Christine Speedy on Ask the Expert Panel in Boca Raton

Christine Speedy will be on the BocaJS experts panel in Boca Raton, Florida. Christine’s background in ecommerce stems from when the internet first started. With skilled coding labor shortages, Christine learned html to help get stuff done for clients which included the Miami Dolphins, Blockbuster, the Florida Marlins and many others. While leaving serious work up to the coders and integrators today, her payment checkout insights are unparalleled for PCI Compliance and card network rules compliance. Get to know the industries best experts on everything from Development, Design, IT, DevOps, Recruiting, and Learning in Boca Raton, Florida.

Cendyn Spaces, in the Atrium

980 North Federal Highway · Boca Raton, FL

About The BocaJS group

The BocaJS group is here to represent the best that South Florida can bring to the world’s best Language (Javascript). And any else web related as well! In addition to vanilla java script, we’ll be looking at frameworks such as Node, AngularJS (1, 1.5 AND 2,4,5,6,…. 7 beta? ), Ember.js, jQuery, ReactJS and Ionic. Founded in September 2014 by Adam & Hector, and Run currently by Damian Montero and Jermbo Lawson this group continues to grow and thrive. Website: BocaJS.org (https://bocajs.org/)

About Christine Speedy

Christine Speedy is a Qualified Integrator and Reseller payments professional, certified by the Payment Card Industry Security Standards Council, and authorized CenPOS Reseller. Christine is a subject matter expert on PCI compliance and card network rules compliance, offering secure cloud payment technology to businesses, transforming the commerce and customer experience. South Florida Technology Alliance member.

3 Ecommerce Checkout Payment Problems

Use of a PCI compliant payment gateway does not make a company PCI compliant, compliant with card network acceptance rules, or compliant with best practices to maximize profits. In other words, if you follow best practices and comply with all the rules, you’ll have a more secure and profitable company. A key ingredient to compliance is the payment gateway, however, the payment gateway has no specific requirement to ensure your compliance with all the card network rules and best practices, just those that pertain to Payment Card Industry Data Security Standards.Here’s a few costly merchant problems:

  1. Lack of brute force attack tools. These help prevent bots from testing thousands or millions of cards on your checkout form. The merchant is liable for all of the attempted transaction fees on the payment gateway and on the acquiring. A simple first line of defense is adding recaptcha. See Visa best practices to prevent brute force attacks. https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html.
  2. Non-compliance with Visa Stored Credential Mandate, effective October 14, 2017? I’ve written extensively on this, for example here’s a B2B steps to compliance article. There are multiple elements, and many payment gateways do not yet have solutions, especially for ‘Unscheduled credential on file’. Do you have a checkbox in the sequence of checkout opting in to terms? https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf.
  3. Invalid authorizations. This is the most costly as it can lead to consumer generated chargeback, issuer chargeback, non-qualified interchange rates and penalty fees. Here’s a story about the new .25% MasterCard integrity fee. Do you have Standard/STD, EIRF, or Data Rate I on your merchant statement under interchange fees? Then you have an authorization problem.
  4. Cardholder authentication limitations. The security code has historically not been enough evidence to win customer disputes about unauthorized charges. With 3-D secure, fraud liability shifts to the issuer. Effective April 2019 based on region and industry, Visa mandates many merchants use Visa 3D Secure 2.0. Reference Table 5-18: Acquirer Support of Verified by Visa, Visa Public Rules.

The solution to all of the above is replacing outdated payment gateway technology with new technology that will help automate compliance with card network rules, while reducing PCI Compliance burden.

Why comply? Here’s an example of the cost difference between valid and invalid authorization.

interchange rate qualification

Resources and documentation /blog/merchant-bulletins-downloads – bookmark it!.  Join Christine Speedy’s email list.

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.

Need a solution? Call Christine Speedy, 954-942-0483, 9-5 ET, CenPOS authorized global reseller based out of South Florida and New York. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Federal Reserve e-Commerce Fraud Study

Fraud Threats in the e-Commerce Channel Vex Merchants

Minneapolis, June 18, 2018 According to a new survey of 166 U.S. merchants with an e-commerce presence, card-not-present (CNP) fraud is the top payment threat to retailers. The survey also found that retailers worry about their ability to handle increased e-commerce fraud, which many merchants expect to increase over the next six to 12 months, largely as a result of data breaches. The survey, released by the Federal Reserve Bank of Minneapolis, aimed to uncover approaches retailers are using to effectively reduce payments fraud in the e-commerce space. It complements the financial institution fraud mitigation tool effectiveness study published by the Bank in the first quarter of 2018.

The report provides information about the use of payments fraud detection and prevention methods used in the e-commerce channel and how merchant respondents rated the methods. When asked where merchants devoted the most resources toward fraud mitigation, they indicated CNP in the online channel. Merchants largely rely on older mitigation tools such as security code and address verification, but some new tools are emerging. The emerging CNP fraud tools that merchants find most promising include artificial intelligence, facial and voice recognition, and multi-merchant purchase velocity checks.

“This study provides great insights into what merchants find effective for mitigating card-not-present fraud today and which emerging mitigation technologies they are beginning to use.  Retailers could use the information from the report to assess and enhance their current fraud mitigation strategies,” said Guy Berg, vice president of the Payments, Standards, and Outreach Group at the Minneapolis Fed.

The report also analyzes usage and effectiveness ratings of information-sharing partnerships that help merchants identify fraud attacks and exchange threat information.

Access the full 2018 Fighting Fraud in the e-Commerce Channel: A Merchant Study.


The Federal Reserve Bank of Minneapolis is one of 12 regional Reserve Banks that, with the Board of Governors in Washington, D.C., make up the Federal Reserve System, the nation’s central bank. The Federal Reserve Bank of Minneapolis is responsible for the Ninth Federal Reserve District, which includes Montana, North and South Dakota, Minnesota, northwestern Wisconsin and the Upper Peninsula of Michigan. The Federal Reserve Bank of Minneapolis participates in setting national monetary policy, supervises numerous banking organizations, and provides a variety of payments services to financial institutions and the U.S. government.

 

###

Blog author note: CenPOS cloud commerce solutions are part of a layered security approach that help reduce manual order reviews and mitigate risk of bot automated orders which can rack up authorization fees. Tools include 3-D Secure, including Verified by Visa and other card brand solutions, among others. Headquartered in Miami, Florida, CenPOS is reshaping the future of commerce through technology innovation and the secure, flexible and simple solutions this enables. Christine Speedy, CenPOS Global Sales, 954-942-0483 has extensive ecommerce experience to help businesses mitigate fraud risk while maximizing profits.

Why does my web site need SSL security 2018

Every web site needs SSL in 2018 to avoid web site insecure messages that scare away visitors.

Disabling TLS 1.1 and lower is recommended for all businesses. While web site security with SSL is commonly considered only necessary if accepting payments or using secure online forms, that’s no longer the case. It can impact Google listings, overall SEO, and whether visitors see your web site.

SSL secured web sites for years. Even though tech people still call it SSL, the next phase of ecommerce security was TLS. TLS 1.1 and lower, including SSL 1.0, are not considered secure. For that reason, all businesses accepting payments online must have disabled TLS 1.1 and lower on their servers for mandatory Payment Card Industry Data Security Standards  (PCI) compliance by June 30, 2018. Additionally, buyers with outdated browsers may be blocked from making purchases if not supporting the latest security standards.

If your web site does not have an SSL certificate, visitors will get a browser message, which may vary by browser, telling them your web site is not secure and that any information submitted could be viewed by others.

connection not secure message

Web browser warnings like this will scare away visitors.

FREE Test SSL/TLS for Browser and Servers:

Server penetration testing falls under the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. 1030). It’s a federal crime to “intentionally access a computer without authorization or exceed authorized access”. If it’s not your web site, and you don’t have explicit permission to access, don’t run a server test. If you do have the right to run it, be sure to check the box, HIDE RESULTS. If you get a YES next to TLS 1.0, SSL 3, or SSL 2 on the server test, then hardening is needed. To modify your web site, it’s managed in host administration and disable in security settings. Free SSL and TLS test from Qualys. https://www.ssllabs.com/ssltest/index.html.

Godaddy gives a very good overview of options. https://www.godaddy.com/web-security/ssl-certificate#compare. I recommend getting the Extended Validation (EV) SSL for the value-added benefits.

Headquartered in Miami, Florida, CenPOS is reshaping the future of commerce through technology innovation and the secure, flexible and simple solutions this enables. Christine Speedy, CenPOS Global Sales, 954-942-0483 has extensive ecommerce experience dating back to the early internet days and can assist with any questions.

3dcart and CenPOS Payment Gateway Partner To Grow B2B Vertical

Miami, FL April 23, 2018. The business-to-business (B2B) e-commerce sales channel presents new opportunities and challenges, particularly with increasingly complex credit card processing requirements. 3dcart, a leading e-commerce platform, has partnered with CenPOS, an integrated technology commerce platform. The CenPOS ‘Super Payment Gateway’ maximizes profits while mitigating the higher dollar value transaction risk in the B2B vertical.

Payment gateways directly impact the cost of credit card acceptance, including interchange fees, the bulk of merchant fees. The CenPOS 3dcart integration offers all the required elements to qualify B2B transactions for the lowest rates possible, including:

  •  Level 3 data for purchasing, corporate and business cards
  • Resolve authorization and settlement amount mismatch
  • Visa unscheduled, recurring, and installment stored credential mandate compliance
  • 3-D Secure – Verified by Visa, MasterCard SecureCode, American Express Safekey and Discover ProtectBuy

“Our first mutual customer reduced fees over 30% just by changing their payment gateway,” commented Christine Speedy, CenPOS sales expert for 3dcart users. “Both our customers can expand into new markets while maximizing profits, security and compliance.”

“With the CenPOS integration, we expand the payment solutions offered by 3dcart to provide existing and prospective customers globally an additional alternative to how they process credit cards today, with any acquirer they choose,” stated Gonzalo Gil, 3dcart CEO.

The 3dcart CenPOS integration currently supports credit card, EFT/echeck with and without guarantee, Paypal and alternative payment methods. CenPOS POS and mobile and are available standalone now and will be integrated in the future to provide 3-D Cart customers a validated point to point encryption (P2PE) option. A validated P2PE solution significantly reduces merchant scope for PCI Compliance. CenPOS also includes to all 3dcart customers their electronic bill presentment and payment (EBPP) solution, supporting wire payments, text messaging, and other key B2B items of interest.

cenpos logoAbout CenPOS

CenPOS (https://www.CenPOS.com is a merchant-centric, end-to-end payments engine that drives enterprise-classsolutions for businesses, saving them time and money, while enabling merchants to create deeper lasting relationships with their customers. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.  PCI Level 1 Service provider, QIR Certified, P2PE Validated, HIPAA compliant. https://www.cenpos.com/ CenPOS 877-630-7960, Christine Speedy direct 954-942-0483.

logo 3dcartAbout 3dcart

3dcart (https://www.3dcart.com) is the most SEO-friendly eCommerce platform for retailers and internet marketers to grow their online stores’ traffic and sales. 3dcart includes 24×7 Technical Support, 100+ Mobile-Ready Themes, order management software, built-in blog, email marketing tools and more. Since 1997, the company has been a leader in the eCommerce market, building online stores for businesses of all sizes. Today, 3dcart is Visa PCI Certified and a Google Partner. Sales 800-828-6650