Accept Payments Online

Winter Storm Jonas is a reminder of the importance for business to business companies to accept payments online. What if you have a desktop terminal, but staff is working from home? How can accounts receivable be reached for call in or fax payments? Cash flow and efficiency will improve with 24/7 online payments.accept payments onlineTo accept payments online via a self-serve 24/7 online payment form, a payment gateway is required to secure the transaction. The most popular non-integrated methods:

  1. Hosted pay page – merchant provides customers an email or web site link to make payments on the payment gateway hosted web page. Click here for hosted pay page example.
  2. Embedded payment object– the buyer stays on the merchant web site, with the gateway html code embedded as an iframe.

Online Payments FAQ

What is the rate? There are two service types: Payment gateway or bundled gateway with merchant account. For flexibility to change merchant accounts, which most businesses will do every few years, keep your gateway separate to minimize business disruption. When the merchant account changes, there’s no programming needed. Just update the gateway settings with the new merchant account information. Never, ever choose a payment gateway by comparing the cost per transaction. Instead, measure the net transaction cost, including gateway fees, for card types accepted. (Click here for online payments example of authorize.net vs CenPOS for business to business.) B2B companies need a gateway solution that supports level III processing and will help qualify transactions for the lowest rate.

How long does it take to get started? Usually 2-5 days after the decision has been made, from gateway sign up to accepting payments. The actual implementation time is minimal.

How do I know when someone makes a payment? An email is automatically sent with details. TIP: Create an email alias to a distribution list. For example, epay@mydomain.com.

Can my invoices be automatically marked as paid in my accounting software? With an integration, yes. Depending on your software, and the gateway, there may be a module available for quick and easy implementation.

Where can I view transaction reports? By logging in to the virtual terminal via a secure web browser, or in some cases, via mobile app.

Can customers save their credit card information? With most gateways, yes.

Is it PCI Compliant? All the major US payment gateways are PCI Compliant. Accepting payments online can improve PCI Compliance for merchants, as risky practices like credit card authorization forms are abolished.

Can customers pay with an echeck (ACH)? It depends on the gateway.

 

CAPK expired error messages on VeriFone EMV terminals

Getting a VeriFone EMV Vx520, FD55, Vx510, Vx570 CAPK expired error message? Visa has extended the EMV key’s expiration date from 12/31/2015 to 2022, and the terminal must be updated. Chip cards contain the issuers private keys which need to be verified by the card issuer’s public keys during online authorization requests.  The keys come from the Certification Authority Public Keys (CAPK), and they expire periodically. Your card reader will reject transactions (decline) when an incorrect or expired CAPK is used.

VX520 emv NFC verifone terminal

OPTION 1: UPDATE CAPK FILE ONLY via partial download

For the Vx520, Vx510, Vx570, start from the main screen (Sale/Refund/Void):

  • Press the ENTER button
  • Press F2 for setup
  • Enter the password *
  • Press ENTER
  • Press YELLOW Cancel button
  • Press far left PURPLE button (scrolls you through the menu)
  • F3 button should be “EMV Key Update” PRESS F3 (if you don’t see EMV Key Update, continue to scroll to find it)
  • The terminal will connect for the update and reboot to the main screen.

For the FD55, start from the main screen (Sale/Refund/Void):

  • Press the ENTER button
  • Press 1 for setup
  • Enter the password *
  • Press the ALPHA button 5 times
  • Press 3 for EMV Key Update
  • Press 1 to confirm update
  • The terminal will dial out, get the update and reboot to the main screen.

OPTION 1: FULL DOWNLOAD. In some instances the CAPK instructions listed above may cause the terminal to freeze or go into a constant reboot. If this should happen, please perform a full download of your terminal’s application and update the CAPK files immediately thereafter (standard step as part of the download process).

If you haven’t already downloaded the EMV file, then you do not need to download the CAPK update, as the file is included as part of the standard download process. For additional information about downloads, click here for the Verifone VX520 Reference Guide. (PDF download from Verifone web site)

If you still have problems or cannot perform the download, contact your acquirer.

*If you cannot resolve your issue with the information herein, contact your merchant services relationship manager or the help desk phone number on your merchant statement for support. We cannot help you fix your terminal via chat or any other method and that seems to bother some web site visitors.

  1. You’re paying another company to provide you service, not us. If you don’t like your existing credit card processor service from your acquirer and want to explore ours instead, we’d love to hear from you.
  2. We have no relationship with your business and merchant account- it’s not possible to provide you technical support.

ALERT SEPTEMBER 2019- Payment Card Industry (PCI) PIN Transaction Security (PTS) v3, used by the VX520 and many other terminals, expires April 30, 2020. Your terminal may need replacing.

Want to learn about replacement terminals or new merchant account options? Contact us for a consultation to determine the best solution, get a competitive price, and learn about alternative processing options if interested.Call Christine Speedy, 954-942-0483, 9-5 ET or click here.

Card Not Present Token Billing Best Practice & CenPOS Training

Ready to improve PCI Compliance with token billing? Step by step instructions for CenPOS card not present token billing including creating, modifying, and using tokens follows.

  1. In the virtual terminal admin, Create a new Role* or Modify an existing role to include token billing permissions, only for what the user is allowed to do. For example, if you employees are allowed to create tokens, but not conduct sales, check the Manage Token and Positive Card only.

    token billing roles

    Virtual Terminal administration- Partial list of permission options; token billing related items are checked

  2. Are email receipts available now? If no, send an email request to support via link on the virtual terminal login page. In the subject put: “your CenPOS MID” email receipt request. In the body, include all your contact info, the MID, and what email address you want receipts to come from.
  3. Prepare training worksheet for distribution
  4. Distribute Self-paced training checklist (10 minutes to complete) to all users
  5. Get documentation of all training- who, what, when. It may be useful as part of an overall PCI Compliance (Payment Card Industry Data Security Standards) plan to comply with section 12, Maintain an Information Security Policy.
  6. Assign users to the new roles with return of documentation
  7. If there’s any legacy cardholder data on file, plan it’s secure destruction

References: Token Billing Training Videos

*See CenPOS Virtual Terminal Manual for details on using Role Templates.

A sample document, created by Christine Speedy,  for training and documentation is available upon request.

3rd PARTY CREDIT CARD AUTHORIZATION FORM

Need a 3rd party credit card authorization form template? Don’t count on wikiform.org and other internet resources that scrape the internet for free content and then redistribute it. There’s no guarantee that anything published is accurate, legal, or virus free.

3rd party credit card authorization form

January 2016 3rd party credit card authorization form from Wikiform.org

What’s wrong with this form? For starters, according to PCI DSS 3.1 standards, section 4.2, it’s never OK to email cardholder data. That problem alone is so egregious, I won’t go into all the other problems, since the 3D Merchant blog has other articles addressing them. Best practice is to abolish paper credit card authorization forms altogether and replace with alternatives such as online payments or electronic bill presentment and payment. If a signature is desired, get it on the receipt, which contains critical data needed to defend a dispute; combining with signature on the sales order containing product description and confirmation for acceptance of return policy via a checkbox will make chargeback much harder.