Disaster planning: credit card processing, cash flow and accepting payments

Mobile credit card processing and online payments of all types can ensure business cash flow during and after a disaster. When the storm is over and people emerge to shop again, how will businesses manage accepting credit cards? Or get paid by check if mail is undeliverable? Critical issues include power, telephone and internet access, as well as human capital when employees scatter to many different places.

How can we help your business when a USA storm is imminent?

  1. Online pay page– hosted pay page supporting ACH/echeck with or without guarantee, credit card, wire and Paypal. No web developer is needed for this fast solution; just send our custom link to your customers.
  2. Electronic Bill Presentment & Payment- Login to a portal and Text or email your customers a pre-filled payment object with link to pay a specific invoice; optionally create detailed invoices on the fly if your accounting system is not available.
  3. Virtual terminal – your employees key enter the payment information via virtual terminal on a secure hosted web page or using the mobile app (free).

All solutions above are quick and easy to adopt and they work with your existing financial partners such as merchant services or check processor. Remote training videos can help users get up and running the same day as the account is activated from wherever they are. For the two self-pay options above, when using 3-D Secure cardholder authentication, liability for fraud shifts to the issuer, much like EMV does for retail. Additionally, the qualified rated for credit card acceptance in many cases is the same as retail.

It’s probably not realistic to get a credit card swiper on short notice because in the current retail world, EMV chip card and point to point encryption are critical to protect against fraud and data breaches. Use a store bought mag card reader at your own risk.


Good to know:

  • Works with all or most processors- bring a merchant statement, online login, or contact information with you when evacuating so we can connect to it.
  • No long term agreement- month to month
  • Plugins available for many software solutions
  • Encrypted virtual keypad protects cardholder data from key logger software (important when employees may be using their own PC’s)
  • PCI Compliant
  • Each user has unique login for compliance and tracking; same permission based login across all solutions.
  • Standardization across all locales for complete transparency, and compliance.
  • With simple cashiering you can even manage and track cash transactions.

Contact Christine Speedy 954-815-6040 or cspeedy At cenposreseller.com


Stopping Online Credit Card Testers

Online credit card testing by fraudsters can dramatically drive up payment gateway fees.  Historically, card not present financial fraud grows exponentially in countries after implementing EMV chip card processing, as thieves seek the weakest link for fake credit card purchases. Thieves use software to rapidly send cardholder data to payment web sites to verify if stolen cards are good, card testing, and since merchants pay a per transaction fee, regardless of approval, the financial impact can be devastating.

Companies with online pay pages are at increased risk. Since October 2015, online fraud attacks were up 11% 2015 Q4 Vs Q3, and up 215 percent from 2015 Q1. 83% of attacks involved botnets. Source: The Global Fraud Attack Index™, a PYMNTS/Forter collaboration. The preferred web pay pages have no login required, and provide detailed decline response reasons. I’m often asked by others in the industry to provide the latter, and for the same reason as for retail, it’s better than no one knows the reason for the decline. If you inform a criminal the expiration date is no good, they just need to figure out the right one.


A layered approach is required to stop card testers since no single solution will stop fraudsters. Generally, the harder you make it, the more likely they will seek a path of less resistance.

  • Block known fraudulent incoming IP addresses. The bad guys also use hostile proxy servers, with dynamically changing IP addresses every authorization attempt, but this is still a first step everyone should employ.

For additional assistance, please contact us. I won’t make it easier for criminals by identifying all the tools here in the blog!

Balancing card not present risk with customer convenience

Accepting credit cards for card not present customers can be risky, and merchants have long sought solutions to protect themselves from future disputes. The problem is most of those methods are PCI Compliance nightmares, often storing card data in the clear on paper credit card authorization forms. Enabling customers to self pay is one way to mitigate risk.


accept payments onlineWith a hosted pay page solution, customers are directed to a secure web page. The ‘host web server’ is the payment gateway, thus reducing merchant PCI Compliance burden. Gateways have different fraud tools for merchants, beyond the usual address and CVV security verification. Examples of hosted pay page solutions:

  1. Link to custom payment processor URL (First Data)
  2. Embedded payment object on merchant web page; the merchant should have an SSL certificate, even though the payment object itself is on a different server. This is usually achieved with an iframe. (CenPOS)
  3. Link to a custom payment gateway URL (CenPOS); this provides continuity when merchants change processors


EBPP Electronic Bill Presentment & PaymentCustomers are sent an electronic invoice, which they can pay remotely. Both merchants and customers have a portal to manage various functions. EBPP used to be costly, upwards of $100,000, but now, there’s solutions for all price ranges based on merchant needs. Examples of EBPP solutions:

  1. Standalone– merchants login to a web based portal and generate an invoice which is delivered electronically to customers. (Paypal, CenPOS)
  2. Integrated, accounting software managed – customers receive electronic invoices with data originating from accounting, ERP, or other software, and the ERP managing the delivery of the invoice, reminders etc (Quickbooks & Intuit merchant services, ERP/CenPOS).
  3. Integrated, gateway managed – customers receive electronic invoices with data originating from accounting, ERP, or other software (Quickbooks & Intuit merchant services, Quickbooks & 3rd party gateway integration/ any merchant account), and the gateway managing the delivery of the invoice, collection reminders etc.


  • Pushes out to customer- less friction to complete the payment and or sale
  • Reduce risk with additional evidence trail for dispute defense; records of invoice delivery and customer opted to pay strengthen defense; card brand rules include chargeback protection without a signature if bill to address matches the company address and the employee email address was used. (See Visa Merchant Rules for details)
  • Automated reminders if they don’t pay (solutions vary widely how this works)
  • Customer visibility to credit outstanding; ability to self-free up credit to buy more
  • Reduced calls to accounts receivable for questions about what invoices are outstanding


There are wide differences in payment gateways, and the related solutions. The best solution varies depending on the business type.

Critical needs for business to business:

  • Level III processing supported for all payment channels
  • Collections automation
  • Flexibility – the average merchant changes processors every three years; choose a gateway independent of the processor to avoid business disruptions
  • 3 D Secure (Vbyv and MasterCard Secure) – card not present fraud is expected to rise dramatically with US EMV adoption
  • Tokenization – empower customers to self store and manage payment methods
  • Card Updater – if applicable for recurring service

CenPOS is a merchant centric, end to end payment engine that meets all omnichannel and critical business to business needs. For sales and integrations, contact Christine Speedy 954-942-0483.