Merchant Services

December 11, 2013

Gift Credit Cards and AVS with Authorize.net

Gift Card AVS Authnet

Many gift credit cards (stored-value cards with a Visa, MasterCard, Discover or American Express logo) do not include a billing address on file at the issuing bank. As many shoppers love using these cards for their purchases, you may need to update your default Address Verification Service (AVS) filter settings in order to accept these transactions. If you do not, you may end up rejecting valid purchases.

To accept gift credit cards during and after this holiday season, please follow these steps:

  1. 1.Log into the Merchant Interface at https://account.authorize.net.
  2. 2.Click Account from the main toolbar.
  3. 3.Click Address Verification Service in the Security section.
  4. 4.Uncheck ONLY the checkbox labeled U - The address information for the cardholder is unavailableDo not uncheck ALL of the AVS settings.

    (If you are using the Advanced Fraud Detection Suite (AFDS), then select a radio button to allow, allow and report the triggered filter, or authorize and hold for review all transactions that result in a U response code.)

  5. 5.Click Submit or Save.

This will help prevent the rejection of legitimate gift card purchases that do not have any available address information. All other regular credit and debit card purchases will still be processed according to the other AVS filter settings you've specified.

November 08, 2013

Updating your Dharma account is easy!

weve made updating your account easy 2

Do you have an account update to make? Have you moved locations? Do you have a new employee who should be able to call on behalf of your business? Do you need to update your checking account or add AMEX? I have good news – you have the power to do all of these things directly from the “Manage Your Account” section of our website! You don’t even need a login or password – just your merchant account number.


This is a powerful tool for you to make important updates to your account. We understand that, when hiring a new employee or changing your checking account, updating that information with your merchant service provider is usually the last thing on your mind. But providing the new information to us will make things a lot easier in the future! The contact info we have on file determines who can get support on your account and allows us to provide an added level of protection by identifying authorized contacts.

If you are processing with a terminal or a gateway such as Authorize.net, the support departments will not be able to provide detailed information unless you are added as a contact on the account and you know the correct business address on file. The address on file also determines where your monthly statements and important notices, such as Chargeback notifications, are sent. Please help us keep your account information up-to-date so that we can provide the best service possible!

August 15, 2013

Support Tip of the Month - Settle Your Account Everyday!

cutoff 2

Did you know there is one final step to send your daily transactions to our bank for processing after the original point of sale transaction? This final step is called “batching out” or “settling,” and is necessary in order to transmit your daily sales to the bank for deposit. Until that point, all of the transactions are stored in a “batch” in your point of sale system (e.g. terminal, gateway, or software). The settlement sends the batch to our bank so they can process the transactions and deposit the funds to your bank account (usually on a 2-business day timeline for Visa/MC/Discover). We strongly urge you to batch out or settle your transactions daily. If you do not send the transactions to the bank within a certain amount of time (usually a week), the original authorizations may expire and the card would need to be re-run.

One of our merchants recently discovered the importance of batching when they neglected to batch out their terminals after a one-time event. This merchant lost all of their sales, totaling over $10,000! You can avoid this by making sure to be aware of your batch times and monitor your funding on a regular basis to avoid this type of scenario.

The good news is that most equipment can be set to automatically settle, in which case you don’t have to worry about manually doing it yourself. If you are processing online or through a gateway, the majority of gateways are set to automatically settle, and you can easily update the time of settlement. For example, if you process with Authorize.net, the default settlement time (a.k.a. Transaction Cutoff Time) is set at 3pm PST.

If you process with a stand-alone terminal, it may automatically settle or you may need to do it manually, depending on how the account was set up. We try to make sure to work with you during the initial setup to ensure the terminal is configured properly for settlement. If you choose to auto-settle, we’ll set it at a certain time every day. If you choose to manually settle, it is your responsibility to batch out the terminal at the end of every business day. If you have any questions about your settlement time or if you are not receiving your funding within 2 business days of processing, please contact Dharma at This email address is being protected from spambots. You need JavaScript enabled to view it. and we will assist you in getting everything set up correctly.

June 14, 2013

5 Tools for Mobile Marketing Success

4AGC Smartphone Donation Page

 

Have you embraced mobile marketing yet? SteamFeed recently reported that 37% of internet usage in the U.S. is on a mobile device – that is a huge demographic your good cause could be missing out on if it isn’t mobile-friendly. Our friends at 4AGoodCause compiled a list of the top 5 tools you need to use to make you mobile marketing strategy a success.

 

1. Responsive Web Design

2. QR codes

3. Mobile Friendly Donation Forms

4. Phone Lists

5. Mobile Analytics

 

Click here to learn more about how to maximize your fundraising  potential with mobile marketing.

May 01, 2013

5 reasons to Choose eCommerce Vs. PayPal:

5 reasons to Choose eCommerce Vs. PayPal:

One of the biggest questions nonprofits face when putting together their websites is whether to use Paypal to accept donations or get a merchant account with an ecommerce company. While PayPal has its strengths, it is not always the best choice for nonprofits. An account with an ecommerce company offers your nonprofit more advantages, fewer issues and the opportunity to raise more money online.  Dharma partner 4AGoodCause offers the following 5 reasons to use an ecommerce company versus PayPal:

 
PayPal may be one of the biggest but that doesn't mean it's right for you!  Read the full article here. 

July 25, 2012

BPA-Free Receipt Paper Contains BPS

bpa freeThanks to an alert from one of our dear merchants, we have determined that the BPA free receipt paper that we worked to find and to offer contains bisphenol S (BPS). According to researchers at the State University of New York, BPS apparently has similar estrogen mimicking qualities that can be absorbed through the skin, and it is not clear as to whether BPS is any safer than BPA. Dharma will continue to offer BPA free paper and will continue to look for a source that has neither chemical present (so far we've been told none existed). We'll keep you posted on what we find out and welcome any comments and suggestions!

June 13, 2012

New Fee from Visa: FANF

VisaAdjustments in the rates and fees that the Card Associations (Visa, MC, Discover & Amex) charge are made in October and April. Last fall debit fees were radically reduced for regulated debit card sales due to the Durbin Amendment legislation. Regulated debit cards are issued by banks with assets greater than $10 billion. More good news came when Visa announced new rates for charitable organizations that greatly reduced fees for credit card donations.

On April 1 of this year, Visa announced a new fee called a Fixed Acquirer Network Fee (FANF). This is an industry wide fee and will be assessed by all merchant service providers throughout the universe. The only exception granted by Visa is to nonprofits with the Merchant Category Code of 8398, indicating they are a charitable/social service organization. Though we cannot eliminate this fee, it will be passed through at cost without any profit margin or mark up.

Visa's formula to determine the fee amount is based on many factors, including the merchant category code, number of locations, gross sales volume, how cards are accepted and the business type etc. The fee will range from a low of $2 to over $125/month based on sales volume and number of locations. Visa will rebate the fee to nonprofit organizations with a Merchant Category Code of 8398 (charitable and social service organization). The rebates are issued immediately each month, so qualifying non-profits will see the FANF as well as the rebate on the same statement.

Our opinion on this and other excessive fees

We are compelled to offer our opinion on the above mentioned and Editorialother fees that have come to pass in recent years. It is difficult to understand the rate increases and additional fees that the Payment Card Associations have come up with given the primary members' (Visa and MasterCard) monopolistic dominance in the market. To be clear, it is the card issuing banks that are setting policy. In setting policy, various class action lawsuits, other litigation, market pressure, security issues, even government regulation have a bearing on that process and thus on the cost increases. As a result, the various parties in the credit card processing space are challenged to maintain integrity alongside profitability. Adding to that is the incumbent perspective of maximizing profits and not doing what is best for their customers. We definitely feel this is an unsustainable system.

Thankfully the US Justice Department has taken notice of the excessive nature of the fees and is investigating!  We don't believe Visa's excuse that this fee is as a result of last year's Durbin Amendment, which forced issuers of debit cards to reduce the fees that merchants pay for accepting regulated debit cards. The intention behind that legislation was actually to give relief to cardholders, but the government in its misunderstanding of the industry did not realize that consumers would never see a penny of savings. Furthermore many merchants did not realize a reduction in their fees as many merchant service providers did not pass the savings on to their merchants. Of course you know that Dharma did and we are grateful for that reduction in your costs. We hope the Justice Department can help reduce or eliminate the FANF as well

Until then, here at Dharma we are feeling dismay and disappointment in yet another fee by one of the card associations. We know that the merchant services industry suffers from a reputation of unethical and deceptive practices when it comes to rates and fees. While all merchant service providers have to cover the same costs that are set by the card issuing banks, we see many cases of exorbitant fees which are endured due to agreement terms that are never divulged.

Dharma Merchant Services was created to change this practice. Having recognized that the fee policies are out of the hands of those who are subject to those fees, the least we can do is offer fair, ethical margins and full-disclosure agreements. We also seek to offer value beyond the commodity of receiving card payments by building community, treating you as a human being, and bringing integrity and compassion to the intersection of technology and commerce.

We'd love to hear your voice on this issue and are glad to open the conversation. Please share your comments and feedback!

June 11, 2012

Free Authorize.net Mobile App

Authnet mobile appDid you know that Authorize.net offers a mobile application that is free with your Authorize.net account? This app is a great way to process transactions using your iPhone, iPad or iPod Touch at off-site events (an Android app is coming soon!). All transactions are recorded in the Merchant Interface and your customers can receive a receipt by email. If you already have an Authorize.net account, here are the steps to get started:

1. Download the free Authorize.net mobile app to your iPhone/iPad

2. Log in to the app with the same username and password you use to log in to the Authorize.net Merchant Interface.

3. Once you log in successfully, the app will issue a prompt that your mobile device is "pending".

4. Log in to the Authorize.net Merchant Interface. Click on "Account", then "Mobile Device Management". You'll see your phone in the list of pending devices and can enable it from there (you'll need Account Administrator access to do this).

5. Go back to the "Account" tab and click on "Payment Form" near the top. Click on "Form Fields" and un-check all items under the "required" column. Scroll down and click submit to save your changes and you're ready to start taking payments!

If you get stuck or have any questions on the app, Authorize.net offers free support at 1.888.323.4289. If you have questions about whether Authorize.net is the right mobile solution for you, just contact us and we'll help you assess this option against other mobile payment options.

June 11, 2012

Goin' Phishin'

Email scams reported by Visa and MasterCard

In an effort to protect you against fraud we want to keep you informed about the latest phishing scams reported by Visa and MasterCard.

Phishing is an attempt to garner secure information such as usernames, passwords, and credit card details by posing as a trustworthy source in an email or instant message. Links in the messaging will redirect the victim to a website that looks almost identical to the legitimate site. Common sources used are popular social web sites, auction sites, online payment processors or IT administrators.

Here are two phishing scams going on right now in the payments industry which appear to come from Visa and MasterCard:

Visa Phishing Thumbnail MC Phishing Thumbnail

If you receive either one of these emails, please forward the email or contact information to This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it. .

The good news is that you can rest assured that Visa and MasterCard will NEVER contact you directly.  To help protect against future scams and those from other sources, here are 6 tips from Visa:

1. Look Closely at the Sender's E-mail Address

Although the "From" line in the e-mail might resemble a valid e-mail address, a closer look might reveal unusual characters that can help confirm that the address is fraudulent. For example, a "-x" after the word "support" is an attempt to replicate a valid support contact email address but is really a fake.

2. Check E-mail Images and Graphics

Images used in fraudulent e-mails are often out of place or are inaccurate imitations. For example a fraudster may not fully understand the payment card industry and incorrectly provide co-branded images or images for the wrong product, such as the Visa Verified by Visa logo and the MasterCard SecureCode logo instead of the card brand logo.

3. Pay Attention to Message Format and Text

Message length, grammar, word choice and sentence structure play a large part in the success of a phishing e-mail. For the example, the brevity of the message and the lack of personalization (e.g., the merchant's name is not used; the sender's contact information is not provided) could indicate that the communication is fraudulent.

4. Pay Attention to Message Tone and Look for Consequences Resulting From Lack of Action

Be aware of the tone used in the e-mail message. Does it demand your attention and indicate that there will be consequences if you do not take action? This is a common thread in phishing messages.

5. Consider Whether the Message Received Seems Out of Character

Relationships with financial institutions develop over time. Through the course of business, you may learn that your financial institutions like to conduct business and exchange information in a particular way. Ask yourself, "Would my financial institution or transaction processor send a message like this?" Or is it more likely that you would receive a phone call or be asked to address the issue over a more secure method?

6. Be Wary of Embedded Hyperlinks

Hovering over an embedded hyperlink should reveal the associated URL. If you don't recognize the URL or if the URLs don't match, do not click on it! Even embedded links for sites that you know or recognize may contain clues indicating fraud (such as hidden characters or other slight modifications), which can be easy to miss. Instead, open a new browser window and type the web URL you know to be right.

December 21, 2011

Top Five Failed PCI Compliance Requirements

Plus Tips on How to Resolve Them!

Top Five Failed PCI Compliance Requirements

Many thanks to VeriSign for producing this incredible report on Lessons Learned: Top Reasons for PCI Audit Failure and How To Avoid Them (pdf).

We highly recommend reviewing this easy-to-read report if you find yourself going down the non-compliant rabbit hole.

Here are the what Verisign reveals as top 5 most common failure points for PCI Compliance: 

#1 Install and maintain a firewall configuration to protect data. (Requirement 1)

#2 Protect stored data. (Requirement 3)

#3 Assign a unique ID to each person with computer access. (Requirement 8)

#4 Track and monitor all access to network resources and cardholder data. (Requirement 10)

#5 Regularly test security systems and processes.(Requirement 11)

Want to learn more? Download the full report from Verisign here: Lessons Learned: Top Reasons for PCI Audit Failure and How To Avoid Them (pdf).

November 22, 2011

Fraud Flags to Look Out For

fraudWith the intention to help you process as successfully as possible, here are some fraud flags for you to look out for:

  • “Rush” orders
  • Orders shipped to an address that does not match the billing address
  • Large orders
  • Orders to be shipped outside the United States
  • Multiple sales made in a short period of time which appear to be indiscriminate purchases

In all of these cases, please contact the customer before shipping any products. If the order does not seem legitimate to you, do not ship and void or refund the transaction. Remember that customers can do a chargeback, for any reason, up to 6 months after the charge is processed. It is relatively impossible to win a chargeback case in a card-not-present environment, meaning you face losses due to reversed funds, unpaid products and chargeback fees.

If you process with Authorize.net, protect yourself by setting the Daily Velocity value and Card Code Verification rejection option under the “Security Settings” section under the “Account” menu in your Authorize.net Merchant Interface. You can also sign up for their Advanced Fraud Screening service directly from your Authorize.net account.

Lastly, please monitor your account on a regular basis. If you see irregular activity, such as 100’s of transactions for small amounts which indicate automated testing of stolen credit card numbers, we can shut down your processing number temporarily to help you avoid being charged authorization fees for fraudulent transactions.

November 22, 2011

Protect Yourself with the Authorize.net Velocity Filter

authorizenet logo1eCommerce merchants are vulnerable to a certain type of fraud that is perpetrated by attempts to authorize stolen credit card numbers via a program that generates hundreds or even thousands of credit card authorizations at one time. We saw a recent case that resulted in over 8,000 such attempts in one day! You may not realize this is happening until you check your daily batch, or worse, not catch it until the month end statements show the excessive transaction fees being charged for these authorizations. Please protect yourself by using the fraud filters available with your eCommerce software. If you use the Authorize.Net payment gateway, please enable the Velocity Filter, which limits the number of transactions allowed per day. To set that filter, go to the “Account” menu, and click on the “Daily Velocity” link under the Security Settings area. Authorize.net also has additional Fraud Screening technology available with their optional Advanced Fraud Detection Suite.

In addition to setting these filters, we strongly recommend that you review your transaction activity every day before the settlement time, and immediately contact us or the 24/7 support center if you see any anomalies. This type of fraud can quickly add up to thousands of dollars in authorization fees, and we don’t want to see that happen to any of you!

November 18, 2011

Fraud Alert: Processing International Orders

Tips for How to Vet Customers

globe1To help avoid being the victim of fraud, we recommend shipping products outside of the US only once you have vetted the cardholder and verified their address.

If you are processing with Authorize.net, the default Address Verification Service (AVS) settings will automatically reject transactions placed on cards that were not issued in the United States, and you will see a letter code returned with the decline reason that corresponds to a specific AVS reject reason.

If you decide to change those default settings so these transactions are not automatically declined, please take care to not fulfill the order, especially a large order, without vetting the customer first.

  • Require copies of the customer’s passport and the front and back of the credit card. Most thieves will not reply, assuming that you are “fraud aware”, and have caught on to them. If they do respond, contact the card-issuing bank using the toll-free number on the back of the card and ask them to call their customer to verify that the charge is legitimate.
  • Call the phone number given with the order. It may be bogus or could be the actual number of the person whose card was stolen. Ask the cardholder for the card expiration date, and the details of the order. Fraudsters often lose track of which card they used on which site, and go on a “shopping spree”, not remembering who they ordered from or what they ordered. A legitimate consumer will know exactly what they ordered and will be able to repeat their order accurately.

We with you much success in the world economy but hope you take care with these orders to make sure you are not putting yourself at risk. Trust your instincts and if you ever want to double-check with us, please give us a call!

November 06, 2011

Fraud Trends for November 2011

Plus Tips on How to Respond

Fraud Trends for November 2011

Fraud losses cost the financial and retail industries over $250 billion annually, and cybercrimes get more sophisticated every year.

Here are some new fraud trends and how to respond to them:

Card Skimming

Here, thieves install undetected skimmer devices inside the card reader of terminals and capture credit card data. To safeguard against this, keep your credit card terminal accessible to employees only, and watch for signs of tampering.

Malware Attacks

Malware, short for malicious software, gains access to and damages a victim’s computer without the victim’s knowledge. In 2009 the frequency of this type of attack was 10 times greater than in 2008. Most malware attacks today are designed for financial gain. The malware escapes detection while collecting and transmitting sensitive data such as the user’s bank account information, passwords and credit card details. To protect against malware, always keep your virus protection up to date, because vulnerabilities are usually found in older or out-of-date virus definitions. Never store unsecured credit card details on your computer.

Card Testing

This involves software that automates the testing of stolen credit card numbers using an eCommerce website. We saw two cases of this last year, where a non-profit organization’s website was used to run hundreds or thousands of transactions for small amounts ($1.00) so the card numbers could be tested. This caused the non-profit to incur the authorization fees until they caught it and took the website down or the thief finished testing all of the cards. To prevent your site from being used for card testing, set the “Daily Velocity” filter under the Account menu in Authorize.net, and monitor your transactions daily.

Fraudulent Returns

Here, someone with access to a credit card terminal will run a return transaction on their credit card, putting a credit on their card, when there was no original sales transaction to be returned. The thief will often do this first thing in the morning and then batch out the terminal so there is no record on the closing report. To protect against this type of fraud, keep the terminal in a protected area and consider putting a password on the return function.

Whaling

First we had phishing, where emails prompted users to reply with sensitive information to confirm they are the actual owner of specified accounts. This evolved to SMSishing, where the solicitation was sent via text. Now there’s whaling, where profiles on LinkedIn and Facebook with descriptors like vice president, chief executive officer, chief financial officer, etc. are targeted. Google was hacked in 2010 via a PDF file sent to executives that, once opened, caused vulnerability on each user’s computer so hackers could steal information. If you have one of these profiles on Facebook, LinkedIn, YouTube or other social media outlet, keep your private information private and watch out for requests for sensitive information.

  • Authorize.Net
  • B Corporation
  • Better Business Bureau
  • Canvas Dreams
  • CardPayment Options.com
  • Conscious Capitalism
  • Green America
  • Merchant Maverick