Stopping Online Credit Card Testers

Online credit card testing by fraudsters can dramatically drive up payment gateway fees.  Historically, card not present financial fraud grows exponentially in countries after implementing EMV chip card processing, as thieves seek the weakest link for fake credit card purchases. Thieves use software to rapidly send cardholder data to payment web sites to verify if stolen cards are good, card testing, and since merchants pay a per transaction fee, regardless of approval, the financial impact can be devastating.

Companies with online pay pages are at increased risk. Since October 2015, online fraud attacks were up 11% 2015 Q4 Vs Q3, and up 215 percent from 2015 Q1. 83% of attacks involved botnets. Source: The Global Fraud Attack Index™, a PYMNTS/Forter collaboration. The preferred web pay pages have no login required, and provide detailed decline response reasons. I’m often asked by others in the industry to provide the latter, and for the same reason as for retail, it’s better than no one knows the reason for the decline. If you inform a criminal the expiration date is no good, they just need to figure out the right one.

PREVENTING ONLINE CARD TESTING

A layered approach is required to stop card testers since no single solution will stop fraudsters. Generally, the harder you make it, the more likely they will seek a path of less resistance.

  • Block known fraudulent incoming IP addresses. The bad guys also use hostile proxy servers, with dynamically changing IP addresses every authorization attempt, but this is still a first step everyone should employ.

For additional assistance, please contact us. I won’t make it easier for criminals by identifying all the tools here in the blog!

EBill payments via text or email improve PCI Compliance video

Ebill and einvoice systems send invoices vs Electronic Bill Presentment and Payment or EBPP gets you paid from that request via text or email. This critical difference has a major impact on security and PCI Compliance. This  video demo is for a standalone solution to accept online payments, including credit card. ACH and wire. Integrated solutions for Quickbooks, ERP, or other, are also available.

Video CenPOS EBPP Lite demo shows the simplicity of sending an einvoice with request for payment via email to an existing customer, that has previously made a purchase and stored their credit card. Customers can self-update their payment methods, store multiple methods. Ask for any feature, and yes, we probably support it.

A layered approach to card not present fraud protection is critical with increasing financial industry changes. In addition to the traditional address and CVV verification, cardholder authentication, IP blocking and other tools can be used to guarantee payment against fraud globally (some restrictions apply).

Eliminate credit card authorization forms with sensitive cardholder data. No one likes them, they’re time wasters for both parties, cards get expired etc. At best, they offer flimsy protection against fraud. Worse, they’re a PCI Compliance nightmare.  In the event of a data breach, it’s likely impossible to prove compliance if you use them. Regardless of how secure and loyal you think your employees are, stuff happens and when identity theft related to credit cards occurs, your business has a 50% chance of survival.

Contact Christine Speedy, 954-942-0483, 3D Merchant Services, 9-5 ET. Your merchant account, our cloud hosted payment gateway solutions.

3 Profit Boosters for Lumber, Building Materials, Distribution Companies

Lumber, building materials, and distribution companies increase profits and cash flow almost instantly with these credit card processing and accounts receivable tips.

  1. Use a credit card processing solution that supports level III processing for retail. Prior to the October 2015 EMV liability shift, there were more companies that offered this, but today, to my knowledge, we offer the only solution that has both US EMV and level 3 retail certification.
    level 3 processing interchange rate

    Sample interchange rates for the same credit card transaction; Failing to qualify for level III is costly.

    Benefit: Potential 1% or more profit margin increase.  TIP: No countertop credit card terminal supports level 3 due to the data that must be sent with transactions; no bank currently offers a level 3 retail solution with US EMV. A cloud-based payment gateway is required.

  2. Ensure key entered transactions are sent for authorization with the MOTO (mail order, telephone order) transaction type indicator. If not, the transaction will default to the highest ‘non-qualified’ interchange rate possible for the card type, and in the event of a dispute, merchant must be able to produce a signed receipt.  TIP: Never key enter on a countertop terminal since it is set up for RETAIL. VX520 emv NFC verifone terminalThe best solution manages proper presentment for processing automatically so employees don’t need to understand the nuances of the best way to process any transaction to qualify for lower rates or mitigate risk.
  3. Enable online payments, with level III credit card processing. By empowering customers to pay 24/7, they’ll pay faster to clear up credit lines to buy more. Also, with cardholder authentication, payment can sometimes be guaranteed against fraud and qualify for even lower interchange rates due to lower risk; key entered transactions carry more risk and while risk can be mitigated, payment is not guaranteed. Accepting alternative methods like ACH, wire, and Paypal will also reduce friction, increase efficiency and increase cash flow.

Accept Payments Online

Winter Storm Jonas is a reminder of the importance for business to business companies to accept payments online. What if you have a desktop terminal, but staff is working from home? How can accounts receivable be reached for call in or fax payments? Cash flow and efficiency will improve with 24/7 online payments.accept payments onlineTo accept payments online via a self-serve 24/7 online payment form, a payment gateway is required to secure the transaction. The most popular non-integrated methods:

  1. Hosted pay page – merchant provides customers an email or web site link to make payments on the payment gateway hosted web page. Click here for hosted pay page example.
  2. Embedded payment object– the buyer stays on the merchant web site, with the gateway html code embedded as an iframe.

Online Payments FAQ

What is the rate? There are two service types: Payment gateway or bundled gateway with merchant account. For flexibility to change merchant accounts, which most businesses will do every few years, keep your gateway separate to minimize business disruption. When the merchant account changes, there’s no programming needed. Just update the gateway settings with the new merchant account information. Never, ever choose a payment gateway by comparing the cost per transaction. Instead, measure the net transaction cost, including gateway fees, for card types accepted. (Click here for online payments example of authorize.net vs CenPOS for business to business.) B2B companies need a gateway solution that supports level III processing and will help qualify transactions for the lowest rate.

How long does it take to get started? Usually 2-5 days after the decision has been made, from gateway sign up to accepting payments. The actual implementation time is minimal.

How do I know when someone makes a payment? An email is automatically sent with details. TIP: Create an email alias to a distribution list. For example, epay@mydomain.com.

Can my invoices be automatically marked as paid in my accounting software? With an integration, yes. Depending on your software, and the gateway, there may be a module available for quick and easy implementation.

Where can I view transaction reports? By logging in to the virtual terminal via a secure web browser, or in some cases, via mobile app.

Can customers save their credit card information? With most gateways, yes.

Is it PCI Compliant? All the major US payment gateways are PCI Compliant. Accepting payments online can improve PCI Compliance for merchants, as risky practices like credit card authorization forms are abolished.

Can customers pay with an echeck (ACH)? It depends on the gateway.

 

Hosted Pay Page vs EBPP – EIPP

How can a hosted pay page or electronic bill presentment and payment (EBPP), also known as electronic invoice presentment and payment (EIPP) improve your customer experience? Cardholders are increasingly weary about giving out card data over the phone, or worse, via fax, which also has PCI Compliance implications. Reducing friction to collect payments, while putting cardholders in control of their data, is proven to increase sales and cashflow.

A hosted pay page enables customers to passively pay bills online via a secure web page. Payment types may include credit cards, Paypal, ACH (echeck), wire and other methods.

hosted paypage online payments

A hosted pay page empowers customers to make secure payments online.

With EBPP, the payment request is delivered to the customer via email or text. Instead of asking customers to find the pay page, the customer is given a link to pay a specific bill or invoice, or multiple invoices. Empowering customers to review and pay multiple invoices on demand by logging into a secure portal is also a significant benefit.

eipp payment request

Body of email containing pre-filled payment info, and link to securely pay online.

Merchants can reduce risk of lost credit card disputes and resulting chargebacks with a multifaceted approach:

  • Ecommerce merchant account required
  • Verify address & zip code
  • Verify CVV / CID security code; if using token billing, prior validation is OK
  • 3-D Secure: Verified by Visa (Vbyv) and MasterCard SecureCode – cardholder authentication shifts fraud liability back to issuer. This is especially critical for international sales where address verification is often not possible; there are limitations though so check the rules to see how it fits in your fraud prevention program.
  • How can a merchant enable customers to remotely pay an invoice, while maximizing security to prevent chargebacks from disputes? A critical step is managing the transaction representment to the issuer.
  • Require all B2B customers to confirm copy of the emailed receipt via a company email address
  • Optional custom procedures may be added based on risk tolerance

In summary, either method of online payments increases security and enables customers to pay 24/7 to increase cash flow. EIPP solutions have significant additional benefits and the cost to implement has dropped significantly, with many businesses experiencing an instant ROI.

Christine Speedy, CenPOS global sales and integrated solutions reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.