Legal billing and payment technology increases cash flow

Here’s a sneak preview of two innovations that will improve your EBITDA in 2012 with very little effort by your legal staff. The first improves billable time data capture and the second enhances payment acceptance with a flexible PCI Compliant solution, while mitigating risk.

Capture more billable time with a new innovative mobile time tracker that enables you to capture and assign billable time by matter code and client. A key feature is the pop-up on incoming calls; when you hang up, you can immediately assign the call to a client for billing and even enter notes. The length of call is prefilled for you. This data is all accessible back in the office via a web based dashboard.

legal expense record on mobile device

Expense record on mobile device. Assign and submit billable/ reimbursable expenses on the go.

Our  innovative payment gateway works with your existing payment processors, creating numerous efficiencies, increasing cash flow, and reducing the cost of payment acceptance. Partners will have unprecedented access to client billing and payment data based on permissions granted. Clients will have new ways to receive invoices and make payments. Finance staff will have tools to automate processes and control payment processing costs. You’re in control of the most flexible, scalable payment solution available today.

virtual terminal and web payment page for law firm

Image shows example of a custom secure payment page on a law firm web site. When clients select a location, the system automatically routes the transaction to the correct merchant account and related bank account for deposit. Fully configurable for your specific needs, clients can store multiple payment methods and save time for future payments. Future proof and PCI Compliant.

We’ve been too busy bringing clients on board to create comprehensive marketing materials; technology is ready for immediate implementation. Payment Modules include: virtual terminal, batch upload, Electronic Bill Presentment & Payment (EBPP), Dashboard Reporting, report writer, shopping cart and pay page.

Legal Payment Brochure (pdf Download) . This one page document will be updated in the future.

Join clients listed in the 2011 U.S. News – Best Lawyers ‘Best Law Firm’ Rankings. Contact us now to find out why they chose our technology.



Is it any surprise that actual Payment Card Industry (PCI) Data Security Standard (DSS) assessments by Verizon’s team of Qualified Security Assessors (QSAs) shows growth of compliance is stagnant? Even worse, organizations that suffered data breaches were much less likely to be compliant than a normal population of PCI clients? About 20 percent of organizations passed less than half of the DSS requirements, while 60 percent scored above the 80 percent mark. For all those merchants sounding off about an annual PCI Compliance Fee, the evidence is clear that merchants still have a long ways to go. 100% PCI DSS compliance is the only acceptable statistic.

Organizations struggled most with the following PCI requirements:

  • 3 (protect stored cardholder data)
  • 10 (track and monitor access)
  • 11 (regularly test systems and processes)
  • 12 (maintain security policies)

The first two of these can easily be resolved with our hosted payment processing technology, CenPOS. If you’re going to store cardholder data, it needs to be encrypted. One of the major problems with this has been ready access to solutions for storing cardholder data for variable billing. Most gateways have a PCI Compliant solution to store encrypted card data for recurring billing,  charging the same amount on a fixed schedule. However, CenPOS is unique to offer storing card data for billing a variable amount, token billing. Additionally, it is the only technology this writer is aware of that also includes interchange optimization, of major importance to companies trying to control credit card processing fees.

encrypt cardholder data token billing variable amount

Tokens are issed for stored card data, worthless if stolen.

Requirement 10 (Tracking and Monitoring) is a major component of CenPOS. Every user has a unique login and management can micro manage permissions. Where others create a few tiered levels of permission such as cashier, finance, and administrator, CenPOS offers a plethora of options, plus management tracking and research tools.

  • User Permissions: Control precise transaction types allowed, set maximum thresholds, set alerts based on responses, amounts and other criteria. Extensive Permissions enable maximum merchant protection from lower level employees, plus there are tools for secondary oversight at the admin level to mitigate risk of high level employee fraud.
  • Tracking and Monitoring: The requirement calls for the tracking and monitoring of all access to network resources and cardholder data, the main objective is to maintain system logs and have procedures that ensure proper utilization, protection, and retention. According to the Verizon Report, this has historically been one of the most challenging, but is critical to forensic investigations if needed. CenPOS logs everything related to the payments process including user ID, time stamps and every other element of interaction with the system. Merchants must have their own internal logging system for their network.

Requirement 11 (Regular Testing) had the least compliance in the Verizon report. “Organizations continue to have difficulty meeting the sub-requirements regarding network vulnerability scanning (11.2), penetration testing (11.3), and file integrity monitoring (11.5).”  Our recommendation is that merchants hire a qualified outside vendor to assist them with this requirement. We have no direct affiliation with such companies but know several with good reputations should you need a resource.

Requirement 12 (Security Policies) While the best laid written plans may exist, there is still the human factor. Weaknesses identified include poorly written policies, including so long that they are stuffed in a desk never to be read again, and those that are too vague. Note that the requirements are directly related to the services in scope of the organization’s PCI DSS. The more the merchant reduces their scope, the more the burden is on their service provider instead of their internal personnel. CenPOS reduces the merchant scope in several ways, including but not limited to:

  • Web payments on a hosted pay page, not the merchants web page
  • Electronic Bill Presentment and Payment- same as above.
  • Storing all card data, encrypted, on CenPOS servers, eliminating file drawer and merchant stored data


Learn more about how CenPOS can help you with PCI DSS Compliance.




protect against payments fraud

How can you protect your company from payments fraud? What are the current areas of risk? What are statistics for losses? JP Morgan presentation answers these questions with data for all payment types.

Managing Risk : What Matters Today: Protecting Your Assets is part of a series to help treasury management mitigate risk, among other goals. link to PDF download and webinar.

We’ve identified a number of companies, services, and technologies that are especially vigilent in protecting you against fraud, including JP Morgan. Unlike JP Morgan though, we are not limited to a single vendor option. Our clients can choose from many solutions, including expanding the relationship with their current vendor. We increase awareness of what’s available and help you choose solutions best suited for your organization.

For example, CenPOS has fraud protection solutions to prevent improper credit card refunds.

last 4 digits of card don’t match

How can merchants reduce risk of fraudulent card transactions? One of the most widespread credit card fraud schemes involves magnetic stripe counterfeiting. This scam involves re-encoding a valid account number onto an existing magnetic stripe. One way to prevent fraud at retail locations is to require cashiers check the last 4 digits with your software. We automatically program the last 4 digits as a required field for all retail merchants.  Here is how it works with our host based payment processing technology and a signature capture terminal:

  • Cashier presses the sale button and enters the transaction amount. Other parameters such as an invoice number may also be required.
  • Customer swipes their card and data is immediately encrypted
  • Cashier asks to see the card, checks to see that it is signed, and then enters the last 4 digits of the card in the system.
  • Cashier presses submit and data is sent via secure internet connection to host; host returns message:
  1. approval and a request for signature on terminal; customer signs and presses enter
  2. approval and terminal requests pin number if the technology has determined that this transaction would best go through as a pin debit transaction. Customer presses cancel if he/she wants to enter as a credit transaction and is immediately prompted for signature.
  3. denial and reason
    • If the magnetic stripe does not match the numbers you key in, the terminal will display “Last 4 Digits Do Not Match/Mismatched Digits” and will halt the transaction. (CenPOS will outline the box in red will not let user proceed). To ensure that you didn’t enter the wrong number, try to run the transaction once more. If your terminal displays the same warning, call the Automated Voice Authorization Center and tell the operator that you have a “Code 10” authorization.
    • A request for a “Code 10” authorization tells the operator that a suspicious transaction is taking place. If you can’t speak freely, the operator will read a list of possible problems with the card so you can answer yes or no and avoid alerting the customer. You should attempt to stay on the line and keep the card until the authorization is complete. If the authorization is denied, follow the instructions the operator gives you.
    • If the card is fraudulent, do not attempt to apprehend the card user. If the operator instructs you to retain the card, attempt to do so peacefully. Follow any specific instructions the operator gives, unless they put you at risk.

Any credit card terminal can be programmed to prompt for the last 4 digits. A host based system also allows merchants to change and add security parameters on the fly for all locations.

Is your merchant processor helping you with risk management? For just pennies a day, you can have a host based payment processing solution that will reduce risk regardless of your payment processor, in addition to many other benefits, including cost reduction.