B2B Credit Card Processing Hot Tips

Compliance with credit card processing rules maximizes profits while mitigating risk. This is especially true for business to business companies. But it’s getting harder and harder with the onslaught of new rules, and virtually impossible if not using a sophisticated cloud solution to help manage compliance.

If your B2B company stores credit cards, there’s a pretty good chance you’re not compliant. For example, Visa’s 2017 Stored Credential Transaction framework outlines merchant responsibilities to obtain customer consent as well as storing credit cards, using stored credentials (token), and managing stored tokens. Failure to comply with Authorization rules, for example preauthorization and final settlement do not match, has far-reaching consequences including higher interchange rates (the bulk of credit card processing fees), penalty fees and new chargeback risks. With so many new rules across multiple card brands that vary based on business and transaction type how can a business quickly ascertain if they’re compliant?

Most processing details occur seamlessly behind the scenes so merchants have not had a simple way of knowing whether they’re compliant. Until now.

Quick tips to validate compliance:

  • Is a transaction receipt delivered to customer when a stored credit card credential (token) is created? Compliant answer is yes.
  • Is cardholder authentication with a zero dollar authorization or a purchase transaction performed at the time token is created? (A small charge is not an acceptable practice.) Compliant answer is yes.
  • Does the receipt include “RECURRING” or “REPEAT SALE” for token transactions? Compliant answer is yes.
  • Review merchant statements, usually the last 1-2 pages with the heading “pending interchange” or “fees” section. Do you see EIRF, STANDARD (STD), or DATA RATE I? Compliant answer is no.
  • Can you produce documentation of customer consent to store their card (including with 3rd party service) and how it will be used?

If you’re not in compliance, your payment gateway is the most likely culprit, followed by ERP or other software integration limitation. For a Microsoft Dynamics AX, Dynamics 365, and other ERP integrated solutions, call 954-942-0483 9-5 ET.

Reference: Card brand links.

Christine Speedy, CenPOS Sales 954-942-0483. CenPOS is a cloud business solutions provider with end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement.

Data breach prevention: update every device due to Intel vulnerability

News of the Intel chip flaw creating vulnerability in virtually everything with a computer chip in it was announced last week. Microsoft, Google and tech companies now have a fix so it’s time to update all your devices. These emergency updates are to address the bugs called Meltdown and Spectre.

“These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”

“Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.”

For PCI compliance, merchants must update software within 30 days, however, I wouldn’t wait. Prioritize updates now.

For more information on the bugs, see https://krebsonsecurity.com/2018/01/scary-chip-flaws-raise-spectre-of-meltdown/

Christine Speedy, CenPOS authorized reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

Test and fix TLS 1.0 to TLS v1.2 for merchant non-compliance notice

To keep your data safe, the Payment Card Industry Security Standards Council (PCI SSC) has mandated a security upgrade impacting all merchants where web browsers can be used in the payment process. Acquirers and payment gateways have set various deadlines in advance of the required PCI TLS v1.2 Security Protocol Upgrade by  2018. Either hardware may need to be replaced or software updated.

Recently, multiple vulnerabilities have been uncovered. Criminals are using the vulnerabilities at massive levels over prior years. Security company Zscaler blocked an average of 8.4 million SSL/TLS-based malicious activities per day in the first half of 2017 for its customers on its Zscaler cloud platform. That’s why all merchants need to upgrade to the most current version of TLS (Version 1.2) and should do so as soon as possible. Because this is an absolute necessity, merchants are getting emails about hard stop dates; if not fixed, merchants will not be able to process transactions after the deadline.

TLS Deadlines vary by acquirer and payment gateway. Dates have been changing due to non-compliance so check with your partners.

  • Chase Paymentech, September 30, 2017.
  • Authorize.Net, February 28, 2018.
  • First Data varies by solution. Datawire will remove SSL v3, TLS v1.0, and TLS v1.1 on February 15th 2018.

TLS 1.0 and TLS 1.1 need to be disabled from browsers, servers and related applications. SSL 3.0 should have been disabled years ago.

Do not rely on server host companies or consultants to do this for you. It’s up to merchants to maintain PCI Compliance. If you get a notice of non-compliance from your acquirer and use a virtual terminal, test your browser below.

FREE Test SSL/TLS for Browser and Servers and updating TLS for card not present transactions:

Free SSL and TLS test from Qualys. https://www.ssllabs.com/ssltest/index.html.  If you get a YES next to TLS 1.0, SSL 3, or SSL 2, then hardening is needed.

Try updating your browser and then run the test again. If the browser is current, go to your web browser settings or preferences and disable SSL and TLS 1.0. Run the same test on your web site. If you get a yes, go to your host administration and disable in security settings.

What is TLS Security Protocol?

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) are both frequently referred to as “SSL”. When you go to a web page and the URL is “https”, the S stands for secure, and the domain host has a security certificate installed and enabled on the web host. Websites use TLS to secure all communications between their servers and web browsers. For example, when a merchant logs into a virtual terminal using a web browser, or a customer makes a payment online via a hosted pay page or ecommerce shopping cart.

 

Christine Speedy, CenPOS authorized reseller, 954-942-0483. B2B cloud payments solutions and CenPOS enterprise cloud payment solutions expert. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

CenPOS Launches PCI-Validated P2P Encryption

Florida-Based Payment Solutions Company, CenPOS, Strives to Make Customer Experience More Secure with Launch of PCI-Validated P2P Encryption.

Data breaches are on the rise and they are costing both consumers and merchants money.

The 2017 Identity Fraud Study, released by Javelin Strategy & Research, found that $16 billion was stolen from 15.4 million U.S. consumers in 2016.

When the consumer data that makes such fraudulent activity possible comes from the merchant’s database, then the merchant can also incur some major damages. In fact, the 2017 Cost of Data Breach Study: United States, found that the total average organizational cost of a data breach has reached a new high at $7.35 million.

CenPOS aims to reduce the vulnerability of sensitive consumer data — that could be used to drain debit card-linked bank accounts, make “clone” credit cards, or buy items on certain less-secure online sites — to hackers with the release of its Validated P2PE solution.

Officially released on July 7th of this year, CenPOS Validated P2PE encrypts cardholder data so businesses can simplify compliance with Payment Card Industry Data Security Standards (PCI DSS) and consumers can stop worrying about data being stolen between “the store” and the bank.

Surprisingly, Validated P2PE is not new technology. It’s the strongest level of data encryption in the market right now and is offered by other merchant payment services companies. However, CenPOS is the first and only company with the Qualified Integrator & Reseller (QIR) designation to offer a Validated P2PE solution.

The QIR designation is awarded by the Payment Card Industry Security Standards Council, a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.

According to their standards, “the quality, reliability, and consistency of a QIR Company’s work” should provide confidence that the merchant’s payment application has been implemented in a manner that supports PCI DSS compliance.

Chris Justice, CEO of CenPOS, is quoted saying: “We believe that loyalty is built on trust and that trust is built by delivering great customer experience over and over again. So, when consumers can have greater peace of mind because they know that the merchant has the proper data security in place to reduce exposure to painful events, like data breaches, we believe customer experience is enhanced and that consumer will choose that merchant over others who are less diligent.”

CenPOS Validated P2PE launched on Friday, July 7, 2017. To learn more, visit https://cenpos.com/solutions/data-security
More facts and further information about CenPOS, can be discovered at https://www.cenpos.com/

About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. | CenPOS | @CenPOS

###

Christine Speedy, 3D Merchant Services, is an authorized CenPOS Reseller. There is no middleman; all solutions offered are direct CenPOS agreements with CenPOS direct billing.

CenPOS Announces its Relationship Renewal with Verifone and the MX Line

CenPOS renews their relationship with Verifone and MX link by purchasing 5,000 Verifone MX 915 devices.

Integrated payment services and gateway provider, CenPOS, purchased 5,000 Verifone MX 915 devices and is deploying point-to-point encryption and advanced data security to auto dealers of all sizes, higher-education, law firms, insurance, manufacturing and distribution.

CenPOS SECURE is a suite of solutions designed to remove sensitive cardholder data from software applications like the merchant’s primary ERP, POS, PMS, DMS, etc. The suite consists of point-to-point encryption, tokenization and encrypted virtual PIN Pads that protect software systems by securing data in-flight and at rest.

When using CenPOS SECURE, merchants can reduce the time requirement and scope of their PCI DSS assessments. The Verifone MX line of products encrypts data at the point of interaction and facilitates a robust shopping experience for the consumer that includes secure PIN entry and signature capture.

“Merchants have enjoyed the CenPOS omni-channel shopping experience and the security that comes from it for the last 8 years. Verifone’s platform was the right choice for CenPOS. Their team of professionals have worked well with CenPOS to incorporate the next level of data security into the solution,” said Christopher Justice, CEO of CenPOS. “We’re pleased with the collaboration and diligence of the technology teams to launch these advancements.”

The Verifone MX line of products provides solid capabilities at the point-of-sale. Its design and attractive styling deliver a comfortable checkout experience while the state-of-the art technology provides added security.

“As a global payments and commerce solutions provider, Verifone’s goal is to create a world-class platform capable of supporting the ingenuity that’s constantly shaping the future of commerce. In a shared effort with CenPOS, we work to bring the highest level of security to transactions,” said Joe Mach, President, Verifone North America.

CenPOS Secure protects card present, eCommerce, mobile, mail order/phone order, and portable device transactions at the point of interaction with multiple layers of security. Integrated into the merchant’s software applications, no sensitive data is ever processed nor stored by those applications eliminating them from the scope of PCI DSS.

To better understand how CenPOS SECURE can help your business, call 877-630-7960 Or visit our website.

About CenPOS:
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.
| CenPOS | @CenPOS

About Verifone:
Verifone is transforming everyday transactions into opportunities for connected commerce. We’re connecting payment devices to the cloud—merging the online and in-store shopping experience and creating the next generation of digital engagement between merchants and consumers. We are built on a 35-year history of uncompromised security with approximately 30 million devices and terminals deployed worldwide. Our people are trusted experts that work with our clients and partners, helping to solve their most complex payments challenges. We have clients and partners in more than 150 countries, including the world’s best-known retail brands, financial institutions and payment providers.
Verifone.com | @verifone

###

Blog author Christine Speedy, CenPOS global sales and integrated solutions, can be reached at 954-942-0483.