Verifone VX terminal reboot: urgent update

All Verifone VX terminals must be updated by June 25, 2019 or merchants risk problems where the terminal is stuck in a reboot and cannot accept credit cards. Verifone posted an advisory on their support web site June 3. Hopefully owners will be notified by their acquirers before they have hard failure. The VX series is very popular so it could be problematic if many thousands of VX terminal owners try and download the update at the same time.

Action is required for all customers using VX (all VX) or e-Series Devices (limited to e315, e315m and e355) on any version of CommServer prior to 544 or 5441 who have not downloaded the recovery utility. This action is for both customers who have successfully recovered their devices from a reboot loop, those who may be in a reboot loop, and those that did not experience issues at all on or around May 25, 2019. Read the entire alert on the Verifone support web page here.

The advisory impacts all Verifone VX terminals, so per my search, that would include the VX 520, VX 680, VX 805, and VX 670. Are you in need of a new or replacement terminal?

The Christine Speedy difference. Find out what terminal is best for your credit card processing situation. Call someone who knows the rules and can help you optimize for the lowest interchange rate qualification. Terminal choice matters! B2B expert. 954-942-0483, 9-5 ET.

Microsoft Dynamics AX ERP Verifone EMV Connector

Want to accept EMV chip cards with a Verifone MX 915 in your Microsoft Dynamics AX ERP? Ask me about best alternative to Payware for B2B and B2G sales. No Retail MPOS is needed. With our module you’ll be live in no time with all the protections you need to maximize profits, mitigating fraud risk and reducing merchant fees with your existing merchant account.

All transaction types are supported for all your sales channels, and you can accept payments via free text invoices, CRM and more.

The Christine Speedy difference. PCI compliance is important to mitigate data breach risk, but equally important is compliance with complicated card network rules. Have you read any of the 1,000+ pages of Visa Rules? Or 300+ Mastercard transaction processing rules? Have any of the people you rely on? I’ve spent countless hours educating myself on them and learning about the nuances that impact your profit and risk. Technology directly impacts compliance. It doesn’t matter how big or how old a company is; the reality is most players in the payments industry fall behind with every new rule that comes out, even though these rules are usually announced years in advance so that they can prepare. Call 954-942-0483, 9-5 ET for expert advice about all things payments for Microsoft Dynamics AX and D365.


How to fix Ingenico ISC250 Lane Closed ?

ingenico ISC250 & isc350 reset

Ingenico isc250 EMV chip and pin signature capture terminal.

The Ingenico ISC 250 touch and ISC 350 terminals will have a message ‘lane closed’ when not in use. To be more clear, the Ingenico terminals are slaves to software that tells them what to do. So the user must be logged into their point of sale (POS) solution, integrated software, or virtual terminal that drives the terminal.

If you’re logged in and click on SALE and the terminal still says lane closed, you need to do some troubleshooting. Is the terminal properly connected to the PC or device driving it? If this is a terminal that was previously known to be working, try swapping cables with another if available.

If you still have a problem, contact your Point of Sale solutions provider. If you’re a CenPOS user, call support at 877-630-7960.

For PCI Compliance, only PCI Council QIR certified professionals are allowed to touch or install terminals for level 4 merchants. Do not allow unauthorized outside vendors to physically touch your terminals.

3D Merchant Services provides payment processing technology merchants need to drive Ingenico and other EMV chip terminals, with full cashiering, and without the need to purchase any additional POS software. The credit card processing terminals can be operated with a secure virtual terminal or with integrated solutions that keep merchant POS applications out of scope for PA DSS. Many recent merchant data breaches have occurred from applications that were in scope for PA DSS. By segregating payments from POS applications, merchants can increase security while reducing compliance burden. Merchants have the option for point to point encrypted (P2PE) terminals and solution or optional Validated P2PE service; the latter requires extra steps for merchants and significantly reduces PCI compliance burden with an SAQ that’s about 90% shorter.

Call Christine Speedy, PCI Council QIR certified, to purchase terminals and retail solutions, 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Small Business Merchant Security Mandate

Small businesses are at high risk of a credit card data breach. To stem the tide of breaches, effective January 31, 2017, all level 4 merchants were mandated to only use Qualified Integrator & Reseller (QIR) for Point of Sale (POS) applications or terminal installation, integration or maintenance.The Payment Card Industry Data Security Council provides certification and maintains the official list of certified QIR people.  Any entity that installs Point of Sale in conjunction with a payment application must put at least one representative through the QIR training/qualification process.

What’s a level 4 merchant? Visa’s Level 4 merchant category encompasses businesses that process fewer than 20,000 Visa e-commerce transactions per year, and all other merchants processing up to 1 million Visa transactions, regardless of channel, per year. Visa has estimated this covers approximately 5 million merchants.

What is QIR Qualification? From the PCI Council:

QIR qualification is a set of requirements put in place by Visa for acquirers in an effort to ensure that small merchants are able to implement and maintain a secure Point of Sale environment. QIR qualification provides an opportunity for POS Providers (both VARs and ISVs) to receive training and subsequent qualification on the secure installation of PA-DSS validated payment applications into merchant environments so that said merchants can maintain ongoing PCI compliance. Many data breaches from past years could have been avoided if not for incorrect installation/maintenance of payment application and on-site merchant networks, so QIR qualification was implemented to ensure that only skilled/trained installers are installing payments products.

Who must be QIR certified? Anyone who touches something impacting the cardholder data environment, excluding internal employees. That could be the a Value Added Reselller (VAR) to a POS application. Or it could someone installing something from one of thousands of independent software vendors (ISVs) who provide payment applications that fall under the auspices of the PCI Security Standards Council’s Payment Application Data Security Standard (PA-DSS). People, not companies, are QIR certified, but all individuals are listed under company names.

qir certified speedyThe exam is tough. If you fail, there’s no feedback. Applicants must go back and study more, pay more, and retake the test. Annual continuing education is required to maintain certification. When I completed my exam, there were 452 certified in the world. Today, it’s 450, as two expired and did not complete renewal process.

Not enough companies are in compliance. It was $395 to take the exam and $150 to retake the exam until March 2018, plus ongoing annual recertification fees after year two. The PCI Council recently announced a change so it’s $100 for 3 attempts, plus $100 annually, in an attempt to get more people certified.

In my experience, most people involved in the payments process do not have the knowledge to complete an installation, or provide maintenance, unless they’ve been QIR certified. In my opinion, the longer they’ve been doing it, the more likely they are to use outdated techniques that put merchants at risk of a data breach. The same is true for application developers. There’s a ton of ‘trusted’ companies out there that integrate payments into web sites and other applications. They have a lot of experience. But payment processing is a moving target of complex security changes. Without specific training, including going through process of PA-DSS application certification, too many businesses are at risk.

Why should card not present merchants use QIR certified individuals? The QIR training encompasses all aspects of payments, including servers, networks etc. The QIR trained person is more likely to probe and identify potential weaknesses in any cardholder environment.

Why should level 1, 2, 3 merchants use QIR certified individuals? In my experience, there are weaknesses in businesses of every size. I can find a compliance problem in virtually any business. The key is to minimize risk and have a plan for continuous improvement.

Call Christine Speedy, QIR certified payments professional, right now at 954-942-0483, 9-5 ET.

ICVERIFY Alternatives 2017

ic verify replacement alternativeICVerify Software is still in use in 2017, even though it was end of life back in 2015.  Alternatives are abundant, but none are comparable to CenPOS for meeting business to business (B2B) companies.

What does ICVERIFY Software end of life mean?

First Data sales, product development and support have ended. Continued use of the product will invalidate a merchants PCI Compliance.

What happens if my ICVERIFY Software stops working?

You will get zero support. If you cannot open due malfunction, you’ll have no access to records. If you’re acquirer shuts down your ability to send transaction data, and this is happening frequently because it’s not PCI Compliant, they will not turn it back on. If your acquirer finds out you’re using ICVerify in 2017, you will get shut down. It’s imperative to migrate to new solution as soon as possible.

What are alternative solutions to ICVERIFY?

A cloud payment gateway is required. There’s no software to install. You can use a payment gateway via integrated or non-integrated options, which include mobile app and virtual terminal via secure web site. ICVERIFY was a buy once and use forever product. Payment gateways have transaction fees. Many businesses make the mistake of using the one with the cheapest fee or the one that their developer or consultant is familiar with because they’ve used it for a decade or more. Are you using the same cell phone you did 10 years ago? The cheapest fee could result in the highest actual cost or inefficiency. For example, most gateways do nothing to help merchants reauthorize after an authorization expires. That matters because even though the issuer may approve the transaction, it won’t qualify for the best rate, which could be half the cost of the non-qualified rate.

What is best alternative payment gateway to ICVERIFY for a B2B company?

I’m not going to waste your time listing all the cloud payment gateways on the planet like First Data Payeezy, authorize.net, Payflow Pro, Paytrace, Cybersource, Orbital, 3Delta Systems, or 3DSI and their differences. Each has bits and pieces but none has the whole package of solutions B2B companies need. CenPOS is the only solution I know of today that will get merchants compliant with all these critical items:

  1. Comply with 2017 Visa stored credential framework and mandates. It’s complicated. CenPOS automates compliance with things like sending the merchant initiated or customer initiated use of stored credential flag.
  2. Eliminate paper credit card authorization forms with multiple digital ways to accept payments and store cards, including text and email. Sure, some gateways offer a hosted pay page, but can they generate a PCI Compliant authorization form automatically for those that still like paper?
  3. Automate authorization management, including requirement for preauthorization and settlement match and renew expired authorizations for card not present transactions.
  4. Automate compliance to qualify transactions properly for level 3 interchange rates for corporate, purchasing and business cards. Supporting level 3 is not enough, it’s complicated.
  5. Mitigate fraud risk with a layered approach, including supporting 3-D Secure, which shifts fraud liability to issuer.
  6. Encrypted Virtual Keypad (EVK) to reduce PCI Compliance scope and burden. (No card data touches your system for phone orders; avoid key logger dangers.)
  7. Audit trail as required for PCI. Every user, every touch. Available minimum 7 years.

What else makes CenPOS the best alternative payment gateway to ICVERIFY for a B2B company?

  • Graphically pleasing, easy to use. It’s like marrying the coolness of Apple design with an Amazon buying experience. People love it. Customers are happier (proven by our clients conducting their own studies).
  • Wire transaction support with electronic bill presentment and payment services. Stop the madness associated with matching deposits to invoices and getting paid the wrong amount.
  • Reports. Dynamic search and view online or download; robust custom reports, alerts and distribution. So much faster to research anything!
  • No capital investment. We make companies more profitable virtually overnight.
  • Deposits equal receivables, not net of fees. Other services are mixed. For example, authorize.net echeck service takes it’s fees out of your deposit so then you have to do some accounting magic to reconcile.

Will I be able to port over my existing data? Yes. Per PCI Compliance rules, merchants need to securely remove sensitive cardholder data from all systems. Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. You can find one here https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors.

Ready to get started with CenPOS? Contact Christine Speedy right now at 954-942-0483.

Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.