CenPOS’ Secure Payment Solution Receives HIPAA Compliance

CenPOS announces HIPAA attestation aimed to deliver a secure and robust payment architecture for healthcare.

October 11, 2017. CenPOS, a payment technology provider, recently announced that it has received a Health Insurance Portability and Accountability (HIPAA) attestation from a third party external auditor across a broad range of payment solutions offered by the company. The company also announced that it had achieved its Qualified Integrated Resellers (QIR) certification from the PCI Data Security Council.

According to Healthcare Informatics, 34.5 percent of all security breaches are within the healthcare industry. This industry is also one of the ones hit the hardest by hacking, phishing, and skimming attacks. Over 1,000 data breaches occurred in the U.S. in 2016 and the number is expected to increase, as research from Identity Theft Resource Center reports.

CenPOS is a merchant-centric engine that delivers enterprise-class solutions across many industries to improve customer engagement and save time and money. The cloud-based solution increases the efficiency of collecting payment across many channels, all without disrupting the banking relationships of the merchant.

“We live in a world where data is a valuable and prime target for hackers. Anyone familiar with HIPAA knows that HIPAA compliance is very complex, it is our job at CenPOS to simplify this process and develop business solutions to address these risks and ensure that our clients’ data is secure at all times”, commented Jorge Fernandez CenPOS’ Co-founder and Chief Executive Officer. “We provide a unique combination of solutions to the healthcare industry not found anywhere else under one roof with our validated Point-to-Point encryption, HIPAA attestation, and QIR. Risk comes in many forms today and the cost associated with risk mitigation tools and compliance is very expensive. Our all in one solution makes it very affordable for our clients to implement and maintain compliance”, added Mr. Fernandez.

With the healthcare industry being a constant target for hackers of all levels, it’s important for practitioners and facilities to focus on security solutions. CenPOS offers layered security solutions that deliver a secure and robust payment architecture. It enables those within the industry to focus on providing excellence to their patients. CenPOS will manage the day-to-day payment operations focus on security and compliance.

With the recent attestation from HIPAA, it gives healthcare professionals another reason to choose CenPOS. They can ensure that healthcare records are secure and less likely to be leaked, exposed, or otherwise hacked.

CenPOS is engineering the future of payments. Their comprehensive solutions are years ahead of the competition and continually eliminate fraud and human error. Exploring their solutions in-depth can be a significant benefit for those in the healthcare industry.

For more information, contact:
CenPOS
Telephone: 877.630.7960
sales@cenpos.com
https://www.cenpos.com/

About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. | CenPOS | @CenPOS

Contact Christine Speedy, CenPOS authorized reseller, 954-942-0483 for all your CenPOS HIPAA compliant payment processing sales and integration needs.

cenpos logo

B2B Steps to Visa Stored Credential Mandate Compliance

How can merchants get compliant with the Visa Stored Credential Transaction framework and mandates effective October 14, 2017?

Step by step getting started guide for B2B merchants:

Plan how you’ll comply with consent record requirements. See Improving Authorization Management for Transactions with Stored Credentials https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf . Are you going to manage documenting everything or are you going to use technology to help you manage it? Ask your gateway if they’re going to provide a checkbox for consent and if you’ll be able to pull the opt-in records on demand. CenPOS, a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement will automates multiple elements for clients.

PCI Compliant credit card authorization form

Partial CenPOS PCI Compliant stored credential authorization form.

Update workflow and documents. Ensure your sales order or associated credit documents include sale, refund and cancellation policies. Add a checkbox for customer opt-in to terms, including online payments. CenPOS has an opt-in box and you can customize the text.hosted online pay pageVerify if you have a system to manage authorization validity. What the heck does that mean? Many B2B companies have complex needs including pre-authorizations, incremental authorizations, delayed shipping etc. While you may get issuer approvals, that doesn’t mean the authorization is valid. The two most common rules B2B businesses struggle with are Settlement within timeframe for card not present sales, and Authorization amount and settlement amount must be equal. Per Visa Core Rules October 2017, for typical distributor and manufacturer card not present transactions, the authorization must settle no later than 7 calendar days from the date of the initial Approval Response. CenPOS automates compliance. Other payment gateways are incapable or may leave it up to developers to create a solution. Are you compliant now? Look at your merchant statement ‘pending interchange fees. If you see  EIRF or STD, that’s a red flag there’s a problem.

Replace paper credit card authorization forms, and any digital form that you can decrypt and view sensitive card data. Offer your customers a way to self-manage their own wallet with either a hosted online pay page or Electronic Bill Presentment & Payment. CenPOS offers both options, including a lite ‘request a payment’ option, and lets your customers choose both text and email. For those not ready to give up paper, CenPOS creates a printable PCI Compliant credit card authorization form for every stored card.

New to online payments? See Visa best practices to prevent brute force attacks. https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html. CenPOS includes recaptcha and client managed velocity and other rules as part of a layered security approach.

Verify your gateway is ready or will be ready to send correct transaction data for the initial transaction and subsequent transactions for both customer initiated and merchant initiated use of the stored credential.  You’ll want the payment gateway to perform a zero dollar authorization and authenticate the cardholder with 3-D Secure. Ask your gateway if it will automatically flag a transaction as customer initiated stored credential or merchant initiated stored credential, or if they’ll require you to have multiple gateway accounts, one for each type. CenPOS does all this for you now in a single account.

Get an ecommerce merchant account. This is needed for online payments. Don’t run mail order telephone order (MOTO) transactions on the ecommerce account unless you know your payment gateway can alter the flag sent with transaction to change the transaction type. Many cannot. CenPOS manages all compliance seamlessly in the background; whether you need multiple merchant accounts varies by acquirer/processor.

Register for 3-D Secure, including Verified by Visa, with your acquirer. Don’t do this until you know which payment gateway will be used and get their instructions if applicable.

Communicate with customers. Advise any upcoming changes will increase efficiency and security for everyone.

Why comply? With full compliance, merchants can expect better qualified interchange rates, increased approvals (avoid declines based on issuer risk averse algorithms), reduced PCI Compliance burden, and increased efficiency for both buyer and seller. The cost of non-compliance is hefty, including higher interchange rates, penalty fees, and risk of both issuer and cardholder chargebacks.  

interchange rate qualification

The same transaction can process at different rates as shown above, depending on which rules you follow. CenPOS Smart Rate Selector automates compliance to qualify transactions at the lowest rate possible. Which rates are on your merchant statement now?

Why should developers choose CenPOS for their integrated payment gateway? CenPOS has native modules for ERP, shopping cart, accounting and other software.

  • Increase profits faster
  • More efficient, quicker reconciliation
  • More secure- from Encrypted Virtual Keypad to elimination of credit card auth forms
  • More robust- Wire, ACH, check, Paypal, credit card and more; text and email payments supported. No 3rd party Electronic Invoice solution needed such as BillTrust; CenPOS invoice portal and automated collections included.

Where can I buy CenPOS or learn more? You’ve already found one of the top salespeople, Christine Speedy. All agreements are direct with CenPOS, no middle man.

Resources and documentation https://3dmerchant.com/blog/merchant-bulletins-downloads – bookmark it!.  Join Christine Speedy’s email list.

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.

With the fast pace of changing rules, companies need a technology partner to automate compliance. Did you know?

  • CenPOS has a suite of solutions for companies just like yours, solving common problems and increasing profits virtually overnight.
  • For those not ready to give up paper, CenPOS creates a printable PCI Compliant credit card authorization form for every stored card.
  • CenPOS has ERP, ecommerce shopping cart, accounting and other plug-in modules available for quick and easy implementation.
  • I’ve been selling for CenPOS since day 1. Though I have other payment gateways available in my arsenal, nothing else compares for meeting business to business needs.

Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

First Data level 3 processing solutions

Need a solution for level 3 processing with your First Data merchant account? A payment gateway that supports level 3 processing is required, but that’s not enough. Payment gateway selection and implementation impact whether a transaction actually qualifies for level 3 rates.

The main requirements to qualify for level III interchange rates are:

  1. Submit required extra order detail. This varies by card brand; for example Ship to/from ZIP code, Destination country code,VA/ tax amount, invoice number, order reference number, Discount amount, Freight/shipping amount, Duty amount, Order date, unit of measure and more.
  2. Valid authorization. For example, the authorization and settlement amount must be the same.
  3. Interchange Rate Special Requirements, which may vary by card, industry etc. For example, here are requirements to qualify for MasterCard Data Rate III
    1. U.S. Merchant
    2. Applicable Electronic Authorization Data must be included and match Settlement Data
    3. Valid Banknet Reference Number and Banknet Date in valid date format MMDD
    4. Settlement within 2 days of transaction
    5. Level II & Level III Corporate Card data (Level II Data includes the entry of customer code, card acceptor type, tax ID and sales tax. Level III Data includes Level II data, line item detail, item description, item quantity, item unit of measure, extended item amount, product code, and debit or credit indicator.)
    6. Non-T&E MCC
    7. Card Acceptor Type and Tax ID must be provided

Visa Stored Credential Framework Impacts Authorization Validity

For business, corporate and purchasing card transactions to qualify for Level 3 interchange rates, a valid authorization is required. New rules change requirements for card not present transactions using stored cards. US businesses must comply with Visa Stored Credential Transaction framework effective October 14, 2017. Without getting into too much detail, payment gateways must update to comply, and merchants will also need to make some changes going forward.

Merchant requirements include:

  • When capturing a stored credential for the first time, complete special requirements, including cardholder authentication as applicable (Managed by payment gateway or integrated solution.)
  • Send correct transaction type on subsequent transactions: Installment Payments, Recurring Payments, or Unscheduled Credential On File. (Managed by payment gateway or integrated solution.)
  • Authorization and settlement amount must match. (Managed by payment gateway or integrated solution.)
  • Obtain cardholder consent and disclosure agreement. (Most likely managed by payment gateway or merchant.)

For years, authorization and settlement amount mismatch has been a common problem for merchants to qualify for level III rates. Even if a gateway solves this problem, an integration may limit the capability. This is easily identified by EIRF, STD/ standard, level I and level II rates present in the “pending interchange” section on merchant statements.

To solve all of the above problems, merchants can use a third party payment gateway with their merchant account, that manages authorization validity and continual changes within the gateway, including integrated solutions. Below image shows before and after interchange rates from actual merchant statements; same merchant account, just changed the payment gateway.level 3 gatewayContact Christine for a level 3 payment gateway that works with your First Data Merchant Account, as well as other acquirers.

Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

Disaster planning: credit card processing, cash flow and accepting payments

Mobile credit card processing and online payments of all types can ensure business cash flow during and after a disaster. When the storm is over and people emerge to shop again, how will businesses manage accepting credit cards? Or get paid by check if mail is undeliverable? Critical issues include power, telephone and internet access, as well as human capital when employees scatter to many different places.

How can we help your business when a USA storm is imminent?

  1. Online pay page– hosted pay page supporting ACH/echeck with or without guarantee, credit card, wire and Paypal. No web developer is needed for this fast solution; just send our custom link to your customers.
  2. Electronic Bill Presentment & Payment- Login to a portal and Text or email your customers a pre-filled payment object with link to pay a specific invoice; optionally create detailed invoices on the fly if your accounting system is not available.
  3. Virtual terminal – your employees key enter the payment information via virtual terminal on a secure hosted web page or using the mobile app (free).

All solutions above are quick and easy to adopt and they work with your existing financial partners such as merchant services or check processor. Remote training videos can help users get up and running the same day as the account is activated from wherever they are. For the two self-pay options above, when using 3-D Secure cardholder authentication, liability for fraud shifts to the issuer, much like EMV does for retail. Additionally, the qualified rated for credit card acceptance in many cases is the same as retail.

It’s probably not realistic to get a credit card swiper on short notice because in the current retail world, EMV chip card and point to point encryption are critical to protect against fraud and data breaches. Use a store bought mag card reader at your own risk.

 

Good to know:

  • Works with all or most processors- bring a merchant statement, online login, or contact information with you when evacuating so we can connect to it.
  • No long term agreement- month to month
  • Plugins available for many software solutions
  • Encrypted virtual keypad protects cardholder data from key logger software (important when employees may be using their own PC’s)
  • PCI Compliant
  • Each user has unique login for compliance and tracking; same permission based login across all solutions.
  • Standardization across all locales for complete transparency, and compliance.
  • With simple cashiering you can even manage and track cash transactions.

Contact Christine Speedy 954-815-6040 or cspeedy At cenposreseller.com

 

CenPOS Launches PCI-Validated P2P Encryption

Florida-Based Payment Solutions Company, CenPOS, Strives to Make Customer Experience More Secure with Launch of PCI-Validated P2P Encryption.

Data breaches are on the rise and they are costing both consumers and merchants money.

The 2017 Identity Fraud Study, released by Javelin Strategy & Research, found that $16 billion was stolen from 15.4 million U.S. consumers in 2016.

When the consumer data that makes such fraudulent activity possible comes from the merchant’s database, then the merchant can also incur some major damages. In fact, the 2017 Cost of Data Breach Study: United States, found that the total average organizational cost of a data breach has reached a new high at $7.35 million.

CenPOS aims to reduce the vulnerability of sensitive consumer data — that could be used to drain debit card-linked bank accounts, make “clone” credit cards, or buy items on certain less-secure online sites — to hackers with the release of its Validated P2PE solution.

Officially released on July 7th of this year, CenPOS Validated P2PE encrypts cardholder data so businesses can simplify compliance with Payment Card Industry Data Security Standards (PCI DSS) and consumers can stop worrying about data being stolen between “the store” and the bank.

Surprisingly, Validated P2PE is not new technology. It’s the strongest level of data encryption in the market right now and is offered by other merchant payment services companies. However, CenPOS is the first and only company with the Qualified Integrator & Reseller (QIR) designation to offer a Validated P2PE solution.

The QIR designation is awarded by the Payment Card Industry Security Standards Council, a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.

According to their standards, “the quality, reliability, and consistency of a QIR Company’s work” should provide confidence that the merchant’s payment application has been implemented in a manner that supports PCI DSS compliance.

Chris Justice, CEO of CenPOS, is quoted saying: “We believe that loyalty is built on trust and that trust is built by delivering great customer experience over and over again. So, when consumers can have greater peace of mind because they know that the merchant has the proper data security in place to reduce exposure to painful events, like data breaches, we believe customer experience is enhanced and that consumer will choose that merchant over others who are less diligent.”

CenPOS Validated P2PE launched on Friday, July 7, 2017. To learn more, visit https://cenpos.com/solutions/data-security
More facts and further information about CenPOS, can be discovered at https://www.cenpos.com/

About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. | CenPOS | @CenPOS

###

Christine Speedy, 3D Merchant Services, is an authorized CenPOS Reseller. There is no middleman; all solutions offered are direct CenPOS agreements with CenPOS direct billing.