zip code, address verification and cvv code validation responses

avs code responses

Above are all the possible responses for credit card address verification, in a screenshot from the CenPOS merchant parameter manager, where administrators can set rules and automatic alerts to mitigate fraud risk. Zip code and CVV each have additional response options.

Ever wondered what the possible responses when a merchant does a credit card address check? For card not present transactions, performing fraud checks can mean the difference between lost disputes and managed risk. Payment gateways vary widely in the response data returned to a merchant. For example, PASS, FAIL, and UNCHECKED, provide little information for a merchant to make an educated decision about whether to approve a transaction.

Payment Gateway Fraud Tools To Look for:

  • What responses are possible? What depth of information is available to review?
  • Can merchant automatically decline a transaction, but allow a supervisor to override?
  • Can merchant automatically send real time alerts to management of potential risky transactions?
  • Are there other fraud tools that can be used as part of the transaction review?
  • What services cost extra, and what are standard?

Equally important is the ability to automate activating different tools for different situations. For example, if a merchant switches between card present and swiped transactions.

How to use a stored token for credit card payment: CenPOS training video

Variable payment recurring billing is easy and fast using CenPOS token billing solutions. Video shows how to retrieve a stored token to charge a credit card again. Tokens replace sensitive card data with random alpha numeric characters. Merchants can then charge the card again, with customer permission, by retrieving the token.

A Christine Speedy, CenPOS global sales, training video. This video uses ZOOM so you can watch as is, or enlarge as it was recorded in larger 1280 width. If you have trouble viewing, watch it on youtube: #33 How to use a stored token for credit card payment: CenPOS training video .

[leadplayer_vid id=”51968E9A63B5A”]

Tokens replace sensitive payment information with the last 4 digits of the card only, and the random alpha numeric token ID that replaced the full card number. CVV can never be stored, per card association rules, but merchants can perform a zero dollar authorization before creating a token.

Click on the credit and debit tab.

Select USE TOKEN. If the ‘use token’ icon is not visible, contact the merchant administrator to update user permissions, either by moving the user to a new role that has the use token permission, or by updating the existing role to add the permission to all users in the role.

If you don’t know the token ID, search for it.

token billing screenshot

Select the token by clicking on it.

Then enter the sale details. If the merchant has set up additional information fields, enter now. If the credit card type qualifies for special interchange rates that require additional information, such as a purchasing card, CenPOS will automatically prompt for it.

A receipt is automatically delivered to the customer email address put on file when the card was originally stored and the token was created. As a reminder, full credit card data is never accessible to anyone after a token is created.

The same process applies for stored checking account information via the Checks tab. By regulation, merchants cannot initiate repeat sales creating an ACH on business checks. Customers must initiate business ACH transactions. CenPOS supports that via the Electronic bill presentment and payment, or EBPP electonic invoicing solution.

About the author: Christine specializes in providing merchants with innovative technology to create efficiencies and ease the burden of PCI compliance. With a primary focus on “card not present” payment processing solutions for mid-size companies, including manufacturers and wholesale distributors, merchants improve PCI Compliance and streamline the payment experience for both their company and their customers. It’s fast, easy to use, and requires no capital investment to implement. For sales call Christine Speedy at 954-942-0483 or click here for more information.

Interchange Plus Pricing- in 60 seconds learn if you REALLY have wholesale or tiered pricing

Credit card processing is complicated. It doesn’t matter how good your deal is if you don’t have the best base price plan to start with. Your merchant statement has the critical evidence of whether or not you are even in the game, including qualifying for low regulated debit interchange rates (Durbin Amendment, part of Dodd-Frank).

credit card processing pricing

Above image is example of one type of credit card processing rate structures.

This video uses ZOOM so it is not necessary to blow it up.

[leadplayer_vid id=”51713D47320C9″]

About the author: Christine specializes in providing merchants with innovative technology to manage the cost of accepting credit cards, without changing merchant accounts.  With a primary focus on “card not present” payment processing solutions for mid-size companies, including manufacturers and wholesale distributors,  merchants improve PCI Compliance and streamline the payment experience for both their company and their customers. It’s fast, easy to use, and requires no capital investment to implement. For sales call Christine at 954-942-0483 or click here for more information.

Online Form Creator With Secure Online Payments

To convert a paper sales order form, with credit card authorization, from paper to electronic, including securely collecting an online payment, there are multiple options. This article addresses the business to business need for a quick solution to become PCI Compliant. PCI is short for PCI DSS or Payment Card Industry Data Security Standards, the mandatory standards for all merchants accepting credit cards.

virtual terminal and web payment page for law firm

Image shows example of a custom secure payment page on a law firm web site. Fully configurable for your specific needs,

How critical is the security of the data being collected? What will be done with the information after? The simplest solution is to create a quick script that collects the data and sends it to an email address. After the form is submitted, the return URL (the page that appears after the form data is submitted)  contains a link to secure pay page hosted by a third party. I like having a link on the return URL instead of immediately redirecting because it provides an opportunity to assure the payer the link is to a trusted web page.  Because the form data is not in a spreadsheet that can be imported into a database, or collected automatically in a database, some manual work will be needed after. However, don’t get hung up on this! If the current process is faxing back and forth credit card authorization forms, the entire process is already manual. At a minimum, staff will save time key entering credit card data, plus this process is more secure for business owners and their customers. Additionally, the back office for the pay page will have an export feature making it possible to import transaction information into accounting programs.

All of the above can be done with no html programming experience. There’s plenty of free and low cost options to create custom forms. I’ve personally used wufuu, jotform, Logiforms, SugarCRM forms, and custom made forms over the years. Here’s a link to form reviews.  It’s a bit dated, however, the table may help to identify what’s important to look for when choosing a form builder.

With a little bit of html work, elements of the information filled into the order form, can be transferred automatically to the matching payment fields. For budgeting outsourced help, plan on an hour for the programmer to review what to do, what URL’s to link to, and reviewing the API. Budget another hour to implement and test.

In summary, payments can be securely accepted online with an update to your web site navigation, and single line of html linked to a secure hosted pay page. This process is more secure than credit card information exposed on paper, and provides an easily retrievable record in the event of a dispute, that can occur up to 120 days later. To convert a sales order form to electronic, an online form builder is a low cost option that saves both merchants and customers time.

Disclaimer: The information above does not replace a merchants obligation to follow all rules associated with their merchant account, card acceptance guidelines and payment card industry data security standards. Many additional options

For more information about this and other solutions to streamline payment acceptance for your business to business company with card not present customer transactions, contact us.

 

5 Critical Tips For Accepting A Credit Card Authorization Form

Is your credit card authorization template worthless? Card absent transactions have a heavier burden of proof to prevent charge-backs, and the methods businesses use often create other risks, such as identity theft.  Here are steps to protect your business to business company.

  1. Never store CVV security code data; it’s against card association rules. Not on paper, digitally or anywhere. Stored forms containing CVV, represent substantial financial risk in the event of identity theft, and potentially even jail time for failing to protect sensitive data. Visa specifically prohibits requested the security code on paper.
  2. Fax or email the sales invoice, which must include the merchant name (matching the merchant account either as company name or dba), merchant address, merchant phone, customer bill to, customer ship to, product or service details with quantity, price and description. Add a checkbox for customer to acknowledge sale, refund and cancellation policies. Add a fill-in line with title “Cardholder Authorization” and ask them to put in the reference code. See next item.
  3. Do not ask customers to fax back a credit card authorization form. That’s right, chuck the credit card authorization fax form into the trash can. Tell customers that for security reasons, payment must made via a secure online pay page. The hosted pay page form should include fields for the cardholder name, address, email, phone, and invoice number. Additionally, have a checkbox for the cardholder to acknowledge receipt and acceptance of refund policy, cancellation policy and of the sales invoice terms. For example, I use this: “I accept the sale, cancellation and return policy and all other terms as stated on my invoice.”

    virtual terminal and web payment page for law firm

    Image shows example of a custom secure payment page on a law firm web site. Fully configurable for your specific needs,

  4. Request customers print the receipt from the online payment and the invoice. Fill in fields, sign both, and fax them back. Store the proof of delivery with the signed papers. Sending back the receipt is overkill, but if you have a fraud problem and don’t have adequate cardholder authentication like 3-D Secure, maybe it’s not for you. In lieu of signed papers via fax, customer replies via company email that acknowledge receipt of the invoice, and of the sales receipt with authorization code, can be used as proof to defend against charge-backs in future disputes.
  5. If the Cardholder address and ship to address are different, and this is not indicated on specifically on the invoice, have the cardholder send a supplemental document on letterhead (of the cardholder) that specifically states they’re authorizing shipping to a different address. For business to business, different addresses are common. Be aware that without acknowledged authorization of some sort, there is virtually no defense for sending product to an address different than the cardholder.

Another solution which facilitates future dispute protection is electronic bill presentment & payment. In this case, the merchant invoice is delivered to a customer’s company email address, and the customer clicks and pays the specific invoice securely online. This creates a paper trail of proof that terms were presented and the customer received them since they self-initiated payment tagged specifically to the invoice. Merchants may also want to create rules that transactions over a certain amount are reviewed by an internal audit team to verify if cardholder address matches the invoice.

click through landing page for secure payment from an e-invoice

click through landing page for secure payment from an e-invoice

According to a recent survey, the second highest identity theft concern of customers is credit card information on paper. Eliminate the paper to reduce risk, improve customer relations, and create efficiencies for both customers and merchants. All above are guidelines which can be modified dependent upon the risk associated with the customer. For example, new customers and recurring customers may carry different risks. Domestic customers with verifiable AVS (address verification) have lower risk than international with no AVS verification capability.

Disclaimer: The information above does not replace a merchants obligation to follow all rules associated with their merchant account, card acceptance guidelines and payment card industry data security standards.

For more information about solutions to streamline payment acceptance for your business to business company with card not present customer transactions, contact us. Call Christine Speedy, B2B payments expert, for help with PCI Compliant credit card authorization form at 954-942-0483, 9-5 ET.