Heartland Letter about Oct 20th 2020 Deadline for Backend Change

Letters and emails have been going out to Heartland customers about a change they are making that could effect the retailers point of sale system.

I can not speak on behalf of all the POS systems but indications are that Cloud Retailer, Retail Management Hero (RMH), and Microsoft RMS users should be OK. This assumes that retailers using RMS or RMH are also using the Card Defender payment processing plug in for RMH and RMS. 

If you are concerned, be sure to contact your point of sale provider and your Heartland Rep for assistance.

TSYS, Heartland and Wells Fargo Ending Support for Native Payment Processing in Microsoft Dynamics POS 2.0, 2007, 2009 and RMS / TLS Deadline

If you happen to be hanging on to old credit card swipes and are using TSYS, First Data or Heartland to process payments made via credit card or debit card in the Microsoft Dynamics POS 2.0, 2007, 2009 and RMS point of sale software programs, you will be in for a surprise when your processing is turned off starting June 1st, June 30th, or July 1st 2018. This also somewhat aligns with the TLS deadline for non-secure ways of processing credit cards.

It is simply just not secure or safe to use USB or Keyboard Wedge credit card swipes anymore.  You could be fined and/or lose the ability to accept payment via credit or debit card if caught.

There are multiple options available to you:

1. Look at Card Defender which takes the security risk out of RMS, uses integrated payment terminals to interface with RMS, and you even pick up cool stuff like signature capture and NFC for Apple Pay and Google Wallet.
2. Switch to using stand alone payment terminals. Quickest and least expensive option but leaves you open to entry errors that can cost you over $2080 annually in lost revenue.
3. Look at updating RMS to one of the low cost direct replacement programs like Cloud Retailer or Retail Management Hero 

Those are the main options - you should make a decision no late than the end of May.

***I've also been contact by users of Microsoft Dynamics POS 2007, 2009 and 2.0 stating that they are also losing the ability to process credit cards effective June 1st, 2018. In these cases, you have fewer options since Dynamics POS 2007, 2009 and 2.0 do not have any 3rd party processing interfaces and do not qualify for a low cost replacement program. Contact me as needed***

***New Heartland Deadline: June 1st, 2018. You will need to change hardware/software as need or your processing will be tuned off***

****Wells Fargo and Heartland have also communicated with retailers that they will no longer allow them to use RMS and native processing with USB/Keyboard Wedge credit card swipes****

*****If you are using Windows XP then you can not use any web-based or integrated processing solution as Windows XP does not meet security standards*****

Please contact me at 208-340-5632 or kevinantosh@gmail.com for more information. You should also contact your merchant services company to see which deadline applies to you.

TSYS, Heartland and Wells Fargo Ending Support for Native Payment Processing in Microsoft Dynamics POS 2.0, 2007, 2009 and RMS / TLS Deadline

***New Heartland Deadline: June 1st, 2018. You will need to change hardware/software as need or your processing will be tuned off***

If you happen to be hanging on to old credit card swipes and are using TSYS, First Data or Heartland to process payments made via credit card or debit card in the Microsoft Dynamics POS 2.0, 2007, 2009 and RMS point of sale software programs, you will be in for a surprise when your processing is turned off starting June 1st, June 30th, or July 1st 2018. This also somewhat aligns with the TLS deadline for non-secure ways of processing credit cards.

It is simply just not secure or safe to use USB or Keyboard Wedge credit card swipes anymore.  You could be fined and/or lose the ability to accept payment via credit or debit card if caught.

There are multiple options available to you:

1. Look at Card Defender which takes the security risk out of RMS, uses integrated payment terminals to interface with RMS, and you even pick up cool stuff like signature capture and NFC for Apple Pay and Google Wallet.
2. Switch to using stand alone payment terminals. Quickest and least expensive option but leaves you open to entry errors that can cost you over $2080 annually in lost revenue.
3. Look at updating RMS to one of the low cost direct replacement programs like Cloud Retailer or Retail Management Hero 

Those are the main options - you should make a decision no late than the end of May.

***I've also been contact by users of Microsoft Dynamics POS 2007, 2009 and 2.0 stating that they are also losing the ability to process credit cards effective June 1st, 2018. In these cases, you have fewer options since Dynamics POS 2007, 2009 and 2.0 do not have any 3rd party processing interfaces and do not qualify for a low cost replacement program. Contact me as needed***

****Wells Fargo and Heartland have also communicated with retailers that they will no longer allow them to use RMS and native processing with USB/Keyboard Wedge credit card swipes****

*****If you are using Windows XP then you can not use any web-based or integrated processing solution as Windows XP does not meet security standards*****

Please contact me at 208-340-5632 or kevinantosh@gmail.com for more information. You should also contact your merchant services company to see which deadline applies to you.

MasterCard May 1st 2017 Mandate for New Numbers - Will RMS Process the New Cards?

As retailers report receiving more letters and emails from WorldPay, Heartland and other merchant services companies related to the MasterCard 2 Series Bank Identification Number (BIN) Mandate, the biggest question is "will I be able to accept and process the new cards if I am using the Microsoft Dynamics RMS point of sale software?"

A quick reminder that this mandate goes in to effect on May 1st, 2017. Not being able to accept and process the new number sequence on these MasterCard credit cards means fines of up to $20,000 per the letters and emails that have been shared with us.

As for the question, the short answer is "yes, but...". We've done some testing and RMS appears to handle the new card numbers. However, there are quite a few variables at play related to the version of RMS being used and any add-ons being used with RMS.

There is also the reality that new payment processing requirements are being introduced on a fairly regular basis and RMS is not being updated to accommodate these requirements. A better solution is looking at Card Defender which integrates with RMS but assumes all the payment processing liability using the latest in payment processing terminals as well as being updatable to meet or exceed present as well as future payment processing requirements.

Because of the variables involved, as well as future payment processing requirements, the best answer to the question is "Yes, but please contact RITE at 888-267-7483 or sales@rite.us in order to discuss your specific situation and look at the best course of action".

Important MasterCard Mandate Deadline for Heartland Customers

Of note, I was actually onsite installing Card Defender for a customer here in Idaho when she received a letter from Heartland addressing the same card number issues noted below. It was very comforting for the retailer to know that Card Defender meets or exceeds industry requirements for payment processing. If you happen to be using Microsoft Dynamics RMS and have questions about these types of letters, please contact me. Thanks!

Dear Valued Customer,

As previously communicated, MasterCard cards are issued with account numbers beginning with a 5”. Beginning in 2017, MasterCard cards will also be issued with account numbers beginning with a “2”. 

The cards beginning with a 2 will be processed in the same manner as current MasterCard cards.

MasterCard requires that all point-of-sale systems accepting the current 5 series cards must also be able to accept the cards with the new 2 series number. Our records indicate that you process using a third-party system. Please contact your third-party provider directly to determine if any action is needed to ensure your system is in compliance and can accept the new 2 series cards.

Your failure to accept the new 2 series MasterCard cards after June 30, 2017 may result in non-compliance assessments being passed on to you – as well as potential lost revenue associated with not accepting customers’ cards. The MasterCard fee schedule for non-compliance is:

Up to $2,500 per occurrence for first 30 days
Up to $5,000 per occurrence for days 31-60
Up to $10,000 per occurrence for days 61-90
Up to $20,000 per occurrence for subsequent violations
If you have any questions, please contact
your third-party point-of-sale provider.

Sincerely,

Martin Moretti
SVP Chief Card Service Officer

Windows 10 SHA-1 and SHA-2 Issues

Update 10/4/2016: Heartland has provided an alternate payment portal which resolves this issue. Do contact them directly if Heartland has not already provided you with the updated information. Your Microsoft Dynamics RMS Partner may also be able to assist with the required changes. Contact me at 208-340-5632 or kevinantosh@gmail.com if you do not have an RMS Partner.

A special thanks to a couple of stores that called me to explain the resolution to this issue and confirmed that things are working correctly again - very much appreciated.

Also of note, detailed resolution information will be made available soon on RITE's website: http://www.rite.us/Support/MicrosoftRMSSupport/RMSTutorials/DoesMicrosoftDynamicsRMSSupportSHA2.aspx

Update 9/27/2016: Working on testing a possible resolution - will provide more details once they are made available to me.

Update 9/21/2016: thanks to those of you who contacted me directly thanking me for posting about this issue!  I will update this post as applicable but, so far, the only response from Heartland has been a blanket "we are working on a resolution and will advise" response as well as what I can only describe as a single Heartland Rep displaying the biggest act of un-professionalism that I have ever seen in my 18+ years of working with point of sale systems (they have managed to tarnish my sentiment towards Heartland but thankfully I have other Heartland Reps that I work with in person who are happy to help restore my positive sentiment towards Heartland).

Original Post:
Just when everything appeared to be sorted out related to the new SHA-2 security requirement, a recent Windows 10 update has caused some new problems.

Because of this Windows 10 update, error messages may appear in the Microsoft RMS point of sale software in specific situations as noted below:

• Point of Sale Software: Microsoft RMS
• Operating System: Windows 10 with September 2016 update installed
• Website for credit card processing is not SHA-2 compliant
• Merchant Services Company: Heartland

Other Notes:

• At this point, the issue is specific to Heartland as Mercury and TSYS appear to be functioning normally
• Heartland does not have any information on when they expect the issue to be resolved
• This shows how unexpected issues can crop up with anything related to technology so please use this as a reminder to have a point of sale partner/vendor/VAR that you can rely on for ongoing support after your point of sale system is up and running

As this may prevent you from being able to fully tender credit and debit card transactions, the following options are available:

• Roll back to previous Windows 10 build
• Disable new updates to Windows 10 until the issue is tested as resolved
• You may be able to process credit and debit card transactions manually but note that you will be paying a much higher percent for "hand keying" a credit or debit card transaction (easily 4% to 4.5%)
• Consider using Card Defender for Microsoft RMS which allows full EMV/Chip card processing within RMS as well as NFC payments like Apple Pay and Google Wallet. Card Defender is unique in not charging any additional per transaction fees as well as being processor agnostic (Heartland, First Data and TSYS).  More information on Card Defender can be found at http://retailpospondering.blogspot.com/p/card-defender-emv-for-rms.html and http://www.payconfident.com/

Do contact me with any questions at 208-340-5632 or kevinantosh@gmail.com