Credit Card Terminal Security Error with T4200 Terminals

Broken Hypercom Credit Card Terminal.

Broken Hypercom Credit Card Terminal.

Credit card terminal suddenly not working?  Are you getting an error code upon start up that says, “Authentication Failed Security Error Code 1”?  Does it then say, “Security Error.  Call Service Provider”?  Well I have some bad news!  In short, you are now the proud owner of an electronic doorstopper, as your credit card terminal is now worthless.

I’ll try to explain briefly about this issue, as I understand it and what your potential options are.  This issue is isolated to the Hypercom/Optimum/Equinox terminals of the M and T series.  (Hypercom, Optimum and Equinox are the same with a different name).  So, if you have a M4100, M4230, M4240, T4205, T4210, T4220, T4230 or T4260 you might be having issues.  Here’s the official page from the company  http://lp.verifone.com/global/hypercom-optimum-upgrade/

Anyway, it appears that the firmware certificate on these terminals expired on October 19th, 2015.  From other sources, I gather that they are 10 year certificates.  The original manufacturer of these terminals was Hypercom which was bought out by a competitor, VeriFone.  I guess one could assume that there was little incentive to support these older terminals and in fact it would appear that this could be a boon for them with new terminal sales.  It’s worth noting that some of the terminals have firmware that is not expiring at this time and they will continue to work (for awhile).  The service providers, however do not track the firmware that goes out in the terminals, so there’s no way for them to know if a terminal will have these issues.

So, what happens is, since the certificate has expired, which disallows any further use of the terminal.  It checks the certificate upon start up, so this issue will only be discovered after the terminal is powered off.  This will happen if a power outage or it is unplugged or the electricity is turned off at night.  So, if you have one of these terminals that is working, DO NOT TURN OFF THE POWER until you have a back up method of processing credit cards! 

So, you’ve got a dead terminal.  Now what?  Well, call your service provider tech support.  As soon as you tell them what terminal you have and the error code, they’ll realize you need a new terminal.   They will present your options.

If there’s a silver lining to this issue, it’s the fact that the terminals that are dropping like dead flies are all older terminals and aren’t EMV compliant.  The fact is, as of October 1st, there’s been a liability shift and it’s time to upgrade these outdated terminals anyway for the merchants protection.  The new replacement terminals will be EMV compliant and by all accounts should last for many years.  To maximize the value of this terminal change and extend the life expectancy and functionality I have one very important tip.

Get a terminal that isn’t only EMV compliant but is also NFC compliant.  NFC stands for Near Frequency Communication and it is a reader within the terminal that allows it to communicate with NFC chips that are in mobile phones.  This allows mobile phone payments like Apple Pay, Google Pay and more.  Yes, I know it’s not that common to see these transactions right now, but let’s think beyond the next 6 months if upgrading anyway!

Robert McBeath is a Certified Payment Professional and President of Cornerstone Business Solutions and the COO of BizzGrizz.  Robert has extensive experience offering merchant services and cash advances to business owners. He can be reached at 888.979.4731 x802 or by email Robert@cornerstonecard.com.

 

EMV and Payment Liability for Small Business

Unfortunately, payment card financial fraud is becoming an all too common occurrence for small business owners.  That’s why you may be hearing the terms like EuroPay, Mastercard, and Visa (EMV) as well as payment card liability shift more often.

First of all, what is EMV?

EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.

So what’s the big fuss for small business owners when it comes to EMV?  Two words stand out: Security and liability

According the paymentslender.com, the annual costs of card fraud in the U.S. alone are estimated at $8.6 billion per year. Experts believe that figure will rise to $10 billion or higher by 2015.

While those numbers are staggering, in the past the liability for counterfeit payment transactions fell to the card companies.  That gave some relief to small business owners who have limited resources and mitigation tools.

This “liability relief” is slowly coming to an end at the end of 2015. 

MasterCard defines the liability shift this way: The party, either the issuer or merchant, who does not support EMV, assumes liability for counterfeit card transactions.

What does the change in liability shift mean you. the small business owner?  

First, if you are not yet EMV compliant, don’t think the sky is falling.  You may have already received calls and letters telling to act today or you are doomed.  That’s simply not true.

However, you need to start a plan of action to ensure that you become EMV compliant and protect your business.

Although the new terminals that are EMV compatible are already being deployed, they aren’t mandatory.  It’s not until October 1st, 2015 that a liability shift occurs.  After that date, if a counterfeit card is used at a non EMV terminal, then the merchant will incur the full penalty for the losses on that transaction.  Even after that date, the existing terminals will continue to function, however some merchants may be incurring more risk than necessary.

The Bottom Line with EMV and Small Business

What should you, the small business owner, do now? 

If you are 100% you are EMV ready and have taken necessary steps to protect your business, congratulations, you are being proactive.

However, if you are still uncertain and are like many small business owners in the U.S. when it comes to EMV compliance, you need to talk to a payment professional to understand your risks and options moving forward.

Robert McBeath is a Certified Payment Professional and President of Cornerstone Business Solutions and the COO of BizzGrizz.  Robert has extensive experience offering merchant services and cash advances to business owners. He can be reached at 888.979.4731 x802 or by email Robert@cornerstonecard.com.

9 Questions Answered on Small Business and PCI Compliance

If you have been in business for very long, there is a good chance you are at least vaguely familiar with the term, PCI Compliance.

You are probably have some idea that PCI Compliance has to do with credit cards and security, but what does it really mean and how does PCI compliance affect your small business?

Although PCI Compliance is not a sexy topic, it’s vitally important and we at BizzGrizz want to help you small business business profit.

So, much like pulling a band aid off, let’s make this quick, cover the very basics that you need to know, and get it over with:

1) “What is PCI Compliance?”

Payment Card Industry Data Security Standards was created as a set of rules for all businesses that accept credit cards to protect the card holder’s data they are processing.  Essentially, the card brands want to ensure that businesses are accepting cards in a secure manner and are ultimately liable for any breaches.  Possible card holder information leaks range from employee theft of one customer’s card information all the way up to computer viruses in POS systems, and even processor hacks, such as the 2008 Heartland Payment Systems compromise of millions of transactions.  The Standards are set as a way to minimize these risks.

2) “As a Small Business Owner, Do I Have to Remain PCI Compliant?”

Yes, whether we like it or not, all small businesses are contractually obligated to not only be PCI compliant, but also be certified as such.  The ‘big four’ are very serious about this, and pushing all the processors to get their customers compliant.  As an agent, it’s my job to inform and help my customers with this mandatory regulation.

3) “What if My Business Just Ignores the PCI Requirements?”

Well, unfortunately many businesses do and it’s an unnecessary and severe risk to the health of a business as well as an added expense.  Most ISO’s (independent sales organizations) are going to assess a business a $20 or more monthly penalty to offset the risk for being non-compliant but that’s minimal compared to where the real cost lies. The goal of meeting the standards in the first place is to identify and minimize the risk of an expensive compromise of sensitive customer information.  Any breach of data can be catastrophic to a business.  If this happens to a non-compliant business, fines range up to $500,000 and would certainly be the DEATH of most businesses.

4)  “So What Does it Mean for my Business to be PCI Compliant?”

A business that accepts credit cards must be certified compliant.  The PCI Security Standards Council has approved more than 130 Approved Scanning Vendors (ASVs).  These approved companies assist businesses with a Self Answer Questionnaire (SAQ) and also a network security scan for merchants that store data or are processing via an internet connection.  When all criteria is met to satisfaction, a business will be certified PCI compliant.

5) “Where Should my Business go to get This PCI Certification?” 

Although in theory merchants could utilize any of the ASVs or possibly even self certify, the bank card processor is going to have a relationship with an ASV that they will want utilized.  When a merchant account is established, the provider will help establish a relationship with an ASV that will then report to them when the business is certified.  Communication may come directly from the ASV.  My personal recommendations for ASV’s are ControlScan and Justified Data Security.

6) “Alright then, what do I have to do to get PCI Compliant?” 

The ASV will give you their website with a secure login ID and password.  Login and do the SAQ, which is a series of questions that will assess card acceptance systems and evaluate risk.  If you are utilizing a POS system or processing through an internet connection, then a scan will be required as well.  A scan is a fairly simple press of a button that will allow the ASV to remotely search for security risks utilizing their software.  When the SAQ evaluation and the scan is passed, a PDF of a certificate is provided.  If utilizing the ASV recommended by the processor, they will automatically be notified and their systems will be updated.

7) “What if I Need Help With my SAQ?”

The ASV will provide you a phone number to their qualified customer service agents that can even help walk a merchant through the questionnaire quickly.   Unfortunately, neither the agent nor the bank card processor customer service can help with these issues as they are not approved vendors by the PCI Security Council.

8) “How much will this PCI Compliance cost?”

Pricing varies among ASVs and services required.  A small business can expect to be charged between $79 a year to $29.95 quarterly.  Although services come from an outside vendor, usually charges will come through the merchant account and will show up on the merchant statement.

9) “I have to do this PCI Compliance Questionnaire every year!?!”

Yes.  Being PCI Compliant is not a onetime event.  Security is an ongoing responsibility for merchants accepting cards.  Every year businesses will be contacted to re-validate their status.

Okay, that’s PCI in a nutshell.  Now, if you’re the type that likes paying taxes and find tax code interesting, you might also appreciate much more detailed information on PCI Security Standards by going directly to the official Security Standards site.

Payment Gateway Options With Authorize.net

Utilizing payment gateways is becoming more of a necessity for small business owners today. Payment gateways can often seem confusing, but understanding it’s benefits is vital to offer your customers convenience and choice.

Here is a quick overview of 7 payment gateways and more specifically, authorize.net, and how they can enhance the bottom line of your small business.  

E-CommerceA payment card gateway is an e-commerce program that facilitates credit card transactions via a secure connection to a password protected, secure, hosted site. This program was originally used largely to facilitate e-commerce transactions automatically when connected to a website shopping cart via api codes.

Payment gateways can also be used as a virtual terminal, since any computer that is logged into the internet can access the site, login and manually process a credit card transaction.   Gateways are essentially the mechanism for processing a transaction and work in conjunction with a merchant account, provided by the merchant services provider. Fees for the gateway are in addition to the credit card processing fees, but will generally be billed on the same statement. Fees are typically $10 a month for the secure hosting and 5 cents a transaction.

One of the earliest and still most well know examples of a payment gateway would be Authorize.net. In addition to their competitive pricing, extremely fast and easy setup and excellent customer service, their program offers many more additional options beyond e-commerce. These ‘plug-in’ solutions include Ecommerce with integrated shopping cart, recurring billing, email integrated billing/payment, Quickbooks integration, mobile card processing and even a POS solution.

Here is a brief overview of their some of their more popular optional features for standard applications:

E-Commerce

Accepting credit cards from a website is incredibly easy with Authorize.net. In short, a merchant will get a merchant account (the ability to accept credit card payments) from a certified authorize.net payment provider. When setting up the merchant account, the payment provider will also establish the gateway account on behalf of the merchant. Then the merchant or his web designer can easily connect the authorize.net payment gateway up to a third party shopping cart. See here for a list of certified shopping carts.

Virtual Terminal

Authorize.net also has available a very robust virtual terminal. This allows a business to login into a secure site and accept payments. All that’s needed is an internet connection on any device to login with the secure password information. This is ideal for hand keying any noncard present transactions. See video demonstration here  A Magtek USB card reader can also be added to any computer for speedier transactions and lower credit card processing costs. Readers can be obtained for less than $100 each.

 Recurring Billing

Automated Recurring Billing (ARB) is automated billing that has been used to save businesses multiple hours every month by avoiding re-entering payments. This is a great option for businesses that offer products or services on a subscription basis or want to sell merchandise in installments. This program comes at no additional charge with the standard Virtual Terminal program.

Sync for Quickbooks

Sync for Quickbooks integrates your payment solutions seamlessly. This allows a user to automatically import transactions into a Quickbooks account and syncs daily. This simple and automatic set saves time and elimates errors. For details on the setup and features click here

This feature is available at no extra charge with an authorize.net account.

Mobile Solution

Authorize.net also has available smart phone applications that can be added to a cell phone to enable secure mobile payments. These allow for wireless credit, offline debit or check processing. This app is available at no extra charge with the authorize.net account. Typically this solution will add a mobile reader. They can currently be purchased here: 

Online Check Solution

eCheck.net allows merchants to accept checks online. This option allows for more payment options and also integrates with the Automatic Recurring Billing for monthly debits of checking accounts.

Additional check processing fees apply.

Advanced Fraud Protection

Authorize.net Fraud Detection Suite (FDS) is a robust feature that dramatically reduces the impact of fraud on a business through a set of manageable filters and tools that can help identify risky transactions while enabling profitable, legitimate transactions. Learn more here.

This advanced feature is available at no extra cost!

As you can see, the versatility and security of Authorize.net makes this a fantastic choice for businesses that want all options available to them As a business owner, it’s important to find the correct processing solution to meet the specific business needs now and in the future. There is no reason to be overwhelmed with details, but utilizing a professional bankcard representative with experience can assist through the entire process from inception to implementation.

Authorized representatives at BizzGrizz can be reached by calling 888-979-4731.

Announcing the Evolution to BizzGrizz!

Cornerstone_bug_blueBizzGrizz symbol1_4cFinally, it can be revealed!  The complete transformation of Cornerstone Business Solutions to BizzGrizz!

If you’ve followed my post over the past few years or happen to be dropping by this site for the first time, you’ll notice that there has been little to no new activity here.  That doesn’t mean that my dedication to small businesses has dissipated or that I’ve been taking a long vacation.  The reality is that, my vision became much larger!

The second quarter of 2014, I began to formulate an audacious goal to reach a multitude of business, and reinvent Cornerstone to be more than just another merchant services provider.  Little did I know then, the path that it would take me down and how much would be involved in setting up the framework for this new venture!

If you were to look at my pasts posts, although they were written as Cornerstone Business Solutions, it’s easy to tell that the underlying theme was that it was centered around me.  Whether it was about me being the expert on merchant services, my experience as a Certified Payment Professional, my personal clients or my background with the company.  Essentially, the company was built around my expertise, client/friends and my observations and experiences as a payment card specialist.  Although I don’t believe there’s anything wrong with my desires to share my wealth of knowledge in this field, the fact is, when a company is integrated so much around one individual, then there is little room for anyone else.

So, when I set out on this journey to create something that could grow and provide more value to more businesses, the first epiphany was that I wasn’t going to get there alone.  All great companies have a team with unique strengths that together create something special.  In fact, I’ve been told that the best thing you can do is hire somebody better than yourself.  When I thought about this, many great people came to mind.  But when I asked myself who was the most respected connector, speaker and sales coach that I knew, one name stood out.  Brent Kelly!  Quite honestly, getting somebody of his caliber to join me, seemed initially like a long shot.  However, after months of collaboration, planning and sorting out details, we emerged with a shared vision and became partners in a new venture, BizzGrizz, Your Bear for Small Business!

With Brent’s incredible coaching, marketing, speaking and sales skills and a shared passion for empowering small businesses, we are bringing much more to the table than Cornerstone ever could for the small business community.  We will be the resource for small businesses providing extra value to merchants with innovative solutions, integrating POS payment processing, marketing and training.  Our program will be second to none when it comes to Point of Sale systems, merchant services, marketing programs, business loan funding, loyalty plans and energy services.  In addition to this, Brent Kelly as our CEO, promises to bring more to the small business community by reaching out in a variety of media formats to provide top-notch training and tools for the success of small businesses.  From day one, our shared vision has been to be the best in helping small business maximize revenue and optimize efficiencies leading to greater profits!

A big change with the new shared vision is, we intend to share this growth with a team.  Where before, I insisted on being the sole point of contact and the expert, now I’ll be passing my knowledge along.  With Brent’s great coaching and leadership skills and my in-depth knowledge of providing business services, we’ll look forward to training a team of highly qualified sales representatives that share our core values.

So, as of today, with our official launch party video posted, so begins a new chapter.  I’ll admit a small part of me can’t help but be sentimental about the closing of the door of Cornerstone Card Processing, dba. Cornerstone Business Solutions.  But, knowing that is the next evolution and I’ll be taking friends/clients and all my great experiences with me to the next adventure leaves me nothing but excited about the open door ahead of me!  I sincerely hope you’ll join me and my new team as we begin this new journey, at our new site, www.BizzGrizz.com!

 

 

Did You Think We Were Hibernating?

We Love Small Biz-2

 

Welcome To My Blog On Business Solutions

My name is Robert McBeath, President of Cornerstone Card Processing, Inc., dba. Cornerstone Business Solutions and Cornerstone Capital Advance.  For nearly two decades I’ve been a trusted advisor to businesses in providing the merchant services and ancillary products, including merchant cash advances, gift and loyalty card programs, electronic check conversion and guarantees, POS solutions and more.  My customers appreciate how my experience and professionalism provides more than just a product and price, but the overall solution they need from a trusted advisor.  My philosophy is that a potential customer is a friend first and the relationships I develop is my passion for this business after all these years.  I look forward to reaching out and helping more business people by sharing from my experience and I’m anxiously awaiting feed back from old friends/clients as well as friends I haven’t met yet :-).

%d bloggers like this: