EBA paves the way for open and secure electronic payments for consumers under the PSD2

Posted on by
Reply

The European Banking Authority (EBA) published today its final draft Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication. These RTS, which were mandated under the revised Payment Services Directive (PSD2) and developed in close cooperation with the European Central Bank (ECB), pave the way for an open and secure market in retail payments in the European Union.  

Following 18 months of intensive policy development work and an unprecedentedly wide number of stakeholders’ views and input, these final draft RTS are the result of difficult trade-offs between the various, at times competing, objectives of the PSD2, such as enhancing security, facilitating customer convenience, ensuring technology and business-model neutrality, contributing to the integration of the European payment markets, protecting consumers, facilitating innovation, and enhancing competition through new payment initiation and account information services.   

The EBA received 224 responses to its Consultation Paper, in which more than 300 distinct concerns or requests for clarifications were raised. In the feedback table published today as part of the RTS, the EBA has summarised each one of them and provided its assessment as to whether changes have been made to the RTS as a result of such concerns.   

In particular, one of the key concerns addressed by these final draft RTS relates to the exemptions from the application of strong customer authentication on the basis of the level of risk involved in the service provided; the amount and recurrence of the transaction; and the payment channel used for the execution of the transaction. In this respect, the EBA has introduced two new exemptions: one based on transaction-risk analysis based on defined fraud levels and the other for payments at so called ‘unattended terminals’ for transport or parking fares. The exemption on transaction risk analysis is linked to a predefined level of fraud and is subject to an 18-month review clause after the application date of the RTS.   

In addition, the EBA has also increased the threshold for remote payment transactions from EUR 10 to EUR 30, and has removed previous references to ISO 27001 and to other specific characteristics of strong customer authentication, so as better to ensure the technological neutrality of the RTS and to facilitate future innovations.    

With regards to the communication between account servicing payment service providers (ASPSPs), account Information service providers (AISPs) and payment initiation service providers (PISPs), the EBA has decided to maintain the obligation for the ASPSPs to offer at least one interface for AISPs and PISPs to access payment account information. This is linked to the PSD2 no longer allowing the existing practice of third party access without identification (at times referred to as ‘screen scraping’ or, mistakenly, as ‘direct access’) once the transition period provided for in PSD2 has elapsed and the RTS applies.   

However, in order to address the concerns raised by a few respondents, the final RTS now also require that ASPSPs that use a dedicated interface will have to provide the same level of availability and performance as the interface offered to, and used by, their own customers, provide the same level of contingency measures in case of unplanned unavailability, and provide an immediate response to PISPs on whether or not the customer has funds available to make a payment.  

Legal basis and background

The draft RTS have been developed according to Article 98 of the revised Payment Services Directive (EU) 2015/2366 (PSD2), which mandates the EBA, in close cooperation with the ECB, to draft Regulatory Technical Standards (RTS) specifying the requirements of the strong customer authentication (SCA), the exemptions from the application of SCA, the requirements with which security measures have to comply in order to protect the confidentiality and the integrity of the payment service users’ personalised security credentials, and the requirements for common and secure open standards of communication (CSC) between account servicing payment service providers, payment initiation service providers, account information service providers, payers, payees and other payment service providers (PSPs). The PSD2 provides that the RTS will apply 18 months after adoption of the RTS by the EU Commission as a Delegated Act.

Related documents:

Related links:

Dynamics AX Online Payment Services Expiring – Replacement

Posted on by
Reply

Dynamics users will need to make a major update soon. Effective January 1, 2018, Payments Services for Microsoft Dynamics ERP Payment Services, including any versions of Microsoft Dynamics AX, will be discontinued and users will be unable to process credit or debit transactions after December 31, 2017. CenPOS, an enterprise payment engine, offers an integrated alternative that works seamlessly with both AX and third party applications like Magento ecommerce.

Vendor selection for replacing Payments Services will directly impact profits, efficiency and customer experience. For example, how customers receive, retrieve, and pay invoices are all part of the payment processing ecosystem. Businesses will need an Integrated Service Vendor (ISV) with a PCI Compliant integrated payment gateway. Solution functions, and how they interact with Dynamics AX, varies widely by integration.

Payment processing is a specialized niche that ERP, ecommerce, and business consultants rarely have the in-depth knowledge to advise businesses of best options. In fact, significant new changes have been announced; for example, new requirements for recurring billing to include a unique reference to the initial authorization.

“The Payment processing knowledge gap has been exacerbated by an onslaught of new financial, card brand, and compliance rule changes that show no sign of letting up.” Christine Speedy, CenPOS

CenPOS, an enterprise payment gateway and merchant centric cloud processing platform, is an industry leader in payment processing globally. One of the first to market with both US EMV chip and pin, the CenPOS omnichannel solution maximizes cash flow and profits across all sales channels while improving the customer experience.

CenPOS Dynamics AX Fast Facts:

  • Accounts Receivable Flexibility: Process authorizations, payments and credits:
    • Sales Pickup – Will call, partial order as well as full delivery
    • Journal Entry for Project
    • Free Text Invoices
    • Return Orders
    • Credits, partial credits
    • Sales Orders – Cash and carry
  • Reconciliation Efficiency: automatic daily settlement, single deposit (dependent upon processor setup)
  • Payment types: Accept Check, ACH, credit card, wire, cash, Paypal (Varies by sales channel)
  • Sales Channels; Retail (US & Canada EMV), Electronic Bill Presentment & Payment (includes hosted customer invoice portal and automated collections), Ecommerce, Online Payments, other
  • Compatibility: Agnostic- works with most processors, including First Data, Chase Paymentech, Moneris, WorldPay and others.
  • B2B: Certified for level III processing all channels, including retail, a critical element in managing interchange rate qualification, the biggest cost of credit card processing.
  • Availability: Global

See CenPOS Dynamics AX integration in action here: video overview

CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

CenPOS SALES CONTACT: Christine Speedy, cspeedy AT cenposreseller.com 954-942-0483. Dynamics consultants encouraged to contact us to learn more.

Link: Microsoft Official Notice

myKaarma & Creditcall team up to accelerate EMV chip card adoption for car dealerships

Posted on by
2

Car dealers can now simply switch to EMV, providing their customers the most secure payment solution while benefiting from reduced PCI DSS scope.

NEW YORK, NEW ORLEANS, NADA100 (Booth #5501), January 27, 2017 – Creditcall, the omni-channel Payment Gateway and EMV Kernel provider, today announced that it now supports myKaarma, the cloud-based conversational commerce software that’s revolutionizing the auto service industry. myKaarma can now quickly and easily add EMV chip card acceptance to its dealership app by using the Creditcall payment SDK – ChipDNA – which is pre-certified with First Data, one of the leading U.S. processors and the Ingenico Group’s iPP 350 smart payment terminal. More processors and payment terminals will be added in the following months.

myKaarma enhances the retail experience for service departments of car dealerships. The myKaarma app gives the dealership the ability to offer the latest customer engagement technologies such as digital conversations (text, email, voice) and smart payment systems for online and mobile point of sale (POS) with auto-reconciliation, all in one application that seamlessly integrates with the dealerships’ current dealer management system (DMS).

ChipDNA is an omni-channel, EMV-ready payment gateway solution for mobile, online, in-store and self-service card payment acceptance. It is aimed at software developers and can be integrated into Android and iOS based mobile POS (mPOS) payment solutions as well as Windows and Linux semi-integrated environments. It includes a comprehensive terminal management system (TMS), remote key injection (RKI) and point to point encryption (P2PE) for the highest level of cardholder data protection. Developers can choose from 38 different device manufacturer and processor combinations which reduces integration time and resources without the need for complex and lengthy processor certifications.

“We wanted a partner who already had years of EMV experience and a proven solution, knowing if we had any bumps along the way”

– Ujj Nath, CEO at myKaarma

“We wanted a partner who already had years of EMV experience and a proven solution, knowing if we had any bumps along the way, our partner will be able to support us and meet our needs in a timely manner” said Ujj Nath, CEO at myKaarma. “By leveraging ChipDNA, we were able to spend more time making our software even more valuable to our customers, rather than spending time trying to navigate the complex requirements of EMV”.

“Many developers and merchants still assume that replacing an old swipe card reader with an EMV chip card reader equals EMV compliance” says Jeremy Gumbley, CTO at Creditcall. “The reality is that true EMV compliance requires upgrading the entire payment infrastructure, involving several parties and complex moving parts. Once completed, there is still an ongoing requirement for maintenance and updates to remain compliant. We are proud to offer ChipDNA, which allows software developers like myKaarma to avoid the majority of headaches and address EMV with one simple, fast and future-proof integration” Gumbley continues.

About MyKaarma

myKaarma is a conversational commerce software company for automotive dealerships that focuses on enhancing the retail service department experience. myKaarma’s platform gives dealers the ability to offer their customers 21st Century technology through digital conversations and smart payment systems. myKaarma was named as an official communications and payments partner for Mercedes-Benz USA.

About Creditcall

Creditcall provides the tools to enable secure payment acceptance in-store, self-service, online or mobile. From retail and hospitality, to parking, vending, transportation or charity applications, Creditcall’s omni-channel Payment Gateway and EMV Kernels are at the very heart of its partners’ businesses, enabling them to focus on what they do best.

Creditcall is an EMVCo Business and Technical Associate, a PCI SSC Participating Organization, a Mastercard accredited MEPSA company and member of the U.S. Payments Forum with offices in Bristol, UK and New York, USA.

Credit Card Expiration Updater & Recurring Billing

Posted on by
Reply

Are automated recurring billing transactions declining due to expired credit cards? This article identifies methods to automate credit card expiration updating for installment, fixed recurring, and variable recurring token billing transactions.

All credit cards on file are managed at the payment gateway level for PCI Compliance. The ‘token’ is the alpha numeric character set that replaces sensitive card data. Businesses have access to the token, but not the sensitive cardholder data, after it’s stored. With token management, users can update the credit card expiration date manually. No other fields can be modified. If the CVV – CID security code or card number changes, a new token is created for the new card.

Per rules of card acceptance, the actual expiration date must be used. There have been recurring billing software solutions on the market that simply change the expiration date for recurring transactions with expired cards, for example by changing the date by one year. This enabled transactions to go through with an authorization in some cases because the expiration date was not validated by the issuer. However, for chargeback rights, the expiration date must be provided by the Cardholder and must be correct.

Credit Card Expiration Date Updater Methods

  1. Self credit card updating. An email is generated by the recurring billing platform and or payment gateway alerting the cardholder of an upcoming expiration. The cardholder then self-updates their payment method via a web portal. While effective at reducing phone calls for updating, it still requires action by the busy cardholder, thus, many still go unattended until the point that a transaction fails. This impacts profits with attempted transaction fees, the time to manually reach out to customers, and cancellations; We all know that sometimes a customer pays for a service they do not use effectively, but don’t bother to cancel. Once they have to update their card… the revenue stream can be lost.
  2. Automated credit card updating via the card brands. Merchants must register for the service with their merchant services provider, and must have a payment gateway that supports the updater service. Visa and MasterCard charge a one time fee for registration. There’s also a fee per card updated, which varies by merchant services provider; typically, the provider will mark up for profit.

Credit Card Expiration Date Updater Costs

One-time Visa Account Updater (VAU) Setup fee $250, MasterCard Automatic Billing Updater Setup fee $350 per merchant account. The fee per update varies. For example, we charge $.09 as of this writing and clients have been quoted $.30 by other companies.

Recurring Billing Compliance Alert

Significant changes are coming to recurring billing. After the first authorization, all subsequent recurring billing transactions are to include a unique reference to the initial authorization. This must be managed seamlessly in the background at the payment gateway level. Adding a new field to the transaction process is significant and the challenges are likely on par with the launch of US EMV. Expect problems in the next 12-24 months as gateways struggle to comply with these requirements.

Refer to Visa Public Rules, and search for “recurring”, including section 5.9.9 Prepayments, Repeated Payments, and Deferred Payments, for more details.

CenPOS and Credit Card Expiration Date Updater

CenPOS, an enterprise payment gateway and merchant centric processing platform, supports the account updater services. As your CenPOS representative, I can activate the service on CenPOS for you, however, if your merchant services resides with a third party, you’ll still need to register through them. Before proceeding, contact Christine Speedy at 954-942-0483 for more information.

EBPP Improves Dealer Marketshare

Posted on by
Reply

Enhancing your customer experience involves many factors, and what happens when it’s time to pay is one of them, whether it’s online, in store or over the phone. The automotive and trucking industries have made significant investments to improve and measure their customer experiences, but failure to change payment technology creates differentiation for consumer choice. Electronic Bill Presentment and Payment, EBPP or EIPP, can create a more pleasant and secure consumer experience and can win dealers more marketshare.

eipp payment request

Body of email containing prefilled payment info, and link to securely pay online.

Let’s explore some examples. A dealer recently installed EMV chip card terminals. When a commercial account calls to order parts here are possible scenarios and repercussions:

  • The card number is key entered on the EMV chip terminal. Since the transaction is RETAIL, and the transaction was not swipe or chip, the dealer has no recourse if it’s fraud. Additionally, it will downgrade to the worst interchange rate, possibly doubling the cost to process the transaction. Some customers don’t like to spend the time going through the phone process, so the last touch with them is less than stellar.
  • The card number is key entered on a separate virtual terminal. If the transaction is MOTO, dependent upon merchant account configuration, the dealer has some fraud protection. Some customers don’t like to spend the time going through the phone process, so the last touch with them is less than stellar.
  • The customer gets a text message, or email, with a click to pay option. This is ideal because the customer is now in control of how and where they want to pay. Additional automated fraud controls like 3-D Secure Verified by Visa (VbyV) can be used. VbyV can mitigate risk, shifting fraud liability to the issuer, and sometimes also reduces the qualified interchange rate, depending on the card type.

If customers have multiple dealers to choose from, which will they go to? Millennial research shows they’ll switch for a better experience, and for them, that includes non-face-to-face interaction. Any dealer that wants to maximize customer satisfaction, and profits, must address the growing millennial demographic; they prefer to minimize personal interaction and use more digital technology as part of their purchasing experience. According to a Board of Governors of the Federal Reserve System March 2016 report, purchasing an item on their phone (42%) was one of the top three common mobile payment activities among mobile payments users with smartphones.

Christine Speedy is an authorized reseller of CenPOS, creating efficiencies through payment innovation. The CenPOS EBPP solution is available both integrated to ERP and other software, as well as standalone via a web browser.