Credit card authorization form 2019

Credit card authorization form 2019 templates are starting to pop up on the internet. The forms are never PCI compliant nor compliant with card network rules, plus the form might introduce malicious code into your network, leading to a future data breach. In this article learn about compliant credit card authorization form solutions.

Merchants must replace traditional credit card authorization forms with other payment methods where the customer self-pays in 2019. The services are typically provided by a payment gateway, acquirer or software solutions provider. I recommend using an independent payment gateway for the checkout because if other changes are made, such and changing acquirer, it’s non-disruptive to customers and business processes.

  • Hosted pay page is a third party hosted web page where buyer can enter all their payment information for immediate payment, and in some cases store it for future payments.
  • Pushing out a payment request via text or email includes link to a hosted prefilled pay page that can include an invoice number and amount due.
  • Electronic invoicing may be standalone or integrated and empowers buyers to pay online.

Per Visa, merchants are never allowed to ask for the security code in any written form.  Merchants also cannot store the form with full card numbers nor store the security code after authorization. Traditional credit card authorization forms increase risk of fraud and identity theft and nobody likes them!

pci security standards
PCI Security Standards Council guidelines for storage of cardholder data.

Cardholder verification with 3-D Secure shifts fraud liability to the issuer, so instead of responding to chargebacks, merchants can prevent them from happening. This is far more powerful than using security code or address for cardholder verification, and eliminates the need for traditional credit card authorization forms. 3-D Secure is a set of global security standards, for example, Verified by Visa.

Phone order payments risk identity theft:

  • Phone orders expose card data to employees.
  • Employees often write the cardholder information down on paper first to avoid making a mistake that requires them asking for the information again.
  • While less than 15% of data breaches occur from insider threats, trusted employees do steal data for financial, espionage, and grudge reasons.
  • It costs more to process the card both in actual labor and in card acceptance fees because it’s impossible to qualify for the lowest card not present rates possible on manually key-entered transactions.
  • Reduced merchant fees for some cards (3-D Secure cardholder authentication such as Verified by Visa must be enabled.)
  • Increased approvals with cardholder authentication.
  • Mitigate chargeback risk – with 3-D Secure cardholder authentication, fraud liability shifts to issuer.
  • More convenient for buyers- 24/7 payments on their schedule, not yours
  • Buyers are in control of choosing to store payment methods

Fax order payments risk identity theft:

  • All of the phone order risks apply, plus new risks for fax.
  • Digital faxes have memory where data can be stored, risking theft during use and after disposal of hardware.
  • Depending on access to the hardware or software, many people might have access to faxed forms, including evening cleaning service personnel.
  • Merchants cannot ask for security code on the form, yet it’s required for card not present transactions.
  • The card number must be masked after use if being stored
  • Storing the form has no value because if proper card not present rules are followed, there’s no need for it to defend chargebacks.

Cloud digital credit card authorization forms may not be PCI compliant:

The rise in digital credit card authorization forms is downright scary, because despite claims by sellers, merchant implementation of them is often not PCI Compliant. Here’s a few reasons why:

  • Neither merchants nor third parties can store the security code after authorization.
  • Neither merchants nor third parties can store the card number unmasked after authorization.
  • Merchants will be hard pressed to prove PCI Compliance in the event of a data breach. Who had access to the forms and when? How is the server wiped of the data? What about back up servers?
  • What’s the point of getting a signed form if you can’t save it?
  • If the service offers an authorization to verify cardholder, but the merchant then types card number into another system with no connection to the initial verification, all subsequent transactions are in violation of rules for storing and using stored cards thus are open to issuer chargeback risk.

Call Christine Speedy, PCI Council QIR certified, for simple solutions to card not present payment transaction problems, 954-942-0483, 9-5 ET.

Microsoft D365 Invoice Custom Email Subject with CenPOS

Microsoft Dynamics AX and D365 users need a more customized invoice and sales receipt subject and body than they have with their current solution. The CenPOS F&O accounts receivable module includes the 3 most common requests users ask for.

  1. Create a custom subject and automatically insert the invoice number. For example, Sales Invoice # 231255.
  2. Create a custom body plus automatically insert subtotal, invoice #, sales tax, discount, total invoice etc and a click to pay link.
  3. Attach a PDF invoice

Invoices can be delivered via multiple methods and customers can pay via ACH, wire, credit card and other payment types directly from the email or text; customers can also login to a portal to view and pay multiple invoices. This increases efficiency for both parties and is proven to reduce DSO Because CenPOS is both the invoicing solution and a PCI Level 1 Service Provider, merchants can eliminate Red Maple Advanced Credit Cards, Billtrust and similar other third party solutions.

The sales receipt works pretty much the same way, with receipts automatically delivered via the customers preferred communication method.

The CenPOS F&O module is quick and easy to implement. All these features and more are available standalone or integrated. Integrators, developers and Dynamics users can contact Christine Speedy at 954-942-0483 for the module.

Call Christine Speedy, CenPOS Global Sales, PCI Council QIR certified, for the CenPOS Dynamics AX and D365 modules to make your business more profitable, efficient and secure. 954-942-0483, 9-5 ET.

CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Elavon Acquires CenPOS, Enhancing Elavon’s Digital Capabilities, Integrating Payments into CenPOS Software

MINNEAPOLIS–(BUSINESS WIRE)–Elavon, a global payments provider and subsidiary of U.S. Bancorp, has acquired CenPOS, a Miami-based company offering integrated payment software solutions to large enterprises.

“More and more, businesses are choosing their payment provider based on the software solutions they use to manage other parts of their operations. With this acquisition, customers of both companies will benefit from the strengths and opportunities these organizations offer in important industry segments.”

CenPOS focuses on three industry verticals: automotive, travel and entertainment (T&E), and general business-to-business transactions, which aligns well with Elavon’s strengths. In addition, CenPOS’ distribution strategy and product capability complement Elavon’s assets, all of which make the two entities an excellent fit.

Increasingly, business owners expect that the software packages they use to run their businesses will come with payments acceptance and processing embedded in the software offering. Elavon is paving a way to future growth by integrating with these software packages.

“Elavon recognizes the tremendous potential we have to bring greater value to our customers by integrating with software companies like CenPOS,” said Jamie Walker, CEO of Elavon. “More and more, businesses are choosing their payment provider based on the software solutions they use to manage other parts of their operations. With this acquisition, customers of both companies will benefit from the strengths and opportunities these organizations offer in important industry segments.”

“The CenPOS team is elated to join Elavon,” said Jorge Fernandez, CEO, who cofounded CenPOS with German Gonzalez. “Elavon’s suite of payment products, coupled with the stability and array of financial offerings from U.S. Bank, gives CenPOS an unparalleled competitive edge in the market. Likewise, CenPOS’s technology brings new market expertise to Elavon’s current technology solutions.”

U.S. Bank has a long history in payments, with scale and deep experience that offer a unique value to customers. Elavon accepts and processes payments on behalf of more than a million businesses in the United States, Canada, Mexico and Europe. Adding CenPOS to the U.S. Bancorp family will provide even greater scale and payments capabilities.

The acquisition closed on January 8, 2019. Financial terms of the deal were not disclosed.

Elavon provides end-to-end payment processing solutions and services to more than 1.3 million customers in the United States, Europe, Canada, Mexico, and Puerto Rico. As the leading provider for airlines and a top five provider in hospitality, healthcare, retail, and public sector/education, Elavon’s innovative payment solutions are designed to solve pain points for businesses from small to enterprise-sized.

U.S. Bancorp, with 74,000 employees and $465 billion in assets as of September 30, 2018, is the parent company of U.S. Bank, the fifth-largest commercial bank in the United States. The Minneapolis-based bank blends its relationship teams, branches and ATM network with mobile and online tools that allow customers to bank how, when and where they prefer. U.S. Bank is committed to serving its millions of retail, business, wealth management, payment, commercial and corporate, and investment services customers across the country and around the world as a trusted financial partner, a commitment recognized by the Ethisphere Institute, which named the bank a 2018 World’s Most Ethical Company. Visit U.S. Bank at usbank.com or follow on social media to stay up to date with company news.

MasterCard Processing Integrity Final Auth Alert

Compliance is not just about payment security. Each card brand has a set of rules for payment processing. Follow them and get rewarded with increased authorizations, reduced fraud risk, and lower merchant fees. The cost of non-compliance is heavy and getting worse.

Look at this MasterCard PROCESSING INTEGRITY FINAL ATH Fee on a recent Chase Paymentech merchant statement.

mastercard PROCESSING INTEGRITY FINAL ATHOver $536,000 multiplied by .25% penalty fee for a total of $1,340.10 in avoidable costs. This is due to not properly authorizing and settling transactions, including reversals for unused authorizations. It’s too complicated to get into why this happens, but I’ve written multiple articles related to authorization validity, including one about the Visa Stored Credential Mandate.

The new fee of 0.25%, minimum $0.04 is assessed for each approved final authorization when*:

  • Authorization expired. The Final Authorization transaction is not cleared within 7 calendar days of authorization date, nor has it been fully reversed.
  • Authorization mismatch. The Final Authorization amount does not equal the clearing amount.
  • Unused Authorization. The Final Authorization transaction did not clear and full authorization reversal was not submitted. What’s really painful about this one, is if an order is cancelled, you can lose .25% of the transaction amount so you lost money not making a sale!
  • Final authorization currency code does not match the clearing currency code.

How can merchants avoid the MasterCard Processing Integrity fee?

Technology to manage the authorization and settlement process is the only way. Leaving it up to employees to figure out when an authorization is expiring and when a reversal is needed is a recipe for compliance fees like the above. Plus, chances are whatever system they’re using doesn’t even support the required data messages that need to go with the transaction.

The payment gateway plays a crucial role in authorization validity. A common misconception is that using a popular gateway, or even one owned by a card brand, or acquirer, will automatically get your transactions compliant. That is not the case.

I have extensive knowledge of many payment gateways. In my opinion, the CenPOS cloud commerce platform with suite of business solutions, including payment gateway, offers the best tools to automate authorization validity so you can avoid the MasterCard processing integrity final authorization fee as well as other penalty fees and assessments by multiple card brands.

Source: MasterCard Transaction Processing Rules 28 June 2018 TPR, Wells Fargo Payment Network Pass-Through Fee Schedule April 2016.

Christine Speedy, CenPOS Global Sales, 954-942-0483 is based out of South Florida, near Fort Lauderdale, and Rochester, NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Equipment Rental Credit Card Processing Rules Change

Bobcat, Caterpillar, and other companies that offer rental equipment, all are impacted by new credit card processing rules for rentals. equipment rentals credit card processing

While businesses expect their software, including ERP, Point of Sale, and ecommerce shopping carts to help them manage compliance with credit card acceptance rules, the reality is that many don’t. Compliance increases profits; non-compliance increases new chargeback risks, interchange fees, penalty fees and authorization declines.

Traditional desktop terminals don’t support the new transaction data requirements. If merchant is not using EMV chip device, now is the time to upgrade to a cloud-based solution and fix two problems at once. Rental merchants cannot meet both card acceptance and Payment Card Industry Data Security Standards compliance requirements using traditional paper credit card authorization forms. Cloud technology and a compliant payment gateway are needed. For example, pair the Verifone MX 915 with the CenPOS validated Point to Point Encryption (P2PE) solution and use either a standalone or integrated to ERP such as Microsoft Dynamics AX.

Key elements for compliance:

  • Initial authorization transaction must send new transaction indicator that it’s an estimate; the final amount could change for example because the renter kept it longer or damaged the equipment. This is technically managed by the payment gateway.
  • If applicable, send incremental authorizations with related indicator.
  • If storing the card, the Visa Stored Credential mandate outlines the specific requirements for agreement with customer, cardholder authentication, and procedures to use a stored card on file. For example, perform cardholder authentication with either security code or 3-D Secure. 3-D Secure can only be invoked if the customer self-pays; it shifts friendly fraud liability to the issuer and merchants can also qualify some cards for even lower interchange rates.
  • Update language in agreements for opt-in to terms and conditions as required by Visa.

Card issuers and acquirers were mandated to be compliant in 2017, and merchants by October 2017, however, there’s no mandate for payment gateways. Even if an existing payment gateway supports the new requirements, merchants must make changes. Visa is the most complex, however other brands have similar rules.

From tokenization to Express Checkout, CenPOS creates a seamless commerce experience throughout the enterprise. Innovations, including Express Checkout via text or email, help businesses maximize profit in all departments. CenPOS takes the heavy lifting out of payment acceptance offering a range of solutions that simplify every aspect of implementing, operating and maintaining a payment system enabling merchants to focus on their business. CenPOS Express Checkout via text or email includes 3-D Secure capability as part of a layered security approach.

CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships. Powered by its enterprise-class, end-to-end transaction engine, CenPOS’ secure, cloud-based solutions seamlessly integrate with a merchants existing infrastructure minimizing disruption and saving time and money. Committed to a merchant-centric approach CenPOS provides a one-to-one level of service and support, enabling merchants to focus on their core business.

Headquartered in Miami, Florida, CenPOS is reshaping the future of commerce through technology innovation and the secure, flexible and simple solutions this enables. Christine Speedy, CenPOS Global Sales, 954-942-0483.

Reference:

https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf

See also core rules, especially section 5 https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf