EMV chip terminal for Microsoft Dynamics RMS

What are RMS user options for EMV terminals? Here’s four options for merchants to choose from while waiting for RMS integrated EMV terminal; as of August 24, 2015, there are no gateways driving US EMV certified terminals yet.

Which is best EMV terminal for RMS users to accept chip cards today?

emv smart card

EMV chip smart card.

Which option would you choose?

  1. Choose working virtual terminal and US EMV Verifone MX915 certified terminal with signature capture, hoping the gateway gets integrated into RMS later?  Or use it short term, and switch later if another option is integrated first?
  2. Choose a payment gateway that’s working on EMV certification and RMS integration with unknown ready date? hopefully will add 3-D Secure?
  3. Wait and see? The challenge is time. The closer it gets to Ocober 1, the harder it may be to procure terminals (shortages have been common all year), implement & train etc. Additionally, merchants may have stability challenges with gateways that are integrating terminals for the first time.
  4. Buy a countertop terminal with EMV certified pinpad, and use non-integrated? The units certified will vary by payment processor. This is probably the last choice, because it can never be integrated later.

Today, card issuers bear the fraud loss if they give merchants authorization to accept the payment for a counterfeit card at the point of sale. Merchants never know about this fraud because the processor/acquirer automatically manages the response. Starting October 1, this process no longer applies. If merchant doesn’t support EMV, but the card issuer does, the acquirer is liable and can immediately chargeback the merchant’s bank account via ACH. What’s the financial risk? Nobody knows, but an estimated 63% of card present fraud losses were covered by issuers in 2012.

UPDATE 2016: Contact us for Microsoft Dynamics RMS EMV certified solutions today!

Can you recommend a PCI Compliant policy for storing credit cards?

Distributors and manufacturers can overcome PCI Compliance issues with better awareness of rules, and cost efficient solutions to ease PCI burden. A review of key problems and solutions will help companies with internal credit card authorization and storage policies. For credit card processing, a virtual terminal or integrated gateway, is the only cost efficient and secure option for these business types.

It’s never Ok to store credit card forms that have the CVV2, or security code, on them. It’s also never Ok to store CVV2 electronically in any format, encrypted or not. This is both a card acceptance and PCI Compliance 3.0, section 3 Protect Cardholder Data, problem. For any recurring charges, including variable, merchants only need to validate the CVV one time for a fraud check, and then never again. This is easily accomplished with a zero dollar authorization, however not all gateways support this feature.

The best paper credit card authorization form, is one that doesn’t have full card data, or better yet, doesn’t exist at all. If sales reps in the field are getting card numbers to be charged later, consider a mobile payment app that let’s them swipe and create a token, using a P2P encrypted reader. That way card data is never exposed at any point in time. Instead of getting card numbers over the phone, empower customers to self pay or store card data using online payment solutions, including either a hosted online pay page or electronic bill presentment and payment (EBPP). Use this to also eliminate credit card data in emails, which is another PCI Compliance problem.

Need to keep a card stored on file that you initiate charges on? It’s indefensible with today’s technology to have credit card data on paper, and it’s risky to use your own encrypted media. Tokenization, a payment gateway service for merchants to remove sensitive data from their environments, is the best practice for security and PCI Compliance.

Some businesses want a signature on file. A sales receipt is generated with almost any online payment solution and merchants can require a customer to print and sign it, or to simply forward the email receipt from company email address with typed name approving it. For recurring billing, choose a payment gateway that generates a PCI Compliant recurring billing authorization form. They’re useless if stolen, and contain all the right language for credit card authorization. It should be supplemented by a signed document with your own custom business terms and conditions, and limitations for duration and maximum charge amounts allowed. Merchants might also get a signed sales order with all terms and conditions, plus the token ID the customer has agreed you’ll charge to.

Third-party credit card authorization doesn’t exist as far as card issuers are concerned. It’s specifically written in the cardholder terms that they cannot allow any third party to use their card. Any form a merchant creates authorizing other parties is at risk for future disputes. The merchant can eliminate the risk by having the company issue purchasing cards for each buyer, or mitigate risk by sending the sales receipt automatically to the cardholder and asking the buyer to confirm receipt per T’s & C’s.

A huge problem is managing old stored data created prior to new PCI Compliance rules. The reality is, the merchant is not PCI Compliant as long as the old stuff exists. That likely means someone will need to be assigned to identify all the past ways that credit card numbers were captured. For electronic, IT will need to get involved to securely remove old data. There are tools to search emails and servers for card data as well.

PCI 3.0, in effect now, requires merchants not only are PCI compliant at a point in time, but that there’s a plan in place for monitoring and inspecting. Whoever is cleaning up the old problems should document who, what, where, how and when activities were identified and or completed, and continually add this to the master PCI file.

References:

Payment Card Industry (PCI) Data Security Standard, v3.1, pg 36 CVV
Visa Core Rules, October 2014 page 266, Merchant Must Not Request the Card Verification Value 2 data on any paper Order Form

 

PCCharge Replacement With EMV Certified Terminals

What can merchants replace PCCharge with? How would it impact your business if PCCharge suddenly stopped working? October 1, 2015 is end of life and end of support, so planning replacement is critical. Because it’s also the same date as EMV liability shift, merchants will want to update to EMV and NFC compatible solutions to optimally serve customers.

Verifone PCCharge is Windows based software program which uses an internet connection to process transactions. It’s compatible with all acquirers (credit card processors), and the ‘wedge’ card reader is the most common retail set up. magtek mini card swiperThere are no similar EMV certified card readers certified to any processor currently.  Because EMV transactions require customers to hold onto their card for the transaction, no change is anticipated.

Option one is a cloud based solution called a virtual terminal. Unlike PC software, the gateway is always up to date; merchants login to a secure web page or to integrated POS software. All virtual terminals use an internet or cloud based payment gateway.

Payment Gateways quick facts:

  • Certified to each processor
  • Certified for functionality, including card brand, transaction type, level III processing, contactless (Applepay for example) and even industry (retail, restaurant)
  • EMV requires a special certification: each credit card terminal is certified to each processor
  • Functions vary widely. Some are very much like desktop terminals but with data now web accessible, and others are intelligent platforms with a variety of merchant efficiency, security, and profit optimization benefits.

Payment gateway overview:

Each processor has their own gateway. For example, First Data Global GatewaySM  e4 or Paymentech Orbital® Payment Gateway. There’s also independent or third party gateways. For example, CenPOS or Authorize.net. Third party gateways provide flexibility to change processors at will without disrupting operations, among other benefits. For all non-integrated solutions, the payment gateway manages the consumer facing terminal.

EMV Certified Terminal Confusion:

Semantics is a big problem surrounding EMV today. The hardware is first EMV level 1 and level 2 approved. Then the hardware has to be EMV certified to work with each processor. If there’s a gateway, the gateway has to certify each terminal to each processor. Marketing messages like ‘get you EMV ready’ and ‘EMV capable’ make it very unclear which solutions merchants can actually turn on and process an EMV transaction today vs get you capable to process in the future when certifications are complete. For this reason, merchants must be very specific in asking whether they can accept EMV transactions immediately for any solution purchased.

Payment gateways with certified US EMV terminals:

verifone MX915 EMV terminal

Verifone MX915 multilane signature capture terminal

  • CenPOS: Verifone MX 915, certified First Data, certified TSYS*, Chase Paymentech. Ingenico iSC 250. This article will get outdated fast. Contact us for the latest certifications.

As of 10/29/15 there are virtually no gateways with US EMV certified terminals other than CenPOS.

* TSYS provides flexible connectivity options for all the big acquirers. By certifying to TSYS, merchants can use the certified solution with First Data, Vantiv, NPC, Paymentech, Moneris, Global, Heartland, Elavon and others.

Option two is a countertop or desktop terminal:

Verifone VX520 VX805 EMV terminal

Verifone VX520 with VX805 EMV terminal

Because the EMV transaction requires more memory than in the past, older countertop terminals cannot support EMV, even with an added pinpad. First Data has their own proprietary equipment; Verifone is one of the most popular brands for use with all acquirers, including First Data. The Ingenico iCT220 and iCT250 are also add on peripherals. Countertop terminals, and most gateways, do not support level III processing, critical for business to business merchants to lower merchant fees.

In summary, merchants can replace PCCharge with a universal payment gateway with certified EMV terminal, with a proprietary payment gateway that has certified EMV terminal, or with a countertop terminal, often with a separate EMV peripheral. It’s very important to ask any equipment supplier if they unit is certified for use today vs in the future.

WHICH IS THE BEST EMV SOLUTION TO REPLACE PCCHARGE?

  1. For business to business, there is only one solution that meets all B2B business needs: CenPOS.
  2. For multi-location retail, and big ticket  or high risk sales (electronics, auto parts), CenPOS.
  3. For mom and pop retail, the VX520
  4. For restaurant, quickstop and grocery, I don’t know, I don’t have experience in those industries.

If your business processes more than $1M annually and you need help with EMV, contact us.

Free and cheap EMV terminal

Verifone VX520 VX805 EMV terminal

Verifone VX520 terminal with VX805 EMV, NFC, debit pinpad.

Need a cheap EMV certified credit card terminal? For small business to consumer retail operations, new promotional prices range from $0 to $149, with a new merchant account. Which EMV terminals, who’s eligible and who are these terminals best for ?

US EMV TERMINAL DEALS

  • FREE EMV terminal rental with new merchant account
  • $99 Verifone VX520 standalone contact
  • $149 Vx520 + Vx805 Pin Pad, supporting contactless EMV, NFC, pin debit
  • $49 Vx805 Pin Pad standalone

ELIGIBLE BUSINESSES

New customers only; new merchant account required for all promotional deals. For business to consumer retail customers only, including apparel, gift, and specialty retail stores. Exclusions: no restaurant, supermarket, travel agent or quickstop.

RECOMMENDATIONS

Small business consumer 100% retail operations with single store may be OK with this terminal, depending on volume and other factors. EMV should also be balanced with PCI. Businesses with mix of retail and MOTO, or that have corporate customers such as building supply or auto parts, are likely better served with other options. For other business types, and integrated POS with EMV, contact us for free consultation.

Free EMV terminals

emv smart card

EMV chip smart card.

Did your bank offer you a deal for $200 off an EMV terminal? Or another merchant services provider? Beware, everything that’s free comes with a price. Since there are so few terminals that are actually EMV certified, vs EMV capable terminals to accept chip cards, merchants can easily be pushed into the wrong solution for your business.

Distributors, manufacturers and any company that has a commercial account component (business to business), or that has a a mix of card not present and retail, should NOT use any desktop terminal. This will cost merchants a fortune in extra merchant fees that could be avoided with the right solution. Additionally, risk of increased losses from fraud could also rise.

Free terminals are not really free. The merchant account has to generate enough revenue to pay for it. If you were offered a free EMV terminal, we’ll price match your written offer, but more importantly, we’ll provide sound business advice for distributors, manufacturers, B2B, including HVAC and building supply companies.

We offer solutions that will work with your existing merchant account. Due to our many financial relationships, we’ll help you choose the best EMV terminal for your business needs, looking at the whole picture. 90% of merchant services salespeople only have one option, so that’s all they recommend, whether it’s the best or not.