EMVCo Updates EMV 3-D Secure Specification

Posted on December 18, 2018 by Christine Speedy

Enhanced specification further promotes frictionless authentication for e-commerce transactions, providing additional benefits for both merchants and consumers

14 December 2018 – EMVCo today announces the publication of the EMV® 3-D Secure Protocol and Core Functions Specification v2.2.0. The updated specification includes enhancements to promote an optimised consumer experience while supporting new authentication channels when making e-commerce transactions.

EMV 3DS is a messaging protocol that promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protect the merchant from exposure to CNP fraud.
EMV 3DS specification version 2.2.0 builds upon the current specification version 2.1.0 which is available today on the EMV 3DS Test Platform, enabling 3DS product providers to confirm that their solutions will perform in accordance with the specification. Support of v2.1.0 is required in order to implement v2.2.0. Key updates within version 2.2.0 include:
• Improved communication between merchants and issuers, enabling Europe’s Second Payment Services Directive (PSD2) exemptions for Strong Consumer Authentication to be applied. While the previous version of the EMV 3DS Specification enables PSD2 compliance, the latest updates provide additional features for merchants and issuers to maximise the benefit of the available exemptions.
• Two new features to enable authentication for various payment scenarios including mail order and telephone order transactions:
o 3DS Requestor Initiated (3RI) payments – enabling a merchant to initiate a transaction even if the cardholder is offline.
o Decoupled authentication – allowing cardholder authentication to occur even if the cardholder is offline.
• Expansion of existing data elements to promote communication of pre-checkout authentication events and associated data as part of the EMV 3DS transaction from systems such as those supporting the FIDO Alliance standards.
These enhancements are available if all 3DS components involved in the transaction have updated their software to support v2.2.0.

“EMV 3DS exists to promote secure, consistent consumer authentication for e-commerce transactions across all channels and connected devices, while optimising the cardholder’s experience,” comments Stephanie Ericksen, Chair of the EMVCo Executive Committee. “Our work in this area continues to evolve to ensure we respond to new marketplace requirements. EMVCo continues to encourage the payments community to get involved and provide feedback on the EMV 3DS activity.”

Earlier this year EMVCo announced the availability of the full EMV 3DS Test Platform, which enables the functional testing of EMV 3DS solutions. Letters of Approval are currently being issued for those 3DS products that have successfully tested against version 2.1.0. A list of approved products can be found on the EMVCo website. Products submitted for EMV 3DS v2.2.0 compliance testing will also be tested against EMV 3DS v2.1.0 to receive an EMV 3DS v2.2.0 Letter of Approval. Testing support for version 2.2.0 is expected to be available mid-2019. Progress updates will be posted on the EMVCo website.

To stay informed of the latest EMVCo developments and receive advanced access to EMV Specifications and related documents, join the EMVCo Associates Programme or become a Subscriber.

Credit card authorization form template alert

Posted on December 5, 2018 by Christine Speedy

Searching for a credit card authorization form template? Maybe PCI compliant form or Microsoft Word compatible template? Stop! If your web browser is not up to date, just landing on the web site that has the form might introduce malicious code into a company’s systems and network, leading to a future data breach.

Businesses should be replacing traditional credit card authorization forms with other payment methods where the customer self-pays:

Hosted pay page
Push out a payment request via text or email

Per Visa, merchants are never allowed to ask for the security code on paper. Merchants also cannot store the form with full card numbers. They increase risk of fraud and identity theft and nobody likes them!

What are the benefits of customer initiated payments?

Reduced merchant fees for some cards (3-D Secure cardholder authentication such as Verified by Visa must be enabled.)
Increased approvals with cardholder authentication.
Mitigate chargeback risk – with 3-D Secure cardholder authentication, fraud liability shifts to issuer.
More convenient for buyers- 24/7 payments on their schedule, not yours
Buyers are in control of choosing to store payment methods

How do you choose the best solution? Here’s some of our product differentiators:

PCI Compliant credit card authorization form generated automatically, should you have a need to get a signature to terms for storing and using stored cards.
3-D Secure cardholder authentication supported.
Choose any acquirer.
Automated interchange management, including level 3 processing for business to business (B2B) and business to government (B2G), to reduce fees and maximize profits.
If preauthorizations are needed, ongoing authorization management is critical and we do that automatically.

Call Christine Speedy, PCI Council QIR certified, for simple solutions to complex payment transaction problems, 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Level 3 Credit Card Processing Solutions

Posted on November 7, 2018 by Christine Speedy

Level 3 processing requires payment solutions that can both send level data and dynamically optimize transactions to qualify for level 3 rates. Learn the secrets to higher profits right now. Were you told your last solution would fix your problems so you’d qualify properly? Have you been told with more training you could fix the problems to hit level 3? Hogwash! It’s not your fault, you just didn’t have an insider perspective until now.

Many payment gateways can send level 3 data, but the requirements to qualify for level III interchange rates are much more complicated than that. Do you perform preauthorizations? You know what happens when the preauth expires? Or when the final settlement is not the same as the preauthorization? These are just two of many reason merchants fail to qualify for level 3.

New rules for storing cards and using stored cards can also impact profits. Hint: If you haven’t made big changes to how you do this since October 2017, you’ve got a problem. Failure to comply with any rules negates rate qualification. If issuers are not sophisticated enough to catch all the rule breakers now, it’s only a matter of time. In the future, cardholders will be able to login to their bank and view all the companies that are storing their cards. So if you haven’t made the changes needed per new stored card requirements, including the new Unscheduled Credential On File (UCOF) transaction indicator, that creates a problem for the long term goals in financial industry. Compliance enforcement can include penalties and assessments.

I’ve seen demo’s, heard sales pitches, and read the documentation on many payment gateways and virtual terminals. It’s not what’s there, but what’s not there that is most revealing. Before choosing a level 3 processing solution, get a demo. If you’ll be using a virtual terminal, use that for the demo. If you’ll be using an integrated solution, view the integrated solution demo.

The demo:

Store a regular card and business card. What methods are used to capture the initial card data? Then charge each card. Note the steps for each.
How does the solution manage reversals on preauthorizations?
What’s the process to identify and renew an expired authorization?
How can buyer complete a transaction with 3-D Secure?
Pull report to retrieve transaction.
Pull report with level 3 data.
Ask if the gateway supports Recurring, Installment, or UCOF depending on your needs; virtually all support Recurring, but not the others.

Note how much of the process is automated, how much relies on people making decisions, and if any items are not available. Take screenshots. On a Mac it’s command + shift+ 4.

Want a payments expert as a silent observer? Ask me to sit in on the call for unbiased feedback.

Did you like this article?

How to fix Ingenico ISC250 Lane Closed ?

Posted on November 2, 2018 by Christine Speedy

Ingenico isc250 EMV chip and pin signature capture terminal.

The Ingenico ISC 250 touch and ISC 350 terminals will have a message ‘lane closed’ when not in use. To be more clear, the Ingenico terminals are slaves to software that tells them what to do. So the user must be logged into their point of sale (POS) solution, integrated software, or virtual terminal that drives the terminal.

If you’re logged in and click on SALE and the terminal still says lane closed, you need to do some troubleshooting. Is the terminal properly connected to the PC or device driving it? If this is a terminal that was previously known to be working, try swapping cables with another if available.

CenPOS users call support with your CenPOS MID at 877-630-7960. If you’re a user, you’ll know it. For everyone else, if you still have a problem, contact your IT department, Point of Sale solutions provider or whoever sold you terminals. 3D Merchant does not provide technical support to merchants using other companies business solutions so please do not open chat asking for help with your LANE CLOSED problem. We do not maintain a list of support numbers for retail solutions providers, equipment resellers, or anyone else who you may need to contact. If you’re open to changing vendors so you can improve your customer support or any other needs, then feel free to contact us.

For PCI Compliance, only PCI Council QIR certified professionals are allowed to touch or install terminals for level 4 merchants. Do not allow unauthorized outside vendors to physically touch your terminals.

PCI Alert: Some versions of Ingenico ISC 250 & 350 EMV terminals will be expiring April 2019. They’re not upgradeable and will need to be replaced. Hint: If you see cheap terminals for sale online, they’re probably expiring.

3D Merchant Services provides payment processing technology merchants need to drive Ingenico and other EMV chip terminals, with full cashiering, and without the need to purchase any additional POS software. The credit card processing terminals can be operated with a secure virtual terminal or with integrated solutions that keep merchant POS applications out of scope for PA DSS. Many recent merchant data breaches have occurred from applications that were in scope for PA DSS. By segregating payments from POS applications, merchants can increase security while reducing compliance burden. Merchants have the option for point to point encrypted (P2PE) terminals and solution or optional Validated P2PE service; the latter requires extra steps for merchants and significantly reduces PCI compliance burden with an SAQ that’s about 90% shorter.

Call Christine Speedy, PCI Council QIR certified, to purchase terminals and retail solutions, 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Credit card transaction fees checkup

Posted on November 1, 2018 by Christine Speedy

Free credit card transaction fees checkup includes self-assessment, no merchant statement sharing with third party required. Due to massive changes in card network rules over the last two years, a review is essential. This method is easier than my B2B credit card processing fact check, while still revealing problems that must be resolved. As a processor neutral payments expert, Christine Speedy offers a unique perspective.

Here’s a shortcut to determine if you have authorization problems, which directly impact credit card transaction fees. Why is this important? Because unless you fix the underlying problem, switching merchant accounts will only provide partial relief from escalating transaction fees like the new MasterCard .25% misuse of authorization fee. If you have any of these items below on your merchant statement, you have a problem. Most likely it’s a payment gateway issue.

Misuse
Integrity
Compliance or Non-compliance
Standard / STD (any)
EIRF
Data rate I
Data Rate II or Data Rate 2
Chargeback: FRAUD TRANS-NO CARDHOLDR AUTH
Chargeback reason: Compliance

Hint: If you open your merchant statement in Adobe Acrobat, in OSX with command F you can copy and paste the terms above. It’s not foolproof due to varying abbreviations, but you only need to have one of the bad items to know there’s a problem.

For card not present business to business, merchants should see these two interchange types:

Full UCAF
Data Rate III

I don’t know why, but I get calls from other salespeople in the industry looking for solutions to help customers qualify for Data Rate II. Why wouldn’t you want the customer to qualify at Data Rate III? Makes no sense.

I also hear from merchants how they were told that the new solution would fix their level 3 data problems, but it didn’t. If you do preauthorizations, and the solution doesn’t automatically get new authorizations and manage reversals it’s not going to fix authorization problems. Always ask, “how will the payment gateway manage authorization reversals if we don’t settle for the original preauthorization amount’? That’s one of several critical key questions. If they don’t know the answer instantly, move on.

Due to massive changes in card network rules and data security compliance rules over the last two years, a review by a neutral payments expert is essential. Did you have any red items? It’s time for a deeper dive into why. Your FREE report will identify issues impacting profits and security, include action items how to fix them, and rarely requires changing financial partners.

credit card transaction fee checkup form

Click to download FREE credit card transaction checkup form.

Your FREE report will identify issues impacting profits and security, include action items how to fix them, and won’t require changing financial partners (in most cases).

Call Christine Speedy, PCI Council QIR certified, to reduce merchant fees with new or existing merchant account at 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.