Category Archives: Online Bill Presentment and Payment
Will Your Payment Processing Break Due To Mandatory Security Update? – 2017 Deadline Approaching for TLS 1.2 Requirement
The PCI Security Council has mandated that online merchants who accept credit cards must upgrade from the older SSL and early TLS security protocols, to the newer TLS 1.2 protocol. The required implementation dates to remain in compliance have changed multiple times, causing merchant confusion. To further this confusion, individual gateways and processors have their own implementation timelines for TLS 1.2 support.
Due to recent high profile attacks, some vendors have decided to expedite the transition to TLS 1.2 and completely end support of the older, less secure protocols. This was primarily done because of the known risks of the older security protocols and the PCI Security Council’s assessment of the risk to merchants. The PCI Security Council has stated, “The vulnerabilities within SSL and early TLS are serious and left unaddressed put organizations at risk of being breached.” Because of these known risks, payment technology vendors have become more aggressive in their implementation timeframes and are in the process of deprecating the older protocols beginning in 2017.
One such company is PayPal. PayPal just recently turned off support of the older protocol for test environments and will completely stop supporting the older protocols by June 30, 2017. FOR MERCHANTS USING A PAYPAL PAYMENT GATEWAY WHO HAVE NOT UPGRADED THEIR SYSTEMS TO SUPPORT TLS 1.2, CREDIT CARD PROCESSING SERVICES WILL NO LONGER WORK AFTER THAT DATE.
Dates to know:
- PCI Security Council original date of TLS 1.2 compliance was 2016
- PCI Security Council new date of TLS 1.2 compliance is June, 2018
- PayPal testing environment ended support of older protocols on February 15, 2017
- PayPal production environment ends support of older protocols on June 30, 2017
How do you ensure you will be able to accept credit card payments after the June 30, 2017 deadline? The first thing merchants should do is contact their systems providers to determine all of the payment gateway connections their solution employs. Merchants should then verify that their solution has been upgraded to support the TLS 1.2 protocol. This often times reveals a spider web of connections. Many solution providers support a variety of gateways to reach a particular processing platform.
In the example of PayPal, merchants may be unaware that their payment acceptance solution could utilize technology from PayPal even if they do not accept PayPal as a form of payment. PayPal Holdings, Inc. has acquired various payment technologies and companies (i.e. PayFlow Pro, BrainTree, Venmo, etc.) that many payment solutions employ in the background. If a merchant’s solution utilizes a PayPal gateway and hasn’t been upgraded to support TLS 1.2, it will stop functioning after the June 30, 2017 date.
To avoid credit card acceptance interruption and protect yourself against malicious attacks, you should:
- Upgrade your systems to support the latest security protocol TLS 1.2
- Start your upgrade process today. System upgrades take time and a backlog is already forming with many vendors. This will result in many merchants unable to accept credit card payments after June 30, 2017
- Nodus customers should contact Nodus Support to discuss their upgrade options and ensure that the software versions they are using support TLS 1.2
- Migrating from SSL & Early TLS webinar by PCI Security Standards Council
- Date Change for Migrating from SSL and Early TLS
- PayPal TLS 1.2 and HTTP/1.1 Upgrade Microsite
- Nodus TLS 1.2 Security Update
Chester Ritchie is the President of Nodus Technologies (http://www.nodus.com). Nodus is a certified Microsoft Gold Level Partner for payment software within the Microsoft Dynamics family of accounting systems. Nodus products allow users of Great Plains (GP), Solomon (SL), and AX to accept electronic payments inside of the accounting system. Accounting entries related to payments are automated and cash flow is increased.
For the third time, Nodus Credit Card Advantage, ePay Advantage and eStore Solution Stack have been validated against the Payment Application Data Security Standard (PA-DSS). This time, the Nodus solutions have been validated under the new PA-DSS version 3.2 which requires support for only secure encryption protocols such as TLS 1.2.
“Nodus is very dedicated to maintaining our PA-DSS certification for all of our solutions,” said Nikki Nguyen, Director of Product Management, “Providing secure applications for processing electronic payments helps us maintain trust with our loyal customers and partners.”
Due to the new industry requirement, Nodus is highly recommending that all current customers upgrade to the newest versions of their Nodus software to utilize the TLS 1.2 encryption protocol. This upgrade should be scheduled as soon as possible to avoid any disruption when Payment Gateways begin to turn off the previous insecure encryption protocols. More information on the TLS 1.2 Security update can be found at: http://www.nodus.com/nodus_TLS_Security_Update.html
Customers interested in upgrading can contact Nodus Technologies Support at (909) 482-4701 option 2 or by e-mailing firstname.lastname@example.org.
What is PA-DSS?
The PCI’s Payment Application Data Security Standards (PA-DSS) defines security requirements & procedures for software vendors of payment applications to securely manage and protect card data. A validated PA-DSS application means that the payment application has been assessed to ensure it meets all of the security requirements of the Payment Card Industry Security Standards Council (PCI-SSC).
How does the PA-DSS impact customers?
Secure payment applications help to facilitate a customer’s PCI DSS compliance. When implemented in a DSS-compliant environment, PA-DSS validated payment applications will minimize the potential for security breaches leading to compromises of full magnetic stripe data, card validation codes and values (CAV2, CID, CVC2, and CVV2), PINs and PIN blocks.
Day 3 presented User Group attendees with another sunny and clear day in Tampa, Fl.
After a stream of 8am breakfast sessions, the convention center rooms filled with ISVs for the 9am Partner Showcases. Fauwaz Hussain, the Director of Sales and Marketing, educated GP users on PCI Compliance and secure payment processing. The attendees joined to learn about securing their payment data and automating their collection processes. Some of their biggest concerns included the entry point of credit card data and how to properly store the information. Some of Nodus’ integration partners, such as SalesPad, also presented topics revolving around their solutions. Users can download the presentation slide decks on the GPUG website for any of the sessions, even the ones that they did not attend.
The expo opened for the third day at 2pm for another round of networking and solution research.
GPUG recognized many members for their participation in the community. They awarded Frank Heslin from ExamWorks, Inc., Amber Bell from Training Dynamo, LLC, and Brian Lambertz from Connexus Energy with the 2016 All Star Award. Throughout the event, GPUG also presented attendees the chance to play a version of Pokemon Go by scanning QR codes throughout the event. Congratulations to the GPUG User Group Go winner, Irene Chan.
The night ended with an 80’s inspired dance party at the Florida Aquarium and a Halloween-themed party from FastPath.
The Nodus team would like to thank everyone at Dynamics Communities, and within the channel who helped create another successful User Group event. Safe travels to everyone going home this weekend.
For more information on Nodus Technologies, our solutions, and our next events, please go to www.nodus.com.
Tampa has been very welcoming to the User Group Summit this week. The city grew over night as customers and partners alike began to arrive for an exciting week of Dynamics user content.
Summit kicked off on Tuesday with a cheerful keynote hosted by Andy Hafer, the CEO of Dynamics Communities. The keynote started off by highlighting some of the great accomplishments of the User Groups including celebrating their 10th anniversary and the largest attendance of Summit to date.
The keynote also shared some great examples of community by inviting the Portico Chorus on stage to bring the energy of the stadium alive with a few songs. Andy Hafer stressed the importance of community with an inspiring quote from Cesar Chavez: “We cannot seek achievement for ourselves and forget about progress and prosperity of our community…Our ambitions must be broad enough to include the aspirations and needs of others, for their sakes and for our own.”
The Summit then invited Scott Guthrie from Microsoft on stage to discuss the plans for Microsoft Dynamics 365. Microsoft’s vision statement is to “Empower every person and every organization on the planet to achieve more.” With the newest solutions introduced by Microsoft, they hope to continue to do so. Lastly, the audience was left with a short speech of encouragement related to the world of digital transformation from Ray Wong, the Chairman of Constellation Research.
After the keynote, the expo hall was opened to customers for the first time for the reception. The Nodus team was excited to debut our brand new booth which focuses on our strength of connecting electronic payments with ERP and CRM systems. Of the Nodus members to attend GPUG, one of them is Nodus’ new President, Chester Ritchie. He is experienced in the payment technology world, but is excited to participate in the Dynamics Channel.
The day ended with a parade throughout the expo hall leading outside to enjoy the fireworks show.
The Nodus team welcomes everyone to GPUG Summit and wishes you a great show. Please stop by booth 837 this week to learn more about our solutions and services. Drop off your business card for a chance to win a GoPro HERO 4! We will also be presenting a Solution Showcase on Thursday at 9:15am in TCC12 titled “PCI Compliance – Receivables and Secure Payment Processing.”
Customizing the display of electronic invoices with a professional layout and informational content helps customers to feel more comfortable when viewing and paying bills online. In addition, it provides strategic opportunities for businesses to engage by including targeted promotional content to specific customers segments, and express branding in a manner that breeds comforts and builds loyalty from new users.
When paper invoices are generated they generally include a professional header, client information, payment details, services or products sold, and other details such as the date, invoice number, and additional information relevant to the invoice or company. These invoices are printed and mailed with high quality graphics and form a tangible deliverable that is received by customers, hence, contributing to the customer experience and overall satisfaction score.
Paper invoices often also include promotional content designed to help businesses achieve a desired behavior or business goal. For example, during the holidays, businesses may run discounts or participate in local charity drives and add one or two lines to invoices to communicate involvement with customers. These campaigns add value and help correspond marketing objectives from a ground level, at little to no extra cost.
Traditional billing statements provide openings to convey branding using company logos, style guides, taglines, value props, website addresses and contact information. This is an important element since invoices are generally reviewed by various decision making members of an organization, and over time, become a part of the experience when doing business with vendors and contractors. Hence, a document meant to request payment can actually serve as a strategic tool for entities – if they choose to make the most of it.
The drawbacks of paper invoices, and the reasons many are migrating to electronic bill presentment, surrounds cost, environmental impact, and operational efficiency. There generally is no longer a debate that electronic invoices can be produced, distributed and received at lower cost, with less detrimental effects to our planet, and greater functional benefits for organizations.
The key, however, is to maintain the same level of engagement and comfort by customizing electronic invoices to identically match paper statements, without growing days sales outstanding (DSO). Templates should be created so electronic invoices can be automatically applied to specific situations and customer segments. Graphical elements should be choreographed using professional layouts and familiar looks and feels. With the right technology and execution, a customized electronic invoice can effectively replace a paper invoice, and yield a list of benefits for both businesses and customers.
Nodus ePay Advantage, our integrated online bill pay solution for Microsoft Dynamics ERPs, will soon be releasing a new version, ePay 5.0.2 R2, now with integration to Microsoft Dynamics AX and a list of new features including but not limited to an additional fee option, subsidiary account management, customizable terms & conditions, multi-currency acceptance, customizable invoice templates, and more. Below is quick summary. Please contact us to schedule a demo or request pricing:
Use this new feature to automatically add on an additional amount to the transaction. Additional fee is supported for Online Bill Pay and AutoPay modules, and can be captured as a percentage of the total transaction or based on a fixed amount. This feature can be enabled separately for credit card or ACH transactions. Include a name and description of the fee for customers. One example use of this new feature is if you want to charge a service fee in addition to your product price.
Terms and Conditions Agreement
Organizations can now easily set up and edit a customized Terms and Conditions Agreement to meet their business’ unique legal requirements. Require customers to review and accept the agreement before proceeding through checkout. Once accepted, it will be stored and tracked in a detailed log that can be used for auditing purposes.
Subsidiary Account Management
Multi-entity organizations can now easily make a single payment across subsidiary (child) accounts. Parent company accounts can view historical subsidiary (child) account payments or invoices in a single view. AutoPay contracts can be created for Parent company accounts that can be used to pay for either all subsidiary (child) accounts, or a specific subset.
Process transactions in other currencies using a separate merchant account best suited for the chosen currency. Easily filter, sort or view transactions processed in a specific currency. Keep processed transactions separate based on their currency type. Use Auto-Pay to automatically make payments against invoices in alternate currencies.
Customizable Invoice Templates
Businesses can now easily customize the display of invoices using our new HTML editor. Match invoices to meet company branding, theme or style guide so customers easily recognize billing statements and feel comfortable paying online. Include targeted promotional content on invoices for additional value. Save multiple invoice templates and assign them to display according to different types of invoices.
Self-Service for Forgotten Log-Ins
Customers who forget their ePay username or password can now automatically request their log in credentials through email without having to call in for assistance.
Developers can now use our new RESTful API to add ePay functionality to other applications
Nodus Technologies strives to develop great products, and we also work hard to continually improve them. Taking into consideration user feedback, industry research, and thoughts about the ever changing future, we put in extensive effort to release better versions of our products every year.
Nodus is proud to present the official release of ePay Advantage 5.0 Service Pack 1. ePay Advantage is our online bill presentment and payment solution that will allow your customers to go online and pay their outstanding invoices. It helps automate your accounts receivable process and cut down on PCI challenges. The latest version of ePay Advantage was released Tuesday, October 28th and is now compatible with Dynamics GP 2013 R2. ePay Advantage 5.0 provides users with a list of anticipated new features, bug fixes, performance improvements and security enhancements.
One of the most groundbreaking updates of ePay Advantage 5.0 is its seamless integration with Nodus PayFabric, a hosted, cloud-based processing engine. ePay with PayFabric can help merchants reduce the challenges of PCI Compliance by collecting and processing sensitive payment information without ever having it touch their environment. Using ePay with PayFabric, you can use multiple gateways and processors, and you can choose to not store any credit cards or ACH numbers within your local networks.
In addition to PayFabric, ePay 5.0 users can also:
- Customize PDF versions of invoice details
- Choose which landing page customers will be directed to when applying the single sign-on feature from an existing website to ePay Advantage
- Separate Address Verification and Zip Code Verification which will give the freedom to customize security options
For a complete list of all new features and updates, please contact us today to request the ePay 5.0 release notes or schedule a live demo with our sales team.
(909) 482-4701 or email@example.com