Accept Payments Online

Posted on January 25, 2016 by Christine Speedy

Winter Storm Jonas is a reminder of the importance for business to business companies to accept payments online. What if you have a desktop terminal, but staff is working from home? How can accounts receivable be reached for call in or fax payments? Cash flow and efficiency will improve with 24/7 online payments.To accept payments online via a self-serve 24/7 online payment form, a payment gateway is required to secure the transaction. The most popular non-integrated methods:

Hosted pay page – merchant provides customers an email or web site link to make payments on the payment gateway hosted web page. Click here for hosted pay page example.
Embedded payment object– the buyer stays on the merchant web site, with the gateway html code embedded as an iframe.

Online Payments FAQ

What is the rate? There are two service types: Payment gateway or bundled gateway with merchant account. For flexibility to change merchant accounts, which most businesses will do every few years, keep your gateway separate to minimize business disruption. When the merchant account changes, there’s no programming needed. Just update the gateway settings with the new merchant account information. Never, ever choose a payment gateway by comparing the cost per transaction. Instead, measure the net transaction cost, including gateway fees, for card types accepted. (Click here for online payments example of authorize.net vs CenPOS for business to business.) B2B companies need a gateway solution that supports level III processing and will help qualify transactions for the lowest rate.

How long does it take to get started? Usually 2-5 days after the decision has been made, from gateway sign up to accepting payments. The actual implementation time is minimal.

How do I know when someone makes a payment? An email is automatically sent with details. TIP: Create an email alias to a distribution list. For example, epay@mydomain.com.

Can my invoices be automatically marked as paid in my accounting software? With an integration, yes. Depending on your software, and the gateway, there may be a module available for quick and easy implementation.

Where can I view transaction reports? By logging in to the virtual terminal via a secure web browser, or in some cases, via mobile app.

Can customers save their credit card information? With most gateways, yes.

Is it PCI Compliant? All the major US payment gateways are PCI Compliant. Accepting payments online can improve PCI Compliance for merchants, as risky practices like credit card authorization forms are abolished.

Can customers pay with an echeck (ACH)? It depends on the gateway.

CAPK expired error messages on VeriFone EMV terminals

Posted on January 13, 2016 by Christine Speedy

Getting a VeriFone EMV Vx520, FD55, Vx510, Vx570 CAPK expired error message? Visa has extended the EMV key’s expiration date from 12/31/2015 to 2022, and the terminal must be updated. Chip cards contain the issuers private keys which need to be verified by the card issuer’s public keys during online authorization requests. The keys come from the Certification Authority Public Keys (CAPK), and they expire periodically. Your card reader will reject transactions (decline) when an incorrect or expired CAPK is used.

OPTION 1: UPDATE CAPK FILE ONLY via partial download

For the Vx520, Vx510, Vx570, start from the main screen (Sale/Refund/Void):

Press the ENTER button
Press F2 for setup
Enter the password *
Press ENTER
Press YELLOW Cancel button
Press far left PURPLE button (scrolls you through the menu)
F3 button should be “EMV Key Update” PRESS F3 (if you don’t see EMV Key Update, continue to scroll to find it)
The terminal will connect for the update and reboot to the main screen.

For the FD55, start from the main screen (Sale/Refund/Void):

Press the ENTER button
Press 1 for setup
Enter the password *
Press the ALPHA button 5 times
Press 3 for EMV Key Update
Press 1 to confirm update
The terminal will dial out, get the update and reboot to the main screen.

OPTION 1: FULL DOWNLOAD. In some instances the CAPK instructions listed above may cause the terminal to freeze or go into a constant reboot. If this should happen, please perform a full download of your terminal’s application and update the CAPK files immediately thereafter (standard step as part of the download process).

If you haven’t already downloaded the EMV file, then you do not need to download the CAPK update, as the file is included as part of the standard download process. For additional information about downloads, click here for the Verifone VX520 Reference Guide. (PDF download from Verifone web site)

If you still have problems or cannot perform the download, contact your acquirer.

*If you cannot resolve your issue with the information herein, contact your merchant services relationship manager or the help desk phone number on your merchant statement for support. We cannot help you fix your terminal via chat or any other method and that seems to bother some web site visitors.

You’re paying another company to provide you service, not us. If you don’t like your existing credit card processor service from your acquirer and want to explore ours instead, we’d love to hear from you.
We have no relationship with your business and merchant account- it’s not possible to provide you technical support.

ALERT SEPTEMBER 2019- Payment Card Industry (PCI) PIN Transaction Security (PTS) v3, used by the VX520 and many other terminals, expires April 30, 2020. Your terminal may need replacing.

Want to learn about replacement terminals or new merchant account options? Contact us for a consultation to determine the best solution, get a competitive price, and learn about alternative processing options if interested.Call Christine Speedy, 954-942-0483, 9-5 ET or click here.

Card Not Present Token Billing Best Practice & CenPOS Training

Posted on January 12, 2016 by Christine Speedy

Ready to improve PCI Compliance with token billing? Step by step instructions for CenPOS card not present token billing including creating, modifying, and using tokens follows.

In the virtual terminal admin, Create a new Role* or Modify an existing role to include token billing permissions, only for what the user is allowed to do. For example, if you employees are allowed to create tokens, but not conduct sales, check the Manage Token and Positive Card only.
Virtual Terminal administration- Partial list of permission options; token billing related items are checked
Are email receipts available now? If no, send an email request to support via link on the virtual terminal login page. In the subject put: “your CenPOS MID” email receipt request. In the body, include all your contact info, the MID, and what email address you want receipts to come from.
Prepare training worksheet for distribution
Distribute Self-paced training checklist (10 minutes to complete) to all users
Get documentation of all training- who, what, when. It may be useful as part of an overall PCI Compliance (Payment Card Industry Data Security Standards) plan to comply with section 12, Maintain an Information Security Policy.
Assign users to the new roles with return of documentation
If there’s any legacy cardholder data on file, plan it’s secure destruction

References: Token Billing Training Videos

Manage Token – https://www.youtube.com/watch?v=lHyKaEM9FBc
Use Token – https://www.youtube.com/watch?v=blAnvG2Vd7A
Use Token with level 3 commercial card https://www.youtube.com/watch?v=s6eUEeWcm5k
Modify Tokens – https://www.youtube.com/watch?v=7PxCDgP5noc
Positive Card Verification – https://www.youtube.com/watch?v=-04uyTvLdBs

*See CenPOS Virtual Terminal Manual for details on using Role Templates.

A sample document, created by Christine Speedy, for training and documentation is available upon request.

3rd PARTY CREDIT CARD AUTHORIZATION FORM

Posted on January 11, 2016 by Christine Speedy

Need a 3rd party credit card authorization form template? Don’t count on wikiform.org and other internet resources that scrape the internet for free content and then redistribute it. There’s no guarantee that anything published is accurate, legal, or virus free.

January 2016 3rd party credit card authorization form from Wikiform.org

What’s wrong with this form? For starters, according to PCI DSS 3.1 standards, section 4.2, it’s never OK to email cardholder data. That problem alone is so egregious, I won’t go into all the other problems, since the 3D Merchant blog has other articles addressing them. Best practice is to abolish paper credit card authorization forms altogether and replace with alternatives such as online payments or electronic bill presentment and payment. If a signature is desired, get it on the receipt, which contains critical data needed to defend a dispute; combining with signature on the sales order containing product description and confirmation for acceptance of return policy via a checkbox will make chargeback much harder.

Updating credit card expiration dates for recurring billing – card updater

Posted on December 30, 2015 by cspeedy

What happens when a credit card expires for your customer or nonprofit donor who is set up on recurring billing? Card account information changes for many reasons including expirations, compromised, lost, stolen, upgrades, and card product changes. There’s a huge turnover in credit card numbers every year, and with US EMV implementation, millions of cards are being replaced with newer chip cards. A card updater service automates updating cards for recurring billing. The card brands, including Visa and MasterCard, have a card updater solution to benefit those making the payments, and the merchants who receive them.

Visa Account Updater (VAU) enables the automatic electronic exchange of updated account information among participating Merchants, their Visa Merchant Bank, and Visa card Issuers in North America and Europe. MasterCard Automatic Billing Updater does the same for their brand. U.S. for Discover transactions, and American Express does not support.

All parties must be approved for the service. The acquirer (your merchant services provider), the payment gateway (where billing tokens reside), and the merchant.

How does card updater service work?

Participating issuers submit their account changes to the Updater database.
Registered merchants submit their billing files inquiries to their acquirer. (Tokens sent from the gateway)
Acquirers submit the billing file inquiries to the Automatic Updater database.
Acquirers return updated account inquiries records to their specific merchants.
Merchants update their billing files (gateway updated) with the changed account information, and have more successful billing

How can merchants sign up for service?

To get started with a card updater service for recurring billing, contact your credit card processor (merchant services provider). Requirements:

Complete paperwork for each participating card brand via merchant acquirer aka credit card processor.
Register for the service with acquirer
Wait up to 8 weeks for the card brands to respond with approval

How much does the card updater service cost?

There’s an application fee for each brand. Like merchant services, fees are negotiated. I’ve heard of large non-profit software solutions companies charging as much as $.30 per record updated. My merchants pay pass through costs of $0.09 per transaction, and one time Visa Setup fee $250, MC Setup fee $350 per merchant account.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.