Authorize.Net Direct Post Security Upgrade: Updating MD5 to SHA-512

Authorize.Net Direct Post Security Upgrade

Authorize.Net – the most popular payment gateway service provider in the world – is in the process of making a big change to how it verifies transactions, and that change impacts the business of every single one of their Direct Post users.

The company is phasing out MD5-based hashing and switching to SHA-512 signature key hashing. The last stage of the switch goes into effect on June 27th, 2019, and every business using Authorize.Net Direct Post, including BAMS users, will have to switch over before that date to avoid interruptions to their payment processing services.

To a lot of merchants, this might be a confusing topic or seem like an unnecessary hassle, but this change is an important step in keeping Authorize.Net’s transaction security on the cutting edge – something that benefits every single merchant on the platform.

 

What are MD5 and SHA-512?

MD5 and SHA-512 are cryptographic hash functions – algorithms that take data of any size and transmit them into an essentially irreversible fixed-length string. In simpler terms, hash functions take any type of data – like your name or your credit card number – and turn it into a new set of letters and numbers with a fixed number of characters.

Once that new set of letters and numbers has been created, it’s mathematically so difficult to translate it back into the original data that it simply isn’t feasible. That means that users who know the translation between the original data and the hash can easily verify it, but outside parties – like hackers or other bad actors – can’t decrypt the hash to get at the sensitive information it protects.

That level of security is why credit card companies and payment processors use cryptographic hashing to protect transaction data. A buyer’s complete information can be hashed and transmitted without having to worry about it being intercepted and seen by anyone that isn’t supposed to.

 

Why is switching from MD5 to SHA-512 worth the trouble?

Internet security is a never-ending game of cat and mouse. Hackers and bad guys are constantly figuring out new ways to break existing security protocols, and security teams are constantly figuring out new safeguards to replace the old ones.

MD5 is old technology. It was designed in 1991, and while it’s been a security workhorse for decades, it’s so old and so common that it no longer meets the level of security required to protect transaction data. MD5 has a number of weak points, not the least of which are that hackers have developed brute force attacks that can decrypt its hashes, and that it’s possible to duplicate the same hashes with different data.

SHA-512 is one of the newest hash functions in the SHA-2 family, and it has some major security benefits over MD5. The first is that, while MD5 is a 128-bit hash function, SHA-512 creates 512-bit hashes. In practical terms, what that means is that the strings of letters and numbers created by SHA-512 are 2.75x larger than the ones created by MD5 (trust us on the math.) The second major benefit is that SHA-512 is collision resistant, meaning it’s much, much harder to create the same hash from two different sets of data.

The result is that SHA-512 encryption is much harder to crack than MD5, and when it comes to the sensitive payment data of your customers, that advantage is priceless.

 

What do I have to do to make sure my Authorize.Net integration is up to date?

Your two basic options are to upgrade Authorize.Net to version 2.3.1, or to apply a patch to your implementation of version 2.2.8. In either case, you’ll also need to obtain a signature key for your newly updated security.

Patching an existing Authorize.Net integration isn’t overly complex, but it might be beneficial to obtain some developer help to get the job done. 

Completing the necessary steps before June 27th, 2019 will ensure your uninterrupted ability to continue processing payments through Authorize.Net and will ensure your customers will be able to continue doing business with you with full confidence in the security of their sensitive data.

 

Check out our Authorize.net Certified Integrations and learn more about BAMS. Our low-price guarantee and unique five-point price comparison process ensure that partnering with BAMS will not only make your payment processing easier, it’ll also help boost your company’s profitability as well.

 

How Your Business Can Protect Itself Against Chargebacks

Chargeback Protection

Chargebacks are an unfortunate reality of accepting credit card payments, but they aren’t something businesses have to lie down and accept without a fight. Some chargebacks are completely legitimate, like cases where a purchase was made fraudulently by a third party. But many chargebacks are fraudulent, frivolous, or abuses of the system. In those cases, there is no reason for a company to accept losing the revenue, the product, and the additional chargeback penalty, and fighting back is in order.

 

Preventing Chargebacks

The first step in chargeback defense is to work proactively to stop them from happening in the first place. While merchants can’t prevent abusive or fraudulent chargeback requests, they can take steps to help minimize legitimate chargebacks.

Make it clear where the credit card charges are coming from:

One of the most common causes of chargeback requests is customers checking their statements and finding unfamiliar purchases. Worried about potential fraud, they then contact their card issuer and attempt to stop the payment. Sometimes this happens due to legitimate fraud, but many times it’s simply a matter of the customer not recognizing the payment descriptor – the name shown alongside the transaction amount. It’s incredibly important that merchants make themselves easy to recognize by using descriptors that match their branding rather than numbered company names or parent corporations.

Ensure customer complaints are taken care of quickly:

Of all the valid reasons major credit card companies accept chargebacks for, a number of them relate to unsatisfied customers. Unreceived orders, products that don’t match their description, defective merchandise, and misrepresented purchase terms are a few of the many reasons customers can legitimately file a chargeback. The best way to defend against consumer disputes is to take care of them with good customer service before they ever reach the chargeback stage. Addressing customer concerns quickly and professionally, and issuing refunds where appropriate, is a far better route to take than risking getting nailed with a chargeback.

 

Fighting Chargebacks

When chargebacks do come in, it’s extremely important that businesses handle them quickly and put up as strong a defense as possible to avoid the negative implication with card issuers and the hefty penalties, which can reach as high as $100 per instance. Successfully doing so comes down to understanding the system and knowing how and when to fight back.

The best response is a timely response:

A chargeback that doesn’t receive a response is a guaranteed loss, and waiting too long to respond isn’t much better. There are strict deadlines that merchants have to meet in filing their chargeback responses, and missing even one of them renders the entire process moot. Arguably the most important factor in filing a timely response is to find out about chargebacks as soon as possible. Some payment processors notify merchants of disputes by mail, which is slow and ineffective. Others, like BAMS, use SMS notifications to alert merchants as soon as a chargeback or retrieval request is filed. That speedy notification is invaluable when it comes to getting a strong defense filed in time.

Know the codes:

Each card issuer has its own set of criteria for what it considers a valid chargeback. Those reasons are managed using a set of codes, and every chargeback request will come with an associated code identifying the reason for the dispute. Understanding what those codes represent is key to filing a valid chargeback defense, so merchants absolutely need to be able to decipher them. Visa’s codes, for instance, are laid out in the Dispute Management Guidelines for Visa Merchants, and cover four major areas – fraud, authorization, processing errors, and consumer disputes.

 

One of the best ways to avoid losses from chargebacks is to partner with a payment processor that understands how serious a concern they are for businesses and offers tools to help mitigate and manage them. BAMS offers a full suite of chargeback tools, including SMS notifications, an online dispute management platform, Verifi integration, zero-liability chargeback assurances, and more.

Contact us today to find out how payment processing with BAMS can help protect your business against unnecessary losses from chargebacks.

Why Chargeback Defense Is Important?

Chargeback Defense

There are only so many parts of running a business that you can prepare for. Like many aspects of life, it’s difficult to truly understand what it takes to be a successful business owner until you’re in the thick of it.

For example, one thing that no one tells you about starting a business is just how problematic chargebacks can be to an owner’s bottom line. Individually, these fees may not add up to much, but when underestimated and mismanaged, they can end up costing you big time.

When searching for the right payment processing solutions for your business, consider the importance of chargeback defense.

What Are Chargeback Fees?

In the simplest of terms, a chargeback is a forced transaction reversal initiated by a cardholder’s bank. If a customer feels dissatisfied with a product or service, or that a charge was fraudulent in some way, they are able to contact their bank and essentially request a refund.

Upon doing so, this will set into motion action taken by the cardholder’s bank to verify their claims before removing funds from a merchant’s account to put back in the customer’s.

Chargebacks were put in place as a sort of checkpoint, protecting consumers from fraudulent situations. However, nowadays it’s a “friendly fraud” practice that has been abused and overused for all the wrong reasons, such as buyer’s remorse, wanting to make a return after a businesses’ policy has expired and more.

Depending on the bank issuing the chargeback, fees associated with the transferring of money can vary from $20 to $100. Added up over time, these added costs chip away at your profits and make it much more difficult for you to focus on other aspects of building a business that will prove crucial for long term success.

How to Reduce Chargeback Fees

Reducing chargeback fees and requests starts with having proper chargeback defense solutions working in conjunction with your payment processing system. The following are tools to consider for helping your business mitigate fraud.

Easily Manage Disputes

One of the issues with chargebacks is how often they fly under the radar. Often times, many business owners won’t know they’ve been hit with one until after the fact, which can be incredibly frustrating.

BAMS offers peace of mind with chargeback defense tools like Instant Dispute Alerts and Online Dispute Management. Not only will you be made knowledgeable of chargeback disputes as they’re filed, but you’ll also have the opportunity to fight back from one convenient location. All of which certainly beats having to rely on postal mail and customer support lines.

Go on the Chargeback Defense with Fraud Protection

In partnership with services like Verif and Signifyd, BAMS helps stop chargebacks before they happen. The less time you have to spend reviewing and flagging every dispute that comes your way, the more time you can dedicate to your business’ developing reputation and growth.

Final Thoughts: Why Chargeback Defense is Important

Every sale matters. Protect your business with chargeback defense solutions you can trust. Contact BAMS today for a free price comparison and quote!

Why BAMS Is The Perfect Solution For Your E-commerce Business?

E-commerce Business

Over the past decade, the world of e-commerce has completely transformed consumer purchasing behaviors. Practically everything you once had to procure in-person can now be purchased from the convenience of your couch through a series of clicks, taps, and confirmation emails.

In fact, 1.79 billion people worldwide made a purchase online in 2018, with that number expected to grow to 2.14 billion by 2021. The moral of the story: your customers are shopping online with money that’s burning a hole in their pocket.

As an online business, putting the right e-commerce strategy in place is and will continue to be key for long-term growth. Part of that strategy relies on selecting the right payment processing solution for your website.

You will, without a doubt, have a multitude of merchant account providers to choose from, so it’s important to know what matters most to your business when making a selection.

You’re not simply choosing a method with which to process transactions: you’re giving customers a sense of security and your business a positive reputation.

Trust in a platform that will ensure all of the above, and then some. Here’s why BAMS is the perfect solution for your e-commerce business.

BAMS Integrates With Your Existing E-Commerce Software

The last thing you want to have to do when choosing a merchant account is completely reconfiguring your current system. Convenience goes out the window when you have to change out all of your e-commerce software and point-of-sale systems already in use.

The team at BAMS knows how important popular integrations are for business owners with full plates. The more consolidated your efforts become from a software standpoint, the more strategic you’re able to be in your day-to-day operations.

With a checkout process already in place, BAMS easily integrates with popular e-commerce platforms like Authorize.Net, Magento, WooCommerce, and BigCommerce. Best of all, BAMS agents take care of the heavy lifting, connecting your current online store to the ideal payment gateway solution for your e-commerce business.

BAMS Protects Against Chargebacks

Chargebacks, on average, cost e-commerce businesses $40 billion in lost revenue. This is largely due to the fact that most business owners don’t even notice a chargeback until it’s already been processed.

With additional fees tacked onto the customer’s refund, you can end up losing more than simply the cost of a returned product. This becomes especially true as your chargeback rate starts to rise. When an increasing number of customers dispute purchases with your business, refund processing fees from issuing banks start to rise and your ability to process credit cards in the future can become compromised.

The Chargeback Defense functionality offered through BAMS gives you the ability to manage chargebacks effectively. From Instant Dispute Alerts to Online Dispute Management tools, you have the power to review and refute claims as soon as they arise.

BAMS Streamlines Operations With Reporting & Analytics Dashboards

Running a business is one thing: growing a business is something else entirely. To do so requires you to separate yourself from the day-to-day and think big picture. It requires you to pull insights from reporting and analytics.

This is where BAMS goes beyond payment processing to provide you with software that actually works to maximize profitability. Working with BAMS, you’ll gain access to a powerful CRM portal that gives you visibility into daily operational highlights.

Set up daily settlement reports that can be received via email or SMS. Track sales growth trends with an easy-to-use, visual monitoring dashboard. Search through your entire history of transactional records in seconds. All of this functionality and more is at your fingertips in one centralized location.

BAMS Pricing is Transparent

The team at BAMS knows you have options when it comes to payment processing for e-commerce. This is why we’re both competitive and transparent when it comes to pricing.

Our pricing model involves a unique 5-step comparison process. When you request a quote, you receive an analysis specific to the needs of your e-commerce business. This starts with an in-depth look at the rates and fees you’re currently paying.

If there’s a way to save you money and better serve your payment processing needs, our team of Merchant Account Specialists will uncover it. After all, you shouldn’t have to pay for tools that aren’t actually effective or relevant to how your business operates.

This belief carries into the BAMS Low Price Guarantee. Receive a less expensive merchant account offer from any other registered financial provider during your relationship with BAMS, and we’ll either match or beat it.

BAMS Offers Dependable Support

How many times have you signed your name on the dotted line with a service provider only to find the implementation and ongoing support lacking to non-existent? Unfortunately, this is the risk you run post-sale with any partnership.

BAMS puts its relationships with customers above all else. This is reflected through the human connections fostered between e-commerce business owners and Merchant Account Specialists.

These individuals are with you every step of the way. They’ll provide personalized quotes, guide you through implementation, and even help your business get certified as PCI-compliant — walking you through the entire process.

Final Thoughts: Why BAMS is the Perfect Solution for Your E-commerce Business

Sifting through the variety of payment processing solutions made available to e-commerce business owners can be both frustrating and overwhelming. You want to make not only the right choice for the sake of your customers but a choice that will positively impact and grow with your business for years to come.

This is why it’s important to look at the big picture. Prioritize what matters most across your business operations and partner with a team that values your success just as much as you do.

For e-commerce businesses, BAMS’ fully-loaded payment processing platform is truly a one-stop shop. Find out what makes it the perfect solution for your business — contact our team of expert specialists to request a free quote today.

Two Credit Card Policies Your Business Needs to Set in Stone

Credit cards are a big part of every business. If your store isn’t equipped for credit card transactions, you’ve already put a huge roadblock in the way of your company’s growth. But if you don’t have clear in-store and internal policies, even the best merchant services can’t help your business navigate new regulations. Here are two policies that your business needs to create and regularly review:

What’s your return policy?

Some stores don’t have a lot of returns. But whether you sell retail goods, professional services, or food, you need to have a return policy. It can encompass everything from a poor user experience to product exchanges depending on what you want for your business, but the allowances and limitations need to be clear. It also needs to be posted in your store and easy to find online. Making your return policy clear and visible is the best way to fight invalid chargebacks.

While you’re making any edits, make sure your merchant services can easily accommodate the policy. This includes more than making sure your equipment can handle reversing the transaction. Make sure the fees are low enough that you can afford the goodwill a good return policy brings.

What’s your information storage policy?

The benefit of a merchant services provider is that your company isn’t directly handling credit card information. This is incredibly important if you’re an online vendor. If you handle or store PII or credit card information, your company has to be PCI compliant and secure that information from cyber threats. Find a merchant services provider that acts as a third-party information handler. Also, train your in-store employee on how to treat any credit card information in the store. Ideally, your employees should never write down any details or even handle the cards. Find customer-facing machines to keep the line clear.

For more merchant services tips, browse our blog at BAMS.

Tips to Help Prevent Chargeback Fraud

Stealing a credit card through a laptop concept for computer hacker, fraud, network security and electronic banking security

All chargebacks are frustrating, but it’s even worse when they happen because of fraud. Then, you not only lose the transaction but the merchandise as well. This alone is enough reason to make sure you stop fraud before you send out any products. Here are some of the chargeback prevention ways that you can armor your online store against fraudulent purchases:

The Zip Code Check

These checks are basic, but they block a surprising amount of suspicious transactions. One of the most standards is to collect the would-be buyer’s name and address. Then, use a shopping cart that sends that information to Authorize.net along with the credit card number. Set your Authorize.net account to compare the zip code on file with the credit card company against the one you were given. If they don’t match, it automatically declines the transaction.

Have Proof of Shipment

One of the most common ways to commit chargeback fraud is done by the criminal ordering things and then claiming non-receipt. Stop this nonsense by shipping everything using methods that give you tracking numbers and proof of delivery. All of the major shippers have an option that provides these things, and it’s worth it to use those options. Then if someone claims non-delivery, you can give us or a card-issuing bank the number to prove that your package indeed arrived.

Having this information at hand also helps you when the customer legitimately hasn’t gotten an item. You’ll be able to look up the tracking and see exactly where the package is in the shipping system. You can almost always get someone to be more patient if you can provide a detailed answer to the question of “where’s my stuff!?.”

To learn more about how to prevent fraudulent chargebacks and other problems, just contact us. We’ll be glad to help you make your business go more smoothly.

Chargeback Prevention Starts with Fraud Prevention

Dollar sign with arrow around icon vector, filled flat glyph, solid colorful pictogram isolated on white. chargeback symbol, logo illustration

Chargeback prevention is one of the foremost concerns of online merchants. It’s always galling to have to send money in the wrong direction, and it’s even worse when the reason for it is outright fraud. With fraud, you’re not only out a sale but often, you lose your merchandise as well. Fortunately, there are ways to catch most of it before your products hit the shipping stream.

Use a Merchant Account with Fraud Prevention Tools

A merchant account that offers the right settings will, when those settings are properly tuned and activated, do much to increase your chargeback prevention success. Some of the typical options include automatic checking of the delivery zip code against the zip code of the credit card holder’s billing address, checking the card number against a database of stolen numbers, use of the Cardholder Dispute Resolution Network, instant notification of payment disputes, and more. The Cardholder Dispute Resolution Network is a fairly new system that allows chargeback and dispute information to be shared between card issuers and merchants and can let you spot a serial refund-seeker before you complete a transaction.

Manually Check Any Suspicious-Looking Order That Gets Through

Sometimes, even the best automated systems aren’t enough. This is why you should always check strange-looking orders – especially those for unusually-large amounts of merchandise – for fraud. Check Google Street View to see if the destination address is a vacant lot, look up the phone number the customer gave you as well as calling it, and check the origin area of the IP attached to the order.

These are some of the best ways to prevent online ordering fraud and the chargebacks that go with it. If you need a merchant account that will automate much of the work, just contact us. Our Chargeback Defense system is just what you need.