A PCI P2PE solution can significantly reduce the PCI Data Security Standard (PCI DSS) validation effort of a merchant’s cardholder data environment as well as the cost of a third party assessor reviewing a merchant’s card data environment. Another benefit is simply the reduced risk of a data breach, and the potential millions in costs and lost reputation. An qualified assessor informed me at a conference, there has never been a data breach in an environment with properly implemented validated P2PE solution; The same cannot be said for merchants using P2PE terminals.
P2PE Applications are intended to be loaded onto PCI-approved point of interaction (POI) devices used as part of a P2PE Solution. Use of a P2PE Application on a PTS-approved POI device (outside of a listed P2PE Solution) does not constitute use of a P2PE Solution. I am frequently asked by consultants about other payment gateway compatibility with Cardconnect and the related CardConnect Bolt application dependency. Other payment gateways and or P2PE solutions, including CenPOS, are distinct solutions. Each has its own P2PE certification as documented on the PCI council website. Two different solutions cannot be used together; merchants must decide which is the better overall solution for their environment. Sidenote: CenPOS does not have any application dependencies for their P2PE certification.
Can you mix P2PE solutions, for example, for call centers vs retail? Excellent question. Certainly transactions would need to be run on different merchant accounts and each would be defined as to scope i.e. not entire business, but only part of an operation. This arrangement is not ideal, but maybe is a useful gap solution during a software or hardware migration.
Which P2PE application is best for your Microsoft Dynamics AX or D365 environment? This question is best answered by speaking with a payments consultant who is familiar with credit card processing rules, data security rules, and integration nuances. Differences in the integration methods and native features for the respective products often determine why to choose one vs another.
Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and omnichannel technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions and is QIR certified by the PCI Council. Call Christine for all your Microsoft Dynamics payment gateway and payment processing needs.
Upgrading from Dynamics AX to D365 Finance & Operations?
Consultants help with planning and migration, however, when it comes to choosing a payment connector to capture revenues, engaging a payment processing professional can save boatloads of time and money. Why?
The payment connector, including payment gateway,influences credit card processing fees. Compliance with authorization and settlement rules is complicated and connectors manage processes differently because of where they are in technology development. It’s the single largest influencer of fees and penalties you’ll pay. Look at this MasterCard Integrity Fee on a Chase Paymentech merchant statement:
$536,042.54 multiplied by a .25% penalty fee for a total of $1,340.10 in avoidable costs. This is due to not properly authorizing and settling transactions, including reversals for unused authorizations. There are many ways to get authorization penalty fees and I’ve written multiple articles about them, including this on the Visa Stored Credential Mandate.
2. The payment connector makes a huge difference in internal automation for related processes, such as updating journals, as well as external customer automation including self-service access to invoices, payment history, managing payment methods and more.
3. The ISV payment connector package may include other items in your development road map. An independent payment processing professional will assess needs and provide insights on multiple connectors to help guide your business to the best choice. Which support the stored credential mandate for unscheduled credential on file? How will it help meet current and future Covid-19 side effect needs? How will it protect the business from a data breach as a result of workers at home?
In my experience, consultants don’t consider the payment connector until the project is defined and well under way, a contributing factor why more than 50% of ERP implementations fail to meet time, budget, or benefit objectives. Specification decisions are based on ‘securing payments’, without knowing how the connector might already have built-in solutions for other areas including customer service, sales, accounting, call center and more. If brought in sooner, the payments professional can eliminate some customization, reduce implementation time and costs, while improving immediate benefits.
To summarize, a flip phone and a smart phone are both capable of making phone calls, but the experience is completely different. Which would you prefer?
Christine Speedy, 3D Merchant blogger and CenPOS Global Sales, 954-942-0483 is an Independent Payments Professional and is independently Qualified Integrator Reseller (QIR) certified by the PCI Council.
Visa, Mastercard, American Express, and Discover, postponed new interchange rates and fees originally scheduled to take effect in April, 2020 until at least July 17, 2020 due to Covid-19 Coronavirus. The announcements provide some relief to battered and closed businesses. Every Spring most networks tweak their fees.
American Express will delay the changes to their assessment fee and their Inbound Fee (International) until October 2020. TSYS will delay the PULSE annual fee increase ($4.00 increase to current $12.00 fee) until July 2020. The NYCE annual fee will be billed at the new rate of $16.00 in August to all applicable merchants.
Other card network fees were relatively minor. It’s noteworthy that many continue to be penalties related to authorization compliance, for example, fees for not performing authorization reversals.
Jul 22, 2019
Agreements Establish Restitution Fund for Consumers
ATLANTA, July 22, 2019 /PRNewswire/ — Equifax Inc. (NYSE: EFX) today announced a comprehensive resolution of significant U.S. consumer-related litigation and regulatory matters facing the company related to its 2017 cybersecurity incident.
The $671 million
resolution includes settlement agreements that would resolve the
multi-district consumer class action litigation, as well as
investigations by the Federal Trade Commission (FTC), the Consumer
Financial Protection Bureau (CFPB), the Attorneys General of 48 states, Puerto Rico and the District of Columbia, and the New York Department of Financial Services (NYDFS).
If approved by the Court, a consumer restitution fund of up to $425 million
will be available to pay for three-bureau credit monitoring for
consumers whose information was impacted in the 2017 breach, actual
out-of-pocket losses related to the breach, and other consumer benefits
such as identity restoration services. Equifax has been providing free
credit monitoring services to consumers since September 2017.
“This comprehensive settlement is a positive step for U.S.
consumers and Equifax as we move forward from the 2017 cybersecurity
incident and focus on our transformation investments in technology and
security as a leading data, analytics, and technology company,” said
Equifax Chief Executive Officer, Mark W. Begor. “The consumer fund of up
to $425 million that we are announcing today reinforces
our commitment to putting consumers first and safeguarding their data –
and reflects the seriousness with which we take this matter. We have
been committed to resolving this issue for consumers and have the
financial capacity to manage the settlement while continuing our $1.25 billion
EFX2020 technology and security investment program. We are focused on
the future of Equifax and returning to market leadership and growth.”
part of the resolution, Equifax has agreed to continue the significant
steps it has taken in the wake of the cybersecurity incident to enhance
its information security and technology program. It also has agreed to
make payments totaling $290.5 million directly to certain
state and federal regulatory agencies and to pay attorneys’ fees and
costs in the multi-district litigation. Equifax recorded an accrual of $690 million in the first quarter of 2019 and expects to increase its accrual by approximately $11 million in the second quarter of 2019 principally related to the comprehensive consumer settlement, resulting in a total $701 million accrual related to the 2017 cybersecurity incident.
the Court approves, members of the settlement class will receive
notification of their rights and options as part of the multi-district
litigation. More information can be found at www.equifaxbreachsettlement.com.
detail on the terms of the proposed settlement in our Form 8-K filed
today with the Securities and Exchange Commission.
Equifax CEO Mark Begor will provide details in the following conference calls:
9:00 a.m. ET Conference call for investors, analysts and others U.S. and Canadian participants should dial: (888) 254-3590. International callers should dial: (786) 789-4797. A
replay of this conference call will be available beginning Monday, July
22 at 12:00 p.m. ET and ending at 12:00 p.m. ET on Monday, July 29. To
access the replay, please register.
9:30 a.m. ET Conference call for media U.S. and Canadian participants should dial: (800) 289-0438. International callers should dial: (786) 789-4783.
dial the appropriate number 5-10 minutes prior to the start of the
calls to complete registration. Name and affiliation/company are
required to join.
release contains forward-looking statements and forward-looking
information. These statements can be identified by expressions of
belief, expectation or intention, as well as statements that are not
historical fact. These statements are based on certain factors and
assumptions. While the company believes these factors and assumptions to
be reasonable based on information currently available, they may prove
to be incorrect.
Several factors could cause actual results to
differ materially from those expressed or implied in the forward-looking
statements, including, but not limited to, potential adverse
developments in new and pending legal proceedings or government
investigations, including the failure to obtain final court approval of
the agreements which make up the Consumer Settlement; uncertainties
regarding the ultimate amount and timing of payments the Company may be
required to make in connection with the Consumer Settlement; the cost of
compliance with the Company’s non-monetary obligations associated with
the Consumer Settlement; uncertainties regarding the outcome of the
remaining legal proceedings or government investigations related to the
2017 cybersecurity incident; and limitations on the Company’s ability to
access the capital markets and corresponding effects on the Company’s
ability to finance its obligations. A summary of additional risks and
uncertainties can be found in the Company’s Annual Report on Form 10-K
for the year ended December 31, 2018, including without limitation under
the captions “Item 1. Business — Governmental Regulation” and “—
Forward-Looking Statements” and “Item 1A. Risk Factors,” and in the
Company’s other filings with the U.S.
Securities and Exchange Commission. Forward-looking statements are
given only as at the date of this release and the company disclaims any
obligation to update or revise the forward-looking statements, whether
as a result of new information, future events or otherwise, except as
required by law.
About Equifax Equifax is a global data, analytics, and technology company and believes knowledge drives progress. The Company blends unique data, analytics, and technology with a passion for serving customers globally, to create insights that power decisions to move people forward. Headquartered in Atlanta, Equifax operates or has investments in 24 countries in North America, Central and South America, Europe and the Asia Pacific region. It is a member of Standard & Poor’s (S&P) 500® Index, and its common stock is traded on the New York Stock Exchange (NYSE) under the symbol EFX. Equifax employs approximately 11,000 employees worldwide. For more information, visit Equifax.com and follow the company’s news on Twitter and LinkedIn.
Rules for storing and using stored cards changed for merchants in 2017, yet many payment gateways in 2019 still don’t support the transaction requirements, opening risk of issuer chargeback, fines, and assessments to merchants. Since the card networks are now notifying acquirers of non-complaint merchants, it’s time to get serious about making updates. This article updated authorize.net and Cybersource information on June 4, 2020.
The four types of stored credential transactions are recurring billing, installment billing and Unscheduled Credential On File, where buyer agrees to store the card and future transactions will be initiated either by merchant or buyer. Read more about the stored credential rules either by searching the blog for ‘credential’ or click here for card network rules. The payment gateway manages most of the compliance after merchants make the appropriate changes for standalone or integrated solutions, but merchants also have responsibility for getting the proper wording and opt-in record keeping for agreements to store cards.
Which payment gateways support authorization requirements for stored credentials? Ask gateways if they support your specific card not present transaction type. Even if they do, merchant compliance is not automatic and merchants cannot rely on web developers to automatically get them updated either. This list is valid as of today. Please comment below if you have new information about updates or more payment gateways to add to the list.
Authorize.net- No, see developer forum for note. 6/4/2020 update: Upon further information gleaned from various sources, merchants are being advised to ‘upgrade’ to Cybersource not only for stored credential but also Strong Customer Authentication (SCA2) and other items.
Bluepay- Unable to determine.
Braintree- Yes, added MasterCard 1/18/19, Visa 2018.
CenPOS– Yes, since 2017, all transaction types. CenPOS does not publish developer information online. See contact info below for sales, integrations and developer assistance.
Vantiv/WorldPay- Maybe. With the merger of these companies, merchants might or might not be using a payment gateway that supports it. Developer info for Worldpay.
How can you easily identify if you’re compliant with card network rules? Here’s a few items to check for:
Is there a checkbox for customer to accept terms?
Are you asking for the security code? While not required if using alternative 3-D Secure cardholder authentication, in my experience, if you’re not asking for it, it’s outdated 100% of the time.
This article is not meant to be a comprehensive list of requirements and may be outdated. The most important takeaway is merchants and developers should not assume that their partners are automatically keeping them current or compliant with the latest rules for card acceptance compliance. In fact, with the update in 2020, it’s coming up on THREE YEARS since the rules went into effect. For continuous compliance, you need a trusted payments expert that knows the rules. Developers can implement programming, but are not experts in processing.
Call Christine Speedy, CenPOSGlobal Sales. 954-942-0483, 9-5 ET for a payment gateway compliant with stored credential rules that can be quickly implemented. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.