PCI Compliance: Card Not Present Merchant Quick Checklist

Do you (even occasionally or temporarily) create, receive, or otherwise come to possess any paper records or receipts that contain cardholder data? The number one rule card not present merchants violate is a Merchant Must Not Request the Card Verification Value 2 data on any paper Order Form.

Do you make sure that you NEVER, EVER store the card-validation code or value (three-digit or four-digit number printed on the front or back of a payment card) used to verify card-not-present transactions after authorization (even if encrypted)?

Are strong cryptography and security protocols, such as SSL/TLS, IPSec, or SSH used to safeguard cardholder data during transmission over open, public networks?

For SSL/TLS implementations, does HTTPS appear as part of the browser Universal Record Locator (URL), and is cardholder data required only when HTTPS appears in the URL?

Are policies, procedures, and practices in place to make sure that you NEVER, EVER send unencrypted PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat)?

Do your access limitations require restriction of access rights to privileged user IDs to least privileges necessary to perform job responsibilities?

Do your access limitations require assignment of privileges to be based on individual personnel’s job classification and function?

Is your security policy established, published, maintained, and disseminated to all relevant personnel (for the purposes of Requirement 12, “personnel” refers to full-time and part-time employees, temporary employees and personnel, and contractors and consultants who are “resident” on the entity’s site or otherwise have access to the company’s site cardholder data environment)?

Is a formal security awareness program in place to make all personnel aware of the importance of cardholder data security?

Verifone MX915 multilane signature capture terminal EMV POS solution

Verifone MX915 signature capture terminal

Verifone MX915 signature capture terminal.

CenPOS now supports the Verifone MX915 signature capture terminal with a variety of point of sale solutions. While most new terminals in the market are EMV ready, CenPOS is EMV live with this Verifone multilane terminal.

To boost EMV adoption, MasterCard offers incentives beyond the EMV liability shift.  To participate, merchants must deploy hybrid EMV terminals (support of both contact and contactless interfaces), and 75% of card present transactions must be on them .(reference MasterCard white paper http://www.mastercardadvisors.com/_assets/pdf/emv_us_aquirers.pdf)

The Verifone can be used standalone with a computer, high speed internet and the CenPOS virtual terminal, or integrated with POS systems, including open source ERP retail POS solutions like OpenBravo. Merchants desiring integrated connectors should contact 3D Merchant services; the connectors are generally not available in POS add-on marketplaces.

Why CenPOS?

  • Processor neutral
  • Least cost routing and interchange optimization reduces merchant fees
  • Reduce PCI Compliance burden
  • One gateway for all sales channels
  • Tokenization supported all sales channels, even retail and mobile
  • Level III processing in retail – if you have commercial account customers, this will save a bundle in fees
  • Scalable: Enterprise user and role management
  • Cloud based reporting for centralized accounting
  • Merchant defined risk & fraud management tools

Level III processing in Quickbooks

Woohoo! Finally, a solution for B2B merchants wanting level III processing for corporate, purchasing, and business cards.  With our connectors, Quickbooks Pro, Premier and Enterprise users can process transactions with a regular merchant account and have invoices marked as paid, avoiding double entry of payment processing outside Quickbooks.

interchange management

Automated interchange management combined with level III processing maximize merchant profits.

Example of a wew low interchange rate a merchant transaction qualified for.

Example of a wew low interchange rate a merchant transaction qualified for.

All payment activity is on a separate level 1 PCI compliant server, removing the application from scope for PCI compliance. Optional electronic bill presentment and payment is also available, including with level III processing.

CenPOS certifies with Apple Pay and Google Wallet

cenpos payments logoCenPOS certifies with Apple Pay and Google Wallet, supporting the mobile payment technology on select multi-lane devices. Miami, FL (PRWEB) February 23, 2015.

CenPOS, a payment technology provider, today announced that it has certified Apple Pay and Google Wallet to its payment-processing platform. This new certification marks another milestone for CenPOS in its quest to provide their customer base around the globe with a rich payment acceptance offering. The Apple Pay and Google Wallet payment options are supported by CenPOS on the Verifone and Equinox multi-lane devices. Apple Pay and Google Wallet are transforming the mobile payment space for consumers and businesses alike by making it easy and secure for all parties.

The adoption of mobile payments continues to grow in record numbers. There are only 1.3 billion active credit and debit accounts globally, but considering that there are more than 5 billion active mobile phone accounts, there is potential for widespread application of mobile payments, according to Omlis, a global mobile payments solutions provider. Mobile transactions have almost doubled since last year, now accounting for 17% of transactions made. Juniper Research predicts that this trend will continue to rise and will reach 450 million mobile payment consumers by 2017. The global adoption of mobile payments is on an upward curve, but traction is dependent on consumers’ access to technologies, varying lifestyle choices, and economic factors.
“We are delighted to bring these new services to our clients and enable them to offer their consumers with new and innovative payment options” commented German Gonzalez CenPOS’s Co-Founder and Chief Technology Officer. “Today we are one of the very few payment processors in the US that is both EMV and 3D Secure certified. We continue to drive our products, services and solutions to meet merchant, consumer and partner needs. Our entire team is passionate about delivering value and value add services to our clients; more importantly, always being on the leading edge of technology”, added Gonzalez.
About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. For additional information please call 877.630.7960.

###

For CenPOS sales and software integrations, contact Christine Speedy, authorized CenPOS global reseller. 954-942-0483

Intuit Merchant Services vs Regular Merchant Account With Quickbooks

Intuit merchant services has pros and cons, like all credit card processing solutions. This review will help you make the best choice for a merchant account.

Intuit Merchant Services vs Regular Merchant Account

There are two main differences:

  1. Price structure. Intuit has a flat percentage and per transaction for key entered and one for swiped. For example, the Intuit keyed rate is 3.40% + $.25 + $.10 address verification service or AVS. A regular merchant account includes interchange and a bunch of other fees. Even though those ‘other’ fees could add up to .10% or more, the overall effective rate (fees divided by costs) is normally always lower than the Intuit effective rate for merchants on ‘pass through’ pricing like offered here. As shown in the image below, interchange starts at .05%.

    interchange rates

    Actual interchange rates for a business to business merchant.

  2. Cash flow. Intuit nets fees from every sale. For example, using the keyed rate of 3.40% + $.25 + $.10 avs, for a $100 key entered transaction, the Intuit merchant receives a $96.25 deposit the next day. It’s possible the amount varies due to international fee etc. With a regular merchant account, the merchant receives $100 deposit within 1- 2 business days, and at the end of the month, pays the total months fees via ACH.

Extra Intuit fees are found in INTUIT QUICKBOOKS PAYMENTS PRICING SCHEDULE. The only fee that stands out is AVS, or address verification service, at $.10 each; it’s at least 100% more than regular merchant accounts, and since merchants should supply AVS for all card not present transactions, add it in as a hard cost per transaction when comparing options. The rest of the fees are in line with costs anywhere.

How do the differences impact merchants?

A company with $1,000,000 in credit card sales might have an effective rate between 1.3% and 2.75%, depending on business type etc. A 1% drop in effective rate equals $1000 in savings for this example. More importantly, merchants can preserve cash flow by paying fees after the month is over, and keep reconciliation clean with fees applied to COGS once per month, vs every transaction.

For very small businesses, it almost doesn’t make any difference who the merchant uses for processing. The effective rate is 3.75% in the example above. If you run the numbers with fees from Costco and others, it will end up being relatively the same, and most importantly, a small difference, isn’t really going to make a bid difference in the overall fees paid; a .1% difference on $100,000 is $100 per year. I think a small business should focus more on growing revenues than fretting over fees.

Managing credit card payments within Quickbooks vs regular merchant account

Options:

  1. Intuit merchant services applies payments to invoices and sales receipts. Quickbooks mobile GoPayment. The last user report received was that QB created a new customer for any unrecognized cardholder and this was problematic, because the merchant already has the customer registered under a company name. This problem is common with both Quickbooks and some 3rd party solutions.
  2. Merchants use a regular merchant account and process transactions, such as a virtual terminal, ecommerce store, or mobile device. With 3rd party transaction importer software, the merchant downloads transactions much like downloading bank transactions. This software can be a one time fee, annual fee, or SaaS with recurring billing. Merchants with higher volume, multichannel, or needing special payment solutions can use this. Typically the software provides more control for importing, including matching to existing QB data.
  3. Process transactions within Quickbooks, using a 3rd party application. To reduce PCI Compliance burden, the merchant experience is that they’re in QB, but the payment activity is occurring via a 3rd party secure payment gateway, connected to a regular merchant account. The benefits are more control and flexibility, with the efficiency of working within Quickbooks and automatically marking invoices as paid etc.  There’s nothing that Quickbooks does that cannot continue to be completed within Quickbooks with the integration, or that cannot be enhanced with the 3rd party integration, including electronic bill presentment and payment. Some differentiators for B2B include payment types supported (check, ACH, wire, credit card, Paypal and more); delivery methods- text, email, other, automated reminders- 30 days or on your schedule, cardholder authentication-3-D Secure shifts fraud liability to issuer.  For any sizable business, efficiencies and cost savings will outweigh the costs of the gateway, solution, and merchant account fees.

Need help making the right choice? The best solution is not the same for every business. There are many factors including business type, how and where you accept payments, whether you have aging accounts receivable and more. Check processing was not covered here, but it’s the same concept.

Quick buying guides:

  • If your business processes less than $100,000 annually, stick with whatever you have and focus on growing the business.
  • If you don’t use Intuit merchant services now, and are key entering every record from your 3rd party processor, it’s worth exploring options.
  • If you process $1,000,000 or more annually, the benefits are well worth the time to make a change. Call 954-942-0483 for a FREE consultation for a regular merchant account with Quickbooks integration.  “I’ve used them all, and I’ve been a Quickbooks user for over 15 years,” says Christine Speedy, owner of 3D Merchant Services. “In about 5 minutes, I can ascertain whether it’s worth exploring alternatives, or give merchants peace of mind they have the right solution for their business.”