D365 ERP F&O credit card processing

Need a credit card processing solution for D365? What you used in Microsoft Dynamics AX is probably not what you want for Microsoft D365 F&O. That’s because most payment gateways are horribly outdated with current payment processing requirements. Aside from PCI compliance, equally critical is compliance with the card network rules.

Three things you need to ask before selecting a payment gateway for D365:

  • Does the payment gateway support Unscheduled Credential On File?
  • How will you identify expired authorizations and update them?
  • If the initial authorization and final settlement are different, how does the payment gateway manage the authorization so that you can meet requirements for level 3 processing?

D365, ERP, and ecommerce consultants are generally not great resources for the last mile- getting paid, because it’s not their core expertise. If anyone tells you here are two or three options, you choose whichever you want, RUN! Each payment gateway has unique attributes. You need a consultant that not only knows payment processing, but also knows differences between payment gateways and how each will help or hurt your goals.

How can you find a good D365 payment gateway consultant?

While there is not a specific certification that is critical, it helps to have some type of certification vs just experience. The PCI Council offers a few different options, all of which are expensive which is why most people won’t bother getting them. However, because level 4 merchants are required to use only PCI QIR certified individuals, the PCI Council has lowered the cost (as well as the complexity, but that’s another story) to increase the number certified.

Since you’re reading this article, you’re looking for expert help. You’ve found it. I’ve been blogging about payment processing for years. I have used, sold and implemented solutions for authorize.net, PayPal, Payflow Pro, CenPOS, First Data, Chase Paymentech and many, many others. I’ve analyzed merchant statements, ecommerce shopping carts, ERP’s, merchant processors / acquirers, and a host of solutions that interact to impact merchant security, fraud risk, processing fees, and efficiency. Because I’ve seen what happens after the sale, including non-qualified transactions, chargebacks, risky security practices that often go against company policy but employees do it anyway, and more, I’m in a better position than most to give you the best advice for business to business, business to government, large transactions, card not present sales and specialty retail. If I don’t know it, I research everything and ask lots of questions that consultants and merchants don’t know to ask.

The Christine Speedy difference. PCI compliance is important to mitigate data breach risk, but equally important is compliance with complicated card network rules. Have you read any of the 1,000+ pages of Visa Rules? Or 300+ Mastercard transaction processing rules? Have any of the people you rely on? I’ve spent countless hours educating myself on them and learning about the nuances that impact your profit and risk. Technology directly impacts compliance. It doesn’t matter how big or how old a company is; the reality is most players in the payments industry fall behind with every new rule that comes out, even though these rules are usually announced years in advance so that they can prepare. Call 954-942-0483, 9-5 ET for expert advice about all things payments.

Event sales credit card authorization form template 2019

Accepting credit card deposits for events requires compliance with both card not present and stored card rules. Not PCI Compliance rules for data security, but rather authorization rules set by Visa, MasterCard etc. Comply with the rules and get rewarded with more authorization approvals, qualify for lower rates and mitigate risk of chargebacks.

Professionalism starts on the phone and continues throughout the buying experience. By replacing traditional credit card authorization forms with technology that puts buyers in control of their cardholder data, merchants create a better buying experience. Traditional credit card authorization forms were created to establish a record to use in the event of a future dispute. They’re useless today.

Merchants must replace credit card authorization forms with technology compliant with new rules for storing and using stored cards.

  • The initial authorization authenticates the cardholder.
  • The initial authorization informs that the cardholder has agreed to merchant storing card.
  • The transaction type will indicate it’s an estimate.
  • Future authorizations will reference any required above items and be submitted as Incremental or Final.

Compliance with the above is not possible with desktop terminals and even most virtual terminals and payment gateways. Merchants need a virtual terminal and or payment gateway that supports Unscheduled Credential On File, Incremental and Final Authorization rules. This is new terminology and new fields in the transaction process.

“Don’t be surprised if vendors don’t know about or support these rules. Just like EMV chip rollout, it’s a huge change and few providers are keeping up. We’re an exception. I had solutions for my clients prior to the EMV shift in October 2015 and again for the 2017 stored card mandate.”

Christine Speedy

Our solutions reduce buyer friction to pay and enables event sales and back office staff to collect deposits and capture cardholder data via text or email. These include push out payment requests via text or email, capture cardholder data for later use, and upload an invoice to collect payment.

text payment
Click here to see one of multiple options available.

Benefits of compliant solution:

  • Reduced merchant fees even with the same merchant account.
  • Increased approvals with cardholder authentication.
  • Mitigate chargeback risk including fraud liability shifting to issuer.
  • More convenient for buyers- 24/7 payments on their schedule, not yours.
  • Buyers are in control of choosing to store payment methods

Call Christine Speedy, PCI Council QIR certified, for simple solutions to card not present payment transaction problems, 954-942-0483, 9-5 ET. The cloud technology you need today to accept all payment types, with optional merchant, check processing and other services. 

#hotel #creditcardauthorization

Visa Stored Credential Mandate Overview

How can merchants get compliant with the Visa Stored Credential Transaction framework and mandates effective October 14, 2017? Most companies are under the false impression that their acquirer and or payment gateway manages compliance. Not true. While some technical aspects are managed by the payment gateway, the merchant also has to make some changes for compliance.

What is a Stored Credential? A stored credential is information (including, but not limited to, an account number or payment token) that is stored to process future purchases for a cardholder.

What is the Visa Stored Credential framework and mandate? It outlines the rules related to storing and using stored credentials. Since it’s 15 pages long, I’ll only highlight a few important items here.

  • Merchant initiated or customer initiated transactions? Make sure your payment gateway is sending the correct code. For example, an ecommerce store checkout would be customer initiated. A recurring billing transaction is merchant initiated.
  • Get customer consent for terms and conditions of storing and using stored card.
  • Advise how the cardholder will be notified of any changes to the consent agreement.
  • For a transaction using a stored credential initiated by the cardholder, the merchant or its agent must validate the cardholder’s identity before processing. The only valid methods are 3-D Secure Verified by Visa and the security code.
  • Receipt must be provided for the initial cardholder validation ($0 dollar transaction or actual amount.)
  • All stored credential transactions must be submitted with a value of “10” in the POS Entry Mode Code field; this is for both newly stored cards and all prior transactions using stored credential. This is managed by the payment gateway. (Confirm your gateway is doing this.)

What about the other card brands? Mastercard rolled out their version in June 2018. If you comply with the Visa mandate, you’ll be in compliance with any others at this time.

What if I don’t comply?

  • You’ll be non-compliant with Visa’s rules and risk Non Compliance Assessments
  • No benefit from expected improved authorization rate
  • Increased customer complaints and poor cardholder experience
  • Cannot use Real Time Visa Account Updater service
  • Risk issuer generated chargebacks for all transactions using the stored credential within the allowable chargeback timeframe under reason code 72, invalid authorization. A valid authorization is needed to qualify for the lowest interchange rates.

What are the benefits of compliance? Increased authorizations, better customer experience, more profits.

See Improving Authorization Management for Transactions with Stored Credentials https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf . Are you going to manage documenting everything or are you going to use technology to help you manage it?

PCI Compliant credit card authorization form

Partial CenPOS PCI Compliant stored credential authorization form.

Verify if you have a system to manage authorization validity. What the heck does that mean? Many companies have complex needs including pre-authorizations, incremental authorizations, delayed shipping etc. While you may get issuer approvals, that doesn’t mean the authorization is valid. Are you compliant now? Look at your merchant statement ‘pending interchange fees. If you see  EIRF or STD or misuse of authorization fee, there’s a problem.

Replace paper credit card authorization forms, and any digital form that you can decrypt and view sensitive card data. Offer your customers a way to self-manage their own wallet with either a hosted online pay page or Electronic Bill Presentment & Payment.

New to online payments? See Visa best practices to prevent brute force attacks. https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html. CenPOS includes recaptcha and client managed velocity and other rules as part of a layered security approach.

Register for 3-D Secure, including Verified by Visa, with your acquirer. Don’t do this until you know which payment gateway will be used and get their instructions if applicable.

interchange rate qualification

The same transaction can process at different rates as shown above, depending on which rules you follow. CenPOS Smart Rate Selector automates compliance to qualify transactions at the lowest rate possible. Which rates are on your merchant statement now?

Where can I buy CenPOS or learn more? You’ve already found one of the top salespeople, Christine Speedy. All agreements are direct with CenPOS, no middle man.

Resources and documentation https://3dmerchant.com/blog/merchant-bulletins-downloads – bookmark it!.  Join Christine Speedy’s email list.

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.

With the fast pace of changing rules, companies need a technology partner to automate compliance. Did you know?

  • CenPOS has a suite of solutions for companies just like yours, solving common problems and increasing profits virtually overnight.
  • For those not ready to give up paper, CenPOS creates a printable PCI Compliant credit card authorization form for every stored card.
  • CenPOS has ERP, ecommerce shopping cart, accounting and other plug-in modules available for quick and easy implementation.
  • I’ve been selling for CenPOS since day 1. Though I have other payment gateways available in my arsenal, nothing else compares.

Call Christine Speedy for global sales. 954-942-0483, 9-5 ET, CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

3 Ecommerce Checkout Payment Problems

Use of a PCI compliant payment gateway does not make a company PCI compliant, compliant with card network acceptance rules, or compliant with best practices to maximize profits. In other words, if you follow best practices and comply with all the rules, you’ll have a more secure and profitable company. A key ingredient to compliance is the payment gateway, however, the payment gateway has no specific requirement to ensure your compliance with all the card network rules and best practices, just those that pertain to Payment Card Industry Data Security Standards.Here’s a few costly merchant problems:

  1. Lack of brute force attack tools. These help prevent bots from testing thousands or millions of cards on your checkout form. The merchant is liable for all of the attempted transaction fees on the payment gateway and on the acquiring. A simple first line of defense is adding recaptcha. See Visa best practices to prevent brute force attacks. https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html.
  2. Non-compliance with Visa Stored Credential Mandate, effective October 14, 2017? I’ve written extensively on this, for example here’s a B2B steps to compliance article. There are multiple elements, and many payment gateways do not yet have solutions, especially for ‘Unscheduled credential on file’. Do you have a checkbox in the sequence of checkout opting in to terms? https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf.
  3. Invalid authorizations. This is the most costly as it can lead to consumer generated chargeback, issuer chargeback, non-qualified interchange rates and penalty fees. Here’s a story about the new .25% MasterCard integrity fee. Do you have Standard/STD, EIRF, or Data Rate I on your merchant statement under interchange fees? Then you have an authorization problem.
  4. Cardholder authentication limitations. The security code has historically not been enough evidence to win customer disputes about unauthorized charges. With 3-D secure, fraud liability shifts to the issuer. Effective April 2019 based on region and industry, Visa mandates many merchants use Visa 3D Secure 2.0. Reference Table 5-18: Acquirer Support of Verified by Visa, Visa Public Rules.

The solution to all of the above is replacing outdated payment gateway technology with new technology that will help automate compliance with card network rules, while reducing PCI Compliance burden.

Why comply? Here’s an example of the cost difference between valid and invalid authorization.

interchange rate qualification

Resources and documentation /blog/merchant-bulletins-downloads – bookmark it!.  Join Christine Speedy’s email list.

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.

Need a solution? Call Christine Speedy, 954-942-0483, 9-5 ET, CenPOS authorized global reseller based out of South Florida and New York. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.