Magento Developer Alert: Visa Mandate and Payment Gateways

How can Magento developers help merchants get compliant with the Visa Stored Credential Transaction framework and mandates effective October 14, 2017?

Drive your profits while helping clients keep compliant with fast changing credit card processing rules.

Step by step guide:

How will clients manage consent record requirements? See Improving Authorization Management for Transactions with Stored Credentials https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf . Will gateway provide a checkbox for consent records and ability to retrieve records on demand? (I called authorize.net on October 2 and they advised they will not offer this service, and will leave up to merchants.) Will you develop a custom application to include opt-in date, time and other requirements, plus storage and retrieval capability? Will you advise merchants to choose a technology solution, including payment gateway, that will manage automatically?  CenPOS, a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement will provide an automated solution for clients. Contact me for the plugin.

Update terms and conditions. Ensure online order terms include sale, refund and cancellation policies. Add a checkbox for customer opt-in to terms, including online payments. CenPOS has an opt-in box and you can customize the text.

Verify if there’s a system to manage authorization validity. What the heck does that mean? Many businesses, especially B2B companies, have complex needs including pre-authorizations, incremental authorizations, delayed shipping etc. While merchants may get issuer approvals, that doesn’t mean the authorization is valid. The two most common rules businesses struggle with are “Settlement within 72 hours” for card not present sales, and “Authorization amount and settlement amount must be equal”. (I asked authorize.net support about both items on October 2 and was told they do not offer automated solution.) CenPOS automates compliance. Other payment gateways are incapable or may leave it up to developers to create a solution. How can a developer verify if merchant has an issue? Ask clients to look at their merchant statement ‘pending interchange fees. If you see EIRF or STD, that’s a red flag there’s a problem.

Create a hosted pay page. B2B Businesses almost always have more than one sales channel and use of paper credit card authorization forms is common. They need help to eliminate. You already have the SSL certificate, so it’s a natural add on to provide clients a secure web page with an iframe a solution to collect payments. With CenPOS, end customers can use the same stored credential in Magento and the pay page, both credit card and ACH. hosted online pay pagePrevent brute force attacks. System hardening is a PCI compliance requirement. See Visa best practices to prevent brute force attacks. https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html. CenPOS includes recaptcha and client managed velocity and other rules as part of a layered security approach.

Payment Gateway checklist:

  • Verify payment gateway will send correct transaction data and flags for the initial transaction and subsequent transactions.
  • Advise clients to set gateway for zero dollar authorization when storing a new card.
  • Ensure client is registered for 3-D Secure and it’s enabled.
  • Confirm if gateway will automatically flag a transaction as customer initiated stored credential or merchant initiated stored credential (automated recurring billing). Additionally, the merchant initiated transaction must be sent with the MOTO indicator, not ecommerce.
  • Does gateway support level 3 data?

CenPOS manages all compliance and other items seamlessly in the background.

Communicate with clients. Advise any upcoming changes will increase efficiency and security for everyone. Advise clients to learn more about CenPOS payment gateway – call Christine Speedy, 954-815-6040.

Why comply? With full compliance and following my recommendations, merchants can expect better qualified interchange rates, increased approvals (avoid declines based on issuer risk averse algorithms), reduced PCI Compliance burden, fraud liability shift to issuer and increased efficiency for both buyer and seller. The cost of non-compliance is hefty, including higher interchange rates, penalty fees, and risk of both issuer and cardholder chargebacks.

interchange rate qualification

The same transaction can process at different rates as shown above, depending on which rules you follow. CenPOS Smart Rate Selector automates compliance to qualify transactions at the lowest rate possible. Which rates are on your merchant statement now?

Magento developer billing: Developers also need to comply with recurring billing requirements for your sales. What’s worked before is not compliant- everyone needs to change.

Resources and documentation http://3dmerchant.com/blog/merchant-bulletins-downloads – bookmark it!.  Join Christine Speedy’s email list.

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.

With the fast pace of changing rules, developers need a technology partner to automate compliance. Did you know?

  • For those not ready to give up paper, CenPOS creates a printable PCI Compliant credit card authorization form for every stored card.
  • CenPOS has ERP, ecommerce shopping cart, accounting and other plug-in modules available for quick and easy implementation.
  • I’ve been selling for CenPOS since day 1. Though I have other payment gateways available in my arsenal, nothing else compares for meeting business to business needs.

Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

CenPOS ecommerce gateway emulators for authorize.net, Mercury, ICVerify, Payflow Pro

The PCI Compliant CenPOS gateway can be used with virtually any shopping cart, including Magento, Prestashop and others, without any special integration by using emulators of many popular gateways. CenPOS is a multi-channel payment SaaS that works with merchants existing credit card processors and financial partners.

Payment gateways convert data to acceptable message formats for payment processors. With the emulator, CenPOS takes the merchants existing gateway message and automatically translates it to a CenPOS format which is then sent to the processor. When the transaction is complete, CenPOS converts the response back to the native gateway format. The emulator enables a merchant to change their gateways without any integration.

What are the benefits of the gateway emulators?

  • No integration required.
  • PCI Compliant

What payment gateway emulations are available?

  • Authorize.net
  • Payflow Pro
  • Mercury
  • IC Verify
  • contact us for others

How do I get started with the CenPOS emulator?

  • Ask your relationship manager for the emulator you’d like or contact us for a new account.
  • In your shopping cart administration, go to SETTINGS>PAYMENT>PAYMENT GATEWAY. The gateway name will remain the same. The API or account ID, Password or transaction key, and return URL will be replaced with CenPOS information provided to you. If your shopping cart does not let you provide a return URL, the emulator cannot be used.

Why would I want to change my gateway to CenPOS?

  • Multi-channel availability with one reporting system for all.
  • Extended capabilities. For example, securely storing payment data (check/credit card) with automated reminders to customers to update credit cards; accept mobile payments,  electronic bill presentment & payment.
  • CenPOS solves many business problems, particularly for mid-size or business to business, automotive, non-profit and health-care industries. Call authorized CenPOS reseller for a consultation.
  • If you have a small business that sells items to consumers that are immediately delivered, online shopping is the only method you use to sell, and your system works for you, there may be no compelling reason to change. Free Magento and PrestaShop community editions are not PCI Compliant, but with our free version with native CenPOS integration. CenPOS does not provide shopping cart hosting, consulting, or support other than as it relates to payments.

2017 UPDATE: Due to PCI Compliance and other requirements, emulators are no longer a valid solution. Contact us for a native plugin for your ERP, shopping cart, accounting, and other software needs.

Christine Speedy, CenPOS authorized reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

Google increases payment processing transaction fees

Google is making the transition from a flat rate fee to a tiered fee structure. Google first launched it’s payment processing service for free to gain market share, then evolved to a percentage plus per transaction. The tier pricing applies only to what rate category you’ll fall into, not that you’ll have tiered price levels.

NEW PAYMENT PROCESSING PRICING EFFECTIVE MAY 5, 2009

Monthly Sales Through Google Checkout Fees Per Transaction
Less than $3,000 2.9% + $0.30
$3,000 – $9,999.99 2.5% + $0.30
$10,000 – $99,999.99 2.2% + $0.30
$100,000 or more 1.9% + $0.30

ANALYSIS FOR GOOGLE

All companies must pay interchange, which is determined by what type of card is presented. If you have low volume, Google could get stuck owing more in fees than it is collecting under the old plan. For example, let’s say you have 5 orders totaling $1000. With so few transactions, the odds are against Google getting a wide variety of cards presented, increasing it’s risk.   If you have high volume, then Google is spreading it’s risk as they are likely to get a wider variety of cards, more reflective of societies purchasing habits today.

ANALYSIS FOR MERCHANTS

It’s not a bad deal. For small merchants, you’re going to pay that much to any company. For big merchants, you probably need Google because you have customers that want to pay with that method. Plus, by having Google payments, you improve your potential Google search results becuase they have a separate list of stores that use Google payments. Even at the highest level, it’s still a pretty good deal when you consider that debit ecommerce interchange starts at 1.6% and $.10 per transaction and credit ecommerce interchange starts at 1.8% and $.10 per transaction. As a business owner, Google Payments is never a sole solution for the largest businesses because their customers don’t want to be locked into one option, among other factors.

BOTTOM LINE

Merchants shouldn’t gripe too much. The costs are in line with what you pay through other sources, though that per item fee is pretty high and could be awful for high volume, low average ticket merchants.