B2B Steps to Visa Stored Credential Mandate Compliance

Posted on October 5, 2017 by Christine Speedy

How can merchants get compliant with the Visa Stored Credential Transaction framework and mandates effective October 14, 2017?

Step by step getting started guide for B2B merchants:

Plan how you’ll comply with consent record requirements. See Improving Authorization Management for Transactions with Stored Credentials https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf . Are you going to manage documenting everything or are you going to use technology to help you manage it? Ask your gateway if they’re going to provide a checkbox for consent and if you’ll be able to pull the opt-in records on demand. CenPOS, a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement will automates multiple elements for clients.

PCI Compliant credit card authorization form

Partial CenPOS PCI Compliant stored credential authorization form.

Update workflow and documents. Ensure your sales order or associated credit documents include sale, refund and cancellation policies. Add a checkbox for customer opt-in to terms, including online payments. CenPOS has an opt-in box and you can customize the text.Verify if you have a system to manage authorization validity. What the heck does that mean? Many B2B companies have complex needs including pre-authorizations, incremental authorizations, delayed shipping etc. While you may get issuer approvals, that doesn’t mean the authorization is valid. The two most common rules B2B businesses struggle with are Settlement within timeframe for card not present sales, and Authorization amount and settlement amount must be equal. Per Visa Core Rules October 2017, for typical distributor and manufacturer card not present transactions, the authorization must settle no later than 7 calendar days from the date of the initial Approval Response. CenPOS automates compliance. Other payment gateways are incapable or may leave it up to developers to create a solution. Are you compliant now? Look at your merchant statement ‘pending interchange fees. If you see EIRF or STD, that’s a red flag there’s a problem.

Replace paper credit card authorization forms, and any digital form that you can decrypt and view sensitive card data. Offer your customers a way to self-manage their own wallet with either a hosted online pay page or Electronic Bill Presentment & Payment. CenPOS offers both options, including a lite ‘request a payment’ option, and lets your customers choose both text and email. For those not ready to give up paper, CenPOS creates a printable PCI Compliant credit card authorization form for every stored card.

New to online payments? See Visa best practices to prevent brute force attacks. https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html. CenPOS includes recaptcha and client managed velocity and other rules as part of a layered security approach.

Verify your gateway is ready or will be ready to send correct transaction data for the initial transaction and subsequent transactions for both customer initiated and merchant initiated use of the stored credential. You’ll want the payment gateway to perform a zero dollar authorization and authenticate the cardholder with 3-D Secure. Ask your gateway if it will automatically flag a transaction as customer initiated stored credential or merchant initiated stored credential, or if they’ll require you to have multiple gateway accounts, one for each type. CenPOS does all this for you now in a single account.

Get an ecommerce merchant account. This is needed for online payments. Don’t run mail order telephone order (MOTO) transactions on the ecommerce account unless you know your payment gateway can alter the flag sent with transaction to change the transaction type. Many cannot. CenPOS manages all compliance seamlessly in the background; whether you need multiple merchant accounts varies by acquirer/processor.

Register for 3-D Secure, including Verified by Visa, with your acquirer. Don’t do this until you know which payment gateway will be used and get their instructions if applicable.

Communicate with customers. Advise any upcoming changes will increase efficiency and security for everyone.

Why comply? With full compliance, merchants can expect better qualified interchange rates, increased approvals (avoid declines based on issuer risk averse algorithms), reduced PCI Compliance burden, and increased efficiency for both buyer and seller. The cost of non-compliance is hefty, including higher interchange rates, penalty fees, and risk of both issuer and cardholder chargebacks.

The same transaction can process at different rates as shown above, depending on which rules you follow. CenPOS Smart Rate Selector automates compliance to qualify transactions at the lowest rate possible. Which rates are on your merchant statement now?

Why should developers choose CenPOS for their integrated payment gateway? CenPOS has native modules for ERP, shopping cart, accounting and other software.

Increase profits faster
More efficient, quicker reconciliation
More secure- from Encrypted Virtual Keypad to elimination of credit card auth forms
More robust- Wire, ACH, check, Paypal, credit card and more; text and email payments supported. No 3rd party Electronic Invoice solution needed such as BillTrust; CenPOS invoice portal and automated collections included.

Where can I buy CenPOS or learn more? You’ve already found one of the top salespeople, Christine Speedy. All agreements are direct with CenPOS, no middle man.

Resources and documentation https://3dmerchant.com/blog/merchant-bulletins-downloads – bookmark it!. Join Christine Speedy’s email list.

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.

With the fast pace of changing rules, companies need a technology partner to automate compliance. Did you know?

CenPOS has a suite of solutions for companies just like yours, solving common problems and increasing profits virtually overnight.
For those not ready to give up paper, CenPOS creates a printable PCI Compliant credit card authorization form for every stored card.
CenPOS has ERP, ecommerce shopping cart, accounting and other plug-in modules available for quick and easy implementation.
I’ve been selling for CenPOS since day 1. Though I have other payment gateways available in my arsenal, nothing else compares for meeting business to business needs.

Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

First Data level 3 processing solutions

Posted on October 3, 2017 by Christine Speedy

Need a solution for level 3 processing with your First Data merchant account? A payment gateway that supports level 3 processing is required, but that’s not enough. Payment gateway selection and implementation impact whether a transaction actually qualifies for level 3 rates.

The main requirements to qualify for level III interchange rates are:

Submit required extra order detail. This varies by card brand; for example Ship to/from ZIP code, Destination country code,VA/ tax amount, invoice number, order reference number, Discount amount, Freight/shipping amount, Duty amount, Order date, unit of measure and more.
Valid authorization. For example, the authorization and settlement amount must be the same.
Interchange Rate Special Requirements, which may vary by card, industry etc. For example, here are requirements to qualify for MasterCard Data Rate III
1. U.S. Merchant
2. Applicable Electronic Authorization Data must be included and match Settlement Data
3. Valid Banknet Reference Number and Banknet Date in valid date format MMDD
4. Settlement within 2 days of transaction
5. Level II & Level III Corporate Card data (Level II Data includes the entry of customer code, card acceptor type, tax ID and sales tax. Level III Data includes Level II data, line item detail, item description, item quantity, item unit of measure, extended item amount, product code, and debit or credit indicator.)
6. Non-T&E MCC
7. Card Acceptor Type and Tax ID must be provided

Visa Stored Credential Framework Impacts Authorization Validity

For business, corporate and purchasing card transactions to qualify for Level 3 interchange rates, a valid authorization is required. New rules change requirements for card not present transactions using stored cards. US businesses must comply with Visa Stored Credential Transaction framework effective October 14, 2017. Without getting into too much detail, payment gateways must update to comply, and merchants will also need to make some changes going forward.

Merchant requirements include:

When capturing a stored credential for the first time, complete special requirements, including cardholder authentication as applicable (Managed by payment gateway or integrated solution.)
Send correct transaction type on subsequent transactions: Installment Payments, Recurring Payments, or Unscheduled Credential On File. (Managed by payment gateway or integrated solution.)
Authorization and settlement amount must match. (Managed by payment gateway or integrated solution.)
Obtain cardholder consent and disclosure agreement. (Most likely managed by payment gateway or merchant.)

For years, authorization and settlement amount mismatch has been a common problem for merchants to qualify for level III rates. Even if a gateway solves this problem, an integration may limit the capability. This is easily identified by EIRF, STD/ standard, level I and level II rates present in the “pending interchange” section on merchant statements.

To solve all of the above problems, merchants can use a third party payment gateway with their merchant account, that manages authorization validity and continual changes within the gateway, including integrated solutions. Below image shows before and after interchange rates from actual merchant statements; same merchant account, just changed the payment gateway.Contact Christine for a level 3 payment gateway that works with your First Data Merchant Account, as well as other acquirers.

Insurance Installment Payments: Visa Credit Card Processing Rules Change 2017

Posted on September 19, 2017 by Christine Speedy

Insurance companies must comply with new VISA installment credit card processing rules changes effective October 2017 to maximize business profits and mitigate chargeback risk. Everyone in the payment ecosystem has or will need to make changes to comply, including acquirer, issuer, payment gateway, merchant, and sometimes integrated billing software.

VISA DEADLINE:

October 14, 2017 Visa stored credentials compliance mandate.

INSTALLMENT CREDIT CARD PROCESSING BEST PRACTICES:

Obtain cardholders’ consent to store the credentials. Opt-in check box stored with payment gateway record is recommended.
Have a solution to retrieve consent records on request.
Disclose to cardholders how stored credentials will be used.
Notify cardholders when any changes are made to the terms of use.
When capturing card data for the first time, use a PCI compliant payment gateway to create a random token replacing sensitive data; eliminate paper credit card authorization forms or digital signature forms where payment data is collected on the form, not via a payment gateway.
Inform the issuer via a transaction that payment credentials are now stored. For example, perform an Account Number Verification Transaction via a Zero Dollar Authorization with 3-D Secure Verifed by Visa.This is managed by the payment gateway, and requires specific transaction indicator. TIP: If the solution you’re using performs a $1 authorization, often with a void or reversal after, that’s because the payment gateway, and or the implementation, are out of date and don’t support current requirements. Ask how yours works- assume nothing!
Identify subsequent transactions with appropriate indicators when using stored credentials. Payment gateway to identify all future transactions after storing:

– With an indicator that shows that the Transaction is using a Stored Credential for either Installment, Recurring or Unscheduled Credential On File.
– With the Transaction Identifier of the Initial Transaction.

Follow all cardholder disclosure and consent requirements specified in the Visa Rules. Opt-in check box with digital record managed by the payment gateway is recommended to comply with issuer records requests.
If performing a preauthorization for any transactions, additional new requirements must be met, including for reversals and reauthorizations.

INSURANCE INSTALLMENT BEST PRACTICES

Increasingly complicated rules vary by card brand, business type and many other factors. This article may oversimplify such complexities. Merchants are advised to:

Use tools, including intelligent cloud-based payment gateways, to help comply automatically.
Segregate payment acceptance from applications; example, embedded payment object or i-frame.
Review Visa Stored Credential Transaction Framework bulletins
Review Visa Core Rules and Visa Product and Service Rules
Review workflow for the customer payment experience and confirm payment technology workflow is compliant with new rules. There is no automated update; merchants must actively participate in process to ensure compliance.

COMPLIANCE RISKS AND REWARDS:

Compliance will increase approvals, customer satisfaction, and profits.
Reduce time spent on collections, increase automation, reduce attrition.
Cardholder authentication can qualify some transactions for lower interchange rates plus mitigate losses related to “it wasn’t me”, more commonly seen in higher risk insured policy holders.
Compliance required to participate in Visa Account Updater service.
Non-compliant transactions are essentially invalid authorizations, and issuers will be within their rights to chargeback via Reason Code 72. This is different than a consumer generated chargeback. Issuers are getting slammed with missed payment cardholders and need to get their money back some way; JP Morgan wrote off about $1B in Q1 2017 according to one source. The Wall Street Journal has published several articles over the last year about the surge in subprime credit cardholders missing payments. Overall, we’re looking at a national rate over 4% per quarter- over 16% annually, representing over a trillion dollars. Issuers may want to offset losses from subprime cardholders by collecting monies from merchants for the same.
Chargeback Risk includes the initial transaction and all subsequent transactions that are not in compliance for the allowable chargeback period. For example, if non-compliant the issuer could chargeback installments on October 14, November 14, and December 14.

Reference: Visa Stored Credential Transaction Mandates and also Visa Core RulesTable 5-21: Requirements for Prepayments and Transactions Using Stored Credentials.

Before selecting a payment gateway for installments payments, ask these questions:

How will it help with new Visa Stored Credential Mandates compliance?
Does it support 3-D Secure cardholder authentication, for customer initiated payments?
What type of digital record is created at the time of customer opt-in to terms, how is it retrieved, and how long is it retained?
Does it support Zero Dollar Authorization?
Does the receipt dynamically change based on type of transaction, i.e. cash, credit card single payment, installment payment etc.
Does it support level 3 processing for commercial cards (if applicable to business type)?
If I change banks or payment processors, how will it affect my customers? My business?

TIP: Most payment gateways will not be compliant on October 14. An easy starting point to reduce the list of vendor choices is to ask the payment gateway what type of digital record is created at the time of creating an installment agreement, and how will it be accessed? Need help to get compliant? Contact Christine Speedy to learn more about solutions for your business that are quick and easy to adopt, increasing efficiency and growing profits virtually overnight.

Best Quickbooks Credit Card Processing – Card Not Present 2017

Posted on September 19, 2017 by Christine Speedy

Due to new credit card processing mandates effective October 14, 2017, business to business merchants especially need to review practices for card not present transactions. Compliance will boost profits and improve customer experience; non-compliance will increase costs, penalty fees and customer dissatisfaction. Our Quickbooks plugin for all desktop and enterprise versions (except Quickbooks Online) eases the burden of compliance, while improving customer buying experience, cash flow and profits. For business to business (B2B), we have the best solution.

Card Not Present Credit Card Processing Rules & Guidelines:

Never store full card data on paper or digitally. If you can retrieve it, so can a criminal. Merchants are never, ever allowed to request the security code (Visa Core rule 5.4.2.5) on paper, or via digital methods such as email or text. Paper credit card authorization forms as well as digital signature forms that can be unencrypted to view sensitive cardholder data are prohibited. We fix this problem by delivering electronic invoices and empowering customers to self-store payment methods.
When first storing a credit card, perform a Zero Dollar Authorization with the correct transaction type flag. This process is managed seamlessly in the background if supported and enabled by the payment gateway. (TIP: Some solutions perform a $1 authorization and then void the transaction- this is non-compliant.) We automate this this process in full compliance.
Perform Cardholder Authentication. The two authentication options are card security code and 3-D secure, such as Verified by Visa. The latter is a global standard that requires the cardholder self-initiate payment, a more secure solution; Merchants using 3-D secure benefit by increased sale approvals, fraud liability shift to issuers, and for some cards, lower rates.
When first storing a credit card, have your customer opt-in via a manual checkbox to return and cancellation policies.
Hosted online pay page, partial screenshot

If your gateway does not include this option for customer initiated checkout, including paying invoices, it’s an easy way to identify your payment gateway is not compliant with new rules yet.
Use a payment gateway that supports new authorization rules, including stored card pre-authorization, incremental authorization, final authorization, authorization reversal, partial authorization reversal, and credit authorization.

Both the payment gateway provider and processor must support 3-D secure and zero dollar authorization.

Alternative Quickbooks Credit Card Processing Module- features for card not present:

EBPP- Electronic Bill Presentment and Payment to send invoices and accept ACH/eCheck, credit card, wire, Paypal
Customers self-manage payment methods
Unscheduled charge card on file supported
3-D Secure and additional security tweaks
Customer portal for 24/7 invoice retrieval and payments
Deliver invoices via text and email
Automated collections reminders
Opt-in checkbox with custom text
Optional custom fields
Works with all the acquirers, including First Data, Paymentech, Heartland, Global Payments, Elavon, TSYS, Moneris etc.
Level III 3 processing supported for reduced merchant fees when applicable for purchasing, business and corporate cards.
Smart Rate selector optimizes transactions for lowest qualified rate

Want the best Quickbooks credit card processing plugin for your B2B business? Contact Christine Speedy today for a virtually instant ROI, maximize profits and cash flow while improving your customer buying experience. Quick and easy to adopt, you’ll wish you had found this solution sooner.

ACH eCheck and Online Payments Solution

Posted on September 13, 2017 by Christine Speedy

Do you need eCheck services due to mail service disruption from recent disasters like Hurricane Irma and Harvey? Or do you just want to boost cash flow and get paid faster? Online payment solutions are quick, easy, and relatively cheap to implement. Using a third party solution vs bank can be cheaper and provides flexibility to change financial services partners without creating customer friction.

Why use a hosted pay page to accept eChecks?

A payment gateway hosted pay page enables customers to passively pay bills online 24/7 via a secure web page. Payment types may include credit cards, Paypal, ACH (echeck), wire and other methods. Because it’s hosted by a 3rd party PCI level 1 certified service provider, PCI Compliance burden is reduced for merchants that want to accept more than eChecks.

A hosted pay page empowers customers to make secure payments online.

Hosted Pay Page Implementation options:

Direct customers to 3rd party payment gateway custom URL- no change to business web site needed. Just email or text the link.
Link from business web site to 3rd party payment gateway custom URL by updating. Html and pay now graphical button available.
Embed the secure payment object on business web site via iframe html. Customers never leave merchant web site, and even though payment is accepted on the 3rd party web site, an SSL certificate is strongly recommended.

There are other ways to collect ACH and eCheck payments remotely, including our alternative service that enables businesses to push out payment requests via via email or text. This method is proven to increase loyalty as well as reduce time to collect payment and is available for an additional fee. It’s available both integrated or standalone.

eCheck Hosted Pay Page Vendor Selection:

The two key methods to process eChecks are FTP direct to the business bank and 3rd party check processor (Web Payments). With FTP, money is in the bank account when the batch is delivered. With traditional eCheck services money is delivered typically in 2-3 business days. In either case, a payment gateway or technology solution secures the data transmission and facilitates compliance with eCheck processing rules.

Vendor selection checklist- which do you need and which would be nice?

ACH with guarantee
ACH, no guarantee needed
Tokenization for quick repeat payments (no need to enter banking info each time, just select the account)
Accounting integration
Hosted pay page
Other payment types supported
Text payment request capability
Email payment request capability
Hosted pay page (only, no text or email)

Managing Costs with Online Payments:

If you’re just accepting eChecks, you’ll be surprised at just how cheap the service is. If also accepting credit cards, the hosted payment solution selected directly impacts the cost of credit card processing. For example, our solution with Smart Rate Selector automatically optimizes the transaction to qualify for the lowest rate. Compliance with rules are complex and few payment gateways have a solution to comply with every situation. With the right implementation, the cost of card not present transactions are often exactly the same as card present, and can be lower than if employees key enter transactions into a virtual terminal.

Free Hosted Pay Page Info:

Quick and easy to set up
Optional customer registration to store payment data for repeat purchases
Echeck / ACH directly to your bank overnight in most cases
Optional ACH with guarantee additional fee
If applicable, works with your existing merchant services account
Month to month service

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.