About Christine Speedy

B2B cloud payment acceptance solutions and CenPOS enterprise cloud payment solutions expert. Authorized reseller.

Payment Processing Application for Microsoft Dynamics AX 365

Microsoft Dynamics AX credit card processing integrated for maximum profit and maximum security with Validated Point to Point Encryption (vP2PE).

 

PCI Compliance is a moving target. We help reduce compliance burden with a PCI validated Point to Point encrypted solution. It’s important to note that only non-validated P2PE solutions have experienced data breaches in the last 12-18 months.

  • Accept credit, debit, ACH, check with guarantee, cash, wire, Paypal and more payment types. 
  • Smart Rate Selector reduces credit card processing fees, including with level 3 processing. Qualifying transactions for the lowest rates is complicated and only with dynamic rules management can merchants automate processes that impact fees.
  • Flexible processor options. You choose. Whether you want to keep your existing First Data, Chase Paymentech, Worldpay, or any other provider, or make a change, we give you options. And if you change acquirers in the future, it’s non-disruptive to operations, unlike “all-in-one” solutions.
  • Need to reduce compliance scope for card not present transactions? Our Encrypted Virtual Keypad segregates your hardware from scope.
  • Compliance with new stored card credential rules is complicated also. We reduce compliance burden with various configurable tools.

Do you have DOPS transactions currently processing credit cards?
You cannot process (authorize, capture, void, refund) any transaction through Dynamics online after Dec 31, even if that transaction occurred prior to Dec 31.  After 12/31/2017:

  • Credit cards linked in AX – Will no longer work for any connector, need to be deleted and re-entered.
  • Authorization – Will be lost.  Either process this through your new solution or work with the payment provider to capture an existing authorization if possible.
  • Capture – Will not be able to process linked refunds.
  • Void – Will not be able to void a payment.
  • Refund – Will not be able to refund a payment.

The above transaction types are very limited. For example, re-authorization, incremental authorization and authorization reversal are common types of transactions in B2B. If not managed correctly, then merchants pay higher fees and risk chargeback by both issuer or customer.

Headquartered in Miami, Florida, CenPOS is reshaping the future of commerce through technology innovation and the secure, flexible and simple solutions this enables. Christine Speedy, CenPOS Global Sales, 954-942-0483 has extensive B2B experience to help any business understand risks and benefits of alternative cloud solutions.

 

Why does my web site need SSL security 2018

Every web site needs SSL in 2018 to avoid web site insecure messages that scare away visitors.

Disabling TLS 1.1 and lower is recommended for all businesses. While web site security with SSL is commonly considered only necessary if accepting payments or using secure online forms, that’s no longer the case. It can impact Google listings, overall SEO, and whether visitors see your web site.

SSL secured web sites for years. Even though tech people still call it SSL, the next phase of ecommerce security was TLS. TLS 1.1 and lower, including SSL 1.0, are not considered secure. For that reason, all businesses accepting payments online must have disabled TLS 1.1 and lower on their servers for mandatory Payment Card Industry Data Security Standards  (PCI) compliance by June 30, 2018. Additionally, buyers with outdated browsers may be blocked from making purchases if not supporting the latest security standards.

If your web site does not have an SSL certificate, visitors will get a browser message, which may vary by browser, telling them your web site is not secure and that any information submitted could be viewed by others.

connection not secure message

Web browser warnings like this will scare away visitors.

FREE Test SSL/TLS for Browser and Servers:

Server penetration testing falls under the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. 1030). It’s a federal crime to “intentionally access a computer without authorization or exceed authorized access”. If it’s not your web site, and you don’t have explicit permission to access, don’t run a server test. If you do have the right to run it, be sure to check the box, HIDE RESULTS. If you get a YES next to TLS 1.0, SSL 3, or SSL 2 on the server test, then hardening is needed. To modify your web site, it’s managed in host administration and disable in security settings. Free SSL and TLS test from Qualys. https://www.ssllabs.com/ssltest/index.html.

Godaddy gives a very good overview of options. https://www.godaddy.com/web-security/ssl-certificate#compare. I recommend getting the Extended Validation (EV) SSL for the value-added benefits.

Headquartered in Miami, Florida, CenPOS is reshaping the future of commerce through technology innovation and the secure, flexible and simple solutions this enables. Christine Speedy, CenPOS Global Sales, 954-942-0483 has extensive ecommerce experience dating back to the early internet days and can assist with any questions.

Equipment Rental Credit Card Processing Rules Change

Bobcat, Caterpillar, and similar that offer rental equipment, all are impacted by new credit card processing rules for rentals. equipment rentals credit card processing

While businesses expect their software, including ERP, Point of Sale, and ecommerce shopping carts to help them manage compliance with credit card acceptance rules, the reality is that many don’t. Compliance increases profits; non-compliance increases new chargeback risks, interchange fees, penalty fees and authorization declines.

Traditional desktop terminals don’t support the new transaction data requirements. If merchant is not using EMV chip device, now is the time to upgrade to a cloud-based solution and fix two problems at once. Rental merchants cannot meet both card acceptance and Payment Card Industry Data Security Standards compliance requirements using traditional paper credit card authorization forms. Cloud technology and a compliant payment gateway are needed. For example, pair the Verifone MX 915 with the CenPOS validated Point to Point Encryption (P2PE) solution and use either a standalone or integrated to ERP such as Microsoft Dynamics AX.

Key elements for compliance:

Initial authorization transaction must send new transaction indicator that it’s an estimate; the final amount could change for example because the renter kept it longer or damaged the equipment. This is technically managed by the payment gateway.
If applicable, send incremental authorizations with related indicator.
If storing the card, the Visa Stored Credential mandate outlines the specific requirements for agreement with customer, cardholder authentication, and procedures to use a stored card on file. For example, perform cardholder authentication with either security code or 3-D Secure. 3-D Secure can only be invoked if the customer self-pays; it shifts friendly fraud liability to the issuer and merchants can also qualify some cards for even lower interchange rates. CenPOS Express Checkout via text or email includes 3-D Secure capability as part of a layered security approach.
Final authorization with related indicator.
Update language in agreements for opt-in to terms and conditions as required by Visa.

Card issuers and acquirers were mandated to be compliant in 2017, and merchants by October 2017, however, there’s no mandate for payment gateways. Even if an existing payment gateway supports the new requirements, merchants must make changes. Visa is the most complex, however other brands have similar rules.

From tokenization to Express Checkout, CenPOS creates a seamless commerce experience throughout the enterprise. Innovations, including Express Checkout via text or email, help businesses maximize profit in all departments. CenPOS takes the heavy lifting out of payment acceptance offering a range of solutions that simplify every aspect of implementing, operating and maintaining a payment system enabling merchants to focus on their business.

CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships. Powered by its enterprise-class, end-to-end transaction engine, CenPOS’ secure, cloud-based solutions seamlessly integrate with a merchants existing infrastructure minimizing disruption and saving time and money. Committed to a merchant-centric approach CenPOS provides a one-to-one level of service and support, enabling merchants to focus on their core business.

Headquartered in Miami, Florida, CenPOS is reshaping the future of commerce through technology innovation and the secure, flexible and simple solutions this enables. Christine Speedy, CenPOS Global Sales, 954-942-0483.

Reference:

https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf

See also core rules, especially section 5 https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf

Are You Compliant? B2B Credit Card Processing Fact Check

Merchant compliance with various credit card processing rules maximizes profits while mitigating risk. This is especially true for business to business companies. But that task is getting harder and harder with the onslaught of new rules, and virtually impossible if not using a sophisticated cloud solution to help manage compliance.

b2b visa stored credentialIf your B2B company stores credit cards, there’s a pretty good chance you’re not compliant. For example, Visa’s 2017 Stored Credential Transaction framework (PDF download from Visa) outlines merchant responsibilities to obtain customer consent as well as storing credit cards, using stored credentials (token), and managing stored tokens. Failure to comply with Authorization rules, for example preauthorization and final settlement do not match, has far-reaching consequences including higher interchange rates (the bulk of credit card processing fees), penalty fees and new chargeback risks. With so many new rules across multiple card brands that vary based on business and transaction type how can a business quickly ascertain if they’re compliant?

Quick tips to validate compliance:

  1. Is cardholder authentication performed when a new card is stored? When the cardholder data is entered and submitted, the issuer responds with an approval or declined message. A small charge is not an acceptable practice to submit transaction for approval; instead a zero dollar authorization request for authentication is submitted. If authentication is via 3-D Secure -Verified by Visa, MasterCard Secure Code, whereby the customer self-authenticates vs merchant initiating, reduced rates may apply. Under the new rules, two transactions occur at the time a card is stored. Compliant answer is yes.
  2. Is a transaction receipt delivered to customer when you store a credit card? This will be either for an amount or a zero dollar authorization. When stored credit card credential (token) is created, a transaction receipt is generated with the approval or decline and other mandatory fields. Compliant answer is yes.
  3. Does the receipt include “RECURRING” or “REPEAT SALE” for token transactions? Compliant answer is yes.
  4. Review merchant statements, usually the last 1-2 pages with the heading “pending interchange” or “fees” section. Do you see EIRF, STANDARD (STD), or DATA RATE I? Compliant answer is no.
  5. Can you produce documentation of customer consent to store their card (including with 3rd party service) and how it will be used?

If you’re not in compliance, your payment gateway is the most likely culprit, followed by ERP or other software integration limitation. I can fix that.

Reference: Links for all Card brands.

Christine Speedy, CenPOS Sales 954-942-0483, 9-5 ET. Need help getting compliant? Ask me!

3dcart and CenPOS Payment Gateway Partner To Grow B2B Vertical

Miami, FL April 23, 2018. The business-to-business (B2B) e-commerce sales channel presents new opportunities and challenges, particularly with increasingly complex credit card processing requirements. 3dcart, a leading e-commerce platform, has partnered with CenPOS, an integrated technology commerce platform. The CenPOS ‘Super Payment Gateway’ maximizes profits while mitigating the higher dollar value transaction risk in the B2B vertical.

Payment gateways directly impact the cost of credit card acceptance, including interchange fees, the bulk of merchant fees. The CenPOS 3dcart integration offers all the required elements to qualify B2B transactions for the lowest rates possible, including:

  •  Level 3 data for purchasing, corporate and business cards
  • Resolve authorization and settlement amount mismatch
  • Visa unscheduled, recurring, and installment stored credential mandate compliance
  • 3-D Secure – Verified by Visa, MasterCard SecureCode, American Express Safekey and Discover ProtectBuy

“Our first mutual customer reduced fees over 30% just by changing their payment gateway,” commented Christine Speedy, CenPOS sales expert for 3dcart users. “Both our customers can expand into new markets while maximizing profits, security and compliance.”

“With the CenPOS integration, we expand the payment solutions offered by 3dcart to provide existing and prospective customers globally an additional alternative to how they process credit cards today, with any acquirer they choose,” stated Gonzalo Gil, 3dcart CEO.

The 3dcart CenPOS integration currently supports credit card, EFT/echeck with and without guarantee, Paypal and alternative payment methods. CenPOS POS and mobile and are available standalone now and will be integrated in the future to provide 3-D Cart customers a validated point to point encryption (P2PE) option. A validated P2PE solution significantly reduces merchant scope for PCI Compliance. CenPOS also includes to all 3dcart customers their electronic bill presentment and payment (EBPP) solution, supporting wire payments, text messaging, and other key B2B items of interest.

cenpos logoAbout CenPOS

CenPOS (https://www.CenPOS.com is a merchant-centric, end-to-end payments engine that drives enterprise-classsolutions for businesses, saving them time and money, while enabling merchants to create deeper lasting relationships with their customers. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.  PCI Level 1 Service provider, QIR Certified, P2PE Validated, HIPAA compliant. https://www.cenpos.com/ CenPOS 877-630-7960, Christine Speedy direct 954-942-0483.

logo 3dcartAbout 3dcart

3dcart (https://www.3dcart.com) is the most SEO-friendly eCommerce platform for retailers and internet marketers to grow their online stores’ traffic and sales. 3dcart includes 24×7 Technical Support, 100+ Mobile-Ready Themes, order management software, built-in blog, email marketing tools and more. Since 1997, the company has been a leader in the eCommerce market, building online stores for businesses of all sizes. Today, 3dcart is Visa PCI Certified and a Google Partner. Sales 800-828-6650