DalPay Internet Billing. Virtual Terminal User Guide



Similar documents
DalPay Internet Billing. Technical Integration Overview

DalPay Internet Billing. Checkout Integration Guide Recurring Billing

Merchant Account Glossary of Terms

Becoming PCI Compliant

Payment Card Industry (PCI) Data Security Standard

(877) City: State: Zip: Physical Business Address: City: State: Zip:

Credit/Debit Card Processing Requirements and Best Practices. Adele Honeyman Oregon State Treasury Training Specialist

POLICY SECTION 509: Electronic Financial Transaction Procedures

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Questions and Answers PCI Compliance (Updated May 23, 2014)

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

How To Complete A Pci Ds Self Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Address Verification System (AVS) Checking

E-Market Policy Accepting Online Payment for Conducting University Business

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

UCSD Credit Card Processing Policy & Procedure

A multi-layered approach to payment card security.

Netswipe Processing Implementation

PCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Refer to the Integration Guides for the Connect solution and the Web Service API for integration instructions and issues.

PCI Compliance: How to ensure customer cardholder data is handled with care

How To Spot & Prevent Fraudulent Credit Card Activity

Elavon Payment Gateway Integration Guide- Remote

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

Acceptance to Minimize Fraud

Version 1.0 STRATEGIC PARTNER TRAINING MANUAL

Attestation of Compliance for Onsite Assessments Service Providers

Merchant Payment Card Processing Guidelines

Payment Card Industry (PCI) Data Security Standard

IT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES

Your Compliance Classification Level and What it Means

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

The Comprehensive, Yet Concise Guide to Credit Card Processing

PCI Data Security Standards

MySagePay. User Manual. Page 1 of 48

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

International Merchant Application Form

My Sage Pay User Manual

La règlementation VisaCard, MasterCard PCI-DSS

How To Understand The Law Of Credit Card Usage

Online Payment Processing Definitions From Credit Research Foundation (

Credit Card Handling Security Standards

Adyen PCI DSS 3.0 Compliance Guide

Appendix 1 Payment Card Industry Data Security Standards Program

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY

Merchant e-solutions Payment Gateway Back Office User Guide. Merchant e-solutions January 2011 Version 2.5

PCI Security Compliance

How To Program A Credit Card Terminal To Be A Pca Compliant (Cpo) Or Not (Pca) Compliant (Dns) (Cisp) (Dhs) (Pci) (Susu) (Usu/

Attestation of Compliance for Onsite Assessments Service Providers

MERCHANT CREDIT CARD PROCESSING APPLICATION AND AGREEMENT PAGE 1 of 2 BUSINESS INFORMATION Taxpayer Identifi cation Number: (9 digits)

DalPay Internet Billing. Penny Auction Merchant Boarding Guide

Realex Payments Integration Guide - Ecommerce Remote Integration. Version: v1.1

Your gateway to card acceptance.

White Paper On. PCI DSS Compliance And Voice Recording Implications

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER

Steps for staying PCI DSS compliant Visa Account Information Security Guide October 2009

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

increase your resistance How card not present gaming companies can minimise the risk of losing money through chargebacks

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

TERMINAL CONTROL MEASURES

Fraud Detection. Configuration Guide for the Fraud Detection Module v epdq 2014, All rights reserved.

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

DalPay Internet Billing. Checkout Integration Guide Online Payments

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

Policy Title: Payment Cards Policy Effective Date: 5/5/2010. Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Visa Debit processing. For ecommerce and telephone order merchants

Introduction to Online Payment Processing and PayPal Payment Solutions

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

Information for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)

Attestation of Compliance for Onsite Assessments Service Providers

Payment Card Industry (PCI) Data Security Standard

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Attestation of Compliance for Onsite Assessments Service Providers

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Why Is Compliance with PCI DSS Important?

Our 24 tips to get you trading online in 24 hours

Attestation of Compliance, SAQ A

Josiah Wilkinson Internal Security Assessor. Nationwide

What is Interchange. How Complex is Interchange?

Your Gateway to Online Success

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Transcription:

DalPay Internet Billing Virtual Terminal User Guide Version 1.2 Last revision: 01/01/2010 Page 1 of 11

Version 1.2 Last revision: 01/01/2010 Page 2 of 11

REVISION HISTORY... 4 INTRODUCTION... 5 A. WHAT DO I NEED TO USE THE VIRTUAL TERMINAL?... 5 B. HOW DOES THE DALPAY VIRTUAL TERMINAL WORK?... 5 C. WHAT ARE PROHIBITED ACTIVITIES WHEN USING THE VIRTUAL TERMINAL?... 6 i. FIGURE 1: Extract from the PCI DSS Version 1.2... 7 D. PLACING ORDERS USING THE VIRTUAL TERMINAL... 8 E. MAKING A LIVE TEST ORDER... 10 F. WHAT HAPPENS AFTER A TRANSACTION IS ACCEPTED VIA VIRTUAL TERMINAL... 11 Version 1.2 Last revision: 01/01/2010 Page 3 of 11

Revision History Version Date Change Notice Pages Remarks Released Affected 1.0 August 1, First release All PCI DSS 1.1 applies 2007 1.1 July 1, 2008 Screen shot changes p. 8. PCI DSS 1.1 applies 1.2 January 1, 2010 Screen shot changes p. 7, 8. PCI DSS 1.2 applies Version 1.2 Last revision: 01/01/2010 Page 4 of 11

Introduction This user guide describes use of DalPay s Virtual Terminal for merchants processing MOTO (mail order/telephone order) transactions as a Card-Not- Present transaction. a. What do I need to use the Virtual Terminal? In order to use the Virtual Terminal a DalPay merchant in good standing must at the minimum have returned to the DalPay Risk Department a correctly completed Payment Card Industry (PCI) Data Security Standard Self- Assessment Questionnaire A and Attestation of Compliance: https://www.dalpay.com/en/compliance/dalpay_pci_saq_a_1_2.doc (Please refer to a Qualified Security Assessor or DalPay Support for guidance in completing these documents.) Once the Risk Department has received and approved this documentation, the Virtual Terminal feature can be activated for a specific account. b. How does the DalPay Virtual Terminal work? The Virtual Terminal requires collection of the same transaction information as DalPay Checkout, but allows the merchant to self-key the order details on our SSL secured order pages, instead of having a customer visit the same pages themselves as part of a DalPay Checkout order sequence. Orders placed by a merchant directly using the Virtual Terminal do not receive the full benefit of fraud scrubbing by the DalPay Automated Anti-Fraud Inspection System (which only works fully when customers enter their own orders themselves), so a MOTO order entered using the Virtual Terminal in this way should be treated as a higher risk transaction. As a rule of thumb, a merchant should aim to process less than 25% of their orders via the Virtual Terminal, and the rest directly by customers via DalPay Checkout, in order to benefit from the fraud scrubbing that DalPay provides. (As MOTO transactions are inherently higher risk, authorization forms may be required for more of these transactions than transactions entered by customers via DalPay Checkout.) Version 1.2 Last revision: 01/01/2010 Page 5 of 11

c. What are Prohibited Activities when using the Virtual Terminal? Please note that under the Payment Card Industry Data Security Standard (PCI DSS), Sensitive Authentication Data must NOT be stored. Sensitive Authorization Data in the context of Card-Not-Present transactions is defined as the CVC2/CVV2/CID*. (*This is the 3-digit security code on the back of the card; Visa calls it CVV2, MasterCard calls it CVC2. JCB call it the CAV2. For American Express cards it is called the CID or 4DBC and is 4-digits on the front of the AMEX card.) You must never store the CVC2/CVV2/CID in any database, or on any paper form, i.e. after the transaction has been authorized and accepted by one of DalPay s acquiring banks, you must make sure you have removed any record you had of it. For more information please refer to the PCI DSS (extract shown in Figure 1), and/ or the Qualified Security Assessor who assisted you in completing your Self-Assessment Questionnaire and Attestation of Compliance. Your operating jurisdiction may require specific protection of other cardholder or transaction data as well, or proper disclosure of your company's practices if consumer-related personal data is being collected during the course of business. Detailed discussion of this aspect is beyond the scope of this document. (In Iceland for example DalPay is subject to, and compliant with the requirements of Act no. 77/2000 on The Protection of Privacy as regards the Processing of Personal Data.) Version 1.2 Last revision: 01/01/2010 Page 6 of 11

i. FIGURE 1: Extract from the PCI DSS Version 1.2 https://www.pcisecuritystandards.org/ Version 1.2 Last revision: 01/01/2010 Page 7 of 11

d. Placing orders using the Virtual Terminal After logging into the Merchant Menu you will see the icon bar at the top of the screen. Click on 'order pages' to bring up your Page IDs (you need one for each web page, or currency that you accept via DalPay): You enter orders through the Virtual Terminal by clicking on the MOTO icon to the right of the OrderEmail setting: This will pop up the Virtual Terminal page: Version 1.2 Last revision: 01/01/2010 Page 8 of 11

(First, you should enter a test order to become familiar with how the system works - see the next section, Making a Live Test Order for details on how to enable the test card for your account.) The Terminal page asks you first for details about the order, with lines for sub items within the order, each having a Description, Price and Quantity (Qty). So in an example of a single sub-item description might be My first product', you can enter additional sub-items also, so a single customer's order for a few items might be something like this: Product description Price Qty (in USD) My first product 50.00 1 Second product 25.00 2 Shipping FedEx Direct Signature Required 36.00 1 To make a one-off charge choose the default of 'Do not rebill credit card' then click to 'Enter customer and card details'. All Description, Price and Quantity sub items entered appear in your transaction history from 'orders' from the main menu, and are also included in the email sent to the customer by email, and in your merchant email copy as well. When you click on the 'Enter customer and card details' you will be taken to the DalPay Checkout phased validation screens where you are asked over three pages for the customer's Country and Card Type, then to enter their shipping and billing addresses, followed by their card details. See What Happens After a Transaction is Accepted via Virtual Terminal for what happens if the card is accepted. If the card is declined, you will receive an error message page, and can try again, and also separately view the transaction as Declined in the transaction list from 'orders'. Version 1.2 Last revision: 01/01/2010 Page 9 of 11

(If you wish further details as to the reason for the decline, please contact us by raising a support ticket or by phone and we will check in further detail.) The most typical reason is either that their card account is over the credit limit, or the card is not enabled for international use (in both cases the card holder should contact their issuing bank to check). e. Making a Live Test Order To enter a test order using the Virtual Terminal you should enable our internal test Visa card for your account. Enable this from 'order pages', 'Test Order Page' (or 'Run Test order' from the main page). If no Name on Card code is already set, click on 'New' to get a fresh Name on Card Code such as 'HAeVcanH' then on the Enabled field 'no' setting or 'enable it' link to activate it for 60 minutes of use. You then checkout as usual from your website Order Page (or Virtual Terminal) choosing Visa, and using the Name on Card Code given as the 'Name on Card', along with Card Number: 4222222222222, Expiry: 01/11, and CVV: 999. You will get a copy of the order to the email set in OrderEmail as the supplier, as well as a copy as the customer to the email address you gave in the checkout process. Please note that it is forbidden by card association rules to run your own or family members' credit cards - even for testing purposes - through your merchant account or a DalPay Retail account. Please use the Visa test card instead. Version 1.2 Last revision: 01/01/2010 Page 10 of 11

f. What Happens After a Transaction is Accepted via Virtual Terminal When the order is accepted you will receive a copy of the order by email from robot@dalpay.com to the email address set in OrderEmail for each Page ID (such as orders@mydomain.com). The customer will also receive an order confirmation to the email address you enter for them. You should view more details about the transaction from 'orders' in the Merchant Menu - see following important note. (OrderEmail is set in the 'Order page e-mail address:' field for each Page ID.) IMPORTANT PLEASE NOTE: Unlike a card physically swiped at a terminal, the Virtual Terminal captures charges as Card-Not-Present transactions. A status of accepted for a transaction means that at the time the transaction was put through, the credit/debit card account used was open and had a sufficient balance to accept the charge, and was not immediately declined. Do NOT assume that it was the legitimate cardholder that placed the order merely because the order has a status of accepted. DalPay recommends in the case of delivery of tangible products you wait 24 hours from placement of the order before shipping. This is to allow time for any urgent post-scrubbing updates from our anti-fraud networks. It is important to protect yourself from chargebacks by paying attention to the Transaction Fraud Score, and other particulars of the order, and as necessary performing Secondary Screening. https://www.dalpay.com/en/support/fraud_score.html Version 1.2 Last revision: 01/01/2010 Page 11 of 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information