local anyway. Read this article and see if you find any similarities with your own legal practice.

SCENARIO:  Collecting payment with customer not present.
A prospective client contacts an attorney regarding a legal matter for a third party. The individual desires to pay the legal bills for the party needing the services. After a brief discussion, the attorney sends a questionnaire to be filled out. After reviewing the information, a conference call is to be scheduled. There is an initial consultation fee for research, review and conference call. If the client desires to move forward, additional payment(s) will apply.

The party paying the bill requested to supply credit card information immediately to avoid any future delays as the process moved forward.  The ‘regular staff’ wasn’t in due to the holidays and an assistant took the credit card information over the phone, including CVV security code, writing it down on paper.  The firm will charge the card on the conference call date. I know the assistant doesn’t normally handle this function, but how often does this scenario happen in your law firm?

AVOID HIGH RISK

Collecting and writing down CVV information is a risky practice, and is generally not acceptable for most PCI Compliance situations. Creating a policy for Storage of Credit Card Details both on and off your premises is an essential element of PCI Compliance. Your company should have a clear written policy and all employees with access to sensitive information should have at least an abbreviated version of the written policy and have had training.

See related article, “Should you require CVV or AVS for phone orders?”.

How can a virtual terminal improve data security?

The key to selecting the best virtual terminal for a law firm is understanding the entire process for how payments are made, knowing the differences in virtual terminals available, and understanding the steps to PCI Compliance.

CRITERIA FOR SELECTING CREDIT CARD PROCESSING VIRTUAL TERMINAL SOLUTION FOR A LAW FIRM

1. Must enable multiple users, each with their own login. This is so you can track who makes every transaction. (Risk Management)
2. Uniquely control user privileges- who can enter “sale”, “void”, “refund”. Each of these should be uniquely configurable. Most systems provide ALL privileges to all users, but to reduce risk, you shouldn’t provide refund capabilities to someone who is not normally involved in the billing process, as in the scenario above.
3. Token billing for variable amounts- if you want to re-bill a customer over and over again, require tokenization. There are two unique types of token billing. One is to charge a variable amount on demand; the other is to charge multiple payments of the same amount at specific intervals, also known as installment payments. The card data is key entered via a secure web page one time only. Most solutions have an installment option, but very few have a solution for variable amount, on-demand payments.

BONUS CRITERIA- these features are not required, but there are strong reasons to put them on your list.

1. Client/contract management. With this solution, the merchant can set up multiple contracts for the same client ID, and assign different billing periods, amounts etc.; enter the card data one time only. Each contract is given a unique token.
2. Least cost routing. This technology will automatically require AND pass all data elements needed to qualify for the lowest cost interchange for any given card type, on to your processor. Human error and specific technical knowledge are eliminated from the process. This feature can reduce costly downgrades; for example up to .70% extra on corporate credit cards. What’s unique about this?

• Not all virtual terminals collect the information needed.
• Not all virtual terminals REQUIRE the information needed so it’s easy to bypass.
• Not all virtual terminals pass on the data to the processor even if it’s collected; the merchant has no way of knowing what’s needed or what is passed on.
• Users are typically in control, rather than intelligent software.
• Most virtual terminals are simply gateways. There are input fields and data is passed forward. Our professional services virtual terminal solution is not just a gateway. It’s an intelligent switch that recognizes the card type and determines what is the least costly way to submit the transaction for processing. Then it collects and passes the necessary data.

3D MERCHANT SOLUTION- All of the above plus, these additional law firm friendly features:

Would you like data interaction between your credit card processing and your legal software? Via API or CSV Export, you can update your legal software application. You CANNOT export or see card data ever, but you can use last 4 digits, name, card type and other fields.

Executive Reporting: Who’s billing the most?  Eliminate wasted time creating reports and totaling data. Via the executive dashboard, you can see billing in real time, with up to 7 years data to pull from. Organize your reporting preferences by division, region, and or attorney.

See related article best virtual terminal for card not present for comparison.

FAQ for 3D Merchant recommended virtual terminal

How much does the virtual terminal cost?

The virtual terminal is very affordable. Pricing is based on volume, either dollars or transactions. Depending on your credit card processing fees now, it may even be net neutral. For a firm proposal, please submit at least 2 months merchant statements for review. (You can keep your processor or change, no difference in price.)

Are there computer requirements? High speed internet and updated browser with flash plugin. PC or MAC compatible.

How easy is it to use? After logging in and changing the temporary password, most users will figure out everything they need to know in about 5-10 minutes. There are dozens of short 15-30 second HELP video clips for instant answers.

What is the implementation time? Contract approval to account set up is usually 2-5 business days. If you’re switching processors, we’ll have everything ready for you to start accepting payments immediately. Just add users in a matter of minutes and you’re ready to go. You can even batch upload existing client data.

If you’re not switching processors, we’ll provide you with a form for your processor to complete so we can link to your existing merchant account.

Token Billing enables a merchant to store encrypted card data and then charge the card again at a later date. Unlike recurring billing, merchants can charge a VARIABLE AMOUNT to the same credit card. Tokenization is the process of collecting, storing, and rebilling encrypted credit card data. Our PCI Compliant solution enables you to control spiraling credit card fees, reduce fraud risk, and see real time cash flow reports.

B2B companies often need this service. Their customers sign faxed forms authorizing the merchant to bill their card on an ongoing basis. Lawyers, accountants, staffing and service companies with auto fleets are all examples of companies who can benefit.

TOP REASONS TO USE OUR TOKEN BILLING SOLUTION

• Enter customer profile data one time only, then simply enter the token ID and amount to charge for subsequent transactions. Save TONS of billing time.
• Unlimited customers – pay only when you charge a customer, plus a minimum monthly fee.

• Host based solution. No software to download.
• Always up to date with the latest parameters for interchange qualification (the wholesale cost of credit card processing).
• Least cost routing will identify the lowest cost method to process a transaction and pass all data needed to qualify for it. This is NOT just providing the standard level II data that 99% of other service providers deliver.
• Compatible with all major payment processors.
• PCI Compliant. No credit data is ever stored at your facility.

Certain industries may also be eligible for pinless debit. This enables merchants to qualify for pin-debit interchange rates, even though the customer is not present to enter their pin number. Given the closing gap on the merchant value of pin debit vs signature debit, our solution will route your transaction based on cost and risk factors that you choose.

Read more about token billing.

Which is the best virtual terminal for card not present merchant accounts? I’ve looked at and used many including Paypal, Orbital by Paymentech, authorize.net, and CenPOS. I created a spreadsheet to compare them, and it’s still hard to put into plain english why I like one so much more than all the rest.

I’m going to eliminate any small business discussion for detailed comparison because the needs are vastly different. Paypal Payments Pro Virtual terminal and authorize.net are fine for small businesses. Orbital can only be used if you have a Paymentech merchant account. CenPOS can be used with any merchant processor, but it was created for larger businesses so they have a high minimum to keep the client base on target.

In this article I show why I like CenPOS more than any other for day to day user management. Even where virtual terminals have the same function, I prefer the easy navigation and user interface of CenPOS.

Easily add, delete and modify users. Total control over what permissions each user has. You can decide who can perform voids, refunds, auths, force and much more. You can set parameters for dollar thresholds to alert management via email for refunds over a certain dollar amount. There are probably dozens of ways to set up a user, but most importantly, I can do the most common tasks- who has access, and resetting passwords, in about a minute.

SCREEN SHOTS

Figure 1. CenPOS Basic fields to add a new user, including security control for transaction types. Sale= card swipe. MOTO = key enter. There are more advanced controls on a second page if desired. This user is allowed to process key entered transactions, voids ( delete a transaction same day), look up past transactions, and pull a report of their sales dynamically for any date range.   This type of tight security is perfect for new employees and other scenarios where you want to limit job functions.

If you check Return, the user can only complete a refund if the original transaction (any user) is recognized, and it cannot be credited for more than the original charge.

Let’s compare the above to authorize.net.Figure 2. Authorize.net adding a new user with “User Role- Administrator”. The administrator adds new users by first adding what type of role the user will have.  The group of options are pre-determined based on the role. This image shows the permissions automatically assigned for the administrator role. There is no option to edit them.

How much protection do you have from internal fraud? In CenPOS, you can provide just the right access to data needed, without giving the users access to anything more. Certain controls are at the merchant level (not shown), not the virtual terminal administrator level. The controls can be set for all merchant accounts within an entire organization, within a division, or at the merchant account level.  Plus, with the CenPOS Executive Dashboard, management can also quickly identify potential internal fraud with dynamic graphic illustrations.

Figure 3. Authorize.net adding a new user with “User Role- Transactions”. Part 1, Select role type. Again, all checked boxes are standard- you can manually turn any of them off.

Figure 4. Authorize.net adding a new user with “User Role- Transactions”.  Part 2, enter the user information.

Note the significant differences between the level of permission choices for this type of user, vs even the basic permissions you have for the CenPOS user? Especially In a larger organizations, these types of controls are essential to reduce risk.

This is part one of a series on Virtual Terminals.

What is CenPOS? CenPOS is an innovative host-based payment processing platform. It is not a gateway and it’s compatible with all major processors. Although there are many features and benefits, at the heart of the technology is the intelligent switch. It routes payment processing via the least cost method by identifying what it is and knowing the least cost way to process it. This all happens faster than a traditional desktop credit card terminal.

Merchants have hit a wall in reducing credit card processing costs via negotiating reduced merchant discounts. Real cost management today is achieved through interchange management which CenPOS does intelligently and automatically. CenPOS resides virtually between the merchant and the Acquirer- ie the merchant payment processor (merchant account), Amex, check processor, loyalty card etc. All transactions hit CenPOS via high speed internet connection before being routed automatically. Real time cash flow reports, fraud prevention, and PCI Compliance are other key benefits.

Most medical billing solutions address HIPPA, but what about secure payments?  Our medical billing solution enables you to securely collect current payments and outstanding bills after insurance claims are completed. Additionally, there are many built in merchant controlled settings to help reduce and eliminate both internal and external fraud.

MEDICAL BILLING SOLUTIONS

Tired of getting paid weeks and months after services are rendered?

Do you have patients paying a co-pay on the visit, then after you’re paid by the insurance company, the patient ends up having a balance due?

How long on average does it take you to collect that balance? Are you paying a medical billing company to collect it for you?

Do you have patients that are billed the same amount every month?

Do you offer a payment plan in some situations?

SOLUTION: TOKEN ACCOUNTS.

1. Merchant accesses a secure payment processing platform and creates a TOKEN to enable rebilling the patient or to set up recurring billing. Card data is never stored at the merchant location and the token links only to remotely hosted encrypted data. To re-bill, the merchant enters the patient name, transaction amount, and the TOKEN ID.
2. Patients agree to have their card charged, usually up to a specified amount, at the time of the original transaction. Merchants can print a receipt, or have an email automatically sent with the receipt.

BENEFITS:

1. Improve cash flow.
2. Reduce or eliminate collections.
3. Simplify the billing process- reduce workload.
4. PCI Compliant- secure solution eliminates exposed card data.
5. Reduce opportunities for internal fraud by eliminating receiving card data within mailed billing responses.
6. Managed payment processing costs- eliminates costly human errors that result in interchange qualification downgrades.

FEATURES:

1. Optional Signature Capture stores patient opt-in agreement electronically indefinitely.
2. Access secure web page from any computer.
3. User control for all functions and reporting. You decide who can perform what type of transaction. Enable off site billing or accounting to access reporting.
4. Optional industry template to capture insurance policy number, account number etc. Export reports on demand.
5. Real- time cash flow. Enables management to see  multiple locations at a glance.
6. Multiple merchant accounts- Use the same system for multiple doctors within a location.
7. Minimal set- up. No major upfront investment.
8. Optional pay page- simple code you can add to your web site so patients can pay a bill.

SALES CONTACT: Christine Speedy 954-942-0483

SCREEN SHOTS

Figure 1. The customer is present and you swipe the card. The card number, expiration and name on card are automatically recognized, as with any swipe device. Confidential information will be x’d out and will not appear on the screen.  Enter the  sale amount, as usual.

Notes: Other required or optional fields are determined by the merchant prior at account set-up.  The merchant determines data capture preferences balancing speed at the cashier, information needs, and risk.  In all the figures shown, invoice is mandatory, but that is strictly a merchant decision.

FIGURE 2.  When the customer is not present, different data needs to be captured for risk and interchange qualification  ( how much a transaction costs the merchant) concerns. i

FIGURE 3. If the merchant wants to bill the same customer again, the repeat sale button is selected. Information is collected for both the initial sale and future sales. A token is automatically generated, or the merchant can specify one. We recommend you collect the email address so that you can send automatic receipts for future billing. (You can also ask the customer to opt-in or opt-out to marketing via email.)

FIGURE 4.  When you’re ready to go back and bill the patient, enter the TOKEN ID along with the amount to charge.

If you captured an email previously and set up automatic receipts, an email is automatically generated and sent. Email set up can be programmed with your own FROM and SUBJECT.

The benefits I’ve discussed are just the tip of the iceberg. This technology is leaps ahead of anything else on the market, including ease of use. Your staff can complete a repeat sale with less than 5 minutes of training. Setting up recurring billing, where the same amount is billed multiple times, is not shown here and is just as easy.

Protect your patient data. Protect your business from internal fraud. Improve your cash flow. Look at functional graphical reports that let you see and compare cash flow from multiple operations in minutes.

Questions? Need a demo? Call Christine at 954-942-0483.

Most medical and dental billing solutions address HIPPA, but what about secure payments?  Our dental billing solution enables you to securely collect current payments and outstanding bills after insurance claims are completed. Collecting payments in a secure manner is equally important to HIPPA. Most staff at medical practices don’t even know what PCI DSS is, even after having 6 years to comply.

DENTAL BILLING SOLUTIONS

Tired of getting paid weeks and months after services are rendered?

Do you have patients paying a co-pay on the visit, then after you’re paid by the insurance company, the patient ends up having a balance due?

How long on average does it take you to collect that balance? Are you paying a medical billing company to collect it for you?

Do you have orthodontia patients that are billed the same amount every month?

Do you offer a payment plan in some situations?

SOLUTION: TOKEN ACCOUNTS.

1. Merchant accesses a secure payment processing platform and creates a TOKEN to enable rebilling the patient or to set up recurring billing. Card data is never stored at the merchant location and the token links only to remotely hosted encrypted data. To re-bill, the merchant enters the patient name, transaction amount, and the TOKEN ID.
2. Patients agree to have their card charged, usually up to a specified amount, at the time of the original transaction. Merchants can print a receipt, or have an email automatically sent with the receipt.

BENEFITS:

1. Improve cash flow.
2. Reduce or eliminate collections.
3. Simplify the billing process- reduce workload.
4. PCI Compliant- secure solution eliminates exposed card data.
5. Reduce opportunities for internal fraud by eliminating receiving card data within mailed billing responses.
6. Managed payment processing costs- eliminates costly human errors that result in interchange qualification downgrades.

FEATURES:

1. Optional Signature Capture stores patient opt-in agreement electronically indefinitely.
2. Access secure web page from any computer.
3. User control for all functions and reporting. You decide who can perform what type of transaction. Enable off site billing or accounting to access reporting.
4. Optional industry template to capture insurance policy number, account number etc. Export reports on demand.
5. Real- time cash flow. Enables management to see  multiple locations at a glance.
6. Multiple merchant accounts- Use the same system for multiple doctors within a location.
7. Minimal set- up. No major upfront investment.
8. Optional pay page- simple code you can add to your web site so patients can pay a bill.

SALES CONTACT: Christine Speedy 954-942-0483

SCREEN SHOTS

Figure 1. The customer is present and you swipe the card. The card number, expiration and name on card are automatically recognized, as with any swipe device. Confidential information will be x’d out and will not appear on the screen.  Enter the  sale amount, as usual.

Notes: Other required or optional fields are determined by the merchant prior at account set-up.  The merchant determines data capture preferences balancing speed at the cashier, information needs, and risk.  In all the figures shown, invoice is mandatory, but that is strictly a merchant decision.

FIGURE 2.  When the customer is not present, different data needs to be captured for risk and interchange qualification  ( how much a transaction costs the merchant) concerns. i

FIGURE 3. If the merchant wants to bill the same customer again, the repeat sale button is selected. Information is collected for both the initial sale and future sales. A token is automatically generated, or the merchant can specify one. We recommend you collect the email address so that you can send automatic receipts for future billing. (You can also ask the customer to opt-in or opt-out to marketing via email.)

FIGURE 4.  When you’re ready to go back and bill the patient, enter the TOKEN ID along with the amount to charge.

If you captured an email previously and set up automatic receipts, an email is automatically generated and sent. Email set up can be programmed with your own FROM and SUBJECT.

The benefits I’ve discussed are just the tip of the iceberg. This technology is leaps ahead of anything else on the market, including ease of use. Your staff can complete a repeat sale with less than 5 minutes of training. Setting up recurring billing, where the same amount is billed multiple times, is not shown here and is just as easy.

Protect your patient data. Protect your business from internal fraud. Improve your cash flow. Look at functional graphical reports that let you see and compare cash flow from multiple operations in minutes.

Questions? Need a demo? Call Christine at 954-942-0483.

Hospitals Are Not Protecting Patient Data; Healthcare Industry Lagging Behind HITECH Standards

TRAVERSE CITY, Mich. and PORTLAND, Ore. — November 9, 2010 — The latest benchmark study by Ponemon Institute, sponsored by ID Experts®, finds that data breaches of patient information cost healthcare organizations nearly $6 billion annually, and that many breaches go undetected. The research indicates that protecting patient data is a low priority for hospitals and that organizations have little confidence in their ability to secure patient records, putting individuals at great risk for medical identity theft, financial theft and embarrassment of exposure of private information.

Today, Ponemon Institute, a privacy and information management research firm, and ID Experts, the leader in comprehensive data breach solutions, released Benchmark Study on Patient Privacy and Data Security. For a free copy, visit http://www2.idexpertscorp.com/ponemonstudy.

The passage of the HITECH Act in 2009 widened the scope of privacy and security protections under HIPAA to provide stronger safeguards for patient data. This includes notification to patients when their information is breached.

“Our research shows that the healthcare industry is struggling to protect sensitive medical information, putting patients at risk of medical identity fraud and costing hospitals and other healthcare services companies millions in annual breach-related costs,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “At this point one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH, now that it’s been more than one year since it was enacted. Instead we found enormous vulnerabilities. The protection of patient data should be at the forefront of their efforts.”

Key findings of the research:

• Data breaches are costing the healthcare system billions. The total economic burden created by data breaches on the healthcare industry is nearly $6 billion annually. The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580. The average organization had 2.4 data breach incidents over the past two years. Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error.
• Healthcare organizations are not protecting patient data. Organizations have little or no confidence in their ability to appropriately secure patient records (58 percent). Healthcare organizations have inadequate resources (71 percent) and insufficient policies and procedures in place (69 percent) to prevent and quickly detect patient data loss.
• Protecting patient data is not a priority. Seventy percent of hospitals stated that protecting patient data is not a top priority. Patient billing (35 percent) and medical records (26 percent) are the most susceptible to data loss or theft. A majority of organizations have less than two staff dedicated to data protection management (67 percent).
• HITECH has exposed the healthcare industry’s lax data protection practices rather than improved the safety of patient records. The majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records. The findings indicate that there is a significant number of data breaches that go undetected, and therefore unreported.

“We talk with healthcare compliance people dealing with data breach risks every day and they just can’t get their arms around the problem of data exposure,” said Rick Kam, president and co-founder of ID Experts. “Unfortunately, in healthcare organizations, patient revenue trumps risk management.”
About Ponemon Institute
Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.
About ID Experts
ID Experts is the leader in comprehensive data breach solutions that deliver the most positive outcomes. The company has managed hundreds of data breach incidents, protecting millions of affected individuals, for leading healthcare organizations, corporations, financial institutions, universities and government agencies. In healthcare, the company contributes to relevant legislation and rules including HITECH and is a corporate member of HIMSS. ID Experts is active with organizations that advocate for privacy for Americans including ANSI/Identity Theft Prevention, Identity Management Standards Panel and the International Association of Privacy Professionals. For more information, visit http://www.idexpertscorp.com/.

Tokenization is now offered for resale of variable sales amounts. Enter card data one time only via PCI Compliant interface. The system will generate a token for you. To process future transactions, enter the TOKEN instead of card data, which can never be seen again.

The card data is encrypted and is never stored on your servers or computers. The token, which is worthless to others, is your way to submit future billing requests.

Tokenization and PCI DSS (payment card industry data security standards). PCI compliance is streamlined with tokenization and our end-to-end encryption solution.

The average user will submit cardholder data via the virtual terminal RESALE function. A token is automatically generated which you then store offline. To rebill, simply submit the token in lieu of the actual card number.

TYPICAL REPEAT SALE SET UP FOR RETAIL ENVIRONMENT:

- Merchant has customer fax a standard approval form with card data.

- The paper is filed in a locked drawer with limited personnel access. CVV is never stored.

- Merchant retrieves the information and key enters the transaction on a virtual terminal or desktop terminal when they need to rebill the customer.

- Merchant prints receipt and mails or faxes to the client.

TYPICAL REPEAT SALE SET UP FOR RETAIL ENVIRONMENT WITH CENPOS AND CARD IS NOT PRESENT:

- Merchant has customer fax a standard approval form listing the last 4 digits of the card only,  an email field, and with language about opting-in to receiving email from the merchant.

- Merchant gets card data over the phone and directly enters it into the secure virtual terminal using the RESALE button.

- Merchant copies the TOKEN  generated onto the merchant approval form which is then stored, in a locked drawer with limited personnel access.

- Merchant retrieves the token and key enters the transaction details on a virtual terminal or desktop terminal when they need to rebill the customer.

- Merchant uses the automated email function to send the customer a receipt, or prints receipts the old way.

What if the customer is in the store for the first order, but then won’t be there later when you bill more? You’ll swipe the card as usual, using the resale button. The cashier will be prompted for address and other data as if the customer is not present.

The first transaction will process via your retail swipe account. The future card not present transactions will process via your MOTO account, automatically, when you key enter the transaction later. This is a significant competitive product difference from any other solution you may looked at.

1. Merchants will qualify for the best interchange rate for each type of transaction, thereby lowering costs.
2. Merchants will meet the card association requirements for proper presentment to reduce risk of chargebacks from disputes. (Different rules apply about data submitted and signatures on swipe vs moto.)
3. Both transactions will be in a fully PCI Compliant environment, reducing risk of liability from improperly protecting card data.
4. Cashiers are removed from any decision making that can affect your rate qualification in every transaction. The system will automatically prompt for data needed based on transaction parameters.
5. Best of all, no terminal progamming updates! The hosted solution is always current and any terminal connected is simply a slave of the system.

Because they have no meaning by themselves, tokens or aliases are useless to criminals if your customer hard copy files were compromised. Per the PCI DSS standards for your organization, you’ll need to have your workstations scanned that you enter transaction on.

Ideal solution for any B2B companies with corporate customers. Sign up for RSS for more details on this feature. For a demo, call the hotline at the top of this web page.

Related articles: Can you store track data and be PCI Compliant?
Storing CVV codes so you can rebill