SaaS Startups: Credit Card Customer Onboarding 2017

Critical rules changes for credit card processing, especially recurring billing, will impact business profits and chargeback risk effective October 2017. Simply copying what other big SaaS businesses are doing successfully is not good enough. Everyone needs to make opt-in updates to comply, and EMV chip card acceptance is a good example of how even big companies can takes months or years to change.

payment gateway SaaS recurring

Critical SaaS recurring billing credit card processing rules past, present and future:

    • To validate a card and create a token for future purchases, perform a Zero Dollar Authorization. There’s a procedure, including using recurring indicator, and a transaction fee for this. If the solution you’re looking at suggests a $1 authorization, that’s because the payment gateway, and or the implementation, are out of date and don’t support current requirements. Run!
    • The sales receipt must include phrase “recurring transaction”, frequency of the charges, and the period of time agreed to.
    • Cardholder opt-in record. Rules may vary by each card brand; following Visa requirements is a good practice. For example, read Visa Stored Credential Transaction Mandates and also Visa Core Rules. One of the new requirements is specifying how the Cardholder will be notified of any changes to the agreement. The significance of new mandates is huge, and non-compliance will result in higher fees, penalties, reduced sale approvals and chargebacks.

Payment gateway selection directly impacts profits, risk, and your customer buying experience. Lots of developers integrate one or two of the oldest payment gateways because they’re “reliable” and familiar. True, but, this could cost your company it’s path to profitability and even existence. Any WordPress developer knows technology and implementation of technology changes. It’s constant. Before selecting a payment gateway for a SaaS startup, ask these questions:

  • How will it help with new Visa Stored Credential Mandates?
  • Does it support 3-D Secure cardholder authentication?
  • How will it help with account updating for expiration and replacement cards?
  • What type of digital record is created at the time of customer opt-in to agreement, how is it retrieved, and how long is it retained?
  • Does it support authorization reversals?
  • Does it level 3 processing for commercial cards (if applicable to business type)?
  • If I change banks or payment processors, how will it affect my customers? My business?

TIP: Most payment gateways are reliable; level 3 processing, and 3-D Secure support are starting points to reduce the list of options. Need help to get compliant? Contact Christine Speedy to learn more about solutions for your business that are quick and easy to adopt, increasing efficiency and growing profits virtually overnight.

Credit Card Expiration Updater & Recurring Billing

Are automated recurring billing transactions declining due to expired credit cards? This article identifies methods to automate credit card expiration updating for installment, fixed recurring, and variable recurring token billing transactions.

All credit cards on file are managed at the payment gateway level for PCI Compliance. The ‘token’ is the alpha numeric character set that replaces sensitive card data. Businesses have access to the token, but not the sensitive cardholder data, after it’s stored. With token management, users can update the credit card expiration date manually. No other fields can be modified. If the CVV – CID security code or card number changes, a new token is created for the new card.

Per rules of card acceptance, the actual expiration date must be used. There have been recurring billing software solutions on the market that simply change the expiration date for recurring transactions with expired cards, for example by changing the date by one year. This enabled transactions to go through with an authorization in some cases because the expiration date was not validated by the issuer. However, for chargeback rights, the expiration date must be provided by the Cardholder and must be correct.

Credit Card Expiration Date Updater Methods

  1. Self credit card updating. An email is generated by the recurring billing platform and or payment gateway alerting the cardholder of an upcoming expiration. The cardholder then self-updates their payment method via a web portal. While effective at reducing phone calls for updating, it still requires action by the busy cardholder, thus, many still go unattended until the point that a transaction fails. This impacts profits with attempted transaction fees, the time to manually reach out to customers, and cancellations; We all know that sometimes a customer pays for a service they do not use effectively, but don’t bother to cancel. Once they have to update their card… the revenue stream can be lost.
  2. Automated credit card updating via the card brands. Merchants must register for the service with their merchant services provider, and must have a payment gateway that supports the updater service. Visa and MasterCard charge a one time fee for registration. There’s also a fee per card updated, which varies by merchant services provider; typically, the provider will mark up for profit.

Credit Card Expiration Date Updater Costs

One-time Visa Account Updater (VAU) Setup fee $250, MasterCard Automatic Billing Updater Setup fee $350 per merchant account. The fee per update varies. For example, we charge $.09 as of this writing and clients have been quoted $.30 by other companies.

Recurring Billing Compliance Alert

Significant changes are coming to recurring billing. After the first authorization, all subsequent recurring billing transactions are to include a unique reference to the initial authorization. This must be managed seamlessly in the background at the payment gateway level. Adding a new field to the transaction process is significant and the challenges are likely on par with the launch of US EMV. Expect problems in the next 12-24 months as gateways struggle to comply with these requirements.

Refer to Visa Public Rules, and search for “recurring”, including section 5.9.9 Prepayments, Repeated Payments, and Deferred Payments, for more details.

CenPOS and Credit Card Expiration Date Updater

CenPOS, an enterprise payment gateway and merchant centric processing platform, supports the account updater services. As your CenPOS representative, I can activate the service on CenPOS for you, however, if your merchant services resides with a third party, you’ll still need to register through them. Before proceeding, contact Christine Speedy at 954-942-0483 for more information.

How to use a stored token for credit card payment: CenPOS training video

Variable payment recurring billing is easy and fast using CenPOS token billing solutions. Video shows how to retrieve a stored token to charge a credit card again. Tokens replace sensitive card data with random alpha numeric characters. Merchants can then charge the card again, with customer permission, by retrieving the token.

A Christine Speedy, CenPOS global sales, training video. This video uses ZOOM so you can watch as is, or enlarge as it was recorded in larger 1280 width. If you have trouble viewing, watch it on youtube: #33 How to use a stored token for credit card payment: CenPOS training video .

Tokens replace sensitive payment information with the last 4 digits of the card only, and the random alpha numeric token ID that replaced the full card number. CVV can never be stored, per card association rules, but merchants can perform a zero dollar authorization before creating a token.

Click on the credit and debit tab.

Select USE TOKEN. If the ‘use token’ icon is not visible, contact the merchant administrator to update user permissions, either by moving the user to a new role that has the use token permission, or by updating the existing role to add the permission to all users in the role.

If you don’t know the token ID, search for it.

token billing screenshot

Select the token by clicking on it.

Then enter the sale details. If the merchant has set up additional information fields, enter now. If the credit card type qualifies for special interchange rates that require additional information, such as a purchasing card, CenPOS will automatically prompt for it.

A receipt is automatically delivered to the customer email address put on file when the card was originally stored and the token was created. As a reminder, full credit card data is never accessible to anyone after a token is created.

The same process applies for stored checking account information via the Checks tab. By regulation, merchants cannot initiate repeat sales creating an ACH on business checks. Customers must initiate business ACH transactions. CenPOS supports that via the Electronic bill presentment and payment, or EBPP electonic invoicing solution.

About the author: Christine specializes in providing merchants with innovative technology to create efficiencies and ease the burden of PCI compliance. With a primary focus on “card not present” payment processing solutions for mid-size companies, including manufacturers and wholesale distributors, merchants improve PCI Compliance and streamline the payment experience for both their company and their customers. It’s fast, easy to use, and requires no capital investment to implement. For sales call Christine Speedy at 954-942-0483 or click here for more information.

How to upload customers to CenPOS recurring billing module

Converting a database of recurring billing customers to CenPOS is easy with the file upload feature. Upload all your customer, agreement terms, and credit card data at once, and the billing will begin automatically per the terms you input.

Below is FAQ for the customer file upload template to be used if you have existing customers and want to upload them all at once into the recurring billing module. This is also a quick way to upload stored card information and automatically create tokens. The alpha numeric ‘token’ that is created is then used to bill customers in the future. All credit card numbers should be securely shredded or digitally trashed after completing this process, as part of your effort to achieve PCI DSS Compliance.

  1. If my customer have an existing installment agreement, can I put the original start date and end date, even if it is the past? No.  The start date for the contract must be a future date or it will not bill.
  2. My customer has an installment agreement but at the end it automatically renews indefinitely. How do I set that up? For good record keeping, you may prefer to create two agreements. One for the installment, and a second fixed recurring contract with no end date, which would begin at a future date. Alternatively, you could create one recurring agreement with no end date and just add a note of the original contract begin and end date.
  3. Should the import file include all header/columns, whether they have data or not? Yes. Any fields not being used just leave blank and put a comma in its place.
  4. There is no field in the template for company name. Can the optional fields be used for the upload? Currently the company and department fields are not supported in the data file. We are adding that feature and will support it in the future.
  5. Why isn’t there a field for CVV? The CVV is never stored and it does not affect your fees. It’s used as a fraudulent card check and once you’ve verified it, you never need it again. If you want to validate a card, you can perform a card validation, which sends out the card for a zero dollar authorization and validates per the settings you have created on your account.

The recurring billing module supports ACH, debit and credit cards. The file upload supports debit and credit cards. If you have a need to upload ACH, let us know. To get the template,  CONTACT CHRISTINE SPEEDY or your relationship manager.

Image shows the required customer fields in red. The upload file also includes additional fields such as card number, expiration date etc.