Tokenization is the process of replacing sensitive data with a meaningless number. There is no universal standard for tokenization in payments. The key principal is that no part of the token has any relation to the credit card or check data.  The tokens themselves are useless outside of the system for which they are designed to be used. Tokens can be created for one time use or stored for recurring.

Encryption is the conversion of data into a form that cannot be easily read by others. That which is encrypted can be decrypted.

Payment card industry data security standards (PCI DSS) do not allow credit card numbers to be stored on a retailer’s point-of-sale (POS) terminal or in its databases after a transaction, with very rare exception.  If you store card data on your servers, regardless of access limitations, you’ll have a hard time proving your company was PCI Compliant in the event of a data breach. The financial liability, and potential criminal liability, is substantial.

If PAN data (primary account/ credit card number ) is encrypted, it’s still within the merchant scope for PCI because it can be decrypted. The exception is if the merchant is using a third party that is using PCI Compliant strong encryption, and there is no ability for the merchant to decrypt the data and get back PAN’s. *

Tokenization helps merchants reduce the scope for PCI DSS compliance whenever credit card data is stored, because the merchant cannot reverse engineer to access the PAN data. Encryption can be used by the third party to protect the data in the token vault. It is not required by PCI.  When a merchant uses a token to process a transaction, the associated payment information in the vault is delivered to the processor. How and in what format? The logical and physical elements vary by provider and specific controls are secret for security reasons, but it’s a fair question to ask when considering a new provider.

The CenPOS payment platform uses both tokenization and encryption for maximum reduction of PCI scope for merchants, and for data security throughout the payment cycle. It provides the most flexibility for merchants, because they can change processors with no disruption to their business.

*Refer to PCI guidelines for further details. Official PCI Security Standards Council Site

Are you worried about fraud or PCI Compliance issues? Looking for ways to decrease your workload? Harnessing the power of CenPOS, a universal payment gateway, stored payment options will save you hours and hours of time, reduce the scope for PCI Compliance, and mitigate risks associated with Card Not Present (CNP) Transactions.

WEBINAR DETAILS:

Are you worried about fraud or PCI Compliance issues? Looking for ways to decrease your workload? Harnessing the power of CenPOS, a universal payment gateway, stored payment options will save you hours and hours of time, reduce the scope for PCI Compliance, and mitigate risks associated with Card Not Present (CNP) Transactions.

WEBINAR DETAILS: 5 Specific Solutions to Recurring Billing Problems (click to reserve your seat)

When: April 17, 11:00 a.m-noon EST.

Who Should Attend: If your company stores credit card or check information for any type of recurring billing, you should attend if you:

• Accept credit card or check payment information via phone or fax
• Key enter transactions
• Set up or modify scheduled payments for customers
• Supervise any of the above
• Reconcile, review or create related financial reports

What You’ll Learn:

1. Four Rebilling Options: Repeat sale, Recurring, Installment, and Variable Installment. Best practices to save time, improve collections and manage your payment charge schedule for any situation!
2. Fraud check: How to validate a customers credit card before securely storing for recurring sales.
3. Authorizaton Forms: How to create customer credit card authorization forms, without storing exposed credit card numbers, that meets newer card association requirements to protect against disputes.
4. Encrypt Payment Data: Two ways to create secure ‘tokens’, unique alpha numeric payment ID’s that drastically reduce keystrokes needed to bill your repeat customer again.
5. Rebilling Customers: How to easily retrieve tokens.

Interact:

• Send questions in advance
• Chat- ask questions during the conference
• Live Q&A
• This is a live demo, not a slideshow.

This graphic table illustrates some of the key differences of CenPOS vs Authorize.net. Using a Catholic High School for items needed, CenPOS crushes the gateway competition and it’s easy to see why schools are flocking to CenPOS.

There’s no question that Authorize.net is a solid product from a reputable company. I’ve actually recommended and used them for over a decade. However, for years they failed to innovate and CenPOS provides better value in every key area, including automated recurring billing. Authorize.net only just entered the multi-payment source market, primarily through acquisition and tying different products together, whereas CenPOS was designed from the ground up to support all payment methods. This is key to why CenPOS is much more flexible to be customized and deliver real-time data that merchants  need to increase efficiencies in operations.

A review of Braintree Payment Solutions and CenPOS universal processing platform for recurring billing follows. While there are several items that both share in common, this review highlights more of the differences. A key difference not outlined in detail is that while both offer a gateway, only one is a switch. A gateway accepts data and passes it through. A switch dynamically makes intelligent decisions based on a number of  through-puts, including merchant defined rules and a host database which is continually updated in real time. The CenPOS switch empowers merchants with more controls over payment processes and the hosted platform provides scalable, flexible technology to change with legislative, merchant, and payment industry changes.

With its promise of portability,  Braintree provides more flexibility than has been available from even the biggest credit card processing providers, for ‘online only’ businesses with a subscription recurring payment requirement.  Since the average small business changes suppliers every 12-18 months, Braintree’s promise of portability provides superior flexibility.

Transferring card data presents significant risk to the merchant in the case of a data breach. To protect from liability, suppliers who hold encrypted card data will generally not release data without a written promise to absolve from any and all liability in the event of any future data breach.

The CenPOS platform excels in markets where greater flexibility is needed in types of payments accepted, where they are accepted, or where interchange optimization is essential such for business to business. Wholesale distributors, law firms, medical billing companies, professional services, IT services, schools and staffing companies will benefit from the broader array of options of CenPOS. For recurring billing, there are very few options for merchants to bill a customer a variable amount with tokenization.  CenPOS provides superior flexibility for mid to large businesses to be PCI Compliant and manage processing costs.
 

In summary, merchants should evaluate all the reasons to choose a service provider for what they have now vs. what they need to leave the service provider later. A free trial or extended out will help users make the right choice.

Click here for more information about CenPOS recurring billing or here for CenPOS.

When a patient has a large medical bill, do you ever agree to multiple payments? How do you handle it? For some operations, the answer is for the customer to call back each month to phone in their payment. The most frequent reason cited is to avoid risks associated with credit card fraud and identity theft.

This scenario is bad for multiple reasons:

1. The patient may not call back.
2. Your staff might have to make more calls to collect later.
3. Staff has to key enter the transaction each and every time a payment is made.
4. Staff has access to credit card data over and over again. (risk)
5. Staff may be writing down card information to keypunch in later, each time creating a period of risk.

All of these can be avoided with a virtual terminal solution that meets all medical billing needs. Your computer can be a virtual terminal simply by logging in to a secure web page. Some think there is more risk with this, however, there is actually less risk.  Unlike desktop terminals, administration controls and manages access remotely on demand. This eliminates risk associated with wrongful use of hardware by cleaning personnel, repair crews and unauthorized employees, plus you can instantly remove, restrict, or expand credit card processing access.

We put the virtual terminal on steroids so you also receive these benefits:

• Save gobs of time! When a customer agrees to multiple payments, enter the customer data one time only and then set the payment schedule. Eliminate the follow up phone calls and other activities. (Recurring Billing)
• Reduce receivables and predict cashflow- Since payment is on ‘autopilot’, collection is more predictable. Dynamic real-time graphic report shows future receivables.
• Instant alerts based on thresholds you set can be transmitted via email to multiple personnel to reduce risk. For example, every refund over $50 sends an email.
• Create a one time payment for a different amount, then future fixed payments. No other virtual terminal allows you to do this! (Token billing)
• If a customer has multiple bills from different dates, enter the card data one time. Then simply add more ‘contracts’ for billing.
• Add multiple cards for a customer and multiple billing addresses- every possible option you need to collect payments are available.
• Least cost routing – eliminate human error and hardware settings from impacting the cost of accepting credit cards.
  
• Improve workflow. Enter payments from immediate work area.
• Optional integration with patient check-ins- customers can make partial payment at hospital on arrival, and agree to rebill same card for balance. You get swipe rate at hospital and phone rate in the future.
• Pay a bill online- create a payment page quickly and easily with just 3 lines of html code to put on an existing web page. Web page creation available for a fee.

FAQ

Can I keep the same credit card processor? Yes. The Virtual Terminal is compatible with all major processors.

Where is the card data stored? It is encrypted and stored on remote PCI Compliant servers with redundant back-up. Once the card data is entered, you’ll never have access to the card information, other than the last 4 digits, again.

How long will it take to learn? The basic tasks are learned in under 15 minutes. Users of advanced features will probably spend a few hours over the course of a week.

Do you provide phone support? Yes, 24/7. There are also dozens of 15-25 second videos for instant answers for every situation so your customers don’t have to wait. Phone support is included in the service.

How much does it cost? A better question is, how much will you save? Reduced credit card processing fees, reduced staff time, and improved cash flow. All agreements are per quote and may include a per transaction fee and or percentage of transaction fee. We custom quote so your business pays a fee relative to your business size, and not a penny more.

What are the computer requirements? Windows XP and above or any Mac OSX, with high speed internet.  There is no software to install. This is a host-based solution.

Can I see a demo? Yes! Call 954-942-0483.  If you want to know what your credit card processing savings will be, please send two consecutive merchant statements for analysis.

Do you offer credit card processing? They are two distinct agreements and we offer both.

How does this work if we also have a billing company handling our lockbox? The set up is very flexible. You can have one account that all users can see data for ie patient payment history and contract set up or not. You’ll have total control as to which users can see what data and what functions they can perform. You’ll never have to wait for a report again because you’ll have real time access to all transactions- on your schedule, and in a format that works for you.

How can we protect against fraud if we don’t ask for the CVV; don’t we save money by getting the CVV? The security or CVV, CVV2, CID code is not required for MAIL/PHONE payments. CVV never impacts cost. There are many other fraud protections such as address verification. Since CVV cannot be stored electronically, we do not collect it for recurring billing or token billing.

What about risks from computers? No data is stored on your computer. To meet PCI Compliance your individual computers or network will need PCI Scanning.

Ever been automatically enrolled in a program that bills your card every month? Legislation is progressing to stop this online tactic.

December 1, 2010 Klobuchar pushes to eliminate underhanded tactics that charge consumers for unwanted services.

Washington, D.C. – U.S. Senator Amy Klobuchar announced today that the Senate passed a bill protecting online consumers from predatory sales tactics that charge customers for services they were unaware they had purchased. Klobuchar is an original cosponsor of the bill, the Restore Online Shoppers’ Confidence Act, which was introduced after a Commerce Committee investigation revealed that some companies aggressively sought to enroll online consumers in costly services without their consent.

“As a former prosecutor, I’ve always believed that our laws must keep pace with advances in technology,” Klobuchar said. “Companies should compete in the free market based on the quality of their products and services – not on how well they can swindle unsuspecting consumers online. This bill boosts e-commerce by rooting out ‘bad actors’ and creating a level playing field online.”

Following introduction of the bill, several companies began to eliminate these practices in response to the efforts of Klobuchar and her Senate colleagues.  The bill would continue to protect future online shoppers by:

• Prohibiting companies from using misleading post-transaction advertisements by requiring them to clearly disclose the terms of the offers to consumers and to obtain consumers’ billing information, including full credit or debit card numbers, directly from the consumers.

• Prohibiting Internet retailers and other commercial websites from transferring a consumer’s billing information, including credit and debit card numbers, to post-transaction third-party sellers.

• Requiring companies that use “negative options” on the Internet to meet certain minimum disclosure and enrollment requirements, so consumers will not end up paying recurring fees for goods and services they did not intend to purchase.

Klobuchar serves on the Commerce Committee, which has authority over most Internet issues. The bill is also sponsored by Senators Jay Rockefeller (D-WV), Mark Pryor (D-AK), Bill Nelson (D-FL), Claire McCaskill (D-MO), and George LeMieux (R-FL).

see prior articles Restore Online Shoppers Confidence Act.

Do you have banks of credit card terminals provided to you by your clients? How are you distinguishing your company in the marketplace today? What if you could tell your clients that you don’t need or want their machine because there is a more SECURE solution to protect their PATIENT information?

The solution is not software, but rather a hosted “cloud” technology platform that never goes out of date, is always PCI DSS compliant, and is compatible with all the major payment processors. Virtually any payment other than cash is possible with a hosted solution, so as the industry changes, you’ll be on the forefront of various payment type acceptance, plus get funds into your client hands faster with more advanced reporting than has ever been available.
4 critical benefits you can offer your medical clients:

1. Real time treasury reports- the number one reason business site wanting our cloud-based payment processing technology.
- Dynamic reports and Graphics can show location, entire country operation treasury reports, and dozens of others. In just minutes CFO’s can see their business operations from many perspectives.
- Review collected funds in real-time, on demand, from any location. Check or credit card.
- Export data for other systems on demand.

2. Payment Card Industry Data Security Standards Compliance. Most have no idea what PCI DSS is, yet the merchant account holder is responsible and liable in the event of a data breach. Educating your clients and helping them reduce risk is a competitive advantage.

3. Eliminate terminals- no need to replace hardware due to being outdated.

4. Guaranteed best interchange qualification- whatever their price plan, this system will ensure every transaction processes at the lowest rate possible via patented technology. Human and equipment errors are eliminated. Merchants can keep their existing processor- or change- we’re neutral.

Medical Business Payment Problems:
- Time gap from services rendered to cash in bank.

- Patients paying a co-pay on the visit, then after getting paid by the insurance company, the patient ends up having a balance due.

- Offering option to make multiple payments special circumstances.

We offer two distinct solutions for MEDICAL BILLING PROVIDERS to help solve these problems:

1. VIRTUAL TERMINAL
This solution can be implemented immediately and is fully compatible with existing merchant accounts. Your clients want you to use this because they like the graphical reports and instant access to data on demand.

You can resell the solution. This is an up-sell service your clients really want once they see it.

2. On location equipment PLUS VIRTUAL TERMINAL
Hardware at business office and Virtual Terminal at billing provider (you).  The sales for both retail card present and subsequent sales, card not present, will appear in the Virtual Terminal and all reports.

REBILLING SOLUTION: TOKENIZATION
Access a secure payment processing platform and create a TOKEN to enable rebilling the patient or to set up recurring billing. Card data is never stored at the merchant location and the token links only to remotely hosted encrypted data. To re-bill, the merchant enters the patient name, transaction amount, and the TOKEN ID.

Patients agree to have their card charged, usually up to a specified amount, at the time of the original transaction. Merchants can print a receipt, or have an email automatically sent with the receipt.

BENEFITS:

• Improve cash flow.
• Reduce or eliminate collections.
• Simplify the billing process- reduce workload.
• PCI Compliant- secure solution eliminates exposed card data.
• Reduce opportunities for internal fraud by eliminating receiving card data within mailed billing responses.
• Managed payment processing costs- eliminates costly human errors that result in interchange qualification downgrades.

FEATURES:

• Optional Signature Capture terminal at the medical business location stores patient opt-in agreement electronically indefinitely.
• Access secure web page from any computer.
• User control for all functions and reporting. You decide who can perform what type of transaction and who can access reporting.
• Optional industry template to capture insurance policy number, account number etc. Export reports on demand.
• Real- time cash flow. Enables management to see multiple locations at a glance.
• Multiple merchant accounts- Use the same system for multiple doctors within a location.
• No more banks of terminal or dedicated phone lines- login to each merchant account to process a transaction.
• Minimal set- up. No major upfront investment.
  

Most medical and dental billing solutions address HIPPA, but what about secure payments?  Our dental billing solution enables you to securely collect current payments and outstanding bills after insurance claims are completed. Collecting payments in a secure manner is equally important to HIPPA. Most staff at medical practices don’t even know what PCI DSS is, even after having 6 years to comply.

DENTAL BILLING SOLUTIONS

Tired of getting paid weeks and months after services are rendered?

Do you have patients paying a co-pay on the visit, then after you’re paid by the insurance company, the patient ends up having a balance due?

How long on average does it take you to collect that balance? Are you paying a medical billing company to collect it for you?

Do you have orthodontia patients that are billed the same amount every month?

Do you offer a payment plan in some situations?

SOLUTION: TOKEN ACCOUNTS.

1. Merchant accesses a secure payment processing platform and creates a TOKEN to enable rebilling the patient or to set up recurring billing. Card data is never stored at the merchant location and the token links only to remotely hosted encrypted data. To re-bill, the merchant enters the patient name, transaction amount, and the TOKEN ID.
2. Patients agree to have their card charged, usually up to a specified amount, at the time of the original transaction. Merchants can print a receipt, or have an email automatically sent with the receipt.

BENEFITS:

1. Improve cash flow.
2. Reduce or eliminate collections.
3. Simplify the billing process- reduce workload.
4. PCI Compliant- secure solution eliminates exposed card data.
5. Reduce opportunities for internal fraud by eliminating receiving card data within mailed billing responses.
6. Managed payment processing costs- eliminates costly human errors that result in interchange qualification downgrades.

FEATURES:

1. Optional Signature Capture stores patient opt-in agreement electronically indefinitely.
2. Access secure web page from any computer.
3. User control for all functions and reporting. You decide who can perform what type of transaction. Enable off site billing or accounting to access reporting.
4. Optional industry template to capture insurance policy number, account number etc. Export reports on demand.
5. Real- time cash flow. Enables management to see  multiple locations at a glance.
6. Multiple merchant accounts- Use the same system for multiple doctors within a location.
7. Minimal set- up. No major upfront investment.
8. Optional pay page- simple code you can add to your web site so patients can pay a bill.

SALES CONTACT: Christine Speedy 954-942-0483

SCREEN SHOTS

Figure 1. The customer is present and you swipe the card. The card number, expiration and name on card are automatically recognized, as with any swipe device. Confidential information will be x’d out and will not appear on the screen.  Enter the  sale amount, as usual.

Notes: Other required or optional fields are determined by the merchant prior at account set-up.  The merchant determines data capture preferences balancing speed at the cashier, information needs, and risk.  In all the figures shown, invoice is mandatory, but that is strictly a merchant decision.

FIGURE 2.  When the customer is not present, different data needs to be captured for risk and interchange qualification  ( how much a transaction costs the merchant) concerns. i

FIGURE 3. If the merchant wants to bill the same customer again, the repeat sale button is selected. Information is collected for both the initial sale and future sales. A token is automatically generated, or the merchant can specify one. We recommend you collect the email address so that you can send automatic receipts for future billing. (You can also ask the customer to opt-in or opt-out to marketing via email.)

FIGURE 4.  When you’re ready to go back and bill the patient, enter the TOKEN ID along with the amount to charge.

If you captured an email previously and set up automatic receipts, an email is automatically generated and sent. Email set up can be programmed with your own FROM and SUBJECT.

The benefits I’ve discussed are just the tip of the iceberg. This technology is leaps ahead of anything else on the market, including ease of use. Your staff can complete a repeat sale with less than 5 minutes of training. Setting up recurring billing, where the same amount is billed multiple times, is not shown here and is just as easy.

Protect your patient data. Protect your business from internal fraud. Improve your cash flow. Look at functional graphical reports that let you see and compare cash flow from multiple operations in minutes.

Questions? Need a demo? Call Christine at 954-942-0483.