Distributor EMV Credit Card Terminals – Profit busters, profit boosters

Distributors have special needs for retail credit card processing to maximize profits and mitigate risk. Here we identify credit card terminals that are certain fall short on delivering in an EMV environment. The two most critical retail needs are requiring customers to comply with the highest security supported, and supporting level III processing. Additionally, P2PE, encrypting at the terminal head, is important for a security and compliance.

Only cloud payment solutions have the potential to meet the primary distributor retail processing needs.  This precludes all First Data terminals, one of the most popular brands distributed, and similar devices. DISCLAIMER: comments are specifically regarding business to business needs, not all retail industry needs, and are not in any way intended to imply anything negative about the terminals.

The terminals below DO NOT meet the two most critical distributor needs to maximize profits.

verifone vx520 emv terminal

Verifone vx520

Clover Mini by First Data

Clover Mini by First Data

First Data FD35 EMV pin pad terminal

First Data FD35 EMV PinPad, attaches to a variety of FD terminals.

Ingenico iCT250 emv capable countertop terminal.

Ingenico iCT250 emv capable countertop terminal.

magtek mini card swiper

Magtek mini card swiper.

The terminals below have the POTENTIAL meet the two most critical distributor needs to maximize profits. Special certifications and payment gateway logic is required.

ingenico isc250 signature capture terminal

Ingenico isc250 EMV

 

verifone MX915 EMV terminal

Verifone MX915 EMV chip terminal

Fraud liability review for MasterCard, American Express, and Discover (credit and debit)

  • If the card is chip & sign, and the terminal is EMV only, the card issuer is liable
  • If the card is chip & pin, and the terminal is EMV without pin, or pin debit without EMV, the merchant is liable
  • If the card is chip & pin, and the terminal is EMV with pin, the issuer is liable
  • If the terminal supports EMV & pin, but the customer uses chip & sign, the merchant is liable. Acquirers generally support chip and pin bypass to chip and signature. Merchants should only use solutions that require the highest security on every transaction, including prohibiting customer bypass.
  • If the terminal supports EMV & pin, but the customer does chip & sign, the merchant is liable.

Merchants should only use solutions that require the highest security on every transaction, including prohibiting customer bypass.

If you want to enhance your customer experience, make a change that also maximizes profits too.

Christine Speedy, CenPOS global sales and integrated solutions reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS? secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting merchant banking relationships. Keep your processor, upgrade your technology! Quick and easy to implement with no long term contract.

Dynamics AX Retail EMV certified terminals

What EMV chip card terminals can be used with Microsoft Dynamics AX Retail POS? We support Verifone MX 915, Ingenico ISC250 multilane terminals and the Ingenico ICMP mobile terminal and have a variety of certifications so that you can process EMV chip transactions today with all the major US processors, including First Data, Chase Paymentech, Tsys, Vantiv, Moneris and others.

verifone MX915 EMV terminal

Verifone MX915 EMV chip card accepted terminal.

Microsoft Dynamics AX EMV for Retail key purchasing questions related to EMV certifications:

Does POS solution support EMV chip with pin debit?
Does POS solution support EMV chip with pin credit?
Can customers bypass chip and just use mag swipe?
Can customers bypass entering pin?
Does EMV certification include partial authorization? If not, what happens when account doesn’t have enough for transaction?
Are terminals injected with P2P encryption?
Do you have mobile EMV with chip and pin?
If business to business, does the EMV certification include level 3 processing?

Are all of the above working right now in a live environment, or are there still bugs to be worked out? If any answers are no, merchants need to understand the impact before choosing a solution.

How will the gateway help with my other sales channels?
How will the solution reduce PCI Compliance burden?

“My clients have been processing EMV chip transactions with multilane terminals successfully since January 2015. It’s dizzying even for me to keep up with what which terminals are certified for which solutions. Since that information changes constantly, it’s best to call for a consultation to assess short and long term needs to achieve the best outcome while minimizing business disruption,” Christine Speedy.

Is it integrated to Retail Hero? No, that’s a separate integration that Retail Realm would need to do since the product is exclusive to them.

How much do terminals cost? It depends on the terminal. They’re reasonably priced. Please be aware, merchants must acquire terminals only through us or our approved distributor to ensure security and reliability of EMV and payment ecosystem. You cannot bring your own device.

How much does it cost? The Dynamics AX ERP and POS payment module is included free with purchase of our payment gateway services, which are very reasonably priced.

Where can I buy the Dynamics Ax POS EMV payments module? Contact us.

Can I use with my merchant account? Yes.

 

Microsoft Dynamics AX EMV terminals certified today

EMV chip certified solutions are now available for Microsoft Dynamics AX. As they’re still fairly new, it’s important to ask questions about functionality. EMV chip card acceptance certification is complicated, which is why many companies did not complete their certifications by the October 2015 liability shift.

Dynamics AX EMV for Retail tips to compare solutions:

  • How is pin-debit managed? Is EMV chip and pin supported? Can customers bypass entering pin? This is important because whoever supports the highest level of security determines liability for fraud.
  • Is level III data supported? This is important if the customer base includes business to business. For example, building materials distributors have retail and wholesale customers, and qualifying transactions for level 3 interchange rates can significantly improve profits.
  • What are the acquirer options? Can you choose your own, or are you required to use a specific processor?
  • Is P2P supported? Point to point encryption is an extra layer of security to prevent data breaches from malware and other criminal activities.
  • What is the audit trail? Identifying who did what and when is a part of PCI Compliance.
  • Can user functions be limited by job role, required for PCI Compliance?
  • If omnichannel, how will the solution help with all sales channel needs?
verifone MX915 EMV terminal

Verifone MX915 multilane signature capture terminal

ingenico mobile emv icmp

Christine Speedy, 3D Merchant Services owner,  can help guide you through the complexity of choosing the best solution for your business. Which terminal is certified with which processor? From mobile to multilane, Christine’s knowledge and experience will help you implement faster, and take the pain out of consulting with multiple vendors that come up short on solutions.

EMVCo Updates Payment Tokenisation Specification to Introduce ‘Payment Account Reference’ or PAR

Newly defined data element reduces reliance on primary account numbers when managing security requirements and delivering value-added services.

29 March 2016 – Global technical body EMVCo has released a bulletin updating the EMV® Payment Tokenisation Specification – Technical Framework to provide the payment community with a global, consistent framework to implement ‘Payment Account Reference’ (PAR). To be used by merchants, acquirers and payment processors, PAR can enhance security by limiting references to a cardholder’s primary account number (PAN) in the payment ecosystem.

Payment tokenisation is the process of replacing a PAN with a unique payment token that may be restricted in its usage, for example, with a specific device, merchant, transaction type or channel. Traditional PAN-based payments will continue to be used alongside EMV Payment Tokens. The introduction of PAR, which does not contain financially sensitive data, enables the payment acceptance community to link a cardholder’s payment token with their PAN transactions without needing to use their underlying card account number. This allows for a consolidated view of transactions on a payment account. This is also needed for security and regulatory reasons, such as risk analysis and anti-money laundering. It is also important for value-added services, as these often leverage historical transactional data to derive analytics and measurements to support customer programmes such as loyalty.

Mike Matan, current Chair of the EMVCo Executive Committee, comments: “Payment tokenisation enhances the underlying security of digital payments by limiting the risks associated with the compromise or unauthorised use of PANs. As well as increasing security, we want to ensure the payment acceptance community can continue to deliver associated payment processing and value-added services which are currently enabled by PAN. PAR addresses this by enabling all payment transactions – regardless of how they are initiated – to be processed in a consistent manner.”

The presence of PAR fulfils a fundamental need to link PAN-based and token-based transactions together. PAR enables the industry to move away from dependence on the PAN as the primary linkage. PAR data cannot be reverse-engineered to reveal the PAN or EMV Payment Token and cannot be used on its own to initiate a transaction such as authorisation, capture, clearing or chargeback. Users of PAR data are required to protect PAR data in accordance with national, regional or local laws and regulations.

“EMVCo recognises the need to continually adapt and advance the EMV payment infrastructure to support and promote user convenience without compromising security,” adds Jack Pan, EMVCo Board of Managers Chair. “Our work to establish a secure and scalable payment tokenisation ecosystem is no different. Since EMVCo launched its activity to focus on the development of a tokenisation specification, we have been working with industry stakeholders and EMVCo Associates to solicit feedback and determine appropriate updates to the framework, which will optimise the benefits of this technology. In addition to PAR, EMVCo has launched a Token Service Provider (TSP)

Registration Process, to promote transparency and interoperability of TSP entities. We look forward to continuing our work with the industry to manage and evolve this payment technology further.”

EMVCo – which is collectively owned by American Express, Discover, JCB, MasterCard, UnionPay and Visa – launched the EMV Payment Tokenisation Specification – Technical Framework v1.0 in March 2014. The PAR framework is designed to ensure global interoperability and support broad industry adoption. These latest updates are documented in the EMV Specification Bulletin No. 167, available to download without charge from the EMVCo website.

The specification bulletin accomplishes the following:

• Introduces PAR as an industry aligned data structure.

• Describes the presence of PAR in payment token and underlying PAN transactions.

• Defines PAR to be used as a consistent value for all payment tokens affiliated with an underlying PAN.

• Outlines how PAR can be used by acquirers, payment processors and merchants to link payment token transactions to those of the underlying PAN.

To join other industry stakeholders in contributing to EMVCo’s development of the tokenisation framework, become an EMVCo Associate.

– ENDS –

For further EMVCo media information please contact Sarah Jones / David Amos – Tel: +44 1943 468007 or email: sarah@iseepr.co.uk / david@iseepr.co.uk

Notes to Editors:

EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo.

About EMVCo:

EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes. Adoption of EMV Specifications and associated approval and certification processes promotes a unified international payments framework, which supports an advancing range of payment methods, technologies and acceptance environments. The specifications are designed to be flexible and can be adapted regionally to meet national payment requirements and accommodate local regulations.

EMVCo is collectively owned by American Express, Discover, JCB, MasterCard, UnionPay and Visa, and focuses on the technical advancement of the EMV Specifications. To provide all payment stakeholders with a platform to engage in its strategic and technical direction, EMVCo operates an Associates Programme and encourages all interested parties to get involved.

Visit www.emvco.com for further information and join EMVCo on LinkedIn.

Steps to Reduce Credit Card Fraud For Distribution Industry

dealer fraud credit card processingCredit card fraud is still rampant in the US, even after US EMV liability shift convinced many merchants to purchase terminals to support chip cards. Marine, auto, and other high value parts dealers have long had a problem mitigating fraud risk with local and international parts.

  1. For card not present orders, require self-pay with cardholder authentication. Taking cards over the phone, and or requiring a credit card authorization form, will not protect against all forms of counterfeit card fraud. However, consumer authentication shifts liability back to the issuer; the issuer guarantees payment, and because it’s lower risk, dealers can qualify for lower interchange rates, the bulk of merchant fees. Online payment, ecommerce payment, and electronic bill presentment and payment are the 3 methods dealers can use to enable self-payment.
  2. For retail orders, EMV is mandatory. Not by regulation, but by necessity. If a chip card is presented, and merchant supports, they’re 100% protected from counterfeit card fraud, and sometimes lost or stolen cards; if not supported by the merchant, the merchant can be automatically charged back at the issuers discretion and there’s no dispute process for merchants.
  3. Check guarantee. Whether in person or via echeck, check guarantee services are only good if they don’t reject your checks later on. Surprisingly (or maybe not), some services seem to look for ways not to approve your claim, such as information is missing from checks. This can be avoided with technology that forces users to collect the right data, including for remote self-payers.

If all of the above are implemented, dealers are protected from virtually any type of credit card fraud. The following tips will help prevent other types of lost disputes, or serve as supporting documentation if not all the above are implemented.

  1. Get a signed sales order. This can reduce non-fraud claims related to disputes about what was expected. The sales order should clearly state what was sold, refund policy, and cancellation policy, or refer to another document that specifies the information, but is initialed acceptance on the sales order.
  2. Ship to cardholder billing address. If not possible, then get cardholder approval that states bill to and ship to address are different, and they’re approval.
  3. Require all communications to cardholder business email address if selling wholesale. Free email like gmail is not OK.
  4. Require cardholder respond from business email address approving transaction receipt. This is a strong document in the case of a dispute for “I didn’t approve it”, especially when a third party is picking up the part from the dealer.
  5. The marine, automotive and other distribution companies are hit particularly hard with non-qualified transaction penalties when shifting between retail, key entered, and online payments. It’s critical that transactions are presented properly not only to qualify for lower rates, but to protect against lost disputes that require specific evidence for each type of transaction.

Not related to security, but critical for interchange rate qualification, the bulk of credit card processing fees, all services (retail, MOTO, ecommerce) should support level III processing.

In summary, dealers need US EMV and cardholder authentication to maximize risk mitigation from credit card fraud. US EMV requires terminal certification, and gateway certification* to your merchant account provider. Cardholder authentication requires a payment gateway certified for the service.  There are very few companies that meet all these requirements so if your credit card processing salesperson gives you a blank stare when you ask, it’s time to explore other options.

*A payment gateway certified for level III retail to your acquirer is required; countertop terminals are incapable of sending level III data.