No. Our hosted payment processing platform is NOT in a cloud. On the surface there are similarities, but the reason not to use a cloud is to control the integrity of the entire system from security to reliability. Amazon’s cloud failure, now impacting businesses for the second day, is the perfect example of why we will not use cloud computing for payment processing related services.

In cloud computing, the user’s computer may contain almost no software or data (perhaps a minimal operating system and web browser only), serving as little more than a display terminal for processes occurring on a network of computers far away.

In our hosted payments solution, the user’s computer will only need a small bit of software if using a signature capture terminal. All users connect to the platform via a web browser (except mobile). Like cloud computing, the merchant is accessing the power of remote software via the internet. But that’s where the similarity stops. With a triple redundant set-up, each PCI Compliant data center can operate completely independent and all are ‘hot’, meaning each are updated in real-time to mirror each other. All of the equipment is owned, not shared. This maxmimizes control over every aspect of system reliability.

The complete current Official Visa chargeback rules and reason codes are available for PDF download. A few of the most common codes are listed here as well.

Visa Chargeback Reason Code 60: Request Copy Illegible or Invalid

EDITORS NOTE: This is a tough one for most retailers to defend because they cannot go back in their files and find the receipt, or they have a copy on carbonless paper that has also become illigible with age.  Our CenPOS technology solution with signature capture retrieval provides instant access to the records you need to defend this type of chargeback. Additionally, with right processing solution, you can also manage all chargebacks from a simple control panel.

Reason Code 75: Cardholder Does Not Recognize Transaction

A lot of times this results from a dba name not being on the record.

Reason Code 57: Fraudulent Multiple Transactions

This chargeback does not apply to recurring payments or to mail order, telephone order, or Internet transactions.

Cashier mistakes are a common cause. Again, this can be eliminated with CenPOS technology for larger operations.

Chargeback Reason Code 81: Fraudulent Transaction Card-Present Environment

You can easily defend this with a signed receipt. Again, CenPOS payment processing platform with Signature Capture puts signed receipts at your fingertips.

Rules for Visa Merchants and chargeback reason codes

The official Mastercard chargeback reason codes as of May 2009 are available in PDF form. Some excerpts of the more common codes and their reasons follow:

chargeback Reason Code 4801 Requested Transaction Data Not Received

Proper Use of Message Reason Code 4801
The issuer may charge back the amount of the requested item using message reason code 4801 if it did not receive an original, substitute draft, or copy of  a transaction information document (TID) within 30 calendar days following  the Central Site Business Date of the Retrieval Request/1644-603 message. … For example, if a cardholder requested a copy of the transaction information document for his or her records…

Chargeback Message Reason Code 4808 Requested/Required Authorization Not Obtained

The issuer may charge back a transaction under this message reason code if
one of the following circumstances occurs:
-The transaction was face-to-face, card-read or key-entered, occurred at a location with a POS device that had both online and magnetic stripe-read capability, and was not authorized.
- The transaction was non face-to-face and was not authorized.
- The transaction amount exceeded the floor limit established by MasterCard in effect at the time of purchase, and was not authorized.
-The authorization request was declined, even if the transaction was below the card acceptors floor limit.
- Technical fallback and CVM fallback transactions that were not authorized.

Chargeback Message Reason Code 4840—Fraudulent Processing of Transactions
This message reason code can be used if the cardholder states in a letter that:
- The cardholder or anyone authorized by the cardholder was still in possession and control of all valid cards at the time of the transaction, and
- The cardholder admits to at least one legitimate face-to-face transaction on Oct 2008 the same card at a given card acceptor location, but denies making one or more additional face-to-face transactions at that same card acceptor location. The chargeback must reflect the entire amount of the transaction in question.

EDITORS NOTE: Our CenPOS technology solution is available for pennies per transaction for retail stores. The signature capture retrieval provides instant access to the records you need to defend this type of chargeback if the consumer actually made all the charges. Additionally, with right processing solution, you can also manage all chargebacks from a simple control panel.

Chargeback Message Reason Code 4841Cancelled Recurring Transaction
-The card acceptor continued to bill a cardholder for a recurring transaction, such as bimonthly, monthly, and semiannual billings of insurance premium, computer service, or a book-of-the-month club, after receiving notification of cancellation from the cardholder or issuer.

Chargeback Message Reason Code 4842 Late Presentment
- More than seven calendar days after the transaction date and the transaction
was completed with electronically recorded card information (whether
card-read or key-entered); or
- More than 30 calendar days after the transaction date, and…

official Mastercard chargeback reason codes (link to MasterCard) See link under popular downloads for the latest release.

EDITORS NOTE: You can reduce chargebacks caused by fraud with full PCI Compliance, signature capture and additional anti-fraud protection both at the cashier level and with special online protections. If you have too many chargebacks that you feel were avoidable, please contact us for further consulting. The right tools make chargeback prevention and management much simpler. These range from free to pennies per transaction.

Least cost routing in the payment processing world is processing any given type of payment via the route that will result in the lowest cost to the merchant. CenPOS is least cost routing solution. It’s an intelligent technology that essentially examines input, makes a multitude of decisions,  and sends back specific information to the POS terminal whether it be a signature capture or virtual terminal. This happens faster than traditional desktop credit card processing terminals. The cashier and consumer don’t have to think, they will be prompted if they need to enter a pin number, just sign, or something else.

CenPOS least cost routing works with checks, credit cards, debit cards, p-cards, and other electronic payment options.

The first reaction from many merchants is, “It sounds great, and I want it, but can I afford this?”.  Direct cash payback for merchants that would benefit most is anywhere from 30 days to a year. If you are processing a million dollars a month in credit and debit cards, you can’t afford not to have CenPOS which provides a huge array of benefits beyond direct ROI, including PCI Compliance and anti-fraud protection.

Prepaid cards issued by banks and other government-regulated organizations are a new way for consumers to make payments and conduct other financial transactions. There are plenty of situations where a prepaid card might be the most convenient choice, but be sure you understand the key terms and conditions BEFORE you buy. Ask these questions when you are considering a prepaid card:

* What are the possible fees associated with using the card?
* Where can the card be used (online, at ATMs, outside the U.S.)?

Reputable distributors of prepaid cards will give you the terms and conditions in writing or have them available on their website. If you don’t understand how your card works, ask for help where you purchased it, from your employer (if it’s a payroll card), or by contacting the customer service number on the card.

Payroll and General Purpose Spending Cards

Payroll and General Purpose Spending Cards can be very useful for those who want to budget their money and for those who don’t have a checking account or credit card.

General Purpose Spending Cards, which may be purchased by consumers, typically charge a monthly maintenance fee and could charge additional fees for adding funds to the card and/or making purchases or getting cash.

Payroll Cards are similar to General Purpose Spending Cards except that they are provided by employers in place of paychecks. Payroll Cards typically allow a certain number of ATM withdrawals without charge to the cardholder and usually do not assess fees for purchases.

While the federal government does not guarantee the same protections for all prepaid cards, many “branded” cards voluntarily carry protections that are the same as credit and debit cards. Cards with a major credit card brand logo provide consumer protections, such as replacing lost or stolen cards and re-crediting money after unauthorized use of the card. To obtain these benefits, you must follow the instructions for registering and activating your card. Be sure to record your card information, including the customer service telephone number on the back of the card, so you can get a replacement if yours is lost or stolen.

If you have a problem with a prepaid card, first contact the customer service number. If the problem still isn’t resolved, you may want to file a complaint with the proper authorities:

* For cards issued by retailers, contact the FTC. You may also file a complaint with your local consumer protection office.
* For cards issued by national banks, contact the Comptroller of the Currency.

Pin debit refers to a credit card transaction in which the buyer enters their 4 digit personal identification number (PIN) into a merchant terminal in lieu of a signature, when using a debit card.

Debit cards are usually associated with a checking account, but may also be a savings account. Regardless of the account, the card will ALWAYS have the DEBIT symbol on the front of the card. Newer cards usually have a holographic Debit symbol.

With PIN DEBIT the merchant pays a fee to the debit network instead of Visa & MasterCard interchange. This fee is under $1.00 per transaction, usually around $0.50 and the fees vary by debit network.

With SIGNATURE DEBIT, Visa & MasterCard have different interchange rates for debit card usage. With very few exceptions, such as processing greater than $420 million annually in debit or for supermarkets, the lowest rate for debit card interchange, which all payment processors pass on to merchants, is 1.03% plus $0.15 per transaction. More details are available by checking the latest interchange rates.

Pin-based debit transaction merchant fees include:
1. Per transaction charge from your Credit Card Processing services company.
2. Debit network charge (Debit Network Acquirer Fee). This fee varies depending upon your region of the country and the network that the cardmember’s issuing bank belongs to. The region determines which debit network the individual transaction will clear through.

Debit network acquirer fee examples:
Interlink Retail $0.175 + .75% (max of $0.525)
NYCE Retail Std $0.1375 + .65% (max of $0.6875)
Pulse (Includes Tyme) 0.16 + .65% (max of $0.71)
STAR (Includes MAC, Cash Station & Honor) $0.1625 + .65% (max of $0.6425)

Pin debit is best used if your average transaction is over $25. That’s generally a good break even point as to whether it’s cheaper to process via pin debit or signature debit.

EMV is a standard for interoperation of IC cards (“Chip cards”) and IC capable POS terminals and ATM’s, for authenticating credit and debit card payments. The name EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies which originally cooperated to develop the standard. Europay International SA was absorbed into Mastercard in 2002. JCB (formerly Japan Credit Bureau) joined the organisation in December 2004. IC card systems based on EMV are being phased in across the world, under names such as “IC Credit” and “Chip and PIN”. The EMV specification is also the basis of the Chip Authentication Program, where banks give customers hand-held card readers to perform online authenticated transactions.

The EMV standard defines the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. Portions of the standard are heavily based on the IC Chip card interface defined in ISO 7816.

The system is not compatible with the original Carte Bancaire smart cards systematically deployed in France since 1992. However, the French Carte Bancaire now also uses the EMV standard.

The most widely known implementations of EMV standard are:

* VSDC – VISA
* MChip – MasterCard
* AEIPS – American Express
* J Smart – JCB

MasterCard has a Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of Modes.

Differences and benefits of EMV

The purpose and goal of the EMV standard is to specify interoperability between EMV compliant IC cards and EMV compliant credit card payment terminals throughout the world. There are two major benefits to moving to smart card based credit card payment systems: improved security (with associated fraud reduction), and the possibility for finer control of “offline” credit card transaction approvals.
The goals and benefits of EMV:
- High level standard on terminal card API.
- It reduces the cost and time interval of software development (POS, ATM, HSM,…).
- The non EMV payment smart card has its own crypto protections (RSA, DES) and is based on local private standards.

EMV financial transactions are more secure against fraud than traditional credit card payments which use the data encoded in a magnetic stripe on the back of the card. This is due to the use of encryption algorithms such as DES, Triple-DES, RSA and SHA to provide authentication of the card to the processing terminal and the transaction processing center. However, processing is generally slower than an equivalent magnetic stripe transaction. This is due to cryptography overhead and time involved in messages transmissions between the card and the terminal. The increased protection from fraud has allowed banks and credit card issuers to push through a ‘liability shift’ such that merchants are now liable (as from 1 January 2005 in the EU region) for any fraud that results from transactions on systems that are not EMV capable.

Although not the only possible method, the majority of implementations of EMV cards and terminals confirm the identity of the cardholder by requiring the entry of a PIN (Personal Identification Number) rather than signing a paper receipt. Whether or not PIN authentication takes place depends upon the capabilities of the terminal and programming of the card. For more details of this (specifically, the system being implemented in the UK) see Chip and PIN. In the future, systems may be upgraded to use other authentication systems, such as biometrics, which are generally not considered economical as of 2007[update].

Control of the EMV standard

The first version of EMV standard was published in 1999. Now the standard is defined and managed by the public corporation EMVCo LLC.The current members of EMVCo are JCB International, MasterCard Worldwide, and Visa, Inc. Each of these organizations owns one third of EMVCo and has representatives in the EMVCo organization and EMVCo working groups.

Recognition of compliance with the EMV standard (i.e. device certification) is issued by EMVCo following submission of results of testing performed by an accredited testing house.

EMV Compliance testing has two levels: EMV Level 1 which covers physical, electrical and transport level interfaces, and EMV Level 2 which covers payment application selection and credit financial transaction processing.

After passing a common EMVCo tests the software must be tested to comply with EMV standard (VISA VSDC, MasterCard MChip,…).

List of EMV documents and standards

Since version 4.0, the official EMV standard documents, that define all the components in an EMV payment system, are published as four “books”:

* Book 1 – Application Independent ICC to Terminal Interface Requirement
* Book 2 – Security and Key Management
* Book 3 – Application Specification
* Book 4 – Cardholder, Attendant, and Acquirer Interface Requirements

Versions

First EMV standard came into picture in 1996-EMV 96 Version 3.1.1 Released another version in December 2000 – EMV 2000 Version 4.0 in May 2004

Version 4.0 became effective in June 2004. Version, 4.1 became effective in June 2007. Version 4.2 was published in June 2008.

External link
* [ EMVCo], the organisation responsible for developing and maintaining the standard

Portions of the above definition provided under GNU documentation license. Copyright (c) 2008 3D Merchant Services LLC.
Permission is granted to copy, distribute and/or modify this document ONLY
under the terms of the GNU Free Documentation License, Version 1.2
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

If your company is considering purchasing or leasing new equipment, make sure that it is EMV compliant. The hypercom T7 Plus is just one example of an EMV compliant terminal.

PCI is an acronym for Payment Card Industry. PCI Compliance is simply meeting the standards of the Payment Card Industry. Visit our sticky page PCI Compliance links. The terminology you probably really need to know is PCI DSS Compliance.

PCI DSS is a set of comprehensive requirements for enhancing payment account data security created to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

You can get current information about PCI DSS on the PCI Security Standards Council web site.

If every business met all these standards, the problem with data security losses would be minimized and we wouldn’t see the headlines we do today.