Visa Stored Credential Transaction Mandates 2017

Whether you use token billing or have been considering it, all businesses storing credit cards are impacted by Visa rules updates. Visa has published multiple updates about requirements for its Stored Credential Transaction framework, including mandates to identify initial storage and subsequent usage of payment credentials.

If your business stores credit cards, including a 3rd party payment gateway or any software, you’re impacted. Merchants should not assume that any software or technology in their payment processing ecosystem is automatically updated and compliant. To the contrary, there are specific items that merchants will need to take action to implement. Now is the time to learn more and make a plan. While some businesses were impacted in April, most have until October 14, 2017 to comply.

Visit the Visa USA web site for more information; Visa Merchant Business News Digest. PDF download: Advance Copy of Rules for Stored Credential Transaction Framework REGIONS: US, AP, Canada, CEMEA, LAC, Europe, 15 JUN 2017.

##

TIP: All card brands have their own spin but frequently have similar rules. Need help to get compliant? Contact Christine Speedy to learn more about solutions for your business that are quick and easy to adopt, increasing efficiency and growing profits virtually overnight.

payment processing software for medical billing companies

Do you have banks of credit card terminals provided to you by your clients? How are you distinguishing your company in the marketplace today? What if you could tell your clients that you don’t need or want their machine because there is a more SECURE solution to protect their PATIENT information?

The solution is not software, but rather a hosted “cloud” technology platform that never goes out of date, is always PCI DSS compliant, and is compatible with all the major payment processors. Virtually any payment other than cash is possible with a hosted solution, so as the industry changes, you’ll be on the forefront of various payment type acceptance, plus get funds into your client hands faster with more advanced reporting than has ever been available.
4 critical benefits you can offer your medical clients:

1. Real time treasury reports- the number one reason business site wanting our cloud-based payment processing technology.
– Dynamic reports and Graphics can show location, entire country operation treasury reports, and dozens of others. In just minutes CFO’s can see their business operations from many perspectives.
– Review collected funds in real-time, on demand, from any location. Check or credit card.
– Export data for other systems on demand.

2. Payment Card Industry Data Security Standards Compliance. Most have no idea what PCI DSS is, yet the merchant account holder is responsible and liable in the event of a data breach. Educating your clients and helping them reduce risk is a competitive advantage.

3. Eliminate terminals- no need to replace hardware due to being outdated.

4. Guaranteed best interchange qualification- whatever their price plan, this system will ensure every transaction processes at the lowest rate possible via patented technology. Human and equipment errors are eliminated. Merchants can keep their existing processor- or change- we’re neutral.

Medical Business Payment Problems:
– Time gap from services rendered to cash in bank.

– Patients paying a co-pay on the visit, then after getting paid by the insurance company, the patient ends up having a balance due.

– Offering option to make multiple payments special circumstances.

We offer two distinct solutions for MEDICAL BILLING PROVIDERS to help solve these problems:

1. VIRTUAL TERMINAL

This solution can be implemented immediately and is fully compatible with existing merchant accounts. Your clients want you to use this because they like the graphical reports and instant access to data on demand.

You can resell the solution. This is an up-sell service your clients really want once they see it.

2. On location equipment PLUS VIRTUAL TERMINAL
Hardware at business office and Virtual Terminal at billing provider (you).  The sales for both retail card present and subsequent sales, card not present, will appear in the Virtual Terminal and all reports.

REBILLING SOLUTION: TOKENIZATION
Access a secure payment processing platform and create a TOKEN to enable rebilling the patient or to set up recurring billing. Card data is never stored at the merchant location and the token links only to remotely hosted encrypted data. To re-bill, the merchant enters the patient name, transaction amount, and the TOKEN ID.

Patients agree to have their card charged, usually up to a specified amount, at the time of the original transaction. Merchants can print a receipt, or have an email automatically sent with the receipt.

BENEFITS:

  • Improve cash flow.
  • Reduce or eliminate collections.
  • Simplify the billing process- reduce workload.
  • PCI Compliant- secure solution eliminates exposed card data.
  • Reduce opportunities for internal fraud by eliminating receiving card data within mailed billing responses.
  • Managed payment processing costs- eliminates costly human errors that result in interchange qualification downgrades.

FEATURES:

  • Optional Signature Capture terminal at the medical business location stores patient opt-in agreement electronically indefinitely.
  • Access secure web page from any computer.
  • User control for all functions and reporting. You decide who can perform what type of transaction and who can access reporting.
  • Optional industry template to capture insurance policy number, account number etc. Export reports on demand.
  • Real- time cash flow. Enables management to see multiple locations at a glance.
  • Multiple merchant accounts- Use the same system for multiple doctors within a location.
  • No more banks of terminal or dedicated phone lines- login to each merchant account to process a transaction.
  • Minimal set- up. No major upfront investment.

Dental billing solution enables rebilling after insurance claims

Most medical and dental billing solutions address HIPPA, but what about secure payments?  Our dental billing solution enables you to securely collect current payments and outstanding bills after insurance claims are completed. Collecting payments in a secure manner is equally important to HIPPA. Most staff at medical practices don’t even know what PCI DSS is, even after having 6 years to comply.

DENTAL BILLING SOLUTIONS

Tired of getting paid weeks and months after services are rendered?

Do you have patients paying a co-pay on the visit, then after you’re paid by the insurance company, the patient ends up having a balance due?

How long on average does it take you to collect that balance? Are you paying a medical billing company to collect it for you?

Do you have orthodontia patients that are billed the same amount every month?

Do you offer a payment plan in some situations?

SOLUTION: TOKEN ACCOUNTS.

  1. Merchant accesses a secure payment processing platform and creates a TOKEN to enable rebilling the patient or to set up recurring billing. Card data is never stored at the merchant location and the token links only to remotely hosted encrypted data. To re-bill, the merchant enters the patient name, transaction amount, and the TOKEN ID.
  2. Patients agree to have their card charged, usually up to a specified amount, at the time of the original transaction. Merchants can print a receipt, or have an email automatically sent with the receipt.

BENEFITS:

  1. Improve cash flow.
  2. Reduce or eliminate collections.
  3. Simplify the billing process- reduce workload.
  4. PCI Compliant- secure solution eliminates exposed card data.
  5. Reduce opportunities for internal fraud by eliminating receiving card data within mailed billing responses.
  6. Managed payment processing costs- eliminates costly human errors that result in interchange qualification downgrades.

FEATURES:

  1. Optional Signature Capture stores patient opt-in agreement electronically indefinitely.
  2. Access secure web page from any computer.
  3. User control for all functions and reporting. You decide who can perform what type of transaction. Enable off site billing or accounting to access reporting.
  4. Optional industry template to capture insurance policy number, account number etc. Export reports on demand.
  5. Real- time cash flow. Enables management to see  multiple locations at a glance.
  6. Multiple merchant accounts- Use the same system for multiple doctors within a location.
  7. Minimal set- up. No major upfront investment.
  8. Optional pay page- simple code you can add to your web site so patients can pay a bill.

SALES CONTACT: Christine Speedy 954-942-0483

SCREEN SHOTS

Figure 1. The customer is present and you swipe the card. The card number, expiration and name on card are automatically recognized, as with any swipe device. Confidential information will be x’d out and will not appear on the screen.  Enter the  sale amount, as usual.
swipe sale screen

Notes: Other required or optional fields are determined by the merchant prior at account set-up.  The merchant determines data capture preferences balancing speed at the cashier, information needs, and risk.  In all the figures shown, invoice is mandatory, but that is strictly a merchant decision.

FIGURE 2.  When the customer is not present, different data needs to be captured for risk and interchange qualification  ( how much a transaction costs the merchant) concerns. i
virtual terminal card not present sale screen

FIGURE 3. If the merchant wants to bill the same customer again, the repeat sale button is selected. Information is collected for both the initial sale and future sales. A token is automatically generated, or the merchant can specify one. We recommend you collect the email address so that you can send automatic receipts for future billing. (You can also ask the customer to opt-in or opt-out to marketing via email.)

virtual terminal repeat sale screen

FIGURE 4.  When you’re ready to go back and bill the patient, enter the TOKEN ID along with the amount to charge.

virtual terminal token billing

If you captured an email previously and set up automatic receipts, an email is automatically generated and sent. Email set up can be programmed with your own FROM and SUBJECT.

The benefits I’ve discussed are just the tip of the iceberg. This technology is leaps ahead of anything else on the market, including ease of use. Your staff can complete a repeat sale with less than 5 minutes of training. Setting up recurring billing, where the same amount is billed multiple times, is not shown here and is just as easy.

Protect your patient data. Protect your business from internal fraud. Improve your cash flow. Look at functional graphical reports that let you see and compare cash flow from multiple operations in minutes.

Questions? Need a demo? Call Christine at 954-942-0483.

Tokenization for recurring billing or repeat sales

Tokenization is now offered for resale of variable sales amounts. Enter card data one time only via PCI Compliant interface. The system will generate a token for you. To process future transactions, enter the TOKEN instead of card data, which can never be seen again.

The card data is encrypted and is never stored on your servers or computers. The token, which is worthless to others, is your way to submit future billing requests.

Tokenization and PCI DSS (payment card industry data security standards). PCI compliance is streamlined with tokenization and our end-to-end encryption solution.

The average user will submit cardholder data via the virtual terminal RESALE function. A token is automatically generated which you then store offline. To rebill, simply submit the token in lieu of the actual card number.

TYPICAL REPEAT SALE SET UP FOR RETAIL ENVIRONMENT:

– Merchant has customer fax a standard approval form with card data.

– The paper is filed in a locked drawer with limited personnel access. CVV is never stored.

– Merchant retrieves the information and key enters the transaction on a virtual terminal or desktop terminal when they need to rebill the customer.

– Merchant prints receipt and mails or faxes to the client.

TYPICAL REPEAT SALE SET UP FOR RETAIL ENVIRONMENT WITH CENPOS AND CARD IS NOT PRESENT:

– Merchant has customer fax a standard approval form listing the last 4 digits of the card only,  an email field, and with language about opting-in to receiving email from the merchant.

– Merchant gets card data over the phone and directly enters it into the secure virtual terminal using the RESALE button.

– Merchant copies the TOKEN  generated onto the merchant approval form which is then stored, in a locked drawer with limited personnel access.

– Merchant retrieves the token and key enters the transaction details on a virtual terminal or desktop terminal when they need to rebill the customer.

– Merchant uses the automated email function to send the customer a receipt, or prints receipts the old way.

What if the customer is in the store for the first order, but then won’t be there later when you bill more? You’ll swipe the card as usual, using the resale button. The cashier will be prompted for address and other data as if the customer is not present.

The first transaction will process via your retail swipe account. The future card not present transactions will process via your MOTO account, automatically, when you key enter the transaction later. This is a significant competitive product difference from any other solution you may looked at.

  1. Merchants will qualify for the best interchange rate for each type of transaction, thereby lowering costs.
  2. Merchants will meet the card association requirements for proper presentment to reduce risk of chargebacks from disputes. (Different rules apply about data submitted and signatures on swipe vs moto.)
  3. Both transactions will be in a fully PCI Compliant environment, reducing risk of liability from improperly protecting card data.
  4. Cashiers are removed from any decision making that can affect your rate qualification in every transaction. The system will automatically prompt for data needed based on transaction parameters.
  5. Best of all, no terminal progamming updates! The hosted solution is always current and any terminal connected is simply a slave of the system.

Because they have no meaning by themselves, tokens or aliases are useless to criminals if your customer hard copy files were compromised. Per the PCI DSS standards for your organization, you’ll need to have your workstations scanned that you enter transaction on.

Ideal solution for any B2B companies with corporate customers. Sign up for RSS for more details on this feature. For a demo, call the hotline at the top of this web page.

Related articles: Can you store track data and be PCI Compliant?
Storing CVV codes so you can rebill