What is Auth Code 51, declined?

Posted on June 7, 2016 by Christine Speedy

A credit card processing response of Auth Code 51, is a decline for insufficient funds, the credit limit has been exceeded. What happens when the customer says, “there’s nothing wrong my Visa card, put it through again”? If put through again without a voice authorization, the merchant is at risk for chargeback of funds for invalid authorization.

Visa Product and Service Rules, 8.4.1.3 Original Credit Transactions – Prohibition against Clearing a Declined Transaction

An Originating Member must not send an Original Credit Clearing Transaction if it received a Decline Response to the corresponding Authorization Request.

Further information at page PSR-564, 11.1.16 Chargeback Reason Code 71 – Declined Authorization. NEW. Effective for Transactions completed on or after 15 April 2016,
A Transaction for which Authorization was obtained after a Decline Response
was received for the same purchase. This does not include an Authorization
Request that received a Pickup Response 04, 07, 41, or 43 or was submitted
more than 12 hours after the submission of the first Authorization Request.

This period is known as the black hole or dark period. For the first 12 hours after a decline, merchants should not attempt to process the same retail transaction. The reality is a consumer could simply walk away and go back to another cashier and try again. Some cloud based payment gateways will enable merchants to choose to prohibit multiple attempts in the black hole period.

Disclaimer: The rules of card acceptance are very complex. Merchants should read the manual for complete details regarding card acceptance for your business type.

Retailers Ask FTC to Investigate Credit Card Industry’s PCI Security Group for Antitrust Concerns

Posted on June 2, 2016 by Christine Speedy

WASHINGTON – The National Retail Federation today announced that it has asked the Federal Trade Commission to conduct an investigation into an organization founded by the credit card industry that sets data security standards, saying the group’s controversial practices raise antitrust concerns.

“We urge the FTC not to rely on PCI DSS for any purpose, particularly not as an example of industry best practices nor as a benchmark in determining what may constitute responsible data security standards in the payment system or any other sector,” NRF Senior Vice President and General Counsel Mallory Duncan said in a letter to FTC Chairwoman Edith Ramirez and other commission members.

The Payment Card Industry Security Standards Council is “a proprietary organization formed and controlled by a single industry sector – the major credit card networks” and “fails to meet any of the principles adopted by the federal government for voluntary standard-setting organizations,” Duncan said. “We believe you will conclude PCI itself is an inappropriate exercise of market power by the dominant U.S. payment card networks and PCI should not continue setting data security standards through its current processes.”

NRF’s request comes as the FTC is conducting an inquiry into how third-party companies perform assessments of PCI compliance by retailers and other businesses that accept credit cards. NRF understands that the FTC is also considering PCI requirements as an example of industry best practices.

The PCI council was formed in 2006 by the major credit card companies – Visa, MasterCard, American Express, Discover and JCB. It imposes its rules on millions of U.S. businesses but continues to be governed by an executive committee made up of representatives of only those five companies.

In a 19-page white paper submitted to the FTC, NRF said the card companies use their market power to “unfairly leverage their brands and proprietary technology through webs of closely controlled interdependent bodies and compliance regimes” including the council. While portrayed as voluntary, the Payment Card Industry Data Security Standard requirements set by the council are “forced upon businesses that cannot refuse to accept credit and debit cards.”

The council’s practices “raise antitrust concerns” for a number of reasons, including “general antitrust dangers when competitors collaborate on setting market standards” and “more targeted concerns insofar as they allow the networks to leverage their proprietary technology,” the paper said.

Among other concerns, PCI requirements act as “as an anticompetitive barrier to innovation” because they “exhaust” funds and other resources retailers have available for data security, the paper said.

NRF asked that the FTC investigate the council’s practices in general and particularly their impact on competition. The FTC should also reject government use of PCI standards as any benchmark for data security, and instead work with “legitimate U.S. standard setting bodies” such as the American National Standards Institute, NRF said.

NRF is the world’s largest retail trade association, representing discount and department stores, home goods and specialty stores, Main Street merchants, grocers, wholesalers, chain restaurants and Internet retailers from the United States and more than 45 countries. Retail is the nation’s largest private sector employer, supporting one in four U.S. jobs – 42 million working Americans. Contributing $2.6 trillion to annual GDP, retail is a daily barometer for the nation’s economy. NRF’s This is Retail campaign highlights the industry’s opportunities for life-long careers, how retailers strengthen communities, and the critical role that retail plays in driving innovation. NRF.com

Distributor EMV Credit Card Terminals – Profit busters, profit boosters

Posted on May 25, 2016 by Christine Speedy

Distributors have special needs for retail credit card processing to maximize profits and mitigate risk. Here we identify credit card terminals that are certain fall short on delivering in an EMV environment. The two most critical retail needs are requiring customers to comply with the highest security supported, and supporting level III processing. Additionally, P2PE, encrypting at the terminal head, is important for a security and compliance.

Only cloud payment solutions have the potential to meet the primary distributor retail processing needs. This precludes all First Data terminals, one of the most popular brands distributed, and similar devices. DISCLAIMER: comments are specifically regarding business to business needs, not all retail industry needs, and are not in any way intended to imply anything negative about the terminals.

The terminals below DO NOT meet the two most critical distributor needs to maximize profits.

Verifone vx520

Clover Mini by First Data

First Data FD35 EMV PinPad, attaches to a variety of FD terminals.

Ingenico iCT250 emv capable countertop terminal.

Magtek mini card swiper.

The terminals below have the POTENTIAL meet the two most critical distributor needs to maximize profits. Special certifications and payment gateway logic is required.

ingenico isc250 signature capture terminal

Ingenico isc250 EMV

Verifone MX915 EMV chip terminal

Fraud liability review for MasterCard, American Express, and Discover (credit and debit)

If the card is chip & sign, and the terminal is EMV only, the card issuer is liable
If the card is chip & pin, and the terminal is EMV without pin, or pin debit without EMV, the merchant is liable
If the card is chip & pin, and the terminal is EMV with pin, the issuer is liable
If the terminal supports EMV & pin, but the customer uses chip & sign, the merchant is liable. Acquirers generally support chip and pin bypass to chip and signature. Merchants should only use solutions that require the highest security on every transaction, including prohibiting customer bypass.
If the terminal supports EMV & pin, but the customer does chip & sign, the merchant is liable.

Merchants should only use solutions that require the highest security on every transaction, including prohibiting customer bypass.

If you want to enhance your customer experience, make a change that also maximizes profits too.

Christine Speedy, CenPOS global sales and integrated solutions reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS? secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting merchant banking relationships. Keep your processor, upgrade your technology! Quick and easy to implement with no long term contract.

Stopping Online Credit Card Testers

Posted on May 25, 2016 by Christine Speedy

Online credit card testing by fraudsters can dramatically drive up payment gateway fees. Historically, card not present financial fraud grows exponentially in countries after implementing EMV chip card processing, as thieves seek the weakest link for fake credit card purchases. Thieves use software to rapidly send cardholder data to payment web sites to verify if stolen cards are good, card testing, and since merchants pay a per transaction fee, regardless of approval, the financial impact can be devastating.

Companies with online pay pages are at increased risk. Since October 2015, online fraud attacks were up 11% 2015 Q4 Vs Q3, and up 215 percent from 2015 Q1. 83% of attacks involved botnets. Source: The Global Fraud Attack Index™, a PYMNTS/Forter collaboration. The preferred web pay pages have no login required, and provide detailed decline response reasons. I’m often asked by others in the industry to provide the latter, and for the same reason as for retail, it’s better than no one knows the reason for the decline. If you inform a criminal the expiration date is no good, they just need to figure out the right one.

PREVENTING ONLINE CARD TESTING

A layered approach is required to stop card testers since no single solution will stop fraudsters. Generally, the harder you make it, the more likely they will seek a path of less resistance.

Block known fraudulent incoming IP addresses. The bad guys also use hostile proxy servers, with dynamically changing IP addresses every authorization attempt, but this is still a first step everyone should employ.

For additional assistance, please contact us. I won’t make it easier for criminals by identifying all the tools here in the blog!

Why should B2B CFO’s, business consultants and accountants partner with a B2B payments consultant?

Posted on May 19, 2016 by Christine Speedy

Financial consultants from CPA’s to business advisors can increase profits by partnering with outside experts. A business to business payments consultant will help financial consultants differentiate services offered to win more business and increase retention. Get clients paid faster, cheaper, and more securely, and they’ll reward you with their loyalty and refer you more business.

REAL RESULTS FROM COMPANIES USING MY TECHNOLOGY

Reduced DSO from 45 days to 15 days
Reduced merchant fees 34%- with the same merchant account
Exposed long-term internal fraud by trusted employee at a $2B+ company
Reduced internal accounting staff by 20%
Reduced cashier staff by 30%
Improved customer experience, directly increasing revenue per customer, and manufacturer bonus rebates

My core expertise is cloud-based financial transaction technology critical to staying current with regulatory and compliance changes, and the resulting impact on risk management, cash flow, and EBITDA. Examples of payment acceptance types can include credit card processing, check processing, ACH, wire, and others.

Why Christine Speedy? The industry is loaded with people selling substandard payment acceptance solutions, particularly B2B merchant services because they don’t know any better or they put themselves first. For example,

Web developers tell you to use either authorize.net or Payflow Pro payment gateway because they’re ‘reliable’ and they’ve had good results. Yes, they’re reliable, but so are others that provide far better customer and merchant experiences, while also maximizing profits.
US banks don’t have retail solutions enabling B2B merchants to qualify for the lowest interchange rate possible for purchasing, business, and corporate cards so they sell substandard alternatives. For example, building supply and distribution companies that cater to businesses pay millions in extra fees because of inadequate technology.
Industry associations offer member benefits for services in which they profit share; these ‘exclusive trusted partners’ are kept at all costs, even if it’s not the best service for their members.
Merchant salespeople tell you it’s Ok to store credit card authorization forms in a locked file drawer. No, it’s not. It’s never ok to store sensitive cardholder data in any format, but they don’t have a solution to fix your reason for storing it.

You need a trusted, confidential resource.

WHAT I DO: Analyze, recommend, sell new or modify existing solutions

Part 1: What is the revenue picture?

Types and costs of payments accepted
How and where are payments accepted? Who touches? Credit, collections, and treasury management (risk, currency) reviewed.
Software and hardware
Security and PCI Compliance at a glance- I can typically uncover problems in 100% of businesses within 5-10 minutes of probing.

Part 2: What are merchant business priorities in next 3-6-12 months?

These do not have to be related to part 1, but are critical to understanding business.

Part 3: Action items

Based on account review and priorities, what are critical and non-critical action items? How will these impact efficiency, security, profits, customer experience? What vendor, hardware, software changes are recommended?

MERCHANT SERVICES WHAT YOU NEED TO KNOW NOW

US EMV chip card implementation is impacting every company that accepts credit cards, retail and card not present. This is the biggest change since Durbin (debit), and again, there’s loads of misinformation and poor recommendations being made.

TARGET MARKETS

Minimum $5M-100 annual revenue, sweet spot; Clients include $1M to $2B. Manufacturer, distribution, technology, dealer, anything B2B.

NO THANK YOU – No supermarkets, restaurants, education, fuel or travel agencies

FREE TEST – While credit card processing may be a small portion of cash flow in target markets, it’s also a pain point I can typically help with immediately. Send 2 consecutive merchant statements for any B2B company you’re satisfied is as profitable as possible. If you like my report, we can go deeper into full analysis.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.