Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI)

Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign. Pursuant to Presidential Policy Directive (PPD) 41, the FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident. The UCG is intended to unify the individual efforts of these agencies as they focus on their separate responsibilities. This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.

As the lead for threat response, the FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors. The FBI is engaging with known and suspected victims, and information gained through FBI’s efforts will provide indicators to network defenders and intelligence to our government partners to enable further action.

As the lead for asset response activities, CISA took immediate action and issued an Emergency Directive instructing federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network. CISA remains in regular contact with our government, private sector and international partners, providing technical assistance upon request, and making needed information and resources available to help those affected recover quickly from this incident. CISA is engaging with our public and private stakeholders across the critical infrastructure community to ensure they understand their exposure and are taking steps to identify and mitigate any compromises.

As the lead for intelligence support and related activities, ODNI is helping to marshal all of the Intelligence Community’s relevant resources to support this effort and share information across the United States Government.

To report suspicious or criminal activity related to information found in this statement, contact your local FBI field office at https://www.fbi.gov/contact-us/field-offices. To request incident response resources or technical assistance related to this statement, visit https://www.us-cert.gov/report.

2020 Referral Compensation Holiday Cheer

Refer a business for a new merchant account and get paid $150 per new merchant account. If the business has multiple locations, you get the referral money for each location, no limits! Valid for USA merchants only and account must be approved by 12/31/2020.

What happens if the merchant is not approved by the end of 2020? The promotion is only valid in 2020, however, it will be reviewed on a case by case basis. If you refer a sizeable account, then you’ll likely get compensated, but depending on the number of locations, there may be a delay.

What happens if the merchant doesn’t sign by the end of 2020, but does sign in January or later? The promotion is only valid in 2020, however, it will be reviewed on a case by case basis. If you refer a sizeable account, then you’ll likely get compensated, but depending on the number of locations, there may be a delay.

Do you pay the referral to a person or to a company? That’s up to whomever does the referral.

Christine Speedy, Founder 3D Merchant Services, QIR certified, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified by the PCI Council. Christine is an authorized independent sales agent for a variety of merchant services and payment techology solutions.

Express checkout via email or text

Express checkout enables customers to pay for invoices, bills, products and services from an email or text message. During the Covid crisis, many businesses have searched for solutions, but not nearly enough have implemented solutions. As a customer, I’m still stuck trying to reach people in different time zones that are not in the office, or solutions that are frequently down or not compliant with card acceptance rules, which puts my card security at risk.

Checklist for B2B card not present express checkout:

  1. Must offer the ability to store a card (which will be managed by the third party provider).
  2. Storing cards must comply with current rules for storing and managing stored cards, including the ability for the customer to manage on demand which cards are on file, delete on demand, etc. See Visa stored credential mandate.
  3. The process to store a card should include a checkbox to opt-in to store the card.
  4. Merchant should secure the transaction with 3-D Secure to ensure lowest fees and chargeback protection.
  5. If not using an integrated solution, it should include the ability to attach invoice on demand to send with payment request.
  6. Solution must support level 3 processing, again to reduce merchant fees and maximize profits.
  7. Optional: partial payments. Some merchants may want to allow partial payment so at least collecting some money while other portion is in dispute or for other reasons.
  8. If omnichannel, the ability to use the same gateway for all services simplifies security management and accounting.
  9. Solution should be compatible with any merchant account so if you make a change, it does not disrupt consumer or merchant.

eipp payment requestIf merchants follow all the above rules, they will get paid faster, increase customer satisfaction, and incremental sales and profits.

Both EIPP and EBPP refer to electronic bill presentment and payment and the term can be used interchangeably. E-invoicing and Ebilling started out as a way to electronically deliver invoices. But now merchants can simply send a payment request, send an invoice, or send an account sign up for the customer to self-input their card on file so the merchant never, ever inputs cardholder data.

Don’t wait. Your customers will walk away when it’s easier to do business with someone else, especially for product lines available from multiple distributors.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions and is QIR certified by the PCI Council. Call Christine for all merchant services related needs.

Paay Alternative for EMV 3DS

Concerned about the Paay data breach and looking for an alternative EMV 3DS, specifically EMV 3-D Secure 2.2.0, solution for your card not present transactions? Ask Christine Speedy, a Qualified Integrator and Reseller certified by the Payment Card Industry Security Standards Council. Additionally, Christine has extensive experience in the card not present world offering merchants multiple solutions. The best card not present payment gateway is a critical decision and as an independent agent, I will guide you to both the best technology and credit card processing acquirer for your specific business needs.

QIRs are integrators and resellers specially trained by PCI Security Standards Council to address critical security controls while installing merchant payment systems. QIRs reduce merchant risk and mitigate the most common causes of payment data breaches by focusing on critical security controls. Level 4 merchants process 1 to 1 million transactions annually and are mandated to use only QIR certified people for POS systems or terminals, if not doing internally.

Why bring up QIR for card not present or bigger merchants? Wouldn’t you rather have one of the few QIR cloud security trained in payment processing on your team? Paay does not have anyone listed on the PCI Council web site, though like Christine Speedy, there may be certified salespeople under a different company name. That’s because the certification follows the individual, not the company. Additionally, there is no requirement to use QIR’s at this time for card not present so Paay doesn’t need to have anyone QIR trained. There’s no specific certification of any kind required for ecommerce developers and integrators. Kind of crazy given the risks, huh?

EMV 3DS is a global security protocol with three primary beneficial outcomes:

  1. Fraud liability shift to issuer for “it wasn’t me, I didn’t authorize.” Merchants do not need to respond to a chargeback, when 3DS is invoked on a transaction, it will automatically shift liability to the issuer.
  2. Merchants can potentially qualify for even lower interchange rates on some cards due to lower risk associated with cardholder authentication. For example, merchants can save .20% on average with MasterCard UCAF rate qualification vs Merit 1 on some credit cards.
  3. Increased approvals and profits. With cardholder authentication, merchants can expect increased approvals per the card networks advice. False declines are a significant problem for cart abandonment and resulting lost sales.

Think of it like having a chip card for card present transactions. EMV 3DS is a messaging protocol that promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protect the merchant from exposure to CNP fraud.

Level 3 purchasing expert for B2B credit card processing needs. HIPAA, GDPR, PCI and PSD2 and all the other compliance and security you need for your business are available.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and omnichannel technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions. Call Christine for payment gateway, cloud technology, merchant services and check processing needs.

Elavon wins best CNP credit card processor awards

Elavon Receives industry recognition for the Third consecutive year

Elavon, a global payments provider and subsidiary of U.S. Bank, won both the Judges Choice and People’s Choice awards for best processor 2020 Card Not Present (CNP) Awards, sweeping the Best Processor category for the third year in a row.

Best Processor: Judges Choice

The company provides end-to-end payment processing solutions and services to more than 1.3 million customers in the U.S., Europe, Canada, Mexico and Puerto Rico. It transmits data safely three billion times each year and enables $300 billion worth of commerce. Its solutions are designed to solve pain points for small to enterprise-sized businesses.

“Elavon has been a leader in payment processing, leveraging the world’s best technologies for our partners from large worldwide enterprises, to locally owned small businesses,” the company said. “We extend powerful payment solutions for all payment types and processing environments, ensuring that your business is well-connected. Elavon is consistently rated among the top global payment providers, with more than one million customers trusting us to process their payments.”

Last year Elavon also won Best Processor in both categories.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and is an authorized reseller for the suite of Elavon products and services. Christine is also a Qualified Integrator and Reseller certified by the Payment Card Industry Security Standards Council, a requirement for all level 4 merchants, defined as less than 20,000 Visa or MasterCard e-commerce transactions annually, and all other merchants processing up to 1 million Visa or MasterCard transactions annually. Services include standalone and integrated technology, optional merchant services and other solutions. 954-942-0483.