True Friends Partners With DoJiggy Merchant Services

For 8 years, Dance Arts Centre has teamed up with Camps of Courage and Friendship to host an annual dance-a-thon, Dance With Courage. This year their dynamic pledge fundraising event teamed up with True Friends and raised funds to add three local camps to their family, providing life-changing experiences to children and adults with disabilities.

Another new member to their team this year is DoJiggy Merchant Services of whom specializes in providing low cost payment processing to nonprofit organizations, priding itself on these core values: integrity, honesty and ethical business practices. True friends successfully processed their donations through their certified payment processing systems that are PCI compliant, providing safe and secure online payment processing via laptops, desktop and mobile credit card processing.

smilesCathy Braaten, Development Officer of True Friends, had this to say of her experience with DoJiggy Merchant Services: “Thank you for the partnership, we had a great event.”

True Friends managed their event with DoJiggy pledge software, a complete web-based registration and donation management system for pledge fundraising events, which is seamlessly integrated with DoJiggy Merchant Services. Dance with Courage individual and or team participants collect and track donations and pledges securely and with ease. They multiply their fundraising dollars raised as each of their dance participants taps into their group of constituents to raise funds for True Friends.

“Dance With Courage remains focused on teaching our dancers the importance of working together, leading by example, maintaining deep values of social responsibility and giving back to our community. Camp Courage and Camp Friendship are names that have been around for decades. We are now working together as True Friends, a non-profit organization focused on this mission: Providing life-changing experiences that enhance independence and self-esteem for children and adults with disabilities.”

Credit card processing fees are the most basic costs for your business or organization when processing credit cards. The most important fee is the rate you will pay on your transactions. You’ll want to make sure that you partner with a company that has low credit card rates and monthly fees, so that you can keep more money for your charity.

Credit Card Fees Explained

If you are signing up for a merchant account, one of your primary considerations is going to be understanding credit card processing fees and pricing structures. There are two main fee classifications for merchant accounts: Tiered Pricing & Interchange Plus Pricing. Online payments – credit card concept

What is Tiered Pricing?

Tiered pricing is the most common, though not generally considered the most beneficial pricing structure for the merchant. With tiered pricing, all credit card brands and types are divided into three (or sometimes more) tiers. The most common tiers are known as Qualified, Mid or Partially Qualified and Non-qualified. While Qualified rates are generally the advertised rates and can be quite low (ie rates starting at just .90% for debit cards), they are also very difficult to achieve. Why? Corporate, Rewards, and other card types are not included in this tier, and who doesn’t use a Rewards card these days?

What is Interchange Plus Pricing?

The other option for pricing is to use what’s called Interchange Plus Pricing. Interchange Plus pricing works by adding a small margin on top of Visa and MasterCard’s interchange fees (the fees that Visa and MC to process their cards). Interchange Plus models typically charge a percentage fee and a per transaction fee above interchange fees. For example: Interchange + .50% and .10 per transaction. So, if interchange is 1.6% and .10 per transaction + your rate is Interchange plus .50% and .10 per transaction = you would be charged 2.1% and .20 on the transaction. With this model, there are no pricing tiers or non-qualified cards which will incur higher rates, so the merchant usually ends up paying lower payment processing fees on almost all card types. See Visa and MC’s interchange tables: http://www.dojiggymerchantservices.com/interchange-fees.html

Conclusions

Tiered pricing is often used and is generally easier to explain, though in practice it is still quite complicated and relies on several factors. Interchange Plus pricing is generally considered to be the more transparent pricing model for merchants. Either way, be sure you know which pricing model you are choosing so that you can better compare the real costs of opening a merchant services account.  

Credit Card Security Policies for Processing Electronic Payments

Many non-profit organizations and companies process payments, donations, and sales transactions via a merchant services account. If credit card processing is part of your business practice, than your business must be PCI Compliant.  This means your business follows certain credit card security requirements set forth by the Payment Card Industry Data Security Standard (PCI DSS) Program.

Online payment

Below we provide a brief overview of the 12 PCI Requirements for Processing Electronic Payments (debit or credit card processing via Mobile Devices, Point of Sale or eCommerce systems):

Requirement 1: Build and Maintain a Secure Network

Firewalls must restrict connections between untrusted networks and any system in the cardholder data environment. Firewalls must prohibit direct public access between the Internet and any system component in the cardholder data environment.

Requirement 2: Do not use Vendor-Supplied Defaults for System Passwords and Other Security Parameters

Vendor-supplied defaults must always be changed before installing a system on the network. Defaults for wireless systems must be changed before implementation. Credentials for non-console administrative access must be encrypted using technologies such as SSH, VPN, or SSL/TLS.

Requirement 3: Protect Stored Cardholder Data

Sensitive personal data should be retained only until completion of the authorization of a transaction. Storage of sensitive authorization data post-authorization is forbidden. This includes:  the full contents of any track from the magnetic stripe, the card verification code (on back of credit card), or the personal identification number (PIN).

The company must also mask the display of PANs (primary account numbers), and limit viewing of PANs to only those employees and other parties with a legitimate need. A properly masked number will show only the first six and the last four digits.

Requirement 4: Encrypt Transmission of Cardholder Data Across Open, Public Networks

Cardholder data sent across open, public networks must be protected through the use of strong cryptography or security protocols. Sending unencrypted PANs is prohibited.

Requirement 5: Use and Regularly Update Anti-Virus Software

All systems must have installed an anti-virus program which is capable of detecting, removing, and protecting against all known types of malicious software. All anti-virus programs must be kept current, be actively running, and capable of generating audit logs.

Requirement 6: Develop and Maintain Secure Systems and Applications

All critical security patches must be installed within one month of release.

Requirement 7: Restrict Access to Cardholder Data by Business Need to Know

Access to cardholder data is limited to only those individuals whose job requires such access. Access limitations must include the following: Restriction of access rights to cardholder data to the least access needed to perform job responsibilities, access to cardholder data is based on an individual’s job classification and function, access to cardholder data will be granted only after completing an authorization request form signed by management.

 Requirement 8: Assign a Unique ID to Each Person with Computer Access

All employees should have a unique ID for all log-ins. Generic account names should not be used and shared across groups. All accounts used by vendors for remote maintenance shall be enabled only during the time period needed.

Requirement 9: Restrict Physical Access to Cardholder Data

Hard copy materials containing confidential or sensitive information (e.g., paper receipts, paper reports, faxes, etc.) are subject to secure storage guidelines such as:

  • Printed reports & all hardcopy media containing cardholder data are to be labeled and physically stored or archived only within secure office environments and locked.
  • All confidential or sensitive hardcopy material must be sent or delivered by a secured courier or other delivery method that can be accurately tracked.
  • Custodians of hardcopy media containing cardholder data must perform an inventory of the media at least annually.

All media containing cardholder data must be destroyed when no longer needed for business or legal reasons. Shredding, incineration or pulping so that cardholder data cannot be reconstructed must destroy hardcopy media.

Requirement 10: Track & Monitor Access to Network Resources

Ensure audit trails and system logs are maintained for access to all sensitive data. Logs should be reviewed periodically and retained for one year.

Requirement 11: Regularly Test Security Systems and Processes

The company must perform testing to ensure there are no unauthorized wireless access points present in the cardholder environment on a quarterly basis. This includes vulnerability scanning on all in-scope systems.

Requirement 12: Maintain a Policy that Addresses Information Security for Employees and Contractors

The company must maintain a security policy that addresses how the company will protect cardholder data. Employees shall not use employee-facing technologies to store, process or otherwise handle cardholder data; this includes: remote-access technologies, wireless technologies, removable electronic media, laptops, personal data/digital assistants (PDAs), email, and internet usage.

The company must also establish, document, and distribute a security incident response and escalation procedures to ensure timely and effective handling of all situations.

 

* Note: the content summarized here provides brief overview of the type of security requirements required for electronic transfer of credit card data. You should check with your merchant services provider to get the full details of the mandatory PCI Requirements.

 

Protecting your Non-Profit from Online Fraud


Safety concept: Online Fraud on digital backgroundIf your organization has been targeted for fraudulent activity on your fundraising website, you already know how time-consuming and costly it can be for an organization. Perhpas you are wondering how non-profits accepting online donations are targeted by online fraud? Non-profit and fundraising websites can be used as a forum for testing stolen cards or card tumbling. Card tumbling occurs when algorithms are used to generate a sequence of 16 numbers that emulate valid credit card numbers.  Some of the numbers generated are real credit card numbers and if your website doesn’t have security measures in place, these card numbers can be used to make fake online donations.

How can we protect our organization from this fraudulent activity?

We recommend that all US based organizations that collect payments/donations via online credit card processing, use the Address Verification Service (AVS). This is the easiest, most important first step in eliminating fraudulent transactions from stolen credit cards. AVS compares the address submitted when an order is placed to the address on file with the customer’s credit card issuer. If the address entered is not the same as the address on file, the card can be declined or held for authorization.

AVS is only valid in the United States, so if your organization accepts online donations from other countries, you will want to set your AVS account settings accordingly. You have several options here as to how strict they wish to be with regard to AVS, but it is imperative that the feature be utilized.

Using Authorize.net’s Fraud Detection Suite

We also recommend that our eCommerce merchant account clients use Authorize.net’s Advanced Fraud Detection Suite™ (AFDS). While the $10 monthly cost may seem high to small organizations; the hours, headache, and loss of good will that this service can potentially save your organization will far outweigh the costs if your organization is targeted for online fraud.

AFDS includes several customizable filters and tools that your organization can use as you see fit. You can choose to activate only the ones that seem important and you can update your settings at any time if you find they are not meeting the intended goals or are hampering your actual customers and donors from making transactions on your fundraising website.

The AFDS includes tools for:

  • Limiting the geographic area or even IP address where users can make purchases/donations on your donation website
  • Setting limits related to time – for example the number of transactions that can be entered by one user or multiple users per hour
  • Set (upper and lower) transaction limits. While you might hope for very large donations, is it really realistic based on your history and donor base?
  • Restrictions on shipping addresses, to be sure that you are not shipping goods to an address not associated with the credit or debit card used.

If you are using another eCommerce gateway, they may also offer automated fraud detection services. Be sure to ask your merchant services provider what they can offer to help your organization stay protected.

Are Non-profits Required to be PCI Compliant?

creditCardProcessing

All merchants (businesses or organizations) who accept, store or transmit credit card data are required to be PCI compliant and this includes non-profit organizations, schools and churches. Even if your organization processes a very small volume of credit card sales or donations, you are required to maintain PCI security standards.

* (see last paragraph for more on PCI Security standards)

How can my organization become compliant?

PCI standards were created to keep your donor and customer financial data secure against theft and fraud. In order to maintain PCI Compliance certification, all publicly accessible internet devices and any associated domains hosted on them must be audited every months. So maintaining the PCI standard is an ongoing process, not something your organization can do once and forget about. PCI defines the following 3 step process:

  1. Assess — Take an inventory of your hardware and business processes involved in credit card processing, and analyze them for vulnerabilities which pose a risk to your cardholders’ personal data. This is done with the PCI Self-Assessment Questionnaire (SAQ).
  2. Re-mediate — Fix any vulnerabilities found. The Security Standard mandates that any vulnerabilities found and categorized as Urgent, Critical, or High severity must be corrected within 72 hours of their discovery.
  3. Report — compile and submit required remediation validation records (if applicable), and submit required compliance reports to your merchant service provider.

PCI Compliance For DoJiggy Merchant Services Clients

There are many great benefits of choosing DoJiggy Merchant Services as your merchant services partner. (including: low industry rates, no binding contracts or termination fees, credit card equipment included, and a free donation website) But…DoJiggy Merchant Services also makes PCI compliance easy and safe for our customers. We partner with Total Merchant Services (TMS) who has a team of PCI specialists to walk you through the process. Simply call them at (888) 848-6825. You should have your MID (Merchant ID number) handy and note that the call must be handled with the account signer.

You can also visit www.compliancefacts.com to begin the process of becoming PCI compliant.

Some banks and merchant services providers have partnered with 3rd party compliance companies, to make the process easier for their merchants. Total Merchant Services (TMS) has partnered with TrustWave for this purpose. (DoJiggy’s TMS clients should use enrollment code: TMSSAQZT for a discount on services).

 

 * More on  PCI Security Standards: The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card (credit and debit cards) and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB).

Benefits of Point of Sale Systems for Credit Card Processing

point of sale systemPoint of Sale System (also called POS system) is the place where a retail transaction is completed. This is the point in which a customer makes a payment to a  merchant in exchange for goods or services, usually done at “checkout” or at the register. The retailer (or merchant) calculates the amount owed by the customer and provides options for the customer to make payment: i.e. cash, check, debit or credit card. If a debit or credit card is selected, a POS terminal (or credit card terminal) is used for swiping the card and processing the transaction, and issuing a receipt.

There are many benefits of using a point of sale system for processing payments. Below we discuss a few!

Safer Credit Card Transactions: Other than cash-payments, physically swiping a card is the safest way for debit and credit card processing. Not only will you get the lowest credit card processing rates with swiped transactions, but there is less chance for fraudulent activity.  With a POS system you have greater security as credit card information is physically swiped, verified with the buyer, and approved in your POS terminal (in comparison to keyed entry: which happens online or over the phone, or waiting for check payments to clear). 

Improved Book-Keeping: A POS system is a computer software and hardware network that immediately records sales as they’re occurring. This solves a variety of operational and record-keeping headaches and allows for more timely and accurate sales tracking. It also helps businesses identify low inventory levels, or sudden shrink (which is when the inventory amount quoted in your books doesn’t match actual stock) -helping to recover missing inventory and possibly pinpoint the cause of the shrink.

Chinese man standing in front of dollar sign written on a chalkbEasier Tracking of Markdowns & Promotions: Many small businesses struggle with tracking price reduction—knowing which items have been marked down and recording those discounts accordingly. Rather than messing with cash-register receipts or trying to remember which items were “on sale” at day’s end, a POS system automates the process of markdowns and, in turn, tracks them accurately Similarly, many companies use coupons, direct mail, special discounts or other promotions to drive business to their establishment. However, managing and reconciling these short-term specials can be difficult. A POS system not only immediately tracks and reconciles promotions, but can pinpoint their impact helping to provide insight into future marketing activities.

Price Consistency. If you are a retailer or restaurant with multiple locations, price consistency can become a real issue (especially if a customer questions why an item has a different price at 2 locations). A point of sale system can help ensure price consistency from one location to another, and can also automate overall inventory control, helping to keep stocks in proper balance from one location to the next.

Increased Efficiency. There are plenty of useful tools that your employees can use to make their job easier and increase efficiency in your business processes. In fact, today’s POS systems are more like a “point of service” system (rather than point of sale) as the functions extend beyond the initial payment transaction. Some POS systems include add-on modules like payroll and time clocks where employees can easily log-in right from the register giving them more time to service your customers (rather than taking time off the floor). Some advanced management features may include; inventory management, Customer Relationship Management (CRM), tracking financials, stocking goods in the warehouse, etc. Prior to these modern day POS systems, these functions were done independently. This not only took more time, but also required manual re-keying of information, which can lead to entry errors.

Summary

If these benefits all sound great to you, then it’s time for you to look for a merchant services provider that can get you set up! Be sure to review “selecting a merchant services provider” to help you identify the important factors you’ll want to consider when setting up a  merchant account. In addition to credit card processing rates, contract terms, and customer service…One item you will want to investigate clearly with a point of sale system is how much the company charges for a POS Terminal. Some companies charge hundreds of dollars for equipment, where others offer it for free!

The Three Basic Steps of Credit Card Processing

If your nonprofit is interested in processing payments and donations with debit or credit cards, you’re probably looking into establishing a merchant account. While it is also possible to accept credit cards via PayPal or with 3rd party providers that write you a check for money donated to your organization, having your own merchant account will provide your non-profit organization with the most flexibility and functionality, at the lowest price possible. And although there are lots of options for merchant services providers, there’s also a lot of information to learn. As you are weighing your options, you’re going to want to have a basic understanding of how the payment processing system works.

There are multiple steps in credit card processing that can involve a number of different vendors and entities. We’ve broken it down to the basics here and attempted to keep it very simple for those new to the industry. Having a basic understanding of these three steps will help you be more prepared when reviewing potential merchant services providers, and selecting your method of processing credit card payments.

photodune-6267588-mobile-money-transfer-xs

3 Steps of Processing a Credit Card

    1. Collecting credit (or debit) card information. The first step of processing a credit card payment is collecting the credit card information from the cardholder. Basic information includes the credit card number, expiration date, and name on the card. Your organization will have the option of requiring Address verification service (AVS) and other data. Requiring this extra data lowers the risk of fraudulent activity and is generally a good idea to protect your organization.
    2. Authorizing & Completing the charge. Once the payment information is collected, it is transferred electronically to the card issuing bank who will authorize or decline the charge. This step can be accomplished by keying the credit card number into an online terminal or payment website or swiping the card through a credit card terminal or mobile swiper device. This process requires that the issuer verify that the credit card account is active and has enough available funds to cover the charge. If verified, the issuer then authorizes and places the charges on the card.
    3. Depositing money to your bank account. Once the card has been charged, there’s the 3rd critical step: receiving the money. When you apply for a merchant account, you will supply your bank account information. Your sales and donations will be automatically transferred into this bank account, generally within 2-3 days. Note that you may need to ‘batch out’ the transactions daily in order to receive your funds.

Here are a few more helpful articles as you get started in your research:

* Selecting a Merchant Services Provider

* Requirements to Apply for a Merchant Account

* 20 Common Payment Processing Definitions

Of course, stay tuned to our blog for more helpful credit card processing tips, case studies, industry news, scam alerts, and more!