P2PE for Dynamics AX & D365

Microsoft Dynamics AX and D365 validated P2PE solution elements vary by vendor plugin and their certifications which can be researched on the PCI security standards council website here https://www.pcisecuritystandards.org/assessors_and_solutions/point_to_point_encryption_applications?reference=2017-00113.005. Merchants can choose either P2PE terminals or validated P2PE solutions with their terminals. The latter requires extra steps to implement and maintain.

A PCI P2PE solution can significantly reduce the PCI Data Security Standard (PCI DSS) validation effort of a merchant’s cardholder data environment as well as the cost of a third party assessor reviewing a merchant’s card data environment. Another benefit is simply the reduced risk of a data breach, and the potential millions in costs and lost reputation. An qualified assessor informed me at a conference, there has never been a data breach in an environment with properly implemented validated P2PE solution; The same cannot be said for merchants using P2PE terminals.

P2PE Applications are intended to be loaded onto PCI-approved point of interaction (POI) devices used as part of a P2PE Solution. Use of a P2PE Application on a PTS-approved POI device (outside of a listed P2PE Solution) does not constitute use of a P2PE Solution. I am frequently asked by consultants about other payment gateway compatibility with Cardconnect and the related CardConnect Bolt application dependency. Other payment gateways and or P2PE solutions, including CenPOS, are distinct solutions. Each has its own P2PE certification as documented on the PCI council website. Two different solutions cannot be used together; merchants must decide which is the better overall solution for their environment. Sidenote: CenPOS does not have any application dependencies for their P2PE certification.

Can you mix P2PE solutions, for example, for call centers vs retail? Excellent question. Certainly transactions would need to be run on different merchant accounts and each would be defined as to scope i.e. not entire business, but only part of an operation. This arrangement is not ideal, but maybe is a useful gap solution during a software or hardware migration.

Which P2PE application is best for your Microsoft Dynamics AX or D365 environment? This question is best answered by speaking with a payments consultant who is familiar with credit card processing rules, data security rules, and integration nuances. Differences in the integration methods and native features for the respective products often determine why to choose one vs another.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and omnichannel technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions and is QIR certified by the PCI Council. Call Christine for all your Microsoft Dynamics payment gateway and payment processing needs.

Best Credit Card Processing Services 2020 Reviews- or not?

Don’t you love it when people write articles about subjects they clearly either don’t know about, don’t know the best resources for information or are just out to make money on what you read via affiliate, advertising or referrals, so it doesn’t matter? That’s the case with articles on “Best Credit Card Processing Services for 2020″. I’ll dissect some reasons why and how to really help you find what you need.

First, there are some critical factors which determine what is the best credit card processor for your business:

  • Volume- a couple transactions or a lot each month
  • Transaction size average- For example, under $25 or over $5,000?
  • Transaction type- phone or mail (MOTO), in-person (Retail), or ecommerce (any type of remote payment, including e-invoice, text and ecommerce shopping cart. on the road.
  • How the sale occurs: tradeshow, water, plane, home service, phone sales, invoice, physical store, shopping cart, online pay page
  • Business type- distribution, service, restaurant, fuel, travel, etc

Only with information above should anyone recommend what is the best credit card processing service because it impacts how you need to get paid and how much cost will vary depending on the solution. As you can imagine, the matrix of options gets complex. Examples:

  • During Covid, someone decides to make masks at home and sell them. In that case Paypal might be the best solution because of it’s flexibility and simplicity.
  • A window and door company has wholesale to the trade and retail consumer sales. This company needs technology to properly manage authorizations for both sales types. I recommend using an agnostic technology solution and a processor that supports level 3 data, which all the big ones do.
  • A restaurant needs to expand their pick up and delivery options due to Covid-19 and projected dining changes over the next 10 years. They need omnichannel technology that will work with different platforms, such as Uber Eats and Door Dash, plus their own online ordering, text specials, and pay at the table.

My general rule of thumb is that for under $250,000 annually it almost doesn’t matter what you pick because the difference between one and another on price will probably be inconsequential. For that reason, I don’t work with businesses that small; just do your research and pick one that you can get out of later if you don’t like it or grow too much and needs change.

Secifically addressing solutions others are touting as the top 10 best my answers are relevant for B2B merchants, and businesses that have a B2B element:

Square: This started as a mom and pop solution for service people, artists (art shows), and other small business needs. I’d dig deeper into options.

Payline Data: I never heard of them and had to look it up. Payline Data is a reseller for First Data and Fifth Third Bank. More on what that means at the end.

Intuit Quickbooks: My pet peeves are fees are taken out of transactions daily, creating extra burden for reconciliation, bundled pricing, which is higher than alternatives, and issues with how it handles customer name and cardholder name differences, since B2B the customer is usually a business.

Helcim:

3 Things Accountants Must Advise B2B Clients in 2020

Credit card processing may be a big part of the revenue stream or a small part. It doesn’t matter. B2B companies all suffer from the same issues that impact EBITDA and risk. Compliance, cost and security. It’s fair to say, most businesses have no idea what the hot buttons or repercussions are.

Three things every B2B company needs to know about credit card processing right now:

  1. If you store credit cards, you must be compliant with Visa Stored Credential Framework. I posted this in 2017. Guess what? Most payment gateways (if you accept payments online from an invoice or any other source, a payment gateway is involved) are still not compliant! There are significant financial and risk consequences for non-compliance, including penalty fees, fines, and issuer generated chargebacks.
  2. Failure to settle transactions with a proper authorization will be even more expensive starting in April 2020. For example, many Visa credit card rates will go to 3.15%, reflecting upwards of 0.75% increase in some cases; that’s strictly interchange fees, nothing more. Instead of assuming you’re already settling properly, go to your merchant statement and look for DATA RATE I (instead of Data Rate III), STD/Standard, and EIRF. Do you have any of these? See also https://3dmerchant.com/blog/merchant-processing-services/credit-card-transaction-fees-checkup
  3. It’s a Visa rules violation to request the card security code on a paper credit card authorization form, or any digital form where the business can decrypt and view it. It can’t be stored, period. Not by the merchant nor service provider, including payment gateway. Yet even the AICPA

Why these 3 things? Because 100% of B2B companies I talk to will fail on at least one, and usually two or three. That includes CPA firms. Among the American Institute of Certified Public Accountants missions is to provide “the most relevant knowledge, resources” etc. Yet as of this writing, AICPA affinity credit card processing partners include a long list of technology solutions that are not compliant with all three of the above.

86% of all data breaches in 2016 were from level 4 merchants, defined as “Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.” By complying with the three items on my list, B2B companies will harden their systems and increase profits. The latter occurs because compliance with rules reduces fees. 

If your current acquirer could truly fix all the problems above, why haven’t they taken the initiative to help you in the past? By the way, if someone ever says they help you qualify for level 2 rates, run! All B2B companies should have the right technology to qualify for level 3 rates. Why pay more?

Christine Speedy, 954-942-0483. For a fast, free checkup on your merchant account, contact us today for a secure, cloud-based solution optimizing acceptance for all payment types across multiple channels without disrupting banking relationships.

New Visa SaaS subscription rules for trial periods

Effective April 18, 2020, merchants must comply with new Visa subscription billing terms and conditions. These are, once again, big changes that merchants must take action on to comply with. The payment gateway will be critical, and not all are ready to meet the new technology requirements for authorization and receipts.

Who do the new Visa rules apply to?

  • All merchants globally
  • Merchants that offer a free or discounted introductory offer as part of a subscription service

What are key Visa SaaS subscription changes?

  • Merchants must get express consent to enter into agreement for recurring billing. For example, if an online purchase, a checkbox agreeing to the terms is acceptable.
  • Notification via text, email, or other agreed upon method (not realistic for most businesses), of the subscription terms including start date, product/service details, billing frequency, billing start date, and link to cancel.
  • Notification at least 7 days in advance of the expiration

Revised sale transaction receipts are required.

  • Details to include length of trial period, introductory offer, or promotional period, and notice the cardholder will be charged unless the cardholder takes steps to cancel.
  • Date it starts, even if no payment is due, and date subsequent recurring transactions begin.
  • A link to cancel or other simple method.

Payment Gateway and settlement changes to support new Visa Authorization is required.

Many payment gateways are not yet compliant with the October 2017 stored credential mandate and they won’t be ready with this either as it is not a simple update.

  • A new descriptor, “trial” or similar, must be sent with Merchant Name field of the Clearing Record for the first transaction at the end of a trial period. This descriptor will then appear on cardholder statements, online banking etc.

“This is another huge change that most merchants will probably have difficulty complying with because of outdated payment gateways,” according to Christine Speedy, 3D Merchant Services payment gateway expert.

Merchants must make it easier to cancel recurring billing.

This is actually an extension of rules and recommended changes over the last few years. For example, if a customer signs up online, they should be able to cancel online, not have to call on the phone. The new rule now says regardless of where they signed up, retail store or other, they must be able to cancel online.

Visa expands cardholder dispute rights for subscription billing via existing condition “Misrepresentation”.

Basically, merchants need to be able to prove that the cardholder expressly opted in, and they notified customer before processing after the trial period.

Visa will actively monitor trial period compliance.

This is huge. While they don’t state how, the advances of Artificial Intelligence (AI) make if fairly easy. Additionally, merchants that are using recurring billing properly already notify the parties in financial ecosystem that they are doing recurring billing via the 2017 recurring billing stored credential changes.

What are merchants benefits to comply with Visa rules?

Merchants can expect increased authorization approvals, better rate qualification (higher profits), and increased customer satisfaction. Merchants avoid getting shut down, fined, assessed fees, penalty fees and also reduce customer service bandwidth.

DISCLAIMER: condensed and incomplete information. Information may be quickly outdated. Follow links from our Merchant Rules web page here or click here to download Visa’s PDF with review and quick reference card. Two page PDF, 675kb.

Call Christine Speedy for compliant payment gateway solutions to maximize profits and improve your customer experience. 954-942-0483, 9-5 ET for all your recurring billing and stored credential payment gateway and virtual terminal needs.