TLS 1.2 Compliance

by Jackie Hollenkamp Bentley

By now iCheckGateway.com‘s customers have received their billing statements along with a notice that, as of July 1, 2017, we are no longer supporting TLS 1.0 or 1.1 over HTTPS and that any older browsers or API clients that do not support TLS 1.2 will no longer work.

So, is this cause for panic? Certainly not. What this actually means is higher security standards for clients and customers when initiating and processing credit card transactions over the internet, thereby engendering a solid sense of trust and integrity for iCheckGateway.com‘s clients and service providers.

So, what exactly IS TLS 1.2? To oversimplify, it’s a security measure that protects sensitive information (i.e. credit card transactions) as it’s transmitted from one person’s computer/app/website to another.

For the tech-savvy, Microsoft (https://technet.microsoft.com/en-us/library/cc784450(v=ws.10).aspx ) gives a more detailed explanation:

“In the authentication process, a TLS/SSL client sends a message to a TLS/SSL server, and the server responds with the information that the server needs to authenticate itself. The client and server perform an additional exchange of session keys, and the authentication dialog ends. When authentication is completed, SSL-secured communication can begin between the server and the client using the symmetric encryption keys that are established during the authentication process.”

With all that being said, what does this mean for the iCheckGateway.com customer? Per mandates by the PCI Security Council (Payment Card Industry Security Council), web browsers must support the latest security protocols established with TLS 1.2 or those sites will no longer work. (Ever surf the web and land on a page that says “The site’s security certificate has expired or is not valid” or any other “Error” warnings?).

Our clients must make sure their web browsers are using the latest browsers or credit card transactions and all other website functions will not work.

But checking is easy. Click on http://howsmyssl.com and a page will open that will tell users whether or not their browsers are secure and PCI compliant.

If not, upgrading is essential or your customer’s transactions will not be secure. Business owners should contact their IT departments to confirm their website’s security. For the smaller business owners, contact your website’s host provider.

As for our client’s customers, they need to be advised to also upgrade their browsers. The good news is that bringing the browser up to date is as simple as logging into the browser’s official website and downloading the newest version. To help, here are links to some of the more popular sites:

For further questions, don’t hesitate to contact us at 888.746.5741 or log onto www.iCheckGateway.com.

Posted in ICG Updates | Comments Off on TLS 1.2 Compliance

Proper Authorization: WEB Transactions

by Jackie Hollenkamp Bentley

The plastic poinsettias are already on shelves. Ornaments are now hanging in droves along the aisles. Red and green decorations have begun to flow across the store rows. Yep. Holiday shopping is already beckoning consumers to start buying.

For those merchants who rely on the Internet to sell their wares and services, it appears Santa Claus will be kind to e-commerce.

The National Retail Federation is predicting online sales to “increase between 7 and 10 percent over last year to as much as $117 billion.”

The predictions are even better from eMarketer. It’s forecasting online sales in the US to jump 17.2 percent this November and December.

With that in mind, it’s a good idea for merchants to revisit the National Automated Clearing House Association’s rules for authorization of WEB Entries (Internet Initiated/Mobile Entries) before the Christmas craziness kicks in.

In this latest post on iCheckGateway.com‘s series on proper ACH authorization methods, we’ll detail the best way to obtain a customer’s authorization to debit his or her bank account for goods or services rendered.

Whether it’s a one-time transaction or a recurring arrangement, all authorizations must have clear and understandable language that a customer can easily see on a computer screen or other visual display such as phones, tablets, notebooks, etc.

The way a merchant presents that online authorization language is flexible, as long as it contains the following:

  • ✓ the transaction amount
  • ✓ the effective date
  • ✓ the routing and account numbers of the customer’s financial institution
  • ✓ a method for the customer to revoke the authorization

Here is iCheckGateway.com’s recommended sample for a one-time online transaction:

I authorize Merchant Name to debit the bank account indicated in this web form, for the noted amount on today’s date. I understand that because this is an electronic transaction, these funds may be withdrawn from my account as soon as the above noted transaction date. I will not dispute Merchant Name debiting my checking/savings account, so long as the transaction corresponds to the terms indicated in this web form.

[Click to Authorize Payment]

If it’s a recurring transaction, wording can be the following:

I authorize Merchant Name to debit the bank account indicated in this web form, for the noted amount starting on today’s date and for the schedule selected by me. I understand that because this is an electronic transaction, these funds may be withdrawn from my account as soon as the above noted transaction date. I will not dispute Merchant Name debiting my checking/savings account, so long as the transaction corresponds to the terms indicated in this web form.

[Click to Authorize Recurring Payment]

In addition, iCheckGateway.com recommends that the payment authorization language appear on the same page as the bank account information to make it clear to the consumer exactly which account he or she is authorizing to be debited.

Merchants are required to keep all authorization agreements for two years in case a customer’s bank requests proof of authorization for a transaction.

Proof of authorization can include the authorization verbiage, documentation that provides transaction details (including customer info), as well as sales documentation to show what goods or services were exchanged. The merchant can also provide a date and timestamp of the customer login, IP address, and authorization process to help evidence the customer’s identity and their agreement to the authorization.

This authorization process, combined with a clickable button prefaced with a statement that the customer agrees to the withdrawal once “clicked”, will satisfy NACHA’s regulations and keep a merchant’s operations running as smooth as eggnog on a Christmas morning.

Posted in ICG Updates | Tagged , , , , , , , , | Comments Off on Proper Authorization: WEB Transactions

Proper Authorization: TEL Transactions

by Jackie Hollenkamp Bentley

Previously, we established that the National Automated Clearing House Association has spelled out the guidelines requiring specific authorizations for online transactions across the ACH network (see Aug. 24 post).

At first glance, the rules governing how authorization can be obtained when debiting a customer’s account look too complex. However, iCheckGateway.com provides their clients the support needed to navigate the various methods to obtain proper authorization.

In this second post of our series detailing the best practices for authorization, the focus will be on TEL Entries, or Telephone-Initiated Entries, for debiting a customer’s bank account.

A TEL entry allows a merchant to debit a customer’s account after receiving the customer’s consent orally over the telephone. This type of authorization for payment can only occur when there is already an existing relationship with the customer, or if the customer contacts the merchant first. The merchant cannot receive a TEL authorization if they are the ones who initiated the communication (i.e. telemarketers).

Preferably, iCheckGateway.com recommends audio recordings of the consent to document authorization for one-time transactions. However, if an audio recording is not available, a written notice, which can be in the form of an email, must be sent to the customer before the settlement date of the one-time transaction.

The merchant is required to keep all copies—audio and written—of the authorization record for two years should a customer’s bank require proof of authorization in a disputed transaction.

There are certain elements that have to be included in the authorization:

  • ✓ The date the customer’s authorization was given
  • ✓ The date on or after which the customer’s account will be debited
  • ✓ The amount of the transaction
  • ✓ The customer’s name
  • ✓ The customer’s account information
  • ✓ A telephone number customers can call with questions
  • ✓ How a customer can revoke the authorization
  • ✓ A statement from the merchant that this authorization is only for a single, one-time ACH transaction to the customer’s account

With all that being said, exactly what should an authorization sound like? Here is a sample:

Sample Authorization for One-Time Debit TEL Transaction

Customer First & Last Name, Merchant Name is requesting your authorization to electronically debit your checking/savings account in the amount of $ amount on or about date of ACH debit. The account information you’ve provided is as follows:

Bank Routing Number: routing number of customer’s bank
Bank Account Number: customer’s bank account #

Is this information correct?

This authorization will be used to originate a single entry, one-time ACH debit entry to your account. At any time prior to processing, you may revoke this authorization by calling our customer service department at ###-###-####. Do I have your authorization today, today’s date, to process this transaction?”

It’s important to note that when dealing with recurring TEL transactions, additional steps must be taken to remain NACHA compliant. Both a written and verbal authorization is needed before initiating the ongoing transactions.

In addition to including the customer’s name, account, revocation method, the merchant’s telephone number, and the date authorization was given, a recurring TEL entry authorization must also contain the following:

  • ✓ the amount of the transactions or a method to determine the amounts to be debited from the customer’s account
  • ✓ the start date and frequency of such transactions

Again, the written notification can be a notice in the form of an email to the customer, or “snail mail” via the U.S. Postal Service or other delivery services.

Of course, these authorization requirements only cover telephone transactions. Our next post will detail the rules governing ACH Network transactions over the Internet, or WEB Entries (Internet-Initiated/Mobile Entries).

 

Posted in Uncategorized | Tagged , , , , , , , , , , , | Comments Off on Proper Authorization: TEL Transactions

Proper Authorization: PPD Transactions

by Jackie Hollenkamp Bentley
Authorized-Stamp-Blog-06-27-2014

As we’ve stated before (see July 12, 2016 post), the number of transactions across the ACH network has increased dramatically, even in the last year. But that’s not to say that these transactions can occur arbitrarily, without some oversight and protections for both the consumer and the business owner.

The National Automated Clearing House Association has established guidelines that require specific authorizations that allow funds to be debited from or credited to bank accounts to pay for goods and services. Those authorizations can be either written, verbal, and/or electronic, depending upon the type of transaction.

Sound too involved, confusing and legalistic? Not with iCheckGateway.com, which offers support for getting the proper authorizations, thereby protecting their merchants should future disputes arise over transactions.

NACHA rules require you to keep copies of ACH authorization for at least two years following the termination or revocation of the authorization. It may be retained as an electronic record that (1) accurately reflects the information in the record, and (2) is capable of being accurately reproduced for later reference. A customer’s bank could request proof of authorization from a merchant, especially if a transaction is ever disputed.

Fortunately, for iCheckGateway.com merchants, support is offered for four different types of authorizations: PPD Transactions (Prearranged Payment and Deposit Entries), TEL Entries (Telephone-Initiated Entries), CCD Transactions (Cash Concentration or Disbursement) and WEB Entries (Internet Initiated/Mobile Entries). Over the next several weeks, we’ll guide you through the process of obtaining authorization for each type.

signing

This post will cover PPD Transactions (Prearranged Payment and Deposit Entries), which allow a business to debit or credit a customer’s bank account via their bank’s routing and account numbers. iCheckGateway.com advises businesses to obtain authorization by having customers sign a written form that includes the amount of the transaction, the date it is to be processed and the bank account information from which the payment is to be debited.

If it is a recurring transaction, such as payments for utility bills, monthly membership fees or loans, the authorization form should also include the frequency of the payments, the not-to-exceed amount for variable recurring amounts, and, if discharging a large debt, the number of payments and total due.

Below are some sample PPD authorizations that can be modified for your business needs.

For recurring PPD entries:

At the top of the form
Sign and complete this form to authorize Merchant Name to make regularly scheduled charges to your bank account. By signing this form, you give us permission to debit your account for the amount indicated below each billing period until the designated expiration date. You agree that no prior notification will be provided unless the date or amount changes, in which case you will receive notice from us at least 10 days prior to the payment being collected.  

Below the customer’s signature
I understand this authorization will remain in effect until I cancel it in writing and I agree to notify Merchant Name in writing of any changes in my account information or termination of this authorization at least 15 days prior to the next billing date. If the above noted periodic payment dates fall on a weekend or holiday, I understand that the payment may be withdrawn from my account as soon as the above noted periodic transaction dates. In the case of an ACH Transaction being rejected for Non-Sufficient Funds (NSF), I understand that Merchant Name may attempt to process the charge again within 30 days, and agree to an additional $XX charge for each attempt returned NSF which will be initiated as a separate transaction from the authorized recurring payment. I acknowledge that the origination of ACH transactions to my account must comply with the provisions of U.S. law. I agree not to dispute this recurring billing with my bank so long as the transactions correspond to the terms indicated in this authorization form.

For a one-time PPD entry:
Sign and complete this form to authorize Merchant Name to make a one-time debit to your bank account. By signing this form, you give us permission to debit your account for the amount indicated on or after the date indicated. This permission is only for a single transaction and does not provide authorization for any additional unrelated debits or credits to your account.

It’s important to note, as well, that NACHA doesn’t specify exactly HOW a merchant can obtain a customer’s bank information for PPD transactions.

For example, some merchants have their customers write their routing number and account number on the form. Other merchants also prefer their customers to provide a corresponding voided check or bank letter to reduce potential errors.

Keep in mind, whichever transaction type is used, merchants are required to keep records of authorization for at least two years in order to remain in compliance with NACHA regulations.

Posted in Uncategorized | Tagged , , , , , , , , , | Comments Off on Proper Authorization: PPD Transactions

Unauthorized Return Rates

by Jackie Hollenkamp Bentley
unauthorized

To say the number of transactions occurring across the ACH Network is growing would be quite the understatement. According to the National Automated Clearing House Association, more than 5 million transactions occurred across the ACH Network in the first quarter of 2016—that’s a 6.1 percent increase from exactly one year ago.

0.5 percent

Unfortunately, with the meteoric increase in transactions, the return rates for failed payments have also increased, prompting NACHA to decrease the unauthorized return rate threshold from 1% to 0.5%.

Unauthorized returns include the following codes:

R05:        Unauthorized Debit to customer’s account
R07:        Authorization revoked by customer
R10:        Customer advises not authorized
R29:        Corporate customer advises not authorized
R51:        Item is Ineligible, Notice Not Provided, Signatures Not Genuine, Item Altered or Amount of RCK Entry not Accurately Obtained From the Item

So what does that mean for the business owner? According to NACHA, this change basically helps a business by compelling it to closely monitor their return rates. The numbers will show whether or not a merchant sees unusual amounts of payments returned as unauthorized.

Exceeding the threshold would result in fines for the processing bank, or Originating Depository Financial Institution (ODFI), which could then be passed on to the merchant.

Fortunately, iCheckGateway.com has the tools and resources available to help merchants tackle this thorny side of business.

“iCheckGateway.com is committed to helping merchants keep their unauthorized return rates in compliance,” said iCheckGateway.com’s Sarah Wainright. “In addition to providing information on proper authorization types to help merchants reduce the number of transactions returned as unauthorized, we can also turn on check verification to provide online, real-time access to positive and negative account information. Our check verification services identify items at the point-of-sale, which assists in the elimination of potential fraud and reduces the likelihood of returning unpaid items.”

The following steps in iCheckGateway.com’s Online Terminal make it easy to calculate return rates for continued compliance monitoring:

  1. Select the Export Transaction Details Report in the Online Terminal (Reports>Export Transaction Details).
  2. Set Payment Method to Checks and select a desired time period (generally, the preceding sixty days or two calendar months).
  3. Be sure to select Exclude Voids for Transaction Type.
  4. Click Export Data and an Excel spreadsheet is generated.

Then the math begins.

To calculate your Unauthorized Return Rate, you can use Excel’s count, sort and subtotal features to divide the total number of debit entries with codes of R05, R07, R10, R29 and R51 by the total number of debits. If the resulting number is less than 0.5%, the unauthorized return rate is in compliance.

By regularly calculating the Unauthorized Return Rate, businesses can track return rate trends and be ready to take action if needed.

Posted in ICG Updates | Tagged , , , , , , , , , | Comments Off on Unauthorized Return Rates

Email Invoicing

by Jackie Hollenkamp Bentley

Still mailing paper invoices to your customers through the good ole United States Postal Service?

Here are some sobering numbers:
>One ream of paper (500 sheets) can cost anywhere between 4 and 7 dollars
>A 500-count box of business envelopes hovers around the price of $30
>Bulk postage can cost between 21 to 27 cents per letter; standard postage is 34 to 49 cents

Email Invoicing Process

So, to mail one bill to one customer, on the cheaper side, it can cost roughly 28 cents. Multiply that by, say, 100 customers; then multiply THAT by 12 months. That’s $336 spent annually on billing customers the “old fashioned way.”

But iCheckGateway.com offers an invoice alternative that would result in an annual mailing cost of $0.00: email invoicing.

“The invoicing system is best suited for any merchant who would typically mail a paper invoice to their customer, but would like to have the convenience of online payments instead,” said iCheckGateway.com’s Daphne Norris. “The email invoice allows the customer to click a link within the email to pay their invoice online using either bank account information (ACH) or a credit card. All payment information will be recorded in the online terminal for the merchant.”
So, when a customer receives your invoice email, they click on the specified link and that link will take the customer to your payment page—that payment is then recorded and managed in your iCheckGateway.com Online Terminal.

Once the Invoicing feature has been activated, this Invoice Management System (found under a specific “Invoice” tab in your Online Terminal) not only provides an easier, quicker way for your customers to pay their invoices, but our system’s dashboard also makes it an efficient way to keep track of who has paid and who hasn’t (i.e. open invoices, paid invoices, customer name, invoice date, due dates color-coded based on status, invoice amount, paid confirmation code, and more). In addition, all payments appear in your iCheckGateway.com account with matching invoice numbers for consolidated reporting.

Already have a database? iCheckGateway.com has a support method in place for that as well.

“If the merchant’s invoice database has the capability of exporting information into an Excel spreadsheet, then it is possible to upload a group of invoices into the iCheckGateway.com invoicing system all at once, rather than creating them manually one-at-a-time,” Norris said. “Specific formatting requirements are available in the online terminal. Once imported, the invoices can be emailed as a group to the customers. But, keep in mind the invoicing system will not update the merchant’s own database. This will need to be done by the merchant.”

If you utilize this time-saving feature, a custom payment portal matching the design of your website will be specifically built for email invoicing. Since the payment portal matches your website, yet is a separate, secure-hosted site, customers can feel more confident in making their payment online.

One side note: there is a one-time setup fee for activating the email invoicing system.

“Generally, this setup fee covers the cost of customizing the invoice to match the design of the merchant’s webpage,” Norris said. “The only ongoing cost would be the standard per transaction fee associated with any transactions that are processed, regardless of how they are received (i.e. invoice email, payment page on their website, IVR, etc.).”

If you’re ready to take the next step in streamlining your company’s accounts receivables and would like to find out how iCheckGateway.com can make bookkeeping more efficient, click here.

Posted in ICG Updates | Tagged , , , , , | Comments Off on Email Invoicing

Make Your Accounts Receivables Department Happy with IVR

By Jackie Hollenkamp Bentley

Accounts Receivable: a claim against a debtor, carried on open account, usually limited to debts due from the sale of goods and services (from dictionary.com)

It’s a given: a business offers a product or service, compensation must be collected from the customer. In the past, bills would be mailed, checks written and mailed back, and the accounts receivables department is happy. But with today’s instant-access technology, that method is virtually gone.

One popular method today involves merely picking up the phone, tapping a few numbers or saying a few words, and voila! Account settled.

Otherwise known as Interactive Voice Response, or IVR, this method of collecting payments from customers has become a mainstay in the business industry.

“With IVR, if a customer has a bill to pay, they can call in and pay it from anywhere at any time without having to speak to a live representative,” said iCheckGateway.com’s vice president Chris Hall. “IVR is ideal for a variety of industry types. It has been proven to be very efficient for utility providers, municipalities, doctors offices, dentist offices, landscapers, property managers, and more.”

Different deployments offer a variety of ways a customer can interact with IVR. iCheckGateway.com offers plenty of options: from the basic payment-only option to more advanced, data-driven versions.

IVR

A basic call to a merchant’s unique IVR number would begin with a query asking if the caller desires to initiate payment via a bank account withdrawal or a credit card. Easy-to-understand prompts guide the customer through a straightforward, streamlined experience.

“Advanced versions of IVR are fully customizable to meet a merchant’s specific needs,” Hall said. “It is all according to how much data they want to collect while the payer is on the phone call. Merchants can even upload invoices so when the customer is on the phone, the IVR system will know exactly how much they owe.”

As an iCheckGateway.com client, all payments (including IVR) flow securely into the Online Terminal, allowing for efficient reporting and records keeping.

“Our IVR feature implements the high security standards we are known for, including data encryption,” Hall said. “When the customer enters their payment data via IVR, iCheckGateway.com securely processes the transaction and sensitive payment data is encrypted. iCheckGateway.com is also PCI-compliant.”

Support for English and Spanish are available by default, but additional language support can be added as needed.

To learn more about IVR and the myriad of iCheckGateway.com’s technology-driven solutions, including custom payment portals, QuickBooks Plugin, check verification, email invoicing, recurring billing and more, click here.

 

Posted in ICG Updates | Tagged , , , , , , | Comments Off on Make Your Accounts Receivables Department Happy with IVR

iCheckGateway.com WooCommerce PlugIn

iCheckGateway WooCommerce Plugin

Let’s say, for argument’s sake, you like to make pajama pants and give them to your family for Christmas. Year after year, you’re asked to make a new pair and eventually your family’s friends want a set. Before you know it, your pajama pants are in high demand and it’s high time you make some money off them!

Being moderately knowledgeable of the Internet, you tackle ecommerce and learn the basic ins-and-outs of WordPress. You design a snappy site and download WooCommerce to act as your site’s shopping cart and obtain a Merchant ID.

Great. Easy peasy.

Well, not so fast. Merchants have to meet PCI Compliance regulations. Wha?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment … PCI applies to ANY organization or merchant, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply. (www.pcicomplianceguide.org)

This is where iCheckGateway.com can be a major lifesaver to the small business owner wanting to launch into ecommerce.

We have developed a plug-in for your WooCommerce page that provides a TransparentRedirect, freeing your site from directly storing or handling your customers’ online payments.

“PCI Compliance regulations are very burdensome on website owners/business owners,” said iCheckGateway.com’s Jason Estes. “For this plugin, we use a ‘TransparentRedirect’ method to handle the sensitive credit card information.  This allows the customer to have a seamless experience and the website owner to retain complete design control, but removes the seller from PCI scope because the credit card number is not stored or transmitted by their website.  Instead, the data goes directly from the customer’s browser in encrypted format to our servers for processing and then returns the user to the WooCommerce store instantly and seamlessly.”

Is it one more thing you have to learn just to sell your product? Well, yes. But that’s where iCheckGateway.com’s excellent customer service comes into play. We have developed quick guides that can take a business owner through all the steps necessary to download the plug-in to your WooCommerce site, install it, and begin taking transactions.

Then, iCheckGateway.com can help you manage those transactions with a number of other efficient tools, processes and products, saving you—the business owner—time and money.

While similar plug-ins will cost upwards of $79, iCheckGateway.com is offering its user-friendly plug-in for just $49. Just click here (http://icheckgateway.com/ACH_and_Credit_Card_Processing_Pricing.aspx), fill out the information, and you’re on your way to selling those beloved pajama pants to the world.

Posted in ICG Updates | Comments Off on iCheckGateway.com WooCommerce PlugIn

What makes iCheckGateway.com unique?

There are myriads of payment processing solutions in our world today. So what makes iCheckGateway.com unique?

iCheckGateway.com not only offers affordable payment processing solutions, but powerful ones as well. We have brought together ACH processing and credit card processing on one platform with unified reporting.

When coupled with our customizable, technology-driven solutions, you get a very unique product, giving your customers more convenient and varied payment options. We specialize in designing custom Internet applications tailored to the specific needs of your business.

Some of the many payment solutions we offer:

  • ✓ IVR System — your customers can make payments by credit card or ACH on an automated phone system at any time without having to speak to a live representative
  • ✓ Custom Payment Portals — you can put a “Pay Now” button on your website that is redirected to a payment page designed to look like your website
  • ✓ Recurring Billing — you can set up an automatic schedule to debit a customer’s bank account or credit card with just a couple of clicks (can also be added to payment portals)
  • ✓ QuickBooks Plugin — you can import payments from the gateway into QuickBooks and apply them to invoices and also process payments directly in QuickBooks
  • ✓ Email Invoicing — you can email invoices to your customers that contain a link where they can click to pay their bill online
  • ✓ Check Verification — you can have real-time access to positive and negative account information to help eliminate potential fraud and reduce the likelihood of returning unpaid items
  • ✓ Integration — you can integrate using our API and web services
  • ✓ …and more.

Best of all? All these transactions show up in the same place regardless of how they were received. You can view details of each transaction in our user-friendly Online Terminal.

Known for being user-friendly, functionally dependable, and customizable, iCheckGateway.com’s robust payment technologies service a broad spectrum of industries that range from utilities and healthcare to financing and charities.

Contact us at (888) 746-5741 to speak with someone about your specific payment processing needs and the solutions we have to offer you!

Posted in ICG Updates | Tagged | Comments Off on What makes iCheckGateway.com unique?