UPDATE: This is all taken care of in AX 2012+. The post below was pre-2012 release. Wanted to update this as it was the #2 post on my blog for January 2014.
In today’s economic climate, fraudulent credit card purchases are rampant. In traveling for work, I have had my credit card stolen twice in a single year. Additionally, with the spike in internet sales and unsecured wireless networks, it is even easier to grab a person’s credit card (and a bit of other personal information that is easy to find online with a name and birth date) and start to purchase like wild.
To help protect against this, credit card companies needed to find a way to differentiate a credit card transaction as being a ‘card not present’ situation. The use of credit card security codes (CSC) are the way that they achieve this. They are not imbedded in the magnetic strip and do not pop out of the card like the normal numbers. It is a violation of the credit card companies terms to save this number, too.
CSC’s are also known as CVV2 (for Visa), CVC2 (for MasterCard), or CID (for Discover). These other names are just the names that the credit card companies use so don’t let it fool you. If someone asks for a CVV code, they are referring to a Visa card even though the overarching name for the security code concept is CSC.
Some credit card companies are now requiring that, when a card fails to swipe and process, the company needs to be able to validate that the card was physically there in order to protect the business making the sale from fraudulent transactions that the credit card company gets challenged about. Businesses can process the credit card by either manually keying in the card number into the system or making a manual imprint of the card for later processing. The problem with keying in the card is that there is no way to verify that the card was actually there. Since CSC’s were a way to help verify against fraud by verifying that the card was physically present, they want those to be manually keyed in as well. By successfully swiping the card, the CC company can determine that the card was physically present.
The problem comes in that Microsoft Dynamics Retail Management System (RMS) was designed to be a ‘face-to-face’, or a ‘card present’ retail solution. Because of this, there was no need to be able to manually key in the CSC code since everything was taken through swiping the card. Yes it is true that RMS had a web component of it but this is just a remnant of QuickSell (Microsoft purchased QS from Sales Management Systems [SMS] in 2002 and rebranded it RMS). There may be plug-ins out there that people have created with a new integration point.
Unfortunately, the POS component of AX for Retail 2009 R2 doesn't have this ability either. Bummer… It might be supported but only through the Dynamics Online payment processor. I have not heard if AX 2012’s POS has this support or not. They can be mod’ed to include this functionality but it doesn’t currently exist.
Key take-away: Please review your credit card processing contracts and make sure you are protected against fraud claims. Find a workaround to this product deficiency so that you can stay protected.
I think that CSC support is something that Microsoft should support sooner than later…