Card Not Present Token Billing Best Practice & CenPOS Training

Ready to improve PCI Compliance with token billing? Step by step instructions for CenPOS card not present token billing including creating, modifying, and using tokens follows.

  1. In the virtual terminal admin, Create a new Role* or Modify an existing role to include token billing permissions, only for what the user is allowed to do. For example, if you employees are allowed to create tokens, but not conduct sales, check the Manage Token and Positive Card only.

    token billing roles

    Virtual Terminal administration- Partial list of permission options; token billing related items are checked

  2. Are email receipts available now? If no, send an email request to support via link on the virtual terminal login page. In the subject put: “your CenPOS MID” email receipt request. In the body, include all your contact info, the MID, and what email address you want receipts to come from.
  3. Prepare training worksheet for distribution
  4. Distribute Self-paced training checklist (10 minutes to complete) to all users
  5. Get documentation of all training- who, what, when. It may be useful as part of an overall PCI Compliance (Payment Card Industry Data Security Standards) plan to comply with section 12, Maintain an Information Security Policy.
  6. Assign users to the new roles with return of documentation
  7. If there’s any legacy cardholder data on file, plan it’s secure destruction

References: Token Billing Training Videos

*See CenPOS Virtual Terminal Manual for details on using Role Templates.

A sample document, created by Christine Speedy,  for training and documentation is available upon request.

Hosted Pay Page vs EBPP – EIPP

How can a hosted pay page or electronic bill presentment and payment (EBPP), also known as electronic invoice presentment and payment (EIPP) improve your customer experience? Cardholders are increasingly weary about giving out card data over the phone, or worse, via fax, which also has PCI Compliance implications. Reducing friction to collect payments, while putting cardholders in control of their data, is proven to increase sales and cashflow.

A hosted pay page enables customers to passively pay bills online via a secure web page. Payment types may include credit cards, Paypal, ACH (echeck), and other methods. The burden for entering all fields is on the customer. Many payment gateways offer this service free.

hosted paypage online payments

A hosted pay page empowers customers to make secure payments online.

With EBPP, the payment request is delivered to the customer via email or text. Instead of asking customers to find the pay page, the customer is given a link to pay a specific bill or invoice, or multiple invoices, and some of the data may be prefilled. Empowering customers to review and pay multiple invoices on demand by logging into a secure portal is also a significant benefit. With our recommended solution, repeat customers with stored payment methods can pay an invoice in 2 clicks, no login required. Customers prefer EBPP vs hosted pay page. Payment types may include credit cards, Paypal, ACH (echeck), wire, and other methods.

eipp payment request

Body of email containing pre-filled payment info, and link to securely pay online.

Merchants can reduce risk of lost credit card disputes and resulting chargebacks with a multifaceted approach:

  • Ecommerce merchant account is required
  • Verify address & zip code
  • Verify CVV / CID security code; if using token billing, prior validation is OK. You do not need to verify after the first transaction.
  • 3-D Secure: Verified by Visa (Vbyv) and MasterCard SecureCode – cardholder authentication shifts fraud liability back to issuer.  Not all issuers support and implementation varies by payment gateway and other factors. Check the rules to see how it fits in your fraud prevention program.
  • How can a merchant enable customers to remotely pay an invoice, while maximizing security to prevent chargebacks from disputes? A critical step is managing the transaction representment to the issuer. It must be sent with the correct indicator and comply with all rules, including authorization validity
  • Require all B2B customers to confirm copy of the emailed receipt via a company email address. This is overkill for for most, but effective as part of an exception plan.
  • Optional custom procedures may be added based on risk tolerance.

In summary, either method of online payments increases security and enables customers to pay 24/7 to increase cash flow. EBPP or EIPP solutions have significant additional benefits and the cost to implement has dropped significantly, with many businesses experiencing an instant ROI.

UPDATE:  To comply with Visa disclosure and consent rules, only use solutions with a checkbox to opt-in to terms.

Christine Speedy, CenPOS global sales and integrated solutions reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

EMV TERMINAL SELECTION IMPACTS PROFITS FOR BUSINESS TO BUSINESS

What’s the most important EMV implementation criteria for business to business retail? Supporting level III data, which increases profit margins by qualifying credit card transactions for the lowest interchange rates possible. With proper terminal selection, businesses can quickly offset the cost of compliance for chip card acceptance, and protect long-term profit margins.

“The most recommended terminals in the US, including all the First Data FD series, Verifone VX series, and Ingenico iCT series terminals, do not meet critical business to business needs to protect profit margins, ” said Christine Speedy, a global CenPOS Authorized Reseller.

Interchange is the primary component of credit card processing fees, typically accounting for over 95% of fees. For business to business (B2B), including building supply and HVAC, many customers use corporate, business and purchasing cards. By qualifying these cards for level III interchange rates, B2B merchants can boost margins significantly. For example, the MasterCard interchange rate can drop from 2.65% to 1.80%, for transactions under $7500, and even more for larger transactions.

What’s needed to qualify for level III rates? The US EMV ecosystem at a minimum requires a web-based payment gateway that has certified an EMV terminal with level III processing to a specific acquirer. That’s because the extra data needed for the transaction is too cumbersome for a countertop terminal, but can be easily managed with a cloud solution. For example, CenPOS has certified the Verifone MX915 to First Data, Chase Paymentech and Tsys, the latter which enables use with most processors. Merchants can use CenPOS via a web browser virtually instantly or an integrated application.

While there is no mandate for chip card acceptance, effective October 1, the party that does not support EMV (short for Europay, MasterCard, Visa) chip card acceptance is liable for counterfeit card, and sometimes lost or stolen card transactions. Additionally, non-EMV compliance fees have already been announced by at least one provider starting January 1, 2016.

About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

For global sales and integrations, contact authorized reseller Christine Speedy 954-942-0483.

 

CenPOS Certifies EMV with Chase Paymentech

CenPOS certifies to process chip-card transactions with Chase Paymentech, including Level 3 Data for corporate and purchasing cards.

MIAMI, FL (PRWEB) OCTOBER 26, 2015
CenPOS, a payment technology provider, announced today that it has certified EMV, including the processing of level 3 data, to all the card brands with Chase Paymentech. CenPOS continues to certify its payment-processing platform with world-class providers like Chase Paymentech at lightning speed. CenPOS has dedicated extensive resources to ensuring that it was EMV ready in the US and making sure it certified with as many networks as possible; therefore, giving its customers with many choices to choose from. Level III processing helps businesses reduce their cost of card acceptance on all commercial/purchasing cards accepted at their place of business. CenPOS provides level III processing capabilities to Card-present as well as card not present merchants.
“It has been our sheer determination and commitment to be the first provider to be EMV ready in the US. More importantly, we are equally passionate in making sure we bring differentiated value to our valued software partners and customers”, commented German Gonzalez Co-founder and Chief Technology Officer. “We understand the importance for our software integrators to bring an EMV certified solution to their customers and avoid the reputational and legal risk associated with a non-compliant payment solution. While others are still struggling with EMV, we are ready with various acquirers in the US like Chase Paymentech, TSYS and First Data”, added Gonzalez.
About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. For additional information please call 877.630.7960.

### CenPOS global sales and integrations, Christine Speedy 954-942-0483.

B2B Credit Card Payments And EMV Technology

What’s the best EMV payment technology for business to business (B2B) merchants? Once the requirements are defined for non-EDI payments, the options are limited. Whether card not present only, or a mix of retail, phone, and ecommerce, B2B payments are different.

B2B Credit Card Payment Minimum Requirements.

  • Tokenization to store credit card, and possibly check and wire data
  • Level 3 processing (significantly reduces merchant fees through lower qualified interchange rates)
  • Payment optimization to qualify transactions properly. For example, if merchant does a pre-authorization, and captures at a later date, certain rules need to be met to avoid higher non-qualified interchange rates.
  • 24/7 payment options for customers to serve multi-time zone and increase security

EMV Terminals for B2B.

There are no desktop or countertop terminals that support level III processing, and that won’t change. These terminals are programmed with the acquirer instructions via download, and less frequently, may be connected to Point of Sale (POS) software.

To meet the minimum B2B requirements, a payment gateway is required. Merchants process transactions by accessing a virtual terminal via a secure web page, or with an integrated software solution. The gateway must certify level III processing for each card brand, and EMV, and the specific terminal, for each acquirer.

For example, CenPOS has certified the Verifone MX915 to TSYS, with P2P encryption, level III processing. Most acquirers and banks support TSYS as a way to connect to their platfor; for example, First Data, Chase Paymentech, and Bank of America Merchant Services. To date, no other gateway has certified level 3 processing for retail and EMV. The difference for distributors is huge; it’s not uncommon to reduce merchant fees an average of 30%.

Pending Certifications

Exercise caution on claims of pending certifications, if the solutions provider:

  • Doesn’t have any certifications to date, after a year or more to prepare.
  • Has never had level III processing for retail certification
  • Does not offer a way to automate interchange management in a mixed retail & card not present environment, or for card not present only