FAQs about the best way to handle payments during the coronavirus pandemic
We’ve been speaking with our customers daily to help them navigate through this uncharted territory. There are a few questions that are at the top of the list of many of our merchants so we thought we would compile them in a single resource for everyone to use – regardless of whether you are a Wind River Financial customer or not.
The plan is to update this list regularly. So please check back periodically for new information. If there is a question you have that is not on this list, please feel free to contact us directly.
1. Processing via Virtual Terminal: Why are Encrypted Keypads important?
Encrypted keypads are a hardware-based approach to achieve point-to-point encryption for your transactions. Once the keypad is plugged into your computer and credit cards are either swiped or key entered into it, the encrypted keypad encrypts the data immediately before it hits the computer to which it’s connected (and where malicious software could be waiting to steal it). The decryption key that is required to unlock the data is only located at the credit card gateway outside of the merchant’s computer network. So even if a breach were to occur at the merchant level, only encrypted credit card data would be found, and it would take decades to unencrypt it.
Simply put, using an encrypted keypad is the most secure way to process a credit card transaction.
2. What information do I need to make sure I key in to get best rates possible?
Simply entering credit card numbers directly into your point of sale systems and/or countertop terminals may result in higher fees. Below are some best practices to help you process card-not-present transactions as cost efficiently as possible.
- Never skip over a prompt that comes up on the screen of your point of sale or countertop credit card terminal. The more data you can provide, the safer the transaction and the lower the interchange.
- Enter the CVV code when prompted. If it is unavailable, simply choose “unreadable” as your response.
- If prompted for Order Number, either enter the value or simply use the last four digits of the card number.
- Ask customers for their billing street address and billing zip code when prompted. Please note, for the billing street address or PO Box, you only need to enter the numeric portion.
For more information, you can read our recent blog, which provides tips for processing card not present transactions more cost-effectively.
3. How does processing remotely affect PCI compliance?
The answer depends on how you’re processing remotely.
A. Encrypted Keypad Processing
If you are using a Wind River Financial encrypted keypad to process remotely, the level of security it provides could actually reduce PCI scope versus how you were processing onsite.
B. Personal Computer Processing
If you are not using an encrypted keypad and instead keying credit cards numbers into a personal computer, you’re likely pulling the computer into PCI scope. And, the computer you are using may not have been assessed against the hundreds of PCI requirements.
Although it is a temporary situation, processing in this manner is likely pulling your business out of PCI compliance and could be exposing you to risk.
Here are some questions to consider before continuing to key credit card numbers into a personal computer:
- How well have you secured that computer?
- Is the operating system up to date?
- Are all other 3rd party software up to date?
- Is it running anti-virus or endpoint security software that’s up to date?
- Are router settings running a firewall and remote access turned off unless needed?
- Is the firmware up-to-date?
These are some key best practices that can help reduce risk and mitigate malware on a personal computer.
4. What are my options for setting up online payments?
There are two primary options available for setting up online payments.
Option 1: Advanced online payments
This option enables a host of capabilities for online purchasing through your website. This option enables you to connect with your menu or your inventory system – in real time, if you’d like.
Here are the steps for getting set up with advanced online payments:
Step 1: Contact your web developer to discuss what you’re looking to accomplish. Your developer will recommend a shopping cart for your use.
Note: If you do not have a web developer, contact us, and we can make a recommendation for you.
Step 2: Contact your payment processor who will recommend the optimal gateway to connect with the shopping cart identified by your web developer. Please note, it is best to work with your payment processor on this step as often there are pre-integrated gateways that will make connecting with your shopping cart friction-less. Your payment processor will identify those opportunities for you.
If you are enabling B2B payments only, you may be able to bypass this step and proceed directly to your payment processor.
Step 3: Your payment processor will set-up your gateway and account hierarchy and make sure everything is prepared for your web developer to implement.
Step 4: The process returns to your web developer, who will get your online payment capabilities into production.
Option 2 – Quick Click
This option is ideal for a rapid implementation of basic online payment acceptance. While it is not linked into your inventory system, you would have the ability to display some products for purchase. You also would have the ability to accept invoice payments through your website. Working with a web developer may not be necessary for this option, but you will want to check that with your payment processor
Contact us, we’ll ask you a few questions, and help you decide which option is best for your business.
5. Can I use an iProcess for card not present processing? Why is this not a good idea?
The answer is “yes, you can” but we strongly advise against it. iProcess is specifically designed for card present transactions. Using it for card not present means you have card data stored in your phone/app memory, which is a security risk that you don’t want for your customers or your business. Also card not present transactions via iProcess may downgrade, which results in a higher fee.
