MasterCard Processing Integrity Final Auth Alert

Compliance is not just about payment security. Each card brand has a set of rules for payment processing. Follow them and get rewarded with increased authorizations, reduced fraud risk, and lower merchant fees. The cost of non-compliance is heavy and getting worse.

Look at this MasterCard PROCESSING INTEGRITY FINAL ATH Fee on a recent Chase Paymentech merchant statement.

mastercard PROCESSING INTEGRITY FINAL ATHOver $536,000 multiplied by .25% penalty fee for a total of $1,340.10 in avoidable costs. This is due to not properly authorizing and settling transactions, including reversals for unused authorizations. It’s too complicated to get into why this happens, but I’ve written multiple articles related to authorization validity, including one about the Visa Stored Credential Mandate.

The new fee of 0.25%, minimum $0.04 is assessed for each approved final authorization when*:

  • Authorization expired. The Final Authorization transaction is not cleared within 7 calendar days of authorization date, nor has it been fully reversed.
  • Authorization mismatch. The Final Authorization amount does not equal the clearing amount.
  • Unused Authorization. The Final Authorization transaction did not clear and full authorization reversal was not submitted. What’s really painful about this one, is if an order is cancelled, you can lose .25% of the transaction amount so you lost money not making a sale!
  • Final authorization currency code does not match the clearing currency code.

How can merchants avoid the MasterCard Processing Integrity fee?

Technology to manage the authorization and settlement process is the only way. Leaving it up to employees to figure out when an authorization is expiring and when a reversal is needed is a recipe for compliance fees like the above. Plus, chances are whatever system they’re using doesn’t even support the required data messages that need to go with the transaction.

The payment gateway plays a crucial role in authorization validity. A common misconception is that using a popular gateway, or even one owned by a card brand, or acquirer, will automatically get your transactions compliant. That is not the case.

I have extensive knowledge of many payment gateways. In my opinion, the CenPOS cloud commerce platform with suite of business solutions, including payment gateway, offers the best tools to automate authorization validity so you can avoid the MasterCard processing integrity final authorization fee as well as other penalty fees and assessments by multiple card brands.

Source: MasterCard Transaction Processing Rules 28 June 2018 TPR, Wells Fargo Payment Network Pass-Through Fee Schedule April 2016.

Christine Speedy, CenPOS Global Sales, 954-942-0483 is based out of South Florida, near Fort Lauderdale, and Rochester, NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Equipment Rental Credit Card Processing Rules Change

Bobcat, Caterpillar, and other companies that offer rental equipment, all are impacted by new credit card processing rules for rentals. equipment rentals credit card processing

While businesses expect their software, including ERP, Point of Sale, and ecommerce shopping carts to help them manage compliance with credit card acceptance rules, the reality is that many don’t. Compliance increases profits; non-compliance increases new chargeback risks, interchange fees, penalty fees and authorization declines.

Traditional desktop terminals don’t support the new transaction data requirements. If merchant is not using EMV chip device, now is the time to upgrade to a cloud-based solution and fix two problems at once. Rental merchants cannot meet both card acceptance and Payment Card Industry Data Security Standards compliance requirements using traditional paper credit card authorization forms. Cloud technology and a compliant payment gateway are needed. For example, pair the Verifone MX 915 with the CenPOS validated Point to Point Encryption (P2PE) solution and use either a standalone or integrated to ERP such as Microsoft Dynamics AX.

Key elements for compliance:

  • Initial authorization transaction must send new transaction indicator that it’s an estimate; the final amount could change for example because the renter kept it longer or damaged the equipment. This is technically managed by the payment gateway.
  • If applicable, send incremental authorizations with related indicator.
  • If storing the card, the Visa Stored Credential mandate outlines the specific requirements for agreement with customer, cardholder authentication, and procedures to use a stored card on file. For example, perform cardholder authentication with either security code or 3-D Secure. 3-D Secure can only be invoked if the customer self-pays; it shifts friendly fraud liability to the issuer and merchants can also qualify some cards for even lower interchange rates.
  • Update language in agreements for opt-in to terms and conditions as required by Visa.

Card issuers and acquirers were mandated to be compliant in 2017, and merchants by October 2017, however, there’s no mandate for payment gateways. Even if an existing payment gateway supports the new requirements, merchants must make changes. Visa is the most complex, however other brands have similar rules.

From tokenization to Express Checkout, CenPOS creates a seamless commerce experience throughout the enterprise. Innovations, including Express Checkout via text or email, help businesses maximize profit in all departments. CenPOS takes the heavy lifting out of payment acceptance offering a range of solutions that simplify every aspect of implementing, operating and maintaining a payment system enabling merchants to focus on their business. CenPOS Express Checkout via text or email includes 3-D Secure capability as part of a layered security approach.

CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships. Powered by its enterprise-class, end-to-end transaction engine, CenPOS’ secure, cloud-based solutions seamlessly integrate with a merchants existing infrastructure minimizing disruption and saving time and money. Committed to a merchant-centric approach CenPOS provides a one-to-one level of service and support, enabling merchants to focus on their core business.

Headquartered in Miami, Florida, CenPOS is reshaping the future of commerce through technology innovation and the secure, flexible and simple solutions this enables. Christine Speedy, CenPOS Global Sales, 954-942-0483.

Reference:

https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf

See also core rules, especially section 5 https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf

3dcart and CenPOS Payment Gateway Partner To Grow B2B Vertical

Miami, FL April 23, 2018. The business-to-business (B2B) e-commerce sales channel presents new opportunities and challenges, particularly with increasingly complex credit card processing requirements. 3dcart, a leading e-commerce platform, has partnered with CenPOS, an integrated technology commerce platform. The CenPOS ‘Super Payment Gateway’ maximizes profits while mitigating the higher dollar value transaction risk in the B2B vertical.

Payment gateways directly impact the cost of credit card acceptance, including interchange fees, the bulk of merchant fees. The CenPOS 3dcart integration offers all the required elements to qualify B2B transactions for the lowest rates possible, including:

  •  Level 3 data for purchasing, corporate and business cards
  • Resolve authorization and settlement amount mismatch
  • Visa unscheduled, recurring, and installment stored credential mandate compliance
  • 3-D Secure – Verified by Visa, MasterCard SecureCode, American Express Safekey and Discover ProtectBuy

“Our first mutual customer reduced fees over 30% just by changing their payment gateway,” commented Christine Speedy, CenPOS sales expert for 3dcart users. “Both our customers can expand into new markets while maximizing profits, security and compliance.”

“With the CenPOS integration, we expand the payment solutions offered by 3dcart to provide existing and prospective customers globally an additional alternative to how they process credit cards today, with any acquirer they choose,” stated Gonzalo Gil, 3dcart CEO.

The 3dcart CenPOS integration currently supports credit card, EFT/echeck with and without guarantee, Paypal and alternative payment methods. CenPOS POS and mobile and are available standalone now and will be integrated in the future to provide 3-D Cart customers a validated point to point encryption (P2PE) option. A validated P2PE solution significantly reduces merchant scope for PCI Compliance. CenPOS also includes to all 3dcart customers their electronic bill presentment and payment (EBPP) solution, supporting wire payments, text messaging, and other key B2B items of interest.

cenpos logoAbout CenPOS

CenPOS (https://www.CenPOS.com is a merchant-centric, end-to-end payments engine that drives enterprise-classsolutions for businesses, saving them time and money, while enabling merchants to create deeper lasting relationships with their customers. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.  PCI Level 1 Service provider, QIR Certified, P2PE Validated, HIPAA compliant. https://www.cenpos.com/ CenPOS 877-630-7960, Christine Speedy direct 954-942-0483.

logo 3dcartAbout 3dcart

3dcart (https://www.3dcart.com) is the most SEO-friendly eCommerce platform for retailers and internet marketers to grow their online stores’ traffic and sales. 3dcart includes 24×7 Technical Support, 100+ Mobile-Ready Themes, order management software, built-in blog, email marketing tools and more. Since 1997, the company has been a leader in the eCommerce market, building online stores for businesses of all sizes. Today, 3dcart is Visa PCI Certified and a Google Partner. Sales 800-828-6650

Validated P2PE Solution

Looking for a Validated P2PE Solution? CenPOS launched their PCI-Validated P2P Encryption 3.2 solution in 2017.

Florida-Based Payment Solutions Company, CenPOS, Strives to Make Customer Experience More Secure with Launch of PCI-Validated P2P Encryption.

Data breaches are on the rise and they are costing both consumers and merchants money.

The 2017 Identity Fraud Study, released by Javelin Strategy & Research, found that $16 billion was stolen from 15.4 million U.S. consumers in 2016.

When the consumer data that makes such fraudulent activity possible comes from the merchant’s database, then the merchant can also incur some major damages. In fact, the 2017 Cost of Data Breach Study: United States, found that the total average organizational cost of a data breach has reached a new high at $7.35 million.

CenPOS aims to reduce the vulnerability of sensitive consumer data — that could be used to drain debit card-linked bank accounts, make “clone” credit cards, or buy items on certain less-secure online sites — to hackers with the release of its Validated P2PE solution.

Officially released on July 7th of this year, CenPOS Validated P2PE encrypts cardholder data so businesses can simplify compliance with Payment Card Industry Data Security Standards (PCI DSS) and consumers can stop worrying about data being stolen between “the store” and the bank.

Surprisingly, Validated P2PE is not new technology. It’s the strongest level of data encryption in the market right now and is offered by other merchant payment services companies. However, CenPOS is the first and only company with the Qualified Integrator & Reseller (QIR) designation to offer a Validated P2PE solution.

The QIR designation is awarded by the Payment Card Industry Security Standards Council, a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.

According to their standards, “the quality, reliability, and consistency of a QIR Company’s work” should provide confidence that the merchant’s payment application has been implemented in a manner that supports PCI DSS compliance.

Chris Justice, CEO of CenPOS, is quoted saying: “We believe that loyalty is built on trust and that trust is built by delivering great customer experience over and over again. So, when consumers can have greater peace of mind because they know that the merchant has the proper data security in place to reduce exposure to painful events, like data breaches, we believe customer experience is enhanced and that consumer will choose that merchant over others who are less diligent.”

CenPOS Validated P2PE launched on Friday, July 7, 2017. To learn more, visit https://cenpos.com/solutions/data-security
More facts and further information about CenPOS, can be discovered at https://www.cenpos.com/

About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. | CenPOS | @CenPOS

##

Christine Speedy, CenPOS Sales 954-942-0483, 9-5 ET is based out of South Florida and NY, selling globally. When you call Christine, there is no middle man; all agreements are direct with CenPOS. As one of the very first to sell for CenPOS, I have deep experience to help merchants understand benefits and get live fast.

See also this article for important certifications.

VP2PE and Payment Card Industry Acronyms Revealed

VP2PE and Payment Card Industry Acronyms Revealed

What does it mean to be HIPAA, PCI Level 1, VP2PE, and QIR compliant in the world of credit card processing? Learn the lingo and know what certifications to verify when choosing a payment gateway or any solution that touches payments.

PCI DSS

If you accept credit cards, you must comply with Payment Card Industry Data Security Standards. There’s no exception. Anyone who advises that a solution means you don’t have any responsibility is dead wrong. The PCI Security Standards Council (PCI SSC) mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. The council sets the standards, the card brands levy penalties and fines for non-compliance.

PCI Level 1 Service Provider

If a third party entity provides services for, or on behalf of a Merchant, and those services control or could impact the security of cardholder data or of transactions that are processed, that entity is a PCI Service Provider for the Merchant and falls within the Merchant’s scope of PCI DSS compliance. For example, if you accept payments online, the payment gateway is a PCI Service Provider. Or if you use a lockbox company, they must be certified. PCI Level 1 is the most common PCI Compliance certification for a service provider. You can verify if a service provider is compliant with Visa here https://www.visa.com/splisting/searchGrsp.do. If the company you’re doing business with is not on the list, ask questions.

PA DSS

If a software application controls or could impact the security of cardholder data or of transactions that are processed, for PCI compliance, merchants must only use Payment Application Data Security Standards that are certified. For example, a lock box company that processes transactions or a retail point of sale system. If payments are segregated from the application, then PA DSS does not apply.  In my experience, this is a weak area for merchants because not all application providers understand their requirements; some will do the standard PCI scan and say they’re PCI Compliant, but in reality, they’re using a homegrown application to process transactions which they have not certified.

HIPAA

There is no Health Insurance Portability and Accountability (HIPAA) certification for service providers and it does not fall under the purview of the PCI Council. However, a PCI Service Provider may choose to engage a third party auditor to attest compliance in order to better serve merchants in industries that require HIPAA compliance.

QIR

Organizations qualified by PCI SSC as Qualified Integrator and Reseller Companies (QIR Companies) are authorized to implement, configure, and/or support validated PA-DSS Payment Applications on behalf of merchants or service providers for purposes of performing Qualified Installations as part of the QIR Program.  Level 4 merchants were a big portion of data breaches so as of January 2017, they’re mandated to only use QIR certified individuals for their implementations and maintenance.  Level 4 are merchants with less than 20,000 Visa or MasterCard e-commerce transactions annually, and all other merchants processing up to 1 million Visa or MasterCard transactions annually. QIR applies to individuals; a company may have multiple people certified.

P2PE

Point-to-point encryption (P2PE) is a standard established by the PCI Security Standards Council. The objective of P2PE is to provide a payment security solution that instantaneously converts confidential payment card (credit and debit card) data and information into indecipherable code at the time the card is swiped to prevent hacking and fraud. It is designed to maximize the security of payment card transactions in an increasingly complex regulatory environment.

VP2PE

VP2PE is not an official acronym of the PCI Council for Validated P2PE, but it is descriptive. The P2PE Standard defines the requirements that a “solution” must meet in order to be accepted as a PCI validated P2PE solution. A “solution” is a complete set of hardware, software, gateway, decryption, device handling, etc.  Validated solutions are listed in the PCI Council web site. They reduce PCI compliance scope and burden for merchants. For example, about 35 questions vs 359, and 4 sections instead of 12.

Today there are only 42 companies with 49 validated solutions in the entire world. Some of the solutions are only valid with a particular acquirer. For merchants seeking an agnostic VP2PE solution, the list gets very small.

CenPOS

CenPOS, a payment technology provider, has a Health Insurance Portability and Accountability (HIPAA) attestation from a third party external auditor across a broad range of payment solutions offered by the company. CenPOS is listed as a registered Level 1 Service Provider on the Visa web site; and is listed on the PCI Council web site VP2PE solutions and QIR sections. The CenPOS Validated P2PE solution is compatible with many acquirers. You can also find me, Christine Speedy, under QIR certifications when searching by name. (CenPOS is not a software application so is not listed as PA DSS.

Christine Speedy, CenPOS Sales 954-942-0483, 9-5 ET is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. When you call Christine, there is no middle man; all agreements are direct with CenPOS. As one of the very first to sell for CenPOS, I have deep experience to help merchants understand benefits and get live fast.