3-D Secure 2.0 Merchant Overview 2020 2021

3-D Secure is a protocol providing an additional layer of security for eCommerce transactions prior to authorization. It enables the exchange of data between the merchant, card issuer and, when necessary, the consumer, to validate that the transaction is being initiated by the actual cardholder. Ecommerce transactions includes traditional shopping cart as well as any digital payment where the cardholder initiates and completes the payment process. For example, einvoicing or electronic bill presentment and payment are ecommerce transactions.

Each card network has a name for their product that uses 3-D secure, also referred to as 3D Secure, 3DS, 3-D Secure authentication or EMV 3-D Secure. Visa rebranded Verified by Visa to Visa Secure. MasterCard SecureCode (3DS 1.0) merchants are being encouraged to migrate to Mastercard Identity Check which uses EMV 3-D Secure 2.0. American Express SafeKey 2.0 is also available now. 3-D Secure 2.x helps reduce fraud and minimize the need for one-time passcodes, improving the user experience and reducing shopping cart abandonment.

What are merchant benefits for using 3-D Secure?

  • More authorization approvals. False declines are a significant source of lost revenue.
  • Some cards have reduced interchange rates when the authentication is invoked, which are usually over 90% of fees. American Express does reduce rates.
  • Less friction for customers at checkout.
  • Reduced risk of chargeback losses. Fraud liability for “it wasn’t me” automatically shifts to the issuer; Merchants do not have to defend those chargebacks, they never even see them.

How do merchants get started using 3-D Secure?

There are two elements- the payment gateway and the merchant account. Contact your payment gateway company to see if they support it and how to set it up. In most cases, this is simply a back office set up process. Merchants may also need to sign acceptance of pricing. The transaction fees are minimal and typically more than offset by the 11 to 20 basis point reduction in merchant fees on applicable cards.

Christine Speedy, Founder 3D Merchant Services, QIR certified, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified by the PCI Council. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions.

Express checkout via email or text

Express checkout enables customers to pay for invoices, bills, products and services from an email or text message. During the Covid crisis, many businesses have searched for solutions, but not nearly enough have implemented solutions. As a customer, I’m still stuck trying to reach people in different time zones that are not in the office, or solutions that are frequently down or not compliant with card acceptance rules, which puts my card security at risk.

Checklist for B2B card not present express checkout:

  1. Must offer the ability to store a card (which will be managed by the third party provider).
  2. Storing cards must comply with current rules for storing and managing stored cards, including the ability for the customer to manage on demand which cards are on file, delete on demand, etc. See Visa stored credential mandate.
  3. The process to store a card should include a checkbox to opt-in to store the card.
  4. Merchant should secure the transaction with 3-D Secure to ensure lowest fees and chargeback protection.
  5. If not using an integrated solution, it should include the ability to attach invoice on demand to send with payment request.
  6. Solution must support level 3 processing, again to reduce merchant fees and maximize profits.
  7. Optional: partial payments. Some merchants may want to allow partial payment so at least collecting some money while other portion is in dispute or for other reasons.
  8. If omnichannel, the ability to use the same gateway for all services simplifies security management and accounting.
  9. Solution should be compatible with any merchant account so if you make a change, it does not disrupt consumer or merchant.

eipp payment requestIf merchants follow all the above rules, they will get paid faster, increase customer satisfaction, and incremental sales and profits.

Both EIPP and EBPP refer to electronic bill presentment and payment and the term can be used interchangeably. E-invoicing and Ebilling started out as a way to electronically deliver invoices. But now merchants can simply send a payment request, send an invoice, or send an account sign up for the customer to self-input their card on file so the merchant never, ever inputs cardholder data.

Don’t wait. Your customers will walk away when it’s easier to do business with someone else, especially for product lines available from multiple distributors.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions and is QIR certified by the PCI Council. Call Christine for all merchant services related needs.

P2PE for Dynamics AX & D365

Microsoft Dynamics AX and D365 validated P2PE solution elements vary by vendor plugin and their certifications which can be researched on the PCI security standards council website here https://www.pcisecuritystandards.org/assessors_and_solutions/point_to_point_encryption_applications?reference=2017-00113.005. Merchants can choose either P2PE terminals or validated P2PE solutions with their terminals. The latter requires extra steps to implement and maintain.

A PCI P2PE solution can significantly reduce the PCI Data Security Standard (PCI DSS) validation effort of a merchant’s cardholder data environment as well as the cost of a third party assessor reviewing a merchant’s card data environment. Another benefit is simply the reduced risk of a data breach, and the potential millions in costs and lost reputation. An qualified assessor informed me at a conference, there has never been a data breach in an environment with properly implemented validated P2PE solution; The same cannot be said for merchants using P2PE terminals.

P2PE Applications are intended to be loaded onto PCI-approved point of interaction (POI) devices used as part of a P2PE Solution. Use of a P2PE Application on a PTS-approved POI device (outside of a listed P2PE Solution) does not constitute use of a P2PE Solution. I am frequently asked by consultants about other payment gateway compatibility with Cardconnect and the related CardConnect Bolt application dependency. Other payment gateways and or P2PE solutions, including CenPOS, are distinct solutions. Each has its own P2PE certification as documented on the PCI council website. Two different solutions cannot be used together; merchants must decide which is the better overall solution for their environment. Sidenote: CenPOS does not have any application dependencies for their P2PE certification.

Can you mix P2PE solutions, for example, for call centers vs retail? Excellent question. Certainly transactions would need to be run on different merchant accounts and each would be defined as to scope i.e. not entire business, but only part of an operation. This arrangement is not ideal, but maybe is a useful gap solution during a software or hardware migration.

Which P2PE application is best for your Microsoft Dynamics AX or D365 environment? This question is best answered by speaking with a payments consultant who is familiar with credit card processing rules, data security rules, and integration nuances. Differences in the integration methods and native features for the respective products often determine why to choose one vs another.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and omnichannel technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions and is QIR certified by the PCI Council. Call Christine for all your Microsoft Dynamics payment gateway and payment processing needs.

How to add freight cost after credit card preauthorization

A preauthorization, or authorization hold, is a temporary hold on a customer’s credit card until final settlement. In this B2B transaction scenario, such as for distributors and manufacturers, the customer buys an item online, for example via Woocommerce or Shopify; the customer does not save their card on file or use a saved card on file, in which case different rules apply. Compliance with credit card processing rules improves authorization approvals, mitigates risk and reduces merchant fees.

On the merchant side for ecommerce sale described: request for authorization goes out and the issuer responds with an approval code if all goes well. By also using 3-D Secure, the merchant shifts fraud liability to the issuer, reduces chargeback risk and can potentially qualify for reduced merchant fees. An additional authorization is not required if the final settlement amount is not more than 15% of the original authorization. Note, this is based upon scenario described! However, depending on the card type, the qualified interchange rate may downgrade to the worst rate possible due to authorization and settlement mismatch; The same applies if the final settlement on the original authorization is less.

Some, but not all payment gateways and API’s have solutions to help merchants resolve the mismatch problem.

How can merchant maximize profits on this type of transaction? Here are some requirements:

  1. Settlement date must be within 2 days of the transaction date.
  2. Settlement date must be within 7 days of initial authorization for purchasing cards (non-gov)
  3. Obtain and pass 1 valid electronic authorization. Authorization and
    settlement MCC must match. One authorization reversal is allowed.
  4. Transaction date must equal shipping date and that date is no more than 7 days after authorization.
  5. Transaction must include order number and either customer service phone number, URL or email.
  6. Must have secured E-Commerce indicator of “5” or “6”. The POS Condition Code must be “59”. Must perform Cardholder Authentication Verification Value (CAVV) and AVS4 (zip code, except goverment cards).
  7. Must Pass Level II and Level III Data.

Failure to meet all requirements can increase merchant fees more to an additional 1% or more of the transaction amount.

References:

Visa Product and Services Rules, section 5.8.3.1

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and omnichannel technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions. Call Christine for payment gateway, cloud technology, merchant services and check processing needs.

Best Credit Card Processing Services 2020 Reviews- or not?

Don’t you love it when people write articles about subjects they clearly either don’t know about, don’t know the best resources for information or are just out to make money on what you read via affiliate, advertising or referrals, so it doesn’t matter? That’s the case with articles on “Best Credit Card Processing Services for 2020″. I’ll dissect some reasons why and how to really help you find what you need.

First, there are some critical factors which determine what is the best credit card processor for your business:

  • Volume- a couple transactions or a lot each month
  • Transaction size average- For example, under $25 or over $5,000?
  • Transaction type- phone or mail (MOTO), in-person (Retail), or ecommerce (any type of remote payment, including e-invoice, text and ecommerce shopping cart. on the road.
  • How the sale occurs: tradeshow, water, plane, home service, phone sales, invoice, physical store, shopping cart, online pay page
  • Business type- distribution, service, restaurant, fuel, travel, etc

Only with information above should anyone recommend what is the best credit card processing service because it impacts how you need to get paid and how much cost will vary depending on the solution. As you can imagine, the matrix of options gets complex. Examples:

  • During Covid, someone decides to make masks at home and sell them. In that case Paypal might be the best solution because of it’s flexibility and simplicity.
  • A window and door company has wholesale to the trade and retail consumer sales. This company needs technology to properly manage authorizations for both sales types. I recommend using an agnostic technology solution and a processor that supports level 3 data, which all the big ones do.
  • A restaurant needs to expand their pick up and delivery options due to Covid-19 and projected dining changes over the next 10 years. They need omnichannel technology that will work with different platforms, such as Uber Eats and Door Dash, plus their own online ordering, text specials, and pay at the table.

My general rule of thumb is that for under $250,000 annually it almost doesn’t matter what you pick because the difference between one and another on price will probably be inconsequential. For that reason, I don’t work with businesses that small; just do your research and pick one that you can get out of later if you don’t like it or grow too much and needs change.

Secifically addressing solutions others are touting as the top 10 best my answers are relevant for B2B merchants, and businesses that have a B2B element:

Square: This started as a mom and pop solution for service people, artists (art shows), and other small business needs. I’d dig deeper into options.

Payline Data: I never heard of them and had to look it up. Payline Data is a reseller for First Data and Fifth Third Bank. More on what that means at the end.

Intuit Quickbooks: My pet peeves are fees are taken out of transactions daily, creating extra burden for reconciliation, bundled pricing, which is higher than alternatives, and issues with how it handles customer name and cardholder name differences, since B2B the customer is usually a business.

Helcim: