Will Your Payment Processing Break Due To Mandatory Security Update? – 2017 Deadline Approaching for TLS 1.2 Requirement
The PCI Security Council has mandated that online merchants who accept credit cards must upgrade from the older SSL and early TLS security protocols, to the newer TLS 1.2 protocol. The required implementation dates to remain in compliance have changed multiple times, causing merchant confusion. To further this confusion, individual gateways and processors have their own implementation timelines for TLS 1.2 support.
Due to recent high profile attacks, some vendors have decided to expedite the transition to TLS 1.2 and completely end support of the older, less secure protocols. This was primarily done because of the known risks of the older security protocols and the PCI Security Council’s assessment of the risk to merchants. The PCI Security Council has stated, “The vulnerabilities within SSL and early TLS are serious and left unaddressed put organizations at risk of being breached.” Because of these known risks, payment technology vendors have become more aggressive in their implementation timeframes and are in the process of deprecating the older protocols beginning in 2017.
One such company is PayPal. PayPal just recently turned off support of the older protocol for test environments and will completely stop supporting the older protocols by June 30, 2017. FOR MERCHANTS USING A PAYPAL PAYMENT GATEWAY WHO HAVE NOT UPGRADED THEIR SYSTEMS TO SUPPORT TLS 1.2, CREDIT CARD PROCESSING SERVICES WILL NO LONGER WORK AFTER THAT DATE.
Dates to know:
- PCI Security Council original date of TLS 1.2 compliance was 2016
- PCI Security Council new date of TLS 1.2 compliance is June, 2018
- PayPal testing environment ended support of older protocols on February 15, 2017
- PayPal production environment ends support of older protocols on June 30, 2017
How do you ensure you will be able to accept credit card payments after the June 30, 2017 deadline? The first thing merchants should do is contact their systems providers to determine all of the payment gateway connections their solution employs. Merchants should then verify that their solution has been upgraded to support the TLS 1.2 protocol. This often times reveals a spider web of connections. Many solution providers support a variety of gateways to reach a particular processing platform.
In the example of PayPal, merchants may be unaware that their payment acceptance solution could utilize technology from PayPal even if they do not accept PayPal as a form of payment. PayPal Holdings, Inc. has acquired various payment technologies and companies (i.e. PayFlow Pro, BrainTree, Venmo, etc.) that many payment solutions employ in the background. If a merchant’s solution utilizes a PayPal gateway and hasn’t been upgraded to support TLS 1.2, it will stop functioning after the June 30, 2017 date.
To avoid credit card acceptance interruption and protect yourself against malicious attacks, you should:
- Upgrade your systems to support the latest security protocol TLS 1.2
- Start your upgrade process today. System upgrades take time and a backlog is already forming with many vendors. This will result in many merchants unable to accept credit card payments after June 30, 2017
- Nodus customers should contact Nodus Support to discuss their upgrade options and ensure that the software versions they are using support TLS 1.2
- Migrating from SSL & Early TLS webinar by PCI Security Standards Council
- Date Change for Migrating from SSL and Early TLS
- PayPal TLS 1.2 and HTTP/1.1 Upgrade Microsite
- Nodus TLS 1.2 Security Update
Chester Ritchie is the President of Nodus Technologies (http://www.nodus.com). Nodus is a certified Microsoft Gold Level Partner for payment software within the Microsoft Dynamics family of accounting systems. Nodus products allow users of Great Plains (GP), Solomon (SL), and AX to accept electronic payments inside of the accounting system. Accounting entries related to payments are automated and cash flow is increased.
January 6, 2017 by Chester Ritchie
Microsoft recently announced the discontinuation of the Dynamics Online Payment Services. Effective January 1, 2018, users of this service will no longer be able to process credit card payments within Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP, Microsoft Dynamics RMS, Microsoft Dynamics POS 2009, and Microsoft Office Accounting.
To mitigate any potential business impact due to the discontinuation of this product, Microsoft is recommending existing customers search for alternative payment products from Dynamics Independent Solution Providers (ISVs) such as Nodus.
Nodus is the leading provider of PCI certified electronic payment processing modules for Microsoft Dynamics. In addition to the core credit card processing functionality provided by Microsoft Dynamics Online Payment Services, merchants choose Nodus for security and additional accounting automation. The Nodus payment processing gateway can be used to replace Microsoft Dynamics Online Payment Services with minimal interruption to your business.
Nodus products are fully integrated into Microsoft Dynamics. Nodus has been the PCI certified payment solution for Microsoft Dynamics accounting systems for over 14 years. In addition to providing a secure credit card processing solution, Nodus payment solutions integrate with your accounting system to automate accounting entries, provide lowest rates for B2B transactions, and get you paid faster by automating A/R via our online bill pay module.
For more information on how to upgrade your Dynamics Online Payment Services to PCI compliant credit card processing software from Nodus, please visit http://www.nodus.com or call us at 909-482-4701.
Do you have the best practices in place to help you both achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS)?
Nodus Technologies and Dara Security are hosting a joint webinar on December 8, 2015 to discuss the basics of PCI Compliance and how Nodus can help merchants achieve compliance through secured payment applications.
Some of the highlights of this webinar are:
- Payment transaction trends
- Overview of PCI and how it applies to merchants
- Secure processing and storage of credit card data
Register for our webinar here.
Can’t make it but still want answers to your PCI questions? Give us a call at (909) 482-4701 or email firstname.lastname@example.org.
In business, cash is king. Various factors influence an organization’s ability to collect revenue, however proper cash flow management is essential to supporting and advancing business objectives. It is understood that getting a customer to purchase your product or service is only part of what most consider a successful transaction. Getting them to pay in a timely manner, and feel satisfied, changes everything. So what can you do to facilitate timely payments and enhance customer satisfaction? Consider the following suggestions:
- Take advantage of available technology. Paper bills are a dying breed. Not only are they more costly, less efficient and worse for the environment, but they often get lost, take longer to process, and don’t provide much convenience for businesses or customers.
In lieu of paper bills, consider offering customers the ability to view and pay their bills online. This technique is less costly, more efficient and eco-friendly. It allows for your customers to receive billing statements immediately, and with tracking options, you can actually verify a successful receipt – down to the exact day and time. Once customers receive an electronic bill, they can log on to your website or payment link and self-enter their payment details – which reduces the errors and risk often associated with manual data entry. In fact, with the right technology you can ensure no sensitive data ever hits your servers – which greatly reduces your liability and simplifies your scope of PCI compliance. Plus, with popular features like “Auto-Pay,” your customers can schedule timely payment submissions, and essentially forget about them. Reconciliation becomes easier and less labor intensive since electronic records can be drawn and filtered daily. In sum, online bill payment promotes better cash management, lower administrative overhead, reduced postage and printing, and fewer number of delinquent accounts.
- Use a CRM that can accept payments. In addition to offering online bill presentment, recording all interactions with customers is a must. When an account is past due, and a payment has not been received in a reasonable period, you should contact your customer to discuss payment using a CRM that can accept payments. While this is often done by mail or email, a phone call will engage your customer the most and allow them to specify details of their situation, and possibly, even make a payment right over the phone.
Regardless of which approach you take, you should be sure to log the details of each contact so you or other departments can make informed decisions in the future. Keep notes on when follow-up communications were sent and record your customers’ responses to these follow-ups. This will allow you or your employees to schedule subsequent follow-ups more effectively, and use prior information supplied by your customer to judge an appropriate course of action. For example, if the customer was not satisfied and is planning on returning a product or if a customer promised to pay a late invoice in 3 weeks and 5 weeks have passed – you or your team can reference their prior comments in any follow-up discussions, and subsequent resolution process. With the right technology, your customer service representatives or accounts receivable department can take payment from a customer over the phone without leaving the CRM environment. Those payments can be drawn from a customer’s e-wallet on file, automatically integrated with back office systems, and processed immediately in real-time, or later, in a delayed batch. This makes it easier and more efficient to receive payments, while logging or reviewing notes of a customer’s situation. It also will make your customer feel more satisfied when dealing with a representative that has detailed knowledge of prior interactions, and who can expedite payment processing in a fast, efficient manner. For additional assistance with streamlining accounts receivable or electronic payment processing please contact Nodus Technologies or sign up for our free webinar. Call 909 – 482-4701 or email email@example.com
A CRM system is important to companies because it integrates every business area that touches the customer and centralizes information for more informed decision making. This includes sales, customer service, order processing, support, and other areas your customer may not see, such as accounting and back-office systems.
Now, your business can maximize the benefits of your CRM system with Nodus Technologies’ CRM Charge
CRM Charge is an electronic payment processing solution that is integrated with Microsoft CRM.
You can process credit cards and ACH transactions and have them verified in real time without ever having to leave the CRM environment. This well-rounded solution is fast, secure, and will keep your payment processes running smooth.
Some of the many CRM Charge features include:
- Support for both on-premise and online versions of CRM
- Ability to process payments against virtually any entity, including orders, invoices, and opportunities
- Connection with multiple gateways and processors
- Integration with Nodus’ cloud-based payment engine called PayFabric, which provides the safest approach to processing ePayments by not having to locally store the sensitive information
- Synchronization of payments back into Dynamics GP to provide seamless integration between CRM and your accounting system.
Companies can benefit greatly from processing payments inside of CRM. First, it shortens the order processing cycle which increases customer satisfaction. It also allows companies to process transactions without having employees inside of their accounting system, which provides greater security and less risk. In addition, it provides a user-friendly interface to process payments that both technical and non- technical people can understand.
To show how simple it is to process a payment using CRM Charge, we have provided screenshots of the steps below:
- Create an Order.
2. Click on “Create ePayment.”
3. Select a credit card from the customer’s wallet or enter a new credit card. Then click “Process ePayment” to process the transaction.
The transaction is sent to the payment gateway for processing. If it gets approved, an approval message will appear. If it gets decline, a declined message will appear and you will be able to choose a different form of payment.
- Once you receive the approval, you can view the epayments made against the order.
Nodus Technologies strives to develop great products, and we also work hard to continually improve them. Taking into consideration user feedback, industry research, and thoughts about the ever changing future, we put in extensive effort to release better versions of our products every year.
Nodus is proud to present the official release of ePay Advantage 5.0 Service Pack 1. ePay Advantage is our online bill presentment and payment solution that will allow your customers to go online and pay their outstanding invoices. It helps automate your accounts receivable process and cut down on PCI challenges. The latest version of ePay Advantage was released Tuesday, October 28th and is now compatible with Dynamics GP 2013 R2. ePay Advantage 5.0 provides users with a list of anticipated new features, bug fixes, performance improvements and security enhancements.
One of the most groundbreaking updates of ePay Advantage 5.0 is its seamless integration with Nodus PayFabric, a hosted, cloud-based processing engine. ePay with PayFabric can help merchants reduce the challenges of PCI Compliance by collecting and processing sensitive payment information without ever having it touch their environment. Using ePay with PayFabric, you can use multiple gateways and processors, and you can choose to not store any credit cards or ACH numbers within your local networks.
In addition to PayFabric, ePay 5.0 users can also:
- Customize PDF versions of invoice details
- Choose which landing page customers will be directed to when applying the single sign-on feature from an existing website to ePay Advantage
- Separate Address Verification and Zip Code Verification which will give the freedom to customize security options
For a complete list of all new features and updates, please contact us today to request the ePay 5.0 release notes or schedule a live demo with our sales team.
(909) 482-4701 or firstname.lastname@example.org
The holidays are approaching which means a time for cheer and presents—which means more money is being spent—which means more credit card fraud. With millions of card numbers already stolen this year, it is only a matter of course that much more will be stolen with the increased shopping of the holiday season.
Hackers who work on the good side of the law, investigating security breaches, have found even their own stolen information many times. In fact, Bryan Sartin of Verizon’s forensic computer tech team remembers finding a desk mate’s credit card information in two out of three cases, and when it wasn’t there, found his wife’s! With this amount of fraud going on, it’s unnerving to think that some merchants are not implementing any improved practices that will help secure their customers information during this holiday season. The last thing anyone wants is to deal with is credit card fraud when they could be spending quality time with family and friends.
A reason Sartin mentions about why the U.S. is so prone to credit card data security breaches is the way they are being processed. Credit card information goes through multiple systems, flying through the internet, and continues to travel to complete the transaction even after returning an accepted or declined message.
Mallory Duncan, general counsel at the National Retail Federation, proposes tokenization as a potential solution. With tokenization, the card information is taken to the gateway, and a token is returned. This token has no credit card data behind it—so even if it is stolen, it would be meaningless to the hacker.
Nodus provides the option of tokenization with all its products. Our solutions are PCI PA-DSS certified and we are always improving our solutions to help your business become more secure. Improve your processes to keep your customers’ credit card data safe during this holiday season and let the holidays get back to meaning joy and comfort.
To learn more about tokenization and securing your payment processing systems, schedule a free demo with us today at http://www.nodus.com/schedule_demo.html
Source: npr: National Public Radio
Electronic Payments: The New Trend in Payment Collection
The first credit card issued in the United States was by Visa in 1958. Since then, credit card use has increased substantially, becoming one of the most popular payment methods. According to a study conducted in 2012, about 24 billion credit card transactions were processed for general use. (Ray, Daniel and Ghahremani). One of the newest purchasing trends in recent history is the method of electronic payment. With electronic payments, customers can shop wherever and whenever they want, all without having to leave their home.
E-Payments provide convenience and efficiency to consumers by allowing them to:
- Sign up for automatic bill pay, to eliminate the hassle of manually paying bills every month and avoid paying late fee penalties
- Schedule future payments and view their historical and outstanding invoices
- Save forms of payments in a secure eWallet for easy access during future transactions
Electronic payments have not only brought convenience to the consumer, but to the merchant as well. Merchants can enhance and secure their AR processes by integrating their invoices and orders back to their accounting system in real time. They also get real time authorization to assure that the credit card number is valid and that there are sufficient funds available.
Merchants also benefit substantially from ePayments by being able to:
- Encrypt or Tokenize credit card information for better security
- Enhance the efficiency and security of their collection process
- Save tremendous amounts of money by reducing paper, manual entry and mailing costs
- Provide their customers a secure way to make payments themselves
- Avoid the PCI hassle by reducing or eliminating customer’s credit card exposure
Although credit cards are a great resource for collecting payments, they can also be detrimental if not managed properly. If companies are accepting large amounts of credit cards but lack the resources to process them, they may end up hurting the efficiency of their business. In today’s highly competitive market place, companies can’t afford to be slowed down by manual data entry and human error. Integrated credit card processing solutions can speed up the process and prevent mistakes by reducing the need for employees to enter credit cards manually. When a customer buys a product online with a credit card, the credit card first goes through an authorization process, which validates the credit card number, expiration date, CVV number and the billing address. Then it goes through the settlement process for payment collection.
Along with managing the efficiency of processing credit cards, merchants should also take the necessary precautions to reduce security risks. The internet has made it even easier for thieves to steal personal information without ever coming in contact with the victim. A study in 2012 concluded that 39% of surveyed Americans said they were very concerned about online shopping and security (Ray, Daniel and Ghahremani). With high consumer concern as well as the problems that a security breach would create, merchants should put security on the top of their list. In order to do this, companies should be using solutions that are up to date on all PCI (Payment Card Industry) compliancy. To learn more about PCI, visit https://www.pcisecuritystandards.org/
For merchants, it’s important to choose a partner that has expertise in the ePayment industry. You want someone that can offer you a solution designed to leverage your Dynamics GP, while also having the capabilities to grow with your business and strengthen security. The experts at Nodus Technologies can help you understand not only the importance of being PCI Compliant, but also how Nodus’ certified solutions can help you achieve PCI Compliancy. For more information on how Nodus Technologies can help, please contact us at (909) 482-4701 or email email@example.com.
Ray, Daniel, and Yasmin Ghahremani. “Credit Card Statistics, Industry Facts, Debt Statistics .” CreditCards.com. N.p., 13 Jan 2014. Web. 3 Feb 2014. <http://www.creditcards.com/credit-card-news/credit-card-industry-facts-personal-debt-statistics-1276.php