How to get CVV2 and be PCI Compliant: request a payment

Posted on by
2
Credit card authorization form pci

Credit card authorization form example is not PCI Compliant.

According to Visa Core Rules, October 2014 page 266, Merchant Must Not Request the Card Verification Value 2 data on any paper Order Form. So how can a merchant get the CVV for card not present customers?  Online payments, request a payment and electronic bill presentment and payment all solve the problem. Below are solutions possible with CenPOS, a merchant centric payment processing platform. Other payment gateways may not have the same functionality.

Online payments, passive:

hosted paypage online payments

  • Secure hosted pay page is managed by the payment gateway so payment data never touches merchant web servers.
  • Customers can store card data for charges to be applied later. In this case, the user registers, creating an account so they can manage payment methods including ACH, credit card and wire. A zero dollar authorization is performed when a credit card is stored, and CVV can be validated. Once validated, it’s never needed again, and therefore is never stored.  A random token ID is generated, which both the cardholder and merchant can see, but neither will ever have access to sensitive data again. The cardholder can also update the expiration date, but if the CVV changes with a future card replacement, then a new token must be created.
  • Customer can make payments for any amount without logging in.

Request a Payment or Electronic Bill Presentment and Payment (EBPP or EIPP), proactive.

  • Reduces accounts receivable friction.

EBPP Electronic Bill Presentment & Payment

  • Non-Integrated – Merchants use the CenPOS EBPP portal to create the payment request, including optional invoice detail. The customer is sent a text and or email with a payment link.
  • Integrated – same as above, except the invoice is sent from accounting or financial software such as ERP.

With EBPP, customers have a portal to pay multiple invoices, view payments, download invoices, and manage payment methods.

At a minimum, merchants with card not present customers should offer online payments as a way to enable customers to securely pay a bill. If a signature is required, have the customer print and sign the receipt, and email that authorization back, which is more valuable than traditional credit card authorization forms.

Need a secure solution but don’t want to change your merchant account? No problem. Contact Christine Speedy for secure, cost effective and efficient solutions.

PCI Compliance: Card Not Present Merchant Quick Checklist

Posted on by
Reply

Do you (even occasionally or temporarily) create, receive, or otherwise come to possess any paper records or receipts that contain cardholder data? The number one rule card not present merchants violate is a Merchant Must Not Request the Card Verification Value 2 data on any paper Order Form.

Do you make sure that you NEVER, EVER store the card-validation code or value (three-digit or four-digit number printed on the front or back of a payment card) used to verify card-not-present transactions after authorization (even if encrypted)?

Are strong cryptography and security protocols, such as SSL/TLS, IPSec, or SSH used to safeguard cardholder data during transmission over open, public networks?

For SSL/TLS implementations, does HTTPS appear as part of the browser Universal Record Locator (URL), and is cardholder data required only when HTTPS appears in the URL?

Are policies, procedures, and practices in place to make sure that you NEVER, EVER send unencrypted PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat)?

Do your access limitations require restriction of access rights to privileged user IDs to least privileges necessary to perform job responsibilities?

Do your access limitations require assignment of privileges to be based on individual personnel’s job classification and function?

Is your security policy established, published, maintained, and disseminated to all relevant personnel (for the purposes of Requirement 12, “personnel” refers to full-time and part-time employees, temporary employees and personnel, and contractors and consultants who are “resident” on the entity’s site or otherwise have access to the company’s site cardholder data environment)?

Is a formal security awareness program in place to make all personnel aware of the importance of cardholder data security?

Verifone MX915 multilane signature capture terminal EMV POS solution

Posted on by
1
Verifone MX915 signature capture terminal

Verifone MX915 signature capture terminal.

CenPOS now supports the Verifone MX915 signature capture terminal with a variety of point of sale solutions. While most new terminals in the market are EMV ready, CenPOS is EMV live with this Verifone multilane terminal.

To boost EMV adoption, MasterCard offers incentives beyond the EMV liability shift.  To participate, merchants must deploy hybrid EMV terminals (support of both contact and contactless interfaces), and 75% of card present transactions must be on them .(reference MasterCard white paper http://www.mastercardadvisors.com/_assets/pdf/emv_us_aquirers.pdf)

The Verifone can be used standalone with a computer, high speed internet and the CenPOS virtual terminal, or integrated with POS systems, including open source ERP retail POS solutions like OpenBravo. Merchants desiring integrated connectors should contact 3D Merchant services; the connectors are generally not available in POS add-on marketplaces.

Why CenPOS?

  • Processor neutral
  • Least cost routing and interchange optimization reduces merchant fees
  • Reduce PCI Compliance burden
  • One gateway for all sales channels
  • Tokenization supported all sales channels, even retail and mobile
  • Level III processing in retail – if you have commercial account customers, this will save a bundle in fees
  • Scalable: Enterprise user and role management
  • Cloud based reporting for centralized accounting
  • Merchant defined risk & fraud management tools

Level III processing in Quickbooks

Posted on by
Reply

Woohoo! Finally, a solution for B2B merchants wanting level III processing for corporate, purchasing, and business cards.  With our connectors, Quickbooks Pro, Premier and Enterprise users can process transactions with a regular merchant account and have invoices marked as paid, avoiding double entry of payment processing outside Quickbooks.

interchange management

Automated interchange management combined with level III processing maximize merchant profits.

Example of a wew low interchange rate a merchant transaction qualified for.

Example of a wew low interchange rate a merchant transaction qualified for.

All payment activity is on a separate level 1 PCI compliant server, removing the application from scope for PCI compliance. Optional electronic bill presentment and payment is also available, including with level III processing.

CenPOS certifies with Apple Pay and Google Wallet

Posted on by
Reply

cenpos payments logoCenPOS certifies with Apple Pay and Google Wallet, supporting the mobile payment technology on select multi-lane devices. Miami, FL (PRWEB) February 23, 2015.

CenPOS, a payment technology provider, today announced that it has certified Apple Pay and Google Wallet to its payment-processing platform. This new certification marks another milestone for CenPOS in its quest to provide their customer base around the globe with a rich payment acceptance offering. The Apple Pay and Google Wallet payment options are supported by CenPOS on the Verifone and Equinox multi-lane devices. Apple Pay and Google Wallet are transforming the mobile payment space for consumers and businesses alike by making it easy and secure for all parties.

The adoption of mobile payments continues to grow in record numbers. There are only 1.3 billion active credit and debit accounts globally, but considering that there are more than 5 billion active mobile phone accounts, there is potential for widespread application of mobile payments, according to Omlis, a global mobile payments solutions provider. Mobile transactions have almost doubled since last year, now accounting for 17% of transactions made. Juniper Research predicts that this trend will continue to rise and will reach 450 million mobile payment consumers by 2017. The global adoption of mobile payments is on an upward curve, but traction is dependent on consumers’ access to technologies, varying lifestyle choices, and economic factors.
“We are delighted to bring these new services to our clients and enable them to offer their consumers with new and innovative payment options” commented German Gonzalez CenPOS’s Co-Founder and Chief Technology Officer. “Today we are one of the very few payment processors in the US that is both EMV and 3D Secure certified. We continue to drive our products, services and solutions to meet merchant, consumer and partner needs. Our entire team is passionate about delivering value and value add services to our clients; more importantly, always being on the leading edge of technology”, added Gonzalez.
About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. For additional information please call 877.630.7960.

###

For CenPOS sales and software integrations, contact Christine Speedy, authorized CenPOS global reseller. 954-942-0483