CP SQL 8.4 Credit Card Changes
CPSQL now allows the following:
1. Allowing only Zip Codes for address verification.
Previously, if you enabled address verification services (i.e., AVS/AAV), you were required to supply a street address and ZIP Code to authorize each manually-entered credit card transaction. In this version, you can configure CounterPoint SQL to require only a Zip Code for address verification purposes.
This feature is regardless of the processor card type.
2. Support for partial authorizations and reversals
-
To better support prepaid credit and debit cards, CounterPoint SQL can obtain an authorization for an amount that is less than the amount due for a Ticket or Order via CPGateway. For example, if the Amount due for a ticket is $50.00 and the customer presents a prepaid credit card with a balance of $40.00, CounterPoint will obtain an authorization for $40.00, and then prompt the user to tender an additional payment for the remaining amount due.
-
Partial authorizations are available for merchants processing with Radiant Payment Services, First Data North, RBS Lynk, or TSYS, as well as for American Express Direct transactions.
-
Partial authorizations are not currently supported for merchants processing with Paymentech, First Data South, or Moneris Solutions.
3. CounterPoint now supports full reversals of credit card authorizations.
-
CounterPoint now supports full reversals of credit card authorizations for Visa, MasterCard, and Discover transactions, allowing authorized credit and debit card payments to be deleted from a ticket or order before the document is complete.
-
Full reversals are now available for merchants processing with RadiantPayment Services, First Data North, RBS Lynk, or TSYS. Merchant-initiated reversals for American Express transactions are not supported.
-
Full reversals are not currently supported for merchants processing with Paymentech, First Data South, or Moneris Solutions.
4. Using card identification services without address verification.
Previously, you could not use card verification services (i.e., CVV2/CVC2/CID) unless you were also using address verification (i.e., AVS/AAV). This requirement meant that you had to verify a customer’s address in order to verify the security digits on the back of the customer’s credit card.
In this version, you can enable card verification services without first enabling address verification, allowing you to verify each credit card’s security digits without requesting the customer’s address.
This feature is available for all processors and card types.
5. PCI DSS Compliance.
PCI-DSS-compliant are now passwords required.
-
In previous versions, the use of passwords was optional, allowing merchants to decide whether to require users to enter passwords to log in to CounterPoint. In this version, to better protect sensitive cardholder data, the use of PCI-DSS-compliant passwords is no longer optional for merchants who are processing credit card transactions.
-
All users must log into CounterPoint with a unique password that meets the minimum PCI DSS requirements for password length and complexity (i.e., passwords must include a combination of letters and numbers). Also, passwords are now case sensitive.
-
Other password settings including the number of days passwords are valid, the number of unique passwords each user must create before re-using a particular password, and the number of unsuccessful login attempts allowed before a user is locked out of CounterPoint – must also meet minimum PCI DSS requirements.
-
Passwords are not required for merchants that are not processing credit cards or for systems registered in Demo mode.
Please contact CCS Retail Systems Support Department if you have additional questions on these new features and to review your system for compliance confirmation.