Authorize.Net Blog

Get tips for running your business, find useful support information, and check out the latest customer success stories.

Merchants choose to connect to the Authorize.Net Payment Gateway because it provides the infrastructure necessary for the fast, reliable and secure transmission of transaction data.  Authorize.Net has partnered with 71lbs to help their merchants reduce their shipping costs and better understand their shipping expenses.  

Shipping costs account for a significant amount of revenue.  Most companies who ship online spend at least 10% of their revenue on shipping.  Many of these shipments are handled by FedEx and UPS whose shipping rates increase every year.  In 2018, FedEx and UPS increased their rates by an average of 4.9%.  These increases make it difficult for merchants to keep their costs down and continue to satisfy their customers desire for low cost or free shipping.

If your business ships using FedEx or UPS, you may be entitled to refunds on  late shipments - late by even 60 seconds!  Each year, more than $2 billion in shipping refunds goes unclaimed.  71lbs works on your behalf to identify late, lost or damaged shipments, then files and fights your claims to make sure you receive your due refunds.  

Kedem, Owner of 47th Diamond District Corp, is an Authorize.Net merchant and 71lbs customer.  47DD was founded in 1985 in the heart of the New York Diamond District.  Several years ago, they started making their own jewelry and selling them on their website and other marketplaces.

Kedem finds the Authorize.Net Payment Gateway convenient and easy to use.  It works well for his eBay sales and integrates well with many other credit card processors, which saves him time and money.  71lbs also saves him time and money.  He shares, "I wasn't sure it was a real refund.  I had to check it a few times to make sure and it was real!!  71lbs has helped us get $920 in refunds!"

Monitoring for late shipments and filing claims is a cumbersome and time-consuming process.  71lbs’ service helps businesses retrieve their refunds without having to dedicate any resources.  

71lbs is focused on reducing your total shipping cost and provides a robust dashboard with in-depth shipping analytics to help you better understand what you spend on shipping with FedEx and UPS.

Key Features of 71lbs services:

·        Save Money:  Late delivery refunds, lost or damaged packages

·        Understand Complicated Costs & Fees:  Robust dashboard with your shipping data in easy to understand analytics

·        Superior Customer Success Team:  Live support to discuss your service claims, answer questions or review your dashboard via phone or online chat

The fee for the service is contingent upon the actual refunds you receive.  Once the carrier refunds your cost of the shipment, 71lbs will invoice you for a portion of the refund.

Learn more or START SAVING NOW!

Have a great business tip or want your business to be featured? Submit your story.

Championing our small business merchants

We get it. In 2018, a website redesign isn’t exactly cutting-edge news. But today, we’re announcing more than just a reorganization of the same old information and an updated aesthetic. You’re going to see a whole new approach – and we think you’re going to like it.

Sure, we definitely want to deliver a modern and engaging website experience. And we’re committed to helping you discover the information and resources needed to grow your business. But we also want to give you more.

Authorize.Net proudly supports and celebrates innovators, entrepreneurs, and risk takers just like you, who boldly follow their passions. Moving forward, www.authorize.net will champion the insights and experiences of our small business merchants loudly and clearly.

Please take a look and see what you think. Hear directly from passionate business owners about how they work with Authorize.Net. Get a better understanding of how our payment solutions help them succeed.

We think you’ll like what you see. 

 

For more business tips and advice, visit the Authorize.Net blog weekly. Have a great small business tip or want your business to be featured? We'd love to hear what you're passionate about and how you turned it into a successful business.  Submit your story.

Authorize.Net Merchants,

Rumors have been swirling that Authorize.Net will be introducing an improved Customer Support website this year. Well it’s official; we’re pulling back the curtain on the updated site and a brand new customer experience. There’s too many changes to list, but here’s a look at some of the improvements we’ve made.

Keeping It Simple

The most notable change in the site is the redesigned interface. It has a clean look and feel, which translates to a very user-friendly experience. Now it’s easier to find what you need.

Searching Is Easy

For those times when you think you might be close to knowing how to resolve a support issue, it might make more sense to just search for documentation. We’ve made it easier and quicker for customers to search for and find the support documents they need.

Simplified Support Requests

Submitting a request for support shouldn’t be difficult. We’ve simplified the submission process for support requests thru General Support case and custom case types (Apply for ECC and Processor Update), along with reducing the number of required information fields.

The new search system performs searches on the text you are entering to offer up solutions/answers whereas the legacy search function wasn’t as interactive or intelligent and it required you going thru multiple steps to be offered up a potential answer.

Mobile Friendly

Being able to do work away from an office desk is essential in today’s business environment. We’ve provided a new mobile-friendly user experience.

Visit the Authorized.Net Support Center to check out all of the improvements we’ve made to the site. It should be pointed out that you’ll still interact with the site in all the ways that you are used to—it’s just going to be better. Thank you to all our Authorize.Net customers. 

For most businesses, repeat customers form the backbone of their revenue. Cultivating returning customers allows you to reap the benefits from these customers, including lower marketing costs, larger purchases and dependable revenue. However, recurring customers don't come with your storefront; attentive service and community outreach are just some of the steps you'll need to take to develop a loyal group of core customers.

Share Your Knowledge

Content marketing is one of the most effective forms of online marketing — and it costs nothing if you create the content yourself. Does your website have a blog section? Write informational content that you believe would appeal to your potential customer base. Within your field, you have unique knowledge that your customers may lack. By sharing knowledge, you'll attract search engine traffic from people who are seeking information in your industry. Every time the information that you provide helps someone, you'll strengthen your brand and establish yourself as an expert within your field.

Offer a Loyalty Program

Loyalty programs are a relatively simple way to incentivize customers to return to your business. You can structure them however you like, but they all boil down to the same format: for each set amount of business the customer gives you, you give them something. To maximize the effectiveness of your loyalty program, give your customers a head start when filling out their first loyalty card. The head start you give your customers increases the completion rate of your loyalty program, encouraging customers to make more repeat visits to your shop.

Provide Excellent Service

In today's ultra-competitive marketplace, few things help a business stand out like excellent customer service. Providing great service doesn't mean you have to just cave in to your customers for every little demand, but it is important to demonstrate to your customers that you care about them and their needs. When something goes wrong, own up to the mistake and work to fix things for the customer. Train your staff to say yes to your customers whenever possible and focus on finding solutions to customer problems. 

Become Part of the Community

Hosting regular events for your community provides you with an opportunity to bond with potential customers and increase the visibility of your business. These events don't have to relate directly to your business, but focusing on your business' mission is an easy way to come up with ideas for your events. For example, if you run a nursery, you can host gardening classes on native plants. A bookstore could hold release parties for popular books or host readings with local authors. Your business could also host parties for important local events, such as a local school's homecoming week.

Listen to Your Customers

If you aren't afraid to listen to your customers, they'll tell you exactly what will get them to come back to you. Sometimes, you might have to bite your tongue to hear a customer complaint, but other customer suggestions are more positive. For example, one of your customers might have a favorite brand that's difficult to find; providing them with a source for their favorite product is an easy way to garner a repeat customer. Of course, you'll always have to use your best judgment when you decide whether to act on customer feedback; some suggestions simply aren't viable. If you can't see an obvious downside to a customer's suggestion, however, err on the side of making your customer happy.

Provide Something Unique

If you want to stand out in today's marketplace, you need to provide something that your customers can't find elsewhere. You can't expect to simply bring in products, put them on the shelf and instantly sell out; if your customers want that kind of experience, they can find it in a million other places. That unique flavor that you provide might be a service that can't be duplicated, a viewpoint that's unique to your shop, or advice that's tempered with your years of experience. Whatever it is about your business that can't be found elsewhere, don't be ashamed of it; embrace those elements and trumpet them in all of your advertising. 

Provide an Easy Checkout Experience.

Customer Information Manager from Authorize.Net is a service which allows you to store your customers' sensitive payment information on secure servers for use in future transactions. CIM helps eliminate steps in the checkout process for repeat customers, potentially increasing loyalty and revenue. It can also help you reduce the Payment Card Industry (PCI) scope, since customer information is no longer stored on your local servers.

Have a great small business tip or want your business to be featured with your small business advice? Submit your story.

Authorize.Net Merchants,

As you may be aware, new PCI DSS requirements state that all payment systems must disable early-version TLS by 2018. Transport Layer Security (TLS) is a technology used to encrypt sensitive information sent via the Internet. TLS is the replacement for Secure Sockets Layer (SSL). In preparation for this requirement, Authorize.Net plans to disable TLS 1.0 and TLS 1.1 on the following dates:

Sandbox: COMPLETE

Production: Feb 28, 2018 

We have disabled the sandbox in advance of production to allow you and your developer time to test your website or payment solution and ensure you are no longer using TLS 1.0 or 1.1 prior to September 18th. Please contact your Web developer or payment solution provider, as well as your Web hosting company, to confirm that they can support TLS 1.2 for your API connections.

In addition, we have retired the 3DES cipher (a data encryption standard) in production on September 18, 2017. 

Please refer your developer or solution provider to our API Best Practices for cipher recommendations, details about TLS 1.2 platform support, and other integration suggestions. 

Note: If you are not using the current version of your Web browser, please take a few moments to upgrade it now. Browsers released prior to 2014 may not support TLS 1.2. You can check your browser's TLS support by visiting https://www.howsmyssl.com/. 

Authorize.Net Merchants,

As you may be aware, new PCI DSS requirements state that all payment systems must disable earlier versions of Transport Layer Security (TLS) protocols, TLS 1.0 and TLS 1.1.  Authorize.Net is set to disable those protocols on February 28, 2018. 

To help merchants identify if they’re using one of the older TLS protocols, Authorize.Net will temporarily disable those connections for a few hours on January 30, 2018 and then again on February 8, 2018.

Today, January 24, 2018, Authorize.Net sent an e-mail to Authorize.Net merchants informing them of this planned disablement.

Based on the API connection they are using, on either one of these two days they will not be able to process transactions for a short period of time. This disablement will occur on one of the following dates and time:      

  • Akamai-enabled API connections will occur on January 30, 2018 between 9:00 AM and 1:00
    PM Pacific time.
  • All other API connections will occur on February 8, 2018 between 11:00 AM and 1:00 PM Pacific time.

Merchants using TLS 1.2 by these dates will not be affected by the temporary disablement.
We strongly recommend that connections still using TLS 1.0 or TLS 1.1 be updated as soon as possible to the stronger TLS 1.2 protocol.

Note: Browsers released prior to 2014 may not support TLS 1.2. You can check your browser's TLS support by visiting https://www.howsmyssl.com/.

If you have any questions about this announcement or the upcoming TLS disablement, please refer to our TLS FAQs. Thank you for your attention to this matter and for being an Authorize.Net partner.

Thank you for your attention to this matter and for being an Authorize.Net merchant. 

Guest Blog Writer - Zach Walker- SecurityMetrics

Learn about common security issues and what you can do to secure your e-commerce business.

E-commerce merchants sometimes face confusion and difficulty when it comes to truly securing cardholder data. With this in mind, the Payment Card Industry Security Standard Council (PCI SSC) recently released a supplement with additional guidance for e-commerce websites.

This new guidance updates and replaces the Payment Card Industry Data Security Standard (PCI DSS) E-commerce Guidelines published in 2013. It offers specific guidelines for e-commerce businesses with reference to the PCI DSS version 3.2—which will go into effect on February 1, 2018.  

Here are a few tips based on the new guidance to get your e-commerce business PCI compliant.

1. Know the security considerations of your payment solution

E-commerce businesses have options when it comes to accepting payments. Here are a few examples, along with respective security needs:

Merchant-Hosted Payment Form: In this case, the merchant website hosts the payment page and form. All cardholder data is processed by the merchant web server (and other parts of their system) before being sent to the payment solution provider (PSP). Since the merchant handles the cardholder data, the entire set of PCI compliance controls used on the merchant’s systems is in scope.

iFrame: These methods embed a separate and protected payment page within the merchant’s
webpage. Monitoring and alerting controls will increase security.   

URL Redirect Model: Usually used by small- to medium-sized merchants who aren’t concerned with customizing or adding advanced features to the customer payment experience. The consumer is redirected from the merchant’s website to a third-party page where account data is entered into a payment page hosted by the third-party PSP. In this case, the merchant system doesn’t touch cardholder data, so fewer security controls are needed.

JavaScript Form: JavaScript-based solutions like Accept.js use JavaScript to intercept payment data and submit it directly to your PSP. It is also used by larger merchants who want to control the “look and feel” of their payment form.

To learn what PCI compliance means for your business, consult the PCI DSS Self-Assessment Questionnaire (SAQ) table. E-commerce merchants who outsource their payment processing will generally fall under SAQ A or SAQ A-EP, and you can learn the difference between the two categories here.

2. Update your SSL/TLS Certificate

You should be using the most current and up-to-date TLS (Transport Layer Security) certificates. Do not use any version of SSL, which is outdated and has been proven to have multiple exploitable vulnerabilities. The PCI DSS 3.2 requires that all businesses stop using any version of SSL—as well as earlier versions of TLS—by June 30, 2018. Authorize.Net plans to disable outdated versions of TLS  by February 28, 2018.

3. Encrypt, encrypt, encrypt

Make sure you know exactly where and how you are sending cardholder data. Use encryption to secure data in transit and in storage (even temporarily).

PCI DSS Requirement 4.1 requires that cardholder data must be encrypted when sent across open, public networks. Be sure you are using the latest TLS standards. And if you do need to store cardholder data for business or legal reasons, PCI DSS Requirement 3 says that you must encrypt it or store it through tokenization.  

4. Review code

Successful attackers find routes to sensitive data through poorly developed code. Common coding problems can create vulnerabilities, which could then allow attackers to successfully use tactics like cross-site scripting. Cross-site scripting is an attack strategy where hackers embed malicious code into vulnerable websites. Their intent is usually to gather user data like passwords and credit card numbers.

You should take measures to involve objective parties in any code review. To sum up the PCI DSS on this issue: you should review any code that could possibly interact with your payment card environment in any way. For large code introductions, such as product releases or when introducing a new website, consider a penetration test.

5. Limit employee access and train on protocol

Access to cardholder data should only be given to those who absolutely need it to perform their job. But, even if an employee does not have access to cardholder data, their workstation or device may store usernames, passwords, and other info that may be valuable to a hacker. All it takes is one unwitting employee to accidentally introduce malware into your system. Train employees quarterly, if not monthly, on your company’s security measures and protocols regarding email, attachments, downloads, passwords, etc.

 When it comes to e-commerce security, make sure you’re taking the right steps to secure your card data. E-commerce guidance from the PCI SSC is intended not only to help merchants become PCI compliant, but to help them understand the foundational principles of cybersecurity—creating a safer online payment environment for everyone. Remember that you’re not just protecting your clients; you’re looking out for your business and its reputation as well.

Zach Walker is the Director of Technical Support at SecurityMetrics and has been with the company for over 6 years. He has worked in the IT/security field for over 10 years, and has A+, Network+, Security+, CISSP, and ASV certifications. He is currently pursuing a bachelor’s degree in IT Security.

Have a great small business tip or want your business to be featured with your small business advice? Submit your story.

Ever had to chase down a payment after someone signs an agreement with you? Results from a recent DocuSign survey show that over 65% of businesses experience payment delays or failure to collect altogether. The two-step, disjointed process that first involves closing a deal and then later collecting a payment leaves uncertainty for receiving on-time payments. That’s why DocuSign worked with Authorize.Net to create a solution that allows Authorize.Net customers to collect signatures and payments together at the same time.

Introducing DocuSign Payments

DocuSign Payments is a new feature from DocuSign that offers a fast and easy way to collect electronic signatures and payments in just one step so you can get paid faster. What’s more, you’ll be able to stop chasing after payments and invest that time growing your business.

Whether you’re closing a deal on an event rental space and collecting a deposit, signing a new client up for an insurance policy and collecting the premium, or receiving a signed waiver for an athletic event and collecting the registration fee, the value of DocuSign Payments is practically limitless for businesses large and small.

With DocuSign Payments, it’s intuitive and easy to send an agreement for electronic signature and payment:

1.  With just a few clicks, connect your existing DocuSign and Authorize.Net accounts (it’s a one-time setup!)

2.  Drag and drop the “Payments” request onto your agreement

3.  Specify your payment request details, and click “Send”

The signer(s) of your agreement will receive an email notifying them they have an agreement to sign and pay and directing them to click a link that opens the agreement securely in the DocuSign cloud. Signer(s) can quickly, easily and securely:

1.  Complete any required fields within the agreement like address, phone number and title

2.  DocuSign the agreement

3.  Pay with a signature debit card or credit card

DocuSign Payments is available in the U.S., U.K., Australia and Canada. For more information, visit www.docusign.com/payments

Guest Author: Bryan Fong (DocuSign)

 

Specializing in signs and labels that prevent accidents and save lives, Authorize.Net merchant HCL Labels shares its business advice.

“Our business is safety. Keeping workplace safety in mind in all that we do, we care about each client and each order whether big or small,” says Ben Nell, VP. “It’s a great feeling knowing the products we sell can prevent an accident, so we don’t focus on selling more, we focus on informing better.”

How does HCL Labels prevent accidents and save lives in the workplace?

HCL Labels Inc. has been helping companies comply with federal environmental and workplace safety regulations for over 20 years. Knowing that the health and safety of our customers, employees, and the safety of general public is of the utmost importance, we adopted the phrase "Preventing Accidents, Saving Lives" and use it as a daily reminder as to why we're in business. We help companies keep their teams safe and stay compliant with the latest OSHA/GHS requirements. Over the years we’ve created highly visible labels. This has allowed first responders quick reference to the information they need to ensure they are following proper procedures and able to provide the quickest treatment. Of course, we don’t like to hear about accidents in the workplace, and hope that our products prevent them, but we’re happy to know that they minimize injury as well.

Tell us a little bit about the safety products you have.

As the frontrunner for GHS labeling, and with the largest selection of GHS secondary container labels, we carry an extensive inventory of health and safety signs, labels, and placards, safety products including software and publications and drug testing kits — all ready for rapid delivery to our customers. In addition we have the capability to produce custom-made signs, labels and safety products with a fast turnaround time. Foreign language labels are also available.

All health and safety signs, labels and placards are carefully researched to ensure the information is current and accurate, and complies with OSHA (Occupational Safety and Health Administration) and ANSI (American National Standards Institute) standards.

How have you stayed current in the market?

Over the years, HCL has endeavored to meet our customers’ needs in every way possible. We add new health and safety products and services as necessary to keep apace of those needs. HCL also offers Environmental Health and Safety, and Hazard Communication Training and Consulting by employing experienced and knowledgeable professionals who are available to assist companies on-site with compliance challenges. Our instructors are equipped with the most up-to-date information available to ensure employees receive the best and most complete training in all areas of environmental health and safety.

Our goal is to provide customers with knowledgeable and courteous customer service before, during and after the sale. We work hard to ensure complete customer satisfaction.

How has HCL grown over the years?

In 2012, we launched the new website, www.hclco.com which allowed us to easily sell our health and safety products to companies across the country. We're excited that Authorize.Net enables us to quickly and easily take orders online. Their low fees and easy integration with our website helps to maintain a professional presence, with the ability to accept all major credit cards in a secure location.

To learn more about HCL Labels visit www.hclco.com.

Have a great small business tip or want your business to be featured with your small business advice? Submit your story.

September 21, 2017

Understanding PCI Compliance

As a merchant, you are required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures.

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network

  • Requirement 1 – Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2 – Do not use vendor–supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  • Requirement 3 – Protect stored cardholder data
  • Requirement 4 – Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  • Requirement 5 – Use and regularly update anti–virus software
  • Requirement 6 – Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  • Requirement 7 – Restrict access to cardholder data by business need–to–know
  • Requirement 8 – Assign a unique ID to each person with computer access
  • Requirement 9 – Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  • Requirement 10 – Track and monitor all access to network resources and cardholder data
  • Requirement 11 – Regularly test security systems and processes

Maintain an Information Security Policy

  • Requirement 12 – Maintain a policy that addresses information security

PCI Validation Requirements

Important: Since Authorize.Net is not directly involved with establishing, evaluating or validating merchant PCI compliance requirements, we have partnered with Trustwave, a leading provider of information security and compliance management solutions. Trustwave offers convenient PCI tools and validation services at a specially discounted price to Authorize.Net merchants. Learn more about Trustwave's services and pricing options.

Sign Up Now

Merchants interested in signing up for an Authorize.Net Payment Gateway account can contact us at 1.888.323.4289 for more information, or contact an Authorize.Net reseller.

To become a reseller, please contact our sales team at 1.866.437.0491 or via our Reseller Inquiry Form