Remote checkout with credit card

Posted on by
Reply

Businesses are shifting to remote credit checkout to avoid close contact with customers. Remote checkout systems range from cheap to pricey, but when comparing safe and secure solutions, it’s important to know what questions to ask to maximize profits and mitigate risk. In particular, telephone credit card transactions, text, and work from home practices directly impact profits and risk.

A popular practice is to eliminate customer entry into facilities. Communication methods include expansion of telemedicine and secure portals. Two areas are lacking: text and credit card payment. Even the most advanced facilities fall short in one way or another.

Credit card number via phone problems for typical retail merchant account:

  1. Merchants are prohibited from writing sensitive cardholder data on paper (Visa sec. 5).
  2. Key entering into computer:
    1. Results in 100% invalid – yet issuer approved- authorizations*, typically increasing costs 30-100% per transaction.
    1. Increases data breach risk with home and office hardware and network in scope for Payment Card Industry Data Security Standards (PCI).
    1. Employees access to cardholder data an added risk
  3. Key entering into desktop terminal:
    1. Same authorization problem as above (See merchant statement for non-qual, STD, EIRF, Level I etc)
    1. All transactions at risk of consumer or issuer chargeback since EMV chip/swip data expected but not received.
  4. Ties up phone lines for already overwhelmed staff;  another data breach risk
  5. Note: Digital forms that can be decrypted are unacceptable
  6. If storing/tokenizing cardholder data, most solutions are PCI compliant, not but not compliant for network (Vcardholder agreement and future transaction authorizations

Card not present alternatives:

SMS/text with secure pay

  1. 80-95% of Americans have a smart phone; all age groups, including seniors, are texting
  2. Puts customers in control of entering, storing, managing cardholder data

Email with secure pay- also eliminates employee access to cardholder data. A growing threat is business email compromise with phishing schemes increasing during Covid-19 crisis.

Hosted pay page- I do not recommend as this is not efficient during quick check in and check out needs.

What merchants should look for in vendor solutions:

  1. 3-D Secure cardholder authentication for customer initiated payments; qualify for reduced card not present rates plus fraud disputes for “I didn’t authorize” disappear. The benefit is much like EMV chip for retail, and merchants can save even more on interchange fees for some cards due to lower risk.
  2. 3rd party app or web based solution that segregates all devices, hardware and networks from scope for PCI, including key entered transactions; The latter can be managed via special terminal, app, or encrypted virtual keypad, perfect for workers at home and on the go.
  3. 3rd party app or web based text solution that eliminates client data from employee devices and hardware, and is compliant with various text/telecom rules (FCC, TCPA etc). If employees are texting on their devices, it’s incredibly difficult or impossible to get that data later if needed in a legal dispute.
  4. Checkout option to enter authorized 3rd party for animal pick up, time of day, and even details about car or truck if desired.
  5. Automated authorization optimization for card present, phone order, card on file and customer initiated transactions. This is either managed by technology (preferred) or multiple merchant accounts. Ok, many probably don’t know what this means, but it’s the difference between employees having to optionally take certain steps and technology automatically managing it.
  6. One-way texting with payment collection has minimal additional compliance burden for various rules.
  7. Two-way texting is much more robust, with even more upside for efficiency (think photo/video, updates throughout the stay, promotional link with notification animal entered surgery, survey at end, and continued opt-in to future marketing). The value of opted-in marketing, when used wisely, cannot be understated.

Merchants will benefit from increased approvals, more profits, happier customers, less phone time, and more secure operations. All of this adds up to both internal and external customer experience improvements during a stressful time dealing with Covid-19 repercussions and beloved animals needing urgent care.

Christine Speedy’s Analysis:

Merchant’s lack the right technology tools, which have been used by other industries for years, to meet new card not present requirements while maximizing profits and mitigating risk. Rapid adoption will reap virtually immediate rewards.

* Issuers will approve most requests if funds are available, but merchants must comply with various card acceptance rules based on how an authorization is requested or pay penalties. For example, a retail merchant account requires EMV chip or swipe data. When the don’t get it, penalties apply. Solutions to dynamically qualify per different rules require a technology update, typically via 3rd party solution.

Research Links:

Card network rules: http://3dmerchant.com/blog/merchant-bulletins-downloads

PCI Compliance: pcisecuritystandards.org

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and omnichannel. Christine is Qualified Integrator and Reseller certified by the Payment Card Industry Security Standards Council, a requirement for all level 4 merchants, defined as less than 20,000 Visa or MasterCard e-commerce transactions annually, and all other merchants processing up to 1 million Visa or MasterCard transactions annually. Services include standalone and integrated technology, optional merchant services and other solutions. 954-942-0483.

For more 3D Merchant Services news and information, visit 3Dmerchant.com or  https://www.linkedin.com/in/cspeedy

Contacts:

Christine Speedy

954-942-0483

Card Networks Postpone New Merchant Fees Until July 2020

Posted on by
Reply

Visa, Mastercard, American Express, and Discover, postponed new interchange rates and fees originally scheduled to take effect in April, 2020 until at least July 17, 2020 due to Covid-19 Coronavirus. The announcements provide some relief to battered and closed businesses. Every Spring most networks tweak their fees.

American Express will delay the changes to their assessment fee and their Inbound Fee (International) until October 2020. TSYS will delay the PULSE annual fee increase ($4.00 increase to current $12.00 fee) until July 2020. The NYCE annual fee will be billed at the new rate of $16.00 in August to all applicable merchants.

Other card network fees were relatively minor. It’s noteworthy that many continue to be penalties related to authorization compliance, for example, fees for not performing authorization reversals.

Phone vs text express checkout: Covid-19 customer pick up solutions

Posted on by
Reply

Businesses are changing the way they interact with customers to reduce both employee and customer exposure due to the Covid-19 coronavirus crisis. Accepting payment over the phone and delivering to cars is growing. However, there are risks and costs associated with this that can be avoided. A combination of text, chat, and artificial intelligence can dramatically improve customer engagement and satisfaction while driving down costs and increasing revenue. We put this all together with express pay checkout for a ready-to-go solution to transform operational efficiency and drive profitability virtually overnight.

FAST HELP NOW: Stop taking cards over the phone and start getting paid remotely with a one-way text or email. You’ll use the platform to send a simple request for payment or you can optionally upload an invoice. I just fixed your Covid-19 pay over the phone problem to instantly save you time and money, while improving security.

MANPOWER PROBLEMS: Working with fewer employees, whether to save money due to declining sales resulting from Covid-19 economics, or to adjust for family needs and illness, can lead to customer service issues. Longer hold times leads to even more phone calls, messages and emails as customers desperately search for answers. Takeaway: Studies show a 48% decrease in customer care costs with our recommended automation solutions. It takes just a few seconds to change customer status to ‘ready for pick up’, generating an automated text that will collect payment. That’s way faster than getting card data over the phone.

CREDIT CARD PROCESSING FEES: If your business traditionally accepts cards in person, then the merchant account is set up for RETAIL. When the acquirer does not receive EMV or swipe card data, the transaction is downgraded to the worst rate possible. Timing couldn’t be worse with new higher rates imminent. Small Business credit transactions failing to qualify for Custom Payment Service (CPS) will be assessed the Non-Qualified interchange rate of 3.15% + $0.20 effective April 18, 2020. That’s cost plus there are other fees on top of that. Regulated debit will still be .05% regardless of payment acceptance method. The Fix: Our recommended solution improves credit card rate qualification; merchants can qualify for lower rate using our express checkout vs over the phone, and fraud liability for ” it wasn’t me, I didn’t authorize” shifts to the issuer.

CUSTOMER SATISFACTION: As time goes on, people holed up at home are bound to get more anxious and testy. Nobody likes giving their card number over the phone so now you’ve got an unhappy customer regardless of what you do. They’re on their phones texting all day, and calling to sit on hold with you is annoying. Employees often resort to using their own phone devices with no oversight, creating potential liability problems. The Fix: Converse with them the way they want and customer satisfaction is proven to soar. Use a cloud platform from any device so all data is secure and compliance is managed automatically. Our recommended solution ensures texting compliance and creates on-demand searchable records. Additionally, the one click yes or no end of service satisfaction survey enables management to instantly identify problems and address them accordingly.

HOW IT WORKS FOR MANAGEMENT OVERVIEW: Add users, assign users to roles, modify existing automated message templates (or make new ones), set up hours of business, set up alerts; users can login via computer, tablet or phone app. Add a promotion and one question survey if desired. Let the automation begin!

SECURITY AND COMPLIANCE: The last thing I’d want any business to do is have employees taking card data over the phone and then key enter it into something else. There are too many things that could go wrong. One mistake and a data breach or disgruntled employee could put you out of business. The Fix: Our recommended solutions remove employee access from cardholder data and customer self-checkout is proven to be far more secure. Compliance with the latest credit card processing rules is automated. This is not the case with all remote payment solutions, many of which have not kept up with the onslaught of new card processing rules (not the same as PCI compliance), especially for storing and using stored cards. I don’t care how big they are or how recognizable their name is, many solutions are not compliant today.

DRIVE THROUGH PICK UP: A parent pays for their kids car repair. A friend wants to pick up a pet for their elderly neighbor. No problem. During checkout, your customer can designate things like a pick up time, name of pick-up person, and even add details about the car that will be picking up.

BEST USE CASES: Veterinarians, car service, truck service, anything where something is dropped off and then needs to be picked up later. Animal hospitals can deliver instructions, photos, results etc and reduce or even eliminate phone time. Restaurants may have specialized software that meets needs so I would look there first. We focus on businesses with sales are over $1M annually.

FAQ: Can I use my same merchant account? Yes. Do you offer low cost merchant accounts? Yes, submit your statements for a comparison. How do you reduce my fees if I keep the same merchant account? Proprietary patented technology dynamically optimizes every transaction to mitigate risk and qualify for the lowest fees. What payment types are supported? Paypal, Visa, MasterCard, Discover, American Express, ACH/echeck and more. Is it HIPAA compliant? Yes. What if my customer insists on paying in person? No problem. Just mark as paid when they come in. How long does it take to get set up? Usually one business day turnaround once we receive your paperwork, though it can vary. How easy is it to use? We like both our users and customers to have an ‘Apple-like’ experience; just login an go; self-serve and assisted remote training is available. How much does it cost? We have two price plans depending on your business type. Most customers are more profitable using our system so any fees are entirely offset by credit card fee savings, labor savings, and increased revenues. How long is the contract? Month to month; if you don’t like it, just cancel. We’ve never had a customer say they didn’t like it and cancel.

GET STARTED: Christine Speedy, 954-942-0483. For a fast, free checkup on your merchant account or to implement our express checkout system, contact us today.

Covid-19 disruption will bankrupt some businesses

Posted on by
Reply

Sad but true. Covid-19 will drive some businesses into bankruptcy. That could never happen to 3D Merchant Services. My father raised me to avoid debt, save a lot, and work hard. I realize not everyone has the same circumstances and a lot of people will be financially hurt. I can help by reducing fees, making operations more efficient, and accelerating receivables payments.

My standard merchant services offer is wholesale pricing, passing through all costs plus a small mark up. Many customers negotiate a great deal, but pay extra fees for a variety of reasons. The most common problem? Transaction does not meet the criteria needed to qualify for the optimal interchange rate, thus they pay a penalty rate and extra fees. I fix that.

There are a lot of companies and individuals that promise to reduce fees and sometimes they do. However, I’ve never spoken to a single salesperson in this industry, outside of my associates, that knows as much as I do about the merchant and transaction rules and authorization management. As a result, their customers are never fully optimized to maximize profits. For example, I’ve had sales agents contact me about business card level 2 rate qualification. Why would you help them get level 2 and not level 3?

Even the companies that specialize in reducing fees only help with a piece of the puzzle, leaving businesses to seek out another solution in another year or two. For example, companies that take credit cards over the phone for non-retail sales, are wasting time; why would you have your high paid office manager get the credit card over the phone instead of just pushing out the invoice with click to pay or empowering customers to self-store cards and or use an online pay page. Properly done, it’s far more secure than manual handling by employees. Additionally, it can be cheaper interchange rates for self-pay vs phone order.

Avoid all the noise! Contact 3D Merchant Services for a merchant account checkup!

All the best, Christine.

PCI Security Standards Council Extension of PCI PTS POI v3 Devices

Posted on by
Reply

PCI Security Standards Council Bulletin: Extension of Expiration of the Approval of PCI PTS POI v3 Devices, March 10, 2020.

Due to supply-chain disruptions related to the coronavirus, the PCI Council has extended the expiration date of PIN Transaction Security Point-of-Interaction (PTS POI) v3 devices from 30 April 2020 to 30 April 2021.

For those countries and entities not impacted by the coronavirus, we strongly encourage the deployment and use of next generation solutions such as devices approved to PTS POI v4 or v5 and migrating to POI v6 devices when the standard is released later this year.

On advisement from our industry stakeholders, the Council has determined the preventive controls to stop the spread of the coronavirus will impact previously planned rollouts of POI v3 devices. While recognizing that earlier versions of POI devices may be less robust in withstanding certain of the latest generations of attacks, we do not believe that this limited one-year extension of the approval expiry date for POI v3 devices will materially impact that risk.

The PCI SSC advises merchants, financial institutions, vendors and other users of PTS POI v3 devices, specifically v3 PEDs (PIN entry devices), non-PEDs, EPPs (encrypting PIN pads), UPTs (unattended payment terminal), and SCRs (Secure Card Readers) to contact their device vendors regarding the availability of more recently approved models to use as replacements and in new deployments. Effective 30 April 2021, the affected devices will be removed from the approved POI devices list on the PCI SSC website and listed separately here

Here are examples of credit card terminals with expiring PCI PTS 3.x April 30, 2021:

  • Vx525- Hardware #: M252-5xx-xx-xxx-3
  • Optimum M-5 (Verix)-

M465-x7x-xx-xxx-3
M465-x8x-xx-xxx-3
M465-x9x-xx-xxx-3

  • SCR-710, Mx760 SCR-

P090-719-30-RB
SUB090-004-01-A

  • FD55- M252-1xx-x3-FD1-3
  • VX 690, VX 690B

M260-x1x-xx-xxx-3
M260-x1x-xx-xxx-3B
M260-x1x-xx-xxx-3C
M260-x1x-xx-xxx-3D
M260-x5x-xx-xxx-3
M260-x5x-xx-xxx-3B
M260-x5x-xx-xxx-3C
M260-x5x-xx-xxx-3D

  • Vx600 Bluetooth/ MPM-100

M087-241-xx-xxx-3
M087-241-xx-xxx-3a
M087-251-xx-xxx-3
M087-251-xx-xxx-3a
M087-261-xx-xxx-3

  • Vx825

OP: 2.x.x
QT830017
QT830106
QT830109
QT830120
QT830240
QT830241
QT830245
QT830246.xxxxxxxx
QT830340
QTyy0400.xxxxxxxx
QTyy0500.xxxxxxxx
QTyy0530.xxxxxxxx
QTyy0540.xxxxxxxx
QTyy520.xxxxxxxx

  • Vx675 (VOS)

M266-x7x-xx-xxx-3
M266-x8x-xx-xxx-3
M266-x9x-xx-xxx-3

  • IWL220, IWL250- IWL2xx-01Txxxxx
  • IPP220, IPP280Hardware #: iPP2xx-01Txxxxx
  • ICT220, ICT250- Hardware #:iCT2xx-11Txxxxx
  • iCMP-

Hardware #: ICMxxx-01Txxxxx (Non CTLS) ICMxxx-11Txxxxx (CTLS)
ICMxxx-21Txxxxx
ICMxxx-31Txxxxx

  • Ingenico iSC 250 & TOUCH 250 Hardware #: iSC2xx-01Txxxxx

iSC2xx-21Txxxxx
iSC2xx-31Txxxxx

  • ISC Touch 480

Hardware #: ISC4xx-01Txxxxx (no CTLS)
ISC4xx-11Txxxxx (CTLS)

ISC4xx-01Txxxxx
ISC4xx-11Txxxxx

iPP310, iPP320, iPP350

FD130- Hardware #: T0PXXXXB1CXX4X

The Ingenico is a good example of varying PCI PTS within the same model. The Ingenico iSC TOUCH 250 PCI 4.0 Certified

For a complete list , click here https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices?agree=true PCI Security Standards Council (“PCI SSC”) LIST OF VALIDATED PRODUCTS AND SOLUTIONS

What happens if you continue using an expired terminal?

  • If there is a data breach, the cost of which typically exceeds $1 million, you’ll have no safe harbor because you used expired equipment.
  • Your acquirer could shut you down at any time. They know what type of equipment you have because when your account is established they create a communication connection (TID or terminal identification). It’s happened before. I picked up four new clients in one month that were all shut down by their processor for using outdated equipment and or software. There were left with no way to process at all and felt they should have been contacted to make a change before it happened.

Where can you buy a new terminal?

Buy one from Christine! Never buy a terminal on Ebay or any unknown source. Terminals should ship directly from an authorized entity that also does pin debit encryption. Never let a salesperson or any non-employee install your credit card terminal unless they are PCI Council QIR certified; Level 4 merchants are mandated to only use QIR individuals. The QIR designation belongs to individuals, not companies.

Disclaimer: This is not a comprehensive list and does not include add related data for individual products. Merchants should review current information at the PCI Council web site, pcisecuritystandards.org.

Call Christine Speedy, for all your merchant account, hardware and virtual terminal needs. 954-942-0483, 9-5 ET. Christine is Founder of 3D Merchant Services, PCI Council Qualfied Integrator Reseller (QIR), and is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified. Christine is an authorized independent sales agent for a variety of merchant services and payment technology solutions.