Here’s a sneak preview of two innovations that will improve your EBITDA in 2012 with very little effort by your legal staff. The first improves billable time data capture and the second enhances payment acceptance with a flexible PCI Compliant solution, while mitigating risk.

Capture more billable time with a new innovative mobile time tracker that enables you to capture and assign billable time by matter code and client. A key feature is the pop-up on incoming calls; when you hang up, you can immediately assign the call to a client for billing and even enter notes. The length of call is prefilled for you. This data is all accessible back in the office via a web based dashboard.

Expense record on mobile device. Assign and submit billable/ reimbursable expenses on the go.

Our  innovative payment gateway works with your existing payment processors, creating numerous efficiencies, increasing cash flow, and reducing the cost of payment acceptance. Partners will have unprecedented access to client billing and payment data based on permissions granted. Clients will have new ways to receive invoices and make payments. Finance staff will have tools to automate processes and control payment processing costs. You’re in control of the most flexible, scalable payment solution available today.

We’ve been too busy bringing clients on board to create comprehensive marketing materials; technology is ready for immediate implementation. Payment Modules include: virtual terminal, batch upload, Electronic Bill Presentment & Payment (EBPP), Dashboard Reporting, report writer, shopping cart and pay page.

Legal Payment Brochure (pdf Download) . This one page document will be updated in the future.

Join clients listed in the 2011 U.S. News – Best Lawyers ‘Best Law Firm’ Rankings. Contact us now to find out why they chose our technology.

Accept payments via mobile, internet, and at fundraising events all with a single gateway solution that provides optimum security and cost containment. Fundraising solutions for any candidate must include a variety of payment methods, cost controls, reporting tools, and be simple to implement. This article explores how our solution achieves this.

Just like a business, accepting funds via credit card can be expensive when running for Congress, Senate, President or other offices. However, thanks to debit legislation under the Durbin Amendment that went into effect October 2011,  it’s not nearly as much as it used to be. With a wholesale cost of .05% and $.21 per transaction for non-exempt debit cards, the overall cost of credit card processing has been greatly reduced. With a wholesale merchant account, you’ll pay interchange fees at all levels plus a small merchant discount.

Understanding merchant accounts.

1. You can apply for an ecommerce merchant account, MOTO (mail order/phone order), or Retail (card present /swipe). It’s against card association rules to process ecommerce transactions on a MOTO or Retail merchant account. But if you have an ecommerce merchant account, you’ll pay higher card not present rates on swiped transactions. The solution? Our CenPOS gateway  automatically identifies the transaction method and sends the appropriate data so that the transaction will qualify for retail. The CenPOS patent pending switching technology is not available from other vendors and saves big money. For example, save .3% on Visa Rewards cards- the difference between retail and card not present.
2.  Fees are made up of fixed non-negotiable interchange fees, network fees, card association fees, fees that vary by vendor (some hard costs vendors incur may vary), and negotiable merchant discount fees. Altogether when you divide your total fees by the net transactions we call this your effective rate. With a wholesale merchant account, an estimated effective rate for political fundraising campaigns is 2.2%, or 3.5% for very small campaigns. If you’re not paying any where near that, contact us for alternatives.
3. Different payment acceptance points can result in disparate reporting, which is never a problem until you’re trying to research something and then it becomes a nightmare.
4. A gateway is required to accept payments online. You need both a merchant account and a gateway. CenPOS is a universal gateway, compatible with all major processors.

Campaign Fundraising Concerns and how we solve them with the CenPOS gateway:

• Need to accept payments via many methods:  At the core of CenPOS is a Virtual Terminal for card swipe, online payments, mobile payments and any other method. CenPOS automatically switches payment routing for least cost.
• Need to accept multiple payment types: Check and credit/debit cards are currently accepted, and more options will be available in 2012.
• Large volunteer base may assist in payment collection. This creates potential liability for data security, but also a need for simple solution. Have you ever handed out donation cards at a fundraising event that requests credit card information to be written down? Identity theft is a major threat. Instead, use smart phones with the free CenPOS app and get cards swiped at the table or door, or add a card reader to any laptop. Micro manage user permissions and shut them down on demand. CenPOS prompts both the user and the donor for the appropriate actions. “Dummy proof” your payment collection to reduce costs and improve record keeping.
• Donor Management: An API (application interface) is available to exchange data with your donor management software. CenPOS supports recurring billing and can send the appropriate secure token to your software as well. CenPOS stores 7 years of data storage vs the typical 18 months of merchant services providers and gateways.
• Finance scrutiny and Fraud protection: CenPOS mitigates risk of fraudulent cards and also offers advanced protection to block certain payment types including anonymous and foreign issued cards. You’re in control of how tight you want to control donations.

“My client is currently using CenPos as their virtual terminal and I honestly have not heard of them before. I am wondering if this can be integrated with the Ecommerce Template without too much trouble.”

The CenPOS API can be integrated with Ecommerce Templates and many other shopping carts.  There are multiple implementation options so the amount of time depends on your specific needs and your skill level. We can provide a payment object that you can apply in 10 minutes. Or you can use our API. Integration can be done in 1-8 hours in most cases, usually less than 4.

The current API can only be obtained from authorized personnel.  Do not attempt to use any file from any other source as there is no guarantee of file reliability, accuracy, or security.

Why haven’t you heard of CenPOS? Quite simply, we’ve been quietly building market-share without any promotion as part of our marketing strategy. CenPOS users now include:

• 5 of the top 30 Auto Dealers in the US (2010 Wards)
• 1 of the top 10 cellular providers
• Clients at 5 of the top 5 US Acquirers

CenPOS has been built from the ground up to be multi-platform and processor agnostic. There has been nothing on this level in the marketplace before for the mid-size business, our core target market.

Key differentiators from the other well known gateways, including authorize.net, Payflow Pro and Orbital:

• Interchange optimization automatically optimizes for lowest cost to process any credit card type. This is crucial and entirely unique.
• Payment acceptance flexibility: Payments accepted via retail, ecommerce, MOTO, mobile, web page, EBPP, batch and just about any way you can imagine.
• Mitigates risk of internal and external fraud with built-in micro management tools and alerts.

So we can focus on our core business of continually developing the worlds most advanced payment processing gateway, we’re actively seeking developers and VARS to create integrations. With our exploding growth, your experience as a CenPOS integrator will help you attract new customers.

Please contact us for the current API, integration questions, or for more information. Please note, we offer both a referral program and an reseller program.

I received a cold call from a representative of HostedPCI so I decided to review what they offer. HostedPCI sales pitch is to offer an quick and easy way to become PCI DSS compliant by offering an interface to your existing applications. Basically, their ‘vault’ receives the payment information, tokenizes it, and from that point, only the token is used for processing payments., regardless of the connection interface such as authorize.net.

The core services are currently call center and checkout express. The call center application changes the customer over to a secure payment call session where the consumer enters their card information. Then the operator gets a pop up on the screen with the token ID which can then be used for processing. This removes the operator from hearing the card information, improving security, and also making it easier to comply with regulations regarding recording payment information over the phone. Is this a one time use token? Is the customer told their card data is being stored? How long is it stored for? Whether they exist now or later, there are certain to be new regulations coming regarding the rules for storing, even with a secure token.

The company 2138617 Ontario Inc., dba HostedPCI appears to be Canadian, though it’s not entirely transparent since there is no address on the web site.

It is not a gateway and the salesperson said you’d still need one to accept payments online. I have to wonder, what is the real value of this application vs our Smart Virtual Terminal?

Tokenization – Yes, they both have it. HostedPCI tokenizes every transaction.  Our Smart VT only tokenizes data if there is a need for a repeat sale, and the merchant can issue an approval form for signature, perfect for B2B needs. There are so many other benefits for ours vs theirs (see our token billing page), there is really no comparison. Winner: Smart Virtual Terminal.

Call center - HostedPCI wins hands down because we don’t offer any voice related services. However, you can explore 3rd party options that already exist and if it makes business sense, we’ll integrate.

Gateway- HostedPCI integrates with gateways, ours Smart VT replaces them, eliminating gateway fees. Winner- open to interpretation.

Shopping cart integration- Hosted PCI Checkout Express uses an iFrame and also offers an API, same as our Smart VT. Hosted PCI has ready made API’s for Drupal and Magento;  We’ve never had a customer ask for this so we haven’t made one specifically for this purpose yet. Winner: open to interpretation.

Reporting: HostedPCI doesn’t mention any and our Smart Vt is more robust than anything else on the market. There is no comparison. Winner: Smart Virtual Terminal.

Flexibility: HostedPCI is developing new applications. Smart Virtual Terminal is ready today for Kiosk, EBPP, ecommerce, web payments, mobile, and retail POS and accepts loyalty, credit/debit, check, check guarantee, ACH and other payment methods. Numerous ground breaking features are in the works. Winner” Smart Virtual Terminal.

With prices that start at $.30 per transaction for HostedPCI, if you have an ecommerce PCI Compliance problem and spend less than $100 per month in gateway fees now,  then HostedPCI may be a viable option for you. If you have a call center, check the legal requirements in your state on what’s allowed, including phone script requirements. Smart Virtual Terminal provides significantly more value for mid size merchants at competitive prices (non-published).

There’s room for improvement in medical billing for card not present transactions. The lack of security in the healthcare industry with respect to payment processing is evident in nearly every business I’ve interviewed in the last two years. With all the effort put into HIPAA, you’d think they’d be more likely to be PCI Compliant than other industries, but in my experience talking to and interacting with healthcare  companies, I think 50% PCI DSS  (Payment Card Industry Data Security Standards) Compliance would be extremely optimistic.

So what’s got my gander up today? A widespread lack of security by healthcare suppliers with my HSA debit card data. Before giving out my credit card information, I always ask what they are going to do with it.  As a cardholder, I have a right to know. Like many Americans, I have an HSA account and funds for payments are accessible only via a debit card. That means any misuse could wipe out the account.  Under Visa’s Zero Liability policy  consumers are not held responsible for fraudulent charges made with the card or account information, but identity theft is another matter the consumer is left to deal with.

I talked to three different personnel for the story that follows. The last one said the first two didn’t entirely follow normal protocol, which does nothing to spare them from the liabilities associated with identity theft.

This article is about a medical industry merchant storing credit card data in a database and the misunderstanding of potential  liability exposure as a result. Storing card data even for 24 hours poses a huge risk both financially and criminally. In this article we’ll review their processes and solutions to mitigate risk.

First, let’s review the payments process.  Consumers receive invoices in the mail. They can mail a check or pay by Visa or MasterCard by returning a form, or call on the phone. The merchant then uses a multi-step process to collect the information and process it.

PAY INVOICE BY MAIL

This invoice format is quite common for medical billing.

RISK: Merchant collects the CVV code, listed as signature code above, and bills are sent to a their corporate office. Collecting and storing CVV codes is always a bad idea. The mail could be stolen by internal employees familiar with the billing process. Someone could copy or even quickly photo each billing form. It’s doubtful they could prove PCI Compliance and would likely have no safe harbor in the event of a data breach.

SOLUTION: Remove the security code from the form. Have all bills sent to a lockbox. Reduce mail payments by enabling customers to pay their bills online.

PAY INVOICE BY PHONE

The first person to take my payment was covering for someone who was on vacation or otherwise out of the office.

• She took down my invoice number and credit card information on a piece of paper. She entered something into their billing system so there was  a record of my call and payment.
• The paper went into an “in box”. It was Friday.
• The person emptying the “in box” and posting payments would be in Monday to complete the transaction.
• Monday the posting person key entered the transaction into a desktop terminal.
• Tuesday, presumably,  paper was shredded. The paper is held for a day to ensure the payment went through properly so the customer does not need to be called.

RISK:  The paper with full card data was exposed for up to 5 days. Was the ‘in box’ emptied and put in a locked drawer when not being worked on, including breaks? Do cleaning personnel have access to the facility on evenings and weekends?

SOLUTION: Enter the card information directly into our smart virtual terminal. Some flexible options include:

• Entering the card and customer data and instantly charging the account. In this case, you can enter the CVV for extra fraud protection.
• Creating a customer and entering the card information for later billing. Using a process called tokenization, the card data is stored encrypted on PCI Compliant servers, never at the merchant location.  CVV is NEVER stored, not even encrypted, since it’s against card association rules.
• Entering the card and customer information and obtaining an authorization only, for other personnel to charge later.

The seccond person to take my payment on a future date was the actual representative for my account.

• She entered information in the billing system so there was  a record of my call and payment.
• My card data, including CVV,  was entered into a ‘notes’ section of the billing database.
• The customer service representative has no access to see the card data after it is entered.
• An accounting person retrieves the card data for payment in bulk with others within 1 business day.
• The posting person key enters the transaction into a dial-up desktop terminal.
• The next business day, presumably,  the computer notes are deleted.

RISK:  Full card data is exposed on a computer network. It doesn’t matter that access is restricted to certain personnel. This data storage is certainly a violation of FACTA and PCI Compliance standards, and probably HIPAA too. The merchant is open to both criminal and financial penalties in the event of a data breach. Additionally, the merchant would need to securely wipe or destroy every associated hard drive removed from service in the future to eliminate data theft potential.

SOLUTION: Enter the card information directly into our smart virtual terminal, same as above.

What are the financial risks with this data exposure?

• Replacement cost per card compromised, $25.
• Mandatory consumer credit report service for one year, $12/mth per card holder.
• Reimburse all claims from card associations.
• Fines from FACTA, HIPAA, and PCI Compliance violations
• Your business could come to a screeching halt while a forensics team investigates.
• Bad PR could result in loss of business.

What are the criminal risks associated with card data exposure? Felony.

FINAL NOTES: There is some use of an online gateway within the organization, but those details are unknown. I spoke to staff that believes since the payment processing is via a dial up terminal and is not connected to the card data in the database, that there is no risk. That is completely untrue. The company would not only save time by reducing steps, but would tremendously reduce risk by key entering card data directly into a virtual terminal. Moreover, an intelligent VT would provide a boatload of other benefits.

Ignorance is not an excuse. PCI Compliance standards were established nearly a decade ago. A critical first step to compliance and mitigating risk is a solution that supports all your payment processing needs. We offer that solution.

See also related article, How to reduce time and money for outpatient procedure billing.

On a side note, based on the invoice billing form, the merchant is not accepting American Express cards, probably because they don’t want to pay the high fees associated with Amex. If managing costs to improve EBITDA is important, our hosted payment processing platform with intelligent switch is critical.

Do you want to outsource your medical billing? Whether yes or no, read on for important payment options generated from outpatient procedures. If you’re anesthesiology company, lab, hospital, surgeon, MRI company, or consulting doctor, you’re all in the same fix. How do you collect the patient responsibility bills?

Credit and debit cards are the preferred method of payment in the US today, far surpassing checks. Included in this is the increasing use of HSA cards.

Let’s examine a very real payment process used by medical related companies, picking up from the point where the customer receives an invoice in the mail outlining their patient responsibility.

Customer has invoice. Which of these do you offer?

1. Tear off the form and mail in with check or credit card information. Should I ask for the security code on the mail order form? (No).
2. Call to make a payment over the phone.
3. Pay online.

THE MAIL METHOD:  Are staff keypunching the card data into a desktop terminal or a computer terminal?  Your computer can be a virtual terminal simply by logging in to a secure web page. Some think this is more risk with this, however, there is actually less risk.

1. Access is administration controlled and remotely managed on demand. This eliminates risk associated with wrongful use by cleaning personnel, repair crews and unauthorized employees, plus you can instantly remove, restrict, or expand credit card processing access.
2. Instant reports based on trigger alerts you set can be transmitted via email to multiple personnel.

PHONE PAYMENTS

1. Same as for Mail EXCEPT, there is no need to ever enter a transaction on paper. Why do employees write transactions on paper?

• The machine isn’t near them.
• They agree to let customers make multiple payments.
• The person answering the phone doesn’t do the processing.

How does our hosted payment processing solution, CenPOS,  differ?

1. More flexibility to assign payments with deeper information such as the physician involved in the procedure.
2. Real time reports on demand by location, cashier, card type, and many other elements provide quick access to risk insight as well as reconciliation data.
3. Integrated system for billing vendor and internal staff payments so both parties can have real time access to patient payment history.
4. Securely store encrypted card data on PCI compliant servers to process a one time payment and scheduled installment payments of a different amount.

Item one is offered by everyone. Are you mailing to a lockbox or billing office? If you are not using a lockbox and are requesting the 3 digit security code, you’ve elevated your internal fraud risk considerably.

If you outsource, the amount of time your supplier spend on processes directly affects your costs. How is the supplier performing these functions for you now? You’re the customer, you can request whatever you want.

See also, our youtube virtual terminal video demo.

In Virtual Terminal demo #2 we show to Assign a Single Payment to Multiple Accounting Ledger Codes. Ideal for schools and B2B, the merchant can enter the total payment from a check, credit card, debit card, and then break the payment into internal fee codes.

Click for 2 minute demo video  Virtual Terminal Demo Assigning single payment to multiple accounting codes.

The CenPOS hosted payment processing solution works with both retail credit card present and card not present merchant accounts, Checks, and ACH. Ideal for Schools, lawyers, camps and any time you collect payments for more than one revenue line item. Real time financial reports and transaction research are available on demand, including data for multiple years across all payment types. You can easily show trends and compare data elements.

Can I store encrypted credit card data and bill different amounts to a customer?  Yes, and this video demo of our most advanced virtual terminal shows you exactly how. This is a universal PCI Compliant virtual terminal, meaning it’s compatible with all major credit card processors.

Almost any virtual terminal solution can securely store card data for recurring billing, where the card is charged the same amount each time, but none of the most popular virtual terminals offers a secure token solution to charge a variable amount.  Chase Paymentechs’ Orbital ®Gateway, Authorize.net ®, and PC Charge® all offer recurring billing, but do not offer variable amount billing for their standard gateway. If there is a custom option, I’m not aware of it.

Chase Paymentech Orbital, Authorize.net, PC Charge are all gateways. Our solution is a SWITCH, and also  a gateway. What’s the difference? A gateway passes data over the internet to facilitate an electronic transaction. A switch identifies the data,  makes logical decisions, and then routes the data based upon pre-defined parameters. For example, a gateway passes card data from the point of collection to the payment processor. Our switch can identify the card issuing bank, determine what’s needed to qualify the transaction for the lowest cost interchange, and then pass the data needed to meet that requirement. This is just one example of what switch technology can do.