Category Archives: security

Credit Card Authorization Form Q&A Webinar November 8 2017

Posted on by
Reply

credit card authorization formWhat’s the best credit card authorization form?

Learn best practices for 2017 and 2018 card not present credit card processing based on the latest Payment Card Industry Data Security Standards (PCI compliance), Visa, MasterCard and other rules. This webinar is ideal for credit managers and any entity that is currently using paper credit card authorization forms, or encrypted digital forms.

Christine Speedy will review related compliance rules, including PCI and October 14 Visa Stored Credential rules, consequences for non-compliance, and solutions to replace traditional paper credit card authorization forms. Live Q&A.

Register now for the credit card authorization form webinar Nov 8, 2017 11:00 AM in Eastern Time. TIP: For PCI Compliance, you need a current web browser and you’ll need one for this webinar too. Read this article and take the free browser test.

Christine Speedy, CenPOS authorized reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

Test and fix TLS 1.0 to TLS v1.2 for merchant non-compliance notice

Posted on by
Reply

To keep your data safe, the Payment Card Industry Security Standards Council (PCI SSC) has mandated a security upgrade impacting all merchants where web browsers can be used in the payment process. Acquirers and payment gateways have set various deadlines in advance of the required PCI TLS v1.2 Security Protocol Upgrade by  2018. Either hardware may need to be replaced or software updated.

Recently, multiple vulnerabilities have been uncovered. Criminals are using the vulnerabilities at massive levels over prior years. Security company Zscaler blocked an average of 8.4 million SSL/TLS-based malicious activities per day in the first half of 2017 for its customers on its Zscaler cloud platform. That’s why all merchants need to upgrade to the most current version of TLS (Version 1.2) and should do so as soon as possible. Because this is an absolute necessity, merchants are getting emails about hard stop dates; if not fixed, merchants will not be able to process transactions after the deadline.

TLS Deadlines vary by acquirer and payment gateway. Dates have been changing due to non-compliance so check with your partners.

  • Chase Paymentech, September 30, 2017.
  • Authorize.Net, February 28, 2018.
  • First Data varies by solution. Datawire will remove SSL v3, TLS v1.0, and TLS v1.1 on February 15th 2018.

TLS 1.0 and TLS 1.1 need to be disabled from browsers, servers and related applications. SSL 3.0 should have been disabled years ago.

Do not rely on server host companies or consultants to do this for you. It’s up to merchants to maintain PCI Compliance. If you get a notice of non-compliance from your acquirer and use a virtual terminal, test your browser below.

FREE Test SSL/TLS for Browser and Servers and updating TLS for card not present transactions:

Free SSL and TLS test from Qualys. https://www.ssllabs.com/ssltest/index.html.  If you get a YES next to TLS 1.0, SSL 3, or SSL 2, then hardening is needed.

Try updating your browser and then run the test again. If the browser is current, go to your web browser settings or preferences and disable SSL and TLS 1.0. Run the same test on your web site. If you get a yes, go to your host administration and disable in security settings.

What is TLS Security Protocol?

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) are both frequently referred to as “SSL”. When you go to a web page and the URL is “https”, the S stands for secure, and the domain host has a security certificate installed and enabled on the web host. Websites use TLS to secure all communications between their servers and web browsers. For example, when a merchant logs into a virtual terminal using a web browser, or a customer makes a payment online via a hosted pay page or ecommerce shopping cart.

 

Christine Speedy, CenPOS authorized reseller, 954-942-0483. B2B cloud payments solutions and CenPOS enterprise cloud payment solutions expert. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

Dealership Post-Acquisition Standardization Cash Flow & Profits

Posted on by
Reply

Car, truck, and ag equipment dealership acquisitions by mega dealers are on a torrid pace. Cash-flow and profits are directly linked to standardization among locales. The right payment processing technology creates instant receivables financial transparency at headquarters regardless of varying dealer management software. heavy duty equipment credit card processingCloud-based payment processing is critical to financial transparency. For example, credit card processing terminals batched out individually means management has to wait for reports. A cloud solution, including payment gateway, can provide real-time insights by dealer location or any other number of data points.

Key payment gateway differences for dealership evaluation:

  • Real-time dashboard with drill down vs export reports to view (additional payment types not shown)dashboard net sales payment gateway report
  • Compliance with complex rules for rentals, preauthorizations, retail and card not present. How many merchant accounts needed to comply?
  • Compliance with Visa October 2017 stored credentials mandates
  • Level 3 processing capabilities for commercial cards
  • EMV chip or EMV chip and pin
  • Push payment requests (collect remote payments before delivery) via text or email
  • Cardholder authentication (3-D Secure) for remote payments
  • Payment methods supported: cash, check, wire, credit card and other methods vs just credit cards provides significantly tighter controls and data insights

Dealers hesitant to replace desktop EMV chip terminals due to prior investments should bite the bullet. Better solutions to improve customer experience and back office efficiency will reduce ROI time for acquisitions.

ABOUT: Christine Speedy is a payment processing expert with deep experience in the multi-department needs of dealerships. Solutions empower CFO’s to achieve common customer satisfaction goals with tight financial controls, risk mitigation, and reduced PCI Compliance burden. Need standardization help? Call 954-942-0483 to learn more about solutions for your business that are quick and easy to adopt, increasing efficiency and growing profits virtually overnight.

 

Microsoft Dynamics Partner: PCI-Validated P2P Encryption

Posted on by
Reply

CenPOS, a payment technology provider, launched their PCI-Validated P2P Encryption solution July 7, 2017. The Microsoft Dynamics Partner offers a full-cashiering payment processing module to Dynamics AX 2012 channel partners and end-users. The CenPOS Validated P2PE encrypts cardholder data so businesses can simplify compliance with Payment Card Industry Data Security Standards (PCI DSS). It’s also QIR certified and HIPAA compliant.

With full cashiering, users have tight financial controls all within Dynamics AX ERP. Cash, checks with and without guarantee, credit card, and other payment options are all supported for retail needs. Hardware terminal options include the Verifone MX 915, Ingenico ISC250, Ingenico IPP320, and the mobile Ingenico ICMP EMV Reader. Note the module is for Dynamics AX 2012 ERP, not Retail.

CenPOS Dynamics AX Software modules include:

  • POS with EMV enabled
  • Mobility with EMV
  • P2P E Validation
  • Electronic Bill Presentment and Payment
  • Tokenization
  • Consumer Electronic Wallet supporting all tender types
  • Electronic Signature Capture
  • Integrated Shopping Carts
  • Enhanced fraud and risk mitigation tools

Christine Speedy, CenPOS authorized reseller for Dynamics end users and channel partner development, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships

New York credit card surcharge rules US Supreme Court Update

Posted on by
Reply

Can New York state general businesses surcharge credit cards? No, it’s illegal. The US Supreme Court recently ruled on credit card surcharge rules for class action lawsuit Expressions Hair Design, et al., Petitioners v. Eric T. Schneiderman, Attorney General of New York, et al. Judgement issued May 1 2017, sending the case back to lower court.

US Supreme Court History of case
https://www.supremecourt.gov/search.aspx?filename=/docketfiles/15-1391.htm

EXPRESSIONS HAIR DESIGN v. SCHNEIDERMAN ( )
808 F. 3d 118, vacated and remanded. https://www.law.cornell.edu/supremecourt/text/15-1391

Expressions Hair Design v. Schneiderman, NYS Attorney General oral arugments
https://lawaspect.com/case-expressions-hair-design-v-schneiderman/

EXPRESSIONS HAIR DESIGN LLC v. SCHNEIDERMAN, Decided: September 29, 2015
http://caselaw.findlaw.com/us-2nd-circuit/1714180.html