D365 Customer facing invoice portal D365 F&O

Looking for D635 F&O solution for clients to access online portal to view and pay invoices? One of the key solution differentiators is the integrated payment gateway for credit card processing. Easily overlooked, it’s most impactful on profits. Other than merchant discount, the payment gateway is the single largest influence on the cost of credit card acceptance and chargeback risk.

How can a payment gateway impact costs?

  1. Authorization management. There’s a slew of rules, which are continually changing, regarding what has to happen in order to qualify transactions for the lowest cost possible. Virtually no payment gateways support all of them. For example, authorize.net doesn’t support unscheduled credential on file (stored card on file). Reference https://community.developer.authorize.net/t5/Integration-and-Testing/Visa-Stored-Credentials/td-p/60149. The average cost differential for a Mastercard business card is 1% for a transaction with valid authorization vs invalid (but approved).
  2. Customer disputes and chargebacks. A merchant can only defend disputes if they have proper authorization in #1. Instead of wasting time defending disputes, merchants can prevent them with 3-DSecure 2.0, a global cardholder authentication solution. If the payment gateway supports it, “it wasn’t me, I didn’t authorize it” goes away; liability belongs to the issuer.
  3. Rate Qualification. Items 1 and 2 above both reduce the cost of card acceptance. So does supporting level 3 data. It amazes me how many calls I get from consultants and merchant services salesmen that just want to help their customers qualify business and purchasing cards for level 2 rates. Why wouldn’t you want all clients to qualify for level 3 rates, which are substantially lower for business to business transactions?
  4. Stored credential compliance. This is not just securely tokenizing cardholder data, but complying with a new set of rules established in 2017, which all merchants and acquirers are required to comply with. Payment gateways have no such requirement. They can choose to provide the services to clients or not. The trickiest is unscheduled credential on file, which is what most business to business companies need, unless they have a SaaS billing model. Towards the end of 2019, a few more gateways were offering this, but the list is very small.

Few payment gateways support all four items above.

Call Christine Speedy for D365 F&O invoice portal with compliant payment gateway to maximize profits and improve your customer experience. 954-942-0483, 9-5 ET for all your recurring billing and stored credential payment gateway and virtual terminal needs.

PSD2 compliant payment gateway

Need a payment gateway that supports Strong Customer Authentication (SCA) requirements for the EU Payment Services Directive (PSD2)? The EU requirements went into effect September 14, 2019 and like many new regulatory and card acceptance rules changes, some payment gateways are ready, some are not, and some may never get updated. This article addresses online payments and ecommerce transactions only.

Do US companies with a US merchant accounts need to comply with PSD2?

Yes. This is hard to decipher when researching, but the key is, yes must comply if a transaction even ‘passes through’ the EU.

  • One leg out (OLO) transactions in any currency (where one of the Payment Service Providers (PSPs) is located inside the EEA and the other PSP is located outside the EEA). For example, a transaction involving US merchant account and an EU card issuer.

How does PSD2 Strong Cardholder Authentication impact US merchants?

  • It’s not required for Ecommerce transactions from EU cardholders to US merchants with US merchant accounts.
  • US merchants may experience increased issuer declines if not using SCA.
  • US merchants will likely experience increased fraud as the pool of web sites shrinks where criminals can commit fraud and get away with it.
  • GDPR regulations for ecommerce transactions from EU cardholders to US merchants with US merchant accounts does apply; choose payment gateways that support both GDPR and 3DS v2.2.0.

Which online payments are exempt from PSD2?

  • Commercial cards where there is no cardholder name, and thus no way to authenticate an individual.
  • Recurring transactions for the same amount- PSD 2 applies for the initial transaction. If the amount changes, PSD 2 applies. PSD 2 applies for Unscheduled Credential On File for each transaction unless cardholder whitelists as per next item.
  • White-lists of trusted beneficiaries- cardholders can notify their issuer to allow payments to go through without SCA after initial transaction.

How can merchants get compliant with PSD2?

Merchants should use a payment gateway that supports 3DS v2.2.0, which supports Strong Customer Authentication or SCA. Visa specifically states in their rules (Table 5-17: Acquirer Support of Visa Secure by Region/Country – Requirements) that acquirers in the EU must process transactions using Visa Secure, which is their version of 3D Secure, a global protocol for securing card not present transactions. Only 3D Secure 2.x, not 1.0, meets the PSD2 requirements, with v2.2.0 being the most current as of this writing. This will get merchants compliant with PSD2.

Which payment gateways support 3DS v2.2.0?

Because the payment gateway may one of multiple components in the checkout process it may not be on a certification list. One popular payment gateway apparently is not being updated- Authorize.net; users are advised to upgrade to Cybersource per the Cybersource web site.

Want a GDPR and 3DS v2.2.0 compliant payment gateway for your business? Contact us for solutions.

Resources:

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.

Want a GDPR and 3DS v2.2.0 compliant payment gateway for your business? Call Christine Speedy, 954-942-0483, 9-5 ET.

D365 ERP F&O credit card processing

Need a credit card processing solution for D365? What you used in Microsoft Dynamics AX is probably not what you want for Microsoft D365 F&O. That’s because most payment gateways are horribly outdated with current payment processing requirements. Aside from PCI compliance, equally critical is compliance with the card network rules.

Three things you need to ask before selecting a payment gateway for D365:

  • Does the payment gateway support Unscheduled Credential On File?
  • How will you identify expired authorizations and update them?
  • If the initial authorization and final settlement are different, how does the payment gateway manage the authorization so that you can meet requirements for level 3 processing?

D365, ERP, and ecommerce consultants are generally not great resources for the last mile- getting paid, because it’s not their core expertise. If anyone tells you here are two or three options, you choose whichever you want, RUN! Each payment gateway has unique attributes. You need a consultant that not only knows payment processing, but also knows differences between payment gateways and how each will help or hurt your goals.

How can you find a good D365 payment gateway consultant?

While there is not a specific certification that is critical, it helps to have some type of certification vs just experience. The PCI Council offers a few different options, all of which are expensive which is why most people won’t bother getting them. However, because level 4 merchants are required to use only PCI QIR certified individuals, the PCI Council has lowered the cost (as well as the complexity, but that’s another story) to increase the number certified.

Since you’re reading this article, you’re looking for expert help. You’ve found it. I’ve been blogging about payment processing for years. I have used, sold and implemented solutions for authorize.net, PayPal, Payflow Pro, CenPOS, First Data, Chase Paymentech and many, many others. I’ve analyzed merchant statements, ecommerce shopping carts, ERP’s, merchant processors / acquirers, and a host of solutions that interact to impact merchant security, fraud risk, processing fees, and efficiency. Because I’ve seen what happens after the sale, including non-qualified transactions, chargebacks, risky security practices that often go against company policy but employees do it anyway, and more, I’m in a better position than most to give you the best advice for business to business, business to government, large transactions, card not present sales and specialty retail. If I don’t know it, I research everything and ask lots of questions that consultants and merchants don’t know to ask.

The Christine Speedy difference. PCI compliance is important to mitigate data breach risk, but equally important is compliance with complicated card network rules. Have you read any of the 1,000+ pages of Visa Rules? Or 300+ Mastercard transaction processing rules? Have any of the people you rely on? I’ve spent countless hours educating myself on them and learning about the nuances that impact your profit and risk. Technology directly impacts compliance. It doesn’t matter how big or how old a company is; the reality is most players in the payments industry fall behind with every new rule that comes out, even though these rules are usually announced years in advance so that they can prepare. Call 954-942-0483, 9-5 ET for expert advice about all things payments.

Event sales credit card authorization form template 2019

Accepting credit card deposits for events requires compliance with both card not present and stored card rules. Not PCI Compliance rules for data security, but rather authorization rules set by Visa, MasterCard etc. Comply with the rules and get rewarded with more authorization approvals, qualify for lower rates and mitigate risk of chargebacks.

Professionalism starts on the phone and continues throughout the buying experience. By replacing traditional credit card authorization forms with technology that puts buyers in control of their cardholder data, merchants create a better buying experience. Traditional credit card authorization forms were created to establish a record to use in the event of a future dispute. They’re useless today.

Merchants must replace credit card authorization forms with technology compliant with new rules for storing and using stored cards.

  • The initial authorization authenticates the cardholder.
  • The initial authorization informs that the cardholder has agreed to merchant storing card.
  • The transaction type will indicate it’s an estimate.
  • Future authorizations will reference any required above items and be submitted as Incremental or Final.

Compliance with the above is not possible with desktop terminals and even most virtual terminals and payment gateways. Merchants need a virtual terminal and or payment gateway that supports Unscheduled Credential On File, Incremental and Final Authorization rules. This is new terminology and new fields in the transaction process.

“Don’t be surprised if vendors don’t know about or support these rules. Just like EMV chip rollout, it’s a huge change and few providers are keeping up. We’re an exception. I had solutions for my clients prior to the EMV shift in October 2015 and again for the 2017 stored card mandate.”

Christine Speedy

Our solutions reduce buyer friction to pay and enables event sales and back office staff to collect deposits and capture cardholder data via text or email. These include push out payment requests via text or email, capture cardholder data for later use, and upload an invoice to collect payment.

text payment
Click here to see one of multiple options available.

Benefits of compliant solution:

  • Reduced merchant fees even with the same merchant account.
  • Increased approvals with cardholder authentication.
  • Mitigate chargeback risk including fraud liability shifting to issuer.
  • More convenient for buyers- 24/7 payments on their schedule, not yours.
  • Buyers are in control of choosing to store payment methods

Call Christine Speedy, PCI Council QIR certified, for simple solutions to card not present payment transaction problems, 954-942-0483, 9-5 ET. The cloud technology you need today to accept all payment types, with optional merchant, check processing and other services. 

#hotel #creditcardauthorization