Paay Alternative for EMV 3DS

Concerned about the Paay data breach and looking for an alternative EMV 3DS, specifically EMV 3-D Secure 2.2.0, solution for your card not present transactions? Ask Christine Speedy, a Qualified Integrator and Reseller certified by the Payment Card Industry Security Standards Council. Additionally, Christine has extensive experience in the card not present world offering merchants multiple solutions. The best card not present payment gateway is a critical decision and as an independent agent, I will guide you to both the best technology and credit card processing acquirer for your specific business needs.

QIRs are integrators and resellers specially trained by PCI Security Standards Council to address critical security controls while installing merchant payment systems. QIRs reduce merchant risk and mitigate the most common causes of payment data breaches by focusing on critical security controls. Level 4 merchants process 1 to 1 million transactions annually and are mandated to use only QIR certified people for POS systems or terminals, if not doing internally.

Why bring up QIR for card not present or bigger merchants? Wouldn’t you rather have one of the few QIR cloud security trained in payment processing on your team? Paay does not have anyone listed on the PCI Council web site, though like Christine Speedy, there may be certified salespeople under a different company name. That’s because the certification follows the individual, not the company. Additionally, there is no requirement to use QIR’s at this time for card not present so Paay doesn’t need to have anyone QIR trained. There’s no specific certification of any kind required for ecommerce developers and integrators. Kind of crazy given the risks, huh?

EMV 3DS is a global security protocol with three primary beneficial outcomes:

  1. Fraud liability shift to issuer for “it wasn’t me, I didn’t authorize.” Merchants do not need to respond to a chargeback, when 3DS is invoked on a transaction, it will automatically shift liability to the issuer.
  2. Merchants can potentially qualify for even lower interchange rates on some cards due to lower risk associated with cardholder authentication. For example, merchants can save .20% on average with MasterCard UCAF rate qualification vs Merit 1 on some credit cards.
  3. Increased approvals and profits. With cardholder authentication, merchants can expect increased approvals per the card networks advice. False declines are a significant problem for cart abandonment and resulting lost sales.

Think of it like having a chip card for card present transactions. EMV 3DS is a messaging protocol that promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protect the merchant from exposure to CNP fraud.

Level 3 purchasing expert for B2B credit card processing needs. HIPAA, GDPR, PCI and PSD2 and all the other compliance and security you need for your business are available.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and omnichannel technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions. Call Christine for payment gateway, cloud technology, merchant services and check processing needs.

EMVCo Updates EMV 3-D Secure Specification

Enhanced specification further promotes frictionless authentication for e-commerce transactions, providing additional benefits for both merchants and consumers

14 December 2018 – EMVCo today announces the publication of the EMV® 3-D Secure Protocol and Core Functions Specification v2.2.0. The updated specification includes enhancements to promote an optimised consumer experience while supporting new authentication channels when making e-commerce transactions.

EMV 3DS is a messaging protocol that promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protect the merchant from exposure to CNP fraud.
EMV 3DS specification version 2.2.0 builds upon the current specification version 2.1.0 which is available today on the EMV 3DS Test Platform, enabling 3DS product providers to confirm that their solutions will perform in accordance with the specification. Support of v2.1.0 is required in order to implement v2.2.0. Key updates within version 2.2.0 include:
• Improved communication between merchants and issuers, enabling Europe’s Second Payment Services Directive (PSD2) exemptions for Strong Consumer Authentication to be applied. While the previous version of the EMV 3DS Specification enables PSD2 compliance, the latest updates provide additional features for merchants and issuers to maximise the benefit of the available exemptions.
• Two new features to enable authentication for various payment scenarios including mail order and telephone order transactions:
o 3DS Requestor Initiated (3RI) payments – enabling a merchant to initiate a transaction even if the cardholder is offline.
o Decoupled authentication – allowing cardholder authentication to occur even if the cardholder is offline.
• Expansion of existing data elements to promote communication of pre-checkout authentication events and associated data as part of the EMV 3DS transaction from systems such as those supporting the FIDO Alliance standards.
These enhancements are available if all 3DS components involved in the transaction have updated their software to support v2.2.0.

EMV 3DS exists to promote secure, consistent consumer authentication for e-commerce transactions across all channels and connected devices, while optimising the cardholder’s experience,” comments Stephanie Ericksen, Chair of the EMVCo Executive Committee. “Our work in this area continues to evolve to ensure we respond to new marketplace requirements. EMVCo continues to encourage the payments community to get involved and provide feedback on the EMV 3DS activity.”

Earlier this year EMVCo announced the availability of the full EMV 3DS Test Platform, which enables the functional testing of EMV 3DS solutions. Letters of Approval are currently being issued for those 3DS products that have successfully tested against version 2.1.0. A list of approved products can be found on the EMVCo website. Products submitted for EMV 3DS v2.2.0 compliance testing will also be tested against EMV 3DS v2.1.0 to receive an EMV 3DS v2.2.0 Letter of Approval. Testing support for version 2.2.0 is expected to be available mid-2019. Progress updates will be posted on the EMVCo website.

To stay informed of the latest EMVCo developments and receive advanced access to EMV Specifications and related documents, join the EMVCo Associates Programme or become a Subscriber.

Worlds Only 3rd Party Omnichannel Payment Gateway Meeting Big Ticket Needs

Businesses with some element of B2B and retail sales of high dollar value goods, have unique omnichannel needs. CenPOS is the only omnichannel payment gateway that meets them. The critical needs are level III processing, interchange management, tokenization, EMV, 3Dsecure, tokenization, online payments, processor neutral, PCI Compliant credit card authorization form, signature capture, pin debit, and payments segregated from applications for PCI Compliance. 

Level III processing

Level III processing is nearly impossible to find for retail, however merchant savings are huge, and when battling low margins, it’s critical.

Example of a wew low interchange rate a merchant transaction qualified for.

Example of a low interchange rate a merchant transaction qualified for vs 2.65% without CenPOS.

Interchange Management

Interchange qualification is extremely complex, and the only way to manage it is via an automated system, which must be in the cloud to be current. It’s impossible to train or rely on employees to make the right decisions to mitigate risk and fees. For example, when a merchant key enters a transaction with other solutions, the transaction is ‘non-qualified’ because mag stripe data isn’t sent. CenPOS dynamically identifies the transaction requirements, and prompts for actions to ensure the merchant qualifies for the lowest card not present rate, which is usually lower than the non-qualified retail swipe rate.

Tokenization

Variable recurring, fixed recurring, installment, and scheduled mixed payments are all available. Customers can manage their own tokens via the internet, which are instantly available to those with permission to the Virtual Terminal.

EMV and 3Dsecure certified

A lot of equipment is available that’s EMV chip card ready, but very few others can actually accept EMV today. As EMV picks up steam, online fraud is expected to increase and 3Dsecure will help merchant mitigate that risk. Can you name how many independent gateways are certified for both?

emv smart card

EMV chip smart card.

Online Payments

Per Visa Core Rules October 2014, merchants cannot request CVV2 on any paper form. To mitigate risk, merchants need CVV2 (for the first transaction if stored). Online payments via a hosted pay page or electronic bill presentment and payment (EBPP) are the most secure way to validate a card so that card data is never accessible by employees.

Processor Neutral

Companies want flexibility to choose their own financial processors, including merchant account processor. CenPOS is certified to processors globally.

PCI Compliant credit card authorization form

Credit card authorization forms have been a critical part of B2B process to ensure they won’t get burned with a chargeback at a later date. The problem is they’re a PCI nightmare and CVV2 can’t be on them. CenPOS automatically generates a PCI Compliant recurring billing authorization form that merchants can ask their customers to sign.

Multilane Signature Capture

Signature capture is mandatory for back office efficiencies for customer service, defending disputes to prevent chargebacks, and reducing audit costs.multi-lane signature capture terminal l5200

Pin Debit

  • Reduces dispute time from 120 days to 14 days
  • Reduces fees, even for regulated debit, by avoiding dues and assessments
  • Mitigates risk of merchant losing fraud disputes

Payments Segregated From Applications

CenPOS solutions can be used standalone or integrated. Many connectors, modules and integrations are available as well as easy to implement API’s.

CenPOS is uniquely the worlds only gateway to offer every solution above, critical for merchants to mitigate risk, reduce PCI compliance burden, and increase EBITDA. HVAC, building supply, electrical, industrial supply, truck, automotive, parts dealers, and appliance dealers are examples of high dollar ticket merchants that want the above solutions and more.