Businesses are shifting to remote credit checkout to avoid close contact with customers. Remote checkout systems range from cheap to pricey, but when comparing safe and secure solutions, it’s important to know what questions to ask to maximize profits and mitigate risk. In particular, telephone credit card transactions, text, and work from home practices directly impact profits and risk.
A popular practice is to eliminate customer entry into facilities. Communication methods include expansion of telemedicine and secure portals. Two areas are lacking: text and credit card payment. Even the most advanced facilities fall short in one way or another.
Credit card number via phone problems for typical retail merchant account:
- Merchants are prohibited from writing sensitive cardholder data on paper (Visa sec. 5).
- Key entering into computer:
- Results in 100% invalid – yet issuer approved- authorizations*, typically increasing costs 30-100% per transaction.
- Increases data breach risk with home and office hardware and network in scope for Payment Card Industry Data Security Standards (PCI).
- Employees access to cardholder data an added risk
- Key entering into desktop terminal:
- Same authorization problem as above (See merchant statement for non-qual, STD, EIRF, Level I etc)
- All transactions at risk of consumer or issuer chargeback since EMV chip/swip data expected but not received.
- Ties up phone lines for already overwhelmed staff; another data breach risk
- Note: Digital forms that can be decrypted are unacceptable
- If storing/tokenizing cardholder data, most solutions are PCI compliant, not but not compliant for network (Vcardholder agreement and future transaction authorizations
Card not present alternatives:
SMS/text with secure pay
- 80-95% of Americans have a smart phone; all age groups, including seniors, are texting
- Puts customers in control of entering, storing, managing cardholder data
Email with secure pay- also eliminates employee access to cardholder data. A growing threat is business email compromise with phishing schemes increasing during Covid-19 crisis.
Hosted pay page- I do not recommend as this is not efficient during quick check in and check out needs.
What merchants should look for in vendor solutions:
- 3-D Secure cardholder authentication for customer initiated payments; qualify for reduced card not present rates plus fraud disputes for “I didn’t authorize” disappear. The benefit is much like EMV chip for retail, and merchants can save even more on interchange fees for some cards due to lower risk.
- 3rd party app or web based solution that segregates all devices, hardware and networks from scope for PCI, including key entered transactions; The latter can be managed via special terminal, app, or encrypted virtual keypad, perfect for workers at home and on the go.
- 3rd party app or web based text solution that eliminates client data from employee devices and hardware, and is compliant with various text/telecom rules (FCC, TCPA etc). If employees are texting on their devices, it’s incredibly difficult or impossible to get that data later if needed in a legal dispute.
- Checkout option to enter authorized 3rd party for animal pick up, time of day, and even details about car or truck if desired.
- Automated authorization optimization for card present, phone order, card on file and customer initiated transactions. This is either managed by technology (preferred) or multiple merchant accounts. Ok, many probably don’t know what this means, but it’s the difference between employees having to optionally take certain steps and technology automatically managing it.
- One-way texting with payment collection has minimal additional compliance burden for various rules.
- Two-way texting is much more robust, with even more upside for efficiency (think photo/video, updates throughout the stay, promotional link with notification animal entered surgery, survey at end, and continued opt-in to future marketing). The value of opted-in marketing, when used wisely, cannot be understated.
Merchants will benefit from increased approvals, more profits, happier customers, less phone time, and more secure operations. All of this adds up to both internal and external customer experience improvements during a stressful time dealing with Covid-19 repercussions and beloved animals needing urgent care.
Christine Speedy’s Analysis:
Merchant’s lack the right technology tools, which have been used by other industries for years, to meet new card not present requirements while maximizing profits and mitigating risk. Rapid adoption will reap virtually immediate rewards.
* Issuers will approve most requests if funds are available, but merchants must comply with various card acceptance rules based on how an authorization is requested or pay penalties. For example, a retail merchant account requires EMV chip or swipe data. When the don’t get it, penalties apply. Solutions to dynamically qualify per different rules require a technology update, typically via 3rd party solution.
Card network rules: http://3dmerchant.com/blog/merchant-bulletins-downloads
PCI Compliance: pcisecuritystandards.org
Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and omnichannel. Christine is Qualified Integrator and Reseller certified by the Payment Card Industry Security Standards Council, a requirement for all level 4 merchants, defined as less than 20,000 Visa or MasterCard e-commerce transactions annually, and all other merchants processing up to 1 million Visa or MasterCard transactions annually. Services include standalone and integrated technology, optional merchant services and other solutions. 954-942-0483.
For more 3D Merchant Services news and information, visit 3Dmerchant.com or https://www.linkedin.com/in/cspeedy