Equipment Rental Credit Card Processing Rules Change

Posted on by
Reply

Bobcat, Caterpillar, and other companies that offer rental equipment, all are impacted by new credit card processing rules for rentals. equipment rentals credit card processing

While businesses expect their software, including ERP, Point of Sale, and ecommerce shopping carts to help them manage compliance with credit card acceptance rules, the reality is that many don’t. Compliance increases profits; non-compliance increases new chargeback risks, interchange fees, penalty fees and authorization declines.

Traditional desktop terminals don’t support the new transaction data requirements. If merchant is not using EMV chip device, now is the time to upgrade to a cloud-based solution and fix two problems at once. Rental merchants cannot meet both card acceptance and Payment Card Industry Data Security Standards compliance requirements using traditional paper credit card authorization forms. Cloud technology and a compliant payment gateway are needed. For example, pair the Verifone MX 915 with the CenPOS validated Point to Point Encryption (P2PE) solution and use either a standalone or integrated to ERP such as Microsoft Dynamics AX.

Key elements for compliance:

  • Initial authorization transaction must send new transaction indicator that it’s an estimate; the final amount could change for example because the renter kept it longer or damaged the equipment. This is technically managed by the payment gateway.
  • If applicable, send incremental authorizations with related indicator.
  • If storing the card, the Visa Stored Credential mandate outlines the specific requirements for agreement with customer, cardholder authentication, and procedures to use a stored card on file. For example, perform cardholder authentication with either security code or 3-D Secure. 3-D Secure can only be invoked if the customer self-pays; it shifts friendly fraud liability to the issuer and merchants can also qualify some cards for even lower interchange rates.
  • Update language in agreements for opt-in to terms and conditions as required by Visa.

Card issuers and acquirers were mandated to be compliant in 2017, and merchants by October 2017, however, there’s no mandate for payment gateways. Even if an existing payment gateway supports the new requirements, merchants must make changes. Visa is the most complex, however other brands have similar rules.

From tokenization to Express Checkout, CenPOS creates a seamless commerce experience throughout the enterprise. Innovations, including Express Checkout via text or email, help businesses maximize profit in all departments. CenPOS takes the heavy lifting out of payment acceptance offering a range of solutions that simplify every aspect of implementing, operating and maintaining a payment system enabling merchants to focus on their business. CenPOS Express Checkout via text or email includes 3-D Secure capability as part of a layered security approach.

CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships. Powered by its enterprise-class, end-to-end transaction engine, CenPOS’ secure, cloud-based solutions seamlessly integrate with a merchants existing infrastructure minimizing disruption and saving time and money. Committed to a merchant-centric approach CenPOS provides a one-to-one level of service and support, enabling merchants to focus on their core business.

Headquartered in Miami, Florida, CenPOS is reshaping the future of commerce through technology innovation and the secure, flexible and simple solutions this enables. Christine Speedy, CenPOS Global Sales, 954-942-0483.

Reference:

https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf

See also core rules, especially section 5 https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf

Are You Compliant? B2B Credit Card Processing Fact Check

Posted on by
Reply

Merchant compliance with various credit card processing rules maximizes profits while mitigating risk. This is especially true for business to business companies. But that task is getting harder and harder with the onslaught of new rules, and virtually impossible if not using a sophisticated cloud solution to help manage compliance.

b2b visa stored credentialIf your B2B company stores credit cards, there’s a pretty good chance you’re not compliant. For example, Visa’s 2017 Stored Credential Transaction framework (PDF download from Visa) outlines merchant responsibilities to obtain customer consent as well as storing credit cards, using stored credentials (token), and managing stored tokens. Failure to comply with Authorization rules, for example preauthorization and final settlement do not match, has far-reaching consequences including higher interchange rates (the bulk of credit card processing fees), penalty fees and new chargeback risks. With so many new rules across multiple card brands that vary based on business and transaction type how can a business quickly ascertain if they’re compliant?

Quick tips to validate compliance:

  1. Is cardholder authentication performed when a new card is stored? When the cardholder data is entered and submitted, the issuer responds with an approval or declined message. A small charge is not an acceptable practice to submit transaction for approval; instead a zero dollar authorization request for authentication is submitted. If authentication is via 3-D Secure -Verified by Visa, MasterCard Secure Code, whereby the customer self-authenticates vs merchant initiating, reduced rates may apply. Under the new rules, two transactions occur at the time a card is stored. Compliant answer is yes.
  2. Is a transaction receipt delivered to customer when you store a credit card? This will be either for an amount or a zero dollar authorization. When stored credit card credential (token) is created, a transaction receipt is generated with the approval or decline and other mandatory fields. Compliant answer is yes.
  3. Does the receipt include “RECURRING” or “REPEAT SALE” for token transactions? Compliant answer is yes.
  4. Review merchant statements, usually the last 1-2 pages with the heading “pending interchange” or “fees” section. Do you see EIRF, STANDARD (STD), or DATA RATE I? Compliant answer is no.
  5. Can you produce documentation of customer consent to store their card (including with 3rd party service) and how it will be used?

If you’re not in compliance, your payment gateway is the most likely culprit, followed by ERP or other software integration limitation. I can fix that.

Reference: Links for all Card brands.

Need help getting compliant?

Call Christine Speedy, , for simple solutions to complex payment transaction problems, 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

3dcart and CenPOS Payment Gateway Partner To Grow B2B Vertical

Posted on by
Reply

Miami, FL April 23, 2018. The business-to-business (B2B) e-commerce sales channel presents new opportunities and challenges, particularly with increasingly complex credit card processing requirements. 3dcart, a leading e-commerce platform, has partnered with CenPOS, an integrated technology commerce platform. The CenPOS ‘Super Payment Gateway’ maximizes profits while mitigating the higher dollar value transaction risk in the B2B vertical.

Payment gateways directly impact the cost of credit card acceptance, including interchange fees, the bulk of merchant fees. The CenPOS 3dcart integration offers all the required elements to qualify B2B transactions for the lowest rates possible, including:

  •  Level 3 data for purchasing, corporate and business cards
  • Resolve authorization and settlement amount mismatch
  • Visa unscheduled, recurring, and installment stored credential mandate compliance
  • 3-D Secure – Verified by Visa, MasterCard SecureCode, American Express Safekey and Discover ProtectBuy

“Our first mutual customer reduced fees over 30% just by changing their payment gateway,” commented Christine Speedy, CenPOS sales expert for 3dcart users. “Both our customers can expand into new markets while maximizing profits, security and compliance.”

“With the CenPOS integration, we expand the payment solutions offered by 3dcart to provide existing and prospective customers globally an additional alternative to how they process credit cards today, with any acquirer they choose,” stated Gonzalo Gil, 3dcart CEO.

The 3dcart CenPOS integration currently supports credit card, EFT/echeck with and without guarantee, Paypal and alternative payment methods. CenPOS POS and mobile and are available standalone now and will be integrated in the future to provide 3-D Cart customers a validated point to point encryption (P2PE) option. A validated P2PE solution significantly reduces merchant scope for PCI Compliance. CenPOS also includes to all 3dcart customers their electronic bill presentment and payment (EBPP) solution, supporting wire payments, text messaging, and other key B2B items of interest.

cenpos logoAbout CenPOS

CenPOS (https://www.CenPOS.com is a merchant-centric, end-to-end payments engine that drives enterprise-classsolutions for businesses, saving them time and money, while enabling merchants to create deeper lasting relationships with their customers. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.  PCI Level 1 Service provider, QIR Certified, P2PE Validated, HIPAA compliant. https://www.cenpos.com/ CenPOS 877-630-7960, Christine Speedy direct 954-942-0483.

logo 3dcartAbout 3dcart

3dcart (https://www.3dcart.com) is the most SEO-friendly eCommerce platform for retailers and internet marketers to grow their online stores’ traffic and sales. 3dcart includes 24×7 Technical Support, 100+ Mobile-Ready Themes, order management software, built-in blog, email marketing tools and more. Since 1997, the company has been a leader in the eCommerce market, building online stores for businesses of all sizes. Today, 3dcart is Visa PCI Certified and a Google Partner. Sales 800-828-6650

Ransomware still a top cybersecurity threat, warns Verizon 2018 Data Breach Investigations Report

Posted on by
Reply

Ransomware attacks double since 2017, and now target business critical systems

  • Ransomware is the more prevalent variety of malicious software, found in 39 percent of malware-related cases.
  • Human factor continues to be a weakness: financial pretexting and phishing attacks now target Human Resource (HR) departments.
  • 11th edition of the DBIR includes data from 67 contributing organizations, with analysis on over 53,000 incidents and 2,216 breaches from 65 countries.

NEW YORK, April 10, 2018 (GLOBE NEWSWIRE) — Ransomware attacks are a key cybersecurity threat for global organizations, warns Verizon’s 2018 Data Breach Investigations Report (DBIR). Ransomware is the most common type of malware, found in 39 percent of malware-related data breaches – double that of last year’s DBIR – and accounts for over 700 incidents. What’s more, Verizon’s analysis show that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.

DBIR analysis also flags a shift in how social attacks, such as financial pretexting and phishing, are used. Attacks such as these, which continue to infiltrate organizations via employees, are now increasingly a departmental issue. Analysis shows that Human Resource (HR) departments across multiple verticals are now being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates.

“Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies,” says George Fischer, president of Verizon Enterprise Solutions. “Verizon gives businesses data-driven, real-life views on the cyber-threat landscape, not only through the DBIR series but also via our comprehensive range of intelligent security solutions and services. This 11th edition of the DBIR gives in-depth information and analysis on what’s really going on in cybercrime, helping organizations to make intelligent decisions on how best to protect themselves.”

Major findings in summary

The 11th edition of the DBIR continues to deliver comprehensive data-driven analysis of the cyber threat landscape. Major findings of the 2018 report include:

  • Ransomware is the most prevalent variety of malicious software: It was found in 39 percent of malware-related cases examined this year, moving up from fourth place in the 2017 DBIR (and 22nd in 2014). Most importantly, based on Verizon’s dataset it has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable with less work.
  • The human factor continues to be a key weakness: Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.
  • Financial pretexting targets HR: Pretexting incidents have increased over five times since the 2017 DBIR, with 170 incidents analyzed this year (compared to just 61 incidents in the 2017 DBIR). Eighty eight of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns.
  • Phishing attacks cannot be ignored: While on average 78 percent of people did not fail a phishing test last year, 4 percent of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organization.
  • DDoS attacks are everywhere: DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress. They are powerful, but also manageable if the correct DDoS mitigation strategy is in place.
  • Most attackers are outsiders: One breach can have multiple attackers and we found the following: 72 percent of attacks were perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent feature multiple partners. Organized crime groups still account for 50 percent of the attacks analyzed.

“Ransomware remains a significant threat for companies of all sizes,” says Bryan Sartin, executive director security professional services, Verizon. “It is now the most prevalent form of malware, and its use has increased significantly over recent years. What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here! As an industry, we have to help our customers take a more proactive approach to their security. Helping them to understand the threats they face is the first step to putting in place solutions to protect themselves.”

Sartin continued: “Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’s first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organization.”

Biggest risks per industries analyzed

This year’s report highlights the biggest threats faced by individual industries, and also offers guidance on what companies can do to mitigate against these risks. Key industry findings include:

  • Education – Social engineering targeting personal information is high, which is then used for identity fraud. Highly sensitive research is also at risk, with 20 percent of attacks motivated by espionage. Eleven percent of attacks also have “fun” as the motive rather than financial gain.
  • Financial and insurance – Payment card skimmers installed on ATMs are still big business; however, we’re also now seeing a rise in “ATM jackpotting,” where fraudulently installed software or hardware instructs the ATMs to release large amounts of cash. DDoS attacks are also a threat.
  • Healthcare – This is the only industry where insider threats are greater than threats from the outside. Human error remains a major contributor to healthcare risks.
  • Information1 – DDoS attacks account for over half (56 percent) of the incidents within this sector.
  • Public sector – Cyber-espionage remains a major concern, with 43 percent of breaches being espionage motivated. However, it is not only state-secrets that are a target – personal data is also at risk.

Other industries examined within the report include accommodation and food services; professional, technical and scientific services; and manufacturing and retail.

_________________________
1 Publishers, motion picture and sound recording companies

The time to act is NOW

Sixty-eight percent of breaches took months or longer to discover, even though 87 percent of the breaches examined had data compromised within minutes or less of the attack taking place. While safety cannot be guaranteed, proactive steps can be taken to help keep organizations from being victims. These are:

  1. Stay vigilant – log files and change management systems can give you early warning of a breach.
  2. Make people your first line of defense – train staff to spot the warning signs.
  3. Keep data on a “need to know” basis – only employees that need access to systems to do their jobs should have it.
  4. Patch promptly – this could guard against many attacks.
  5. Encrypt sensitive data – make your data next to useless if it is stolen.
  6. Use two-factor authentication – this can limit the damage that can be done with lost or stolen credentials.
  7. Don’t forget physical security – not all data theft happens online.

Still the most authoritative data-driven cybersecurity report around

Now in its 11th year, the Verizon 2018 Data Breach Investigations Report leverages collective data from 67 organizations across the world. This year’s report includes analysis on 53,000 incidents and 2,216 breaches from 65 countries. The DBIR series continues to be one of the most data-driven security publications on the globe, combining data from multiple sources towards a common goal – slicing through the fear, uncertainty and doubt around cybercrime.

Verizon will be showcasing its latest intelligent security solutions, including the recently launched Verizon Risk Report, at RSA 2018 in San Francisco, Moscone North Hall, booth #4121.

About Verizon
Verizon Communications Inc. (NYSE:VZ) (Nasdaq:VZ), headquartered in New York City, generated $126 billion in 2017 revenues. The company operates America’s most reliable wireless network and the nation’s premier all-fiber network, and delivers integrated solutions to businesses worldwide. Its Oath subsidiary reaches about one billion people around the world with a dynamic house of media and technology brands.

[24]7.ai Issues Statement After Data Breach Affecting Delta & Sears

Posted on by
Reply

SAN JOSE, Calif., April 4, 2018 /PRNewswire/ — [24]7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.

About [24]7.ai
[24]7.ai is redefining the way companies interact with consumers. Using artificial intelligence and machine learning to understand consumer intent, the company’s technology helps companies create a personalized, predictive and effortless customer experience across all channels. The world’s largest and most recognizable brands are using intent-driven engagement from [24]7.ai to assist several hundred million visitors annually, through more than 1.5 billion conversations, most of which are automated. The result is an order of magnitude improvement in digital adoption, customer satisfaction, and revenue growth. For more information, visit: http://www.247.ai.

[24]7 and [24]7.ai are trademarks of [24]7.ai, Inc. All other brands, products or service names are or may be trademarks or service marks of their respective owners.

###

Information related to the statement from other sources is below. The company systems were not compromised, but rather they were all using [24]7.ai’s customer service chat widget to interact with customer service personnel, which can result in end users inputting payment card and other personal data.

Delta said a small number of its customers saw their payment information stolen by hackers. The company was alerted to the data breach last week. Sears also said under 100,000 card numbers were taken.

https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/

https://nypost.com/2018/04/04/delta-says-customers-payment-info-breached-in-cyberattack/

Delta Data Breach 2018: Was Your Payment Info Exposed?

Final note. Need a secure payment solution for your chat widget? Call now.