CC processor suggestion needed ASAP!

Bed & Breakfast / Short Term Rental Host Forum

Help Support Bed & Breakfast / Short Term Rental Host Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

Arks

Well-known member
Joined
May 22, 2010
Messages
6,460
Reaction score
579
An update. A sad update to my September report about a hacker posting thousands of CC authorizations to my Authorize.net account. I had considered it a major headache to have to delete thousands of transaction authorization emails from this hacker account. But now...
...I got my monthly bank statement. My monthly payment to use the services of Authorize.net is generally around $50, sometimes a few dollars more or less, but always in that range. My Oct. Authorize bill was $1,007.15! They say it's because they processed 9492 authorizations for me in September! I have to pay for all those hacker transactions!!
It gets worse.On the same bank statement from is a "Bank Card Processing" fee of $2,444.95. Authorize says this is not from them, but would be from my "Merchant Service Provider", whatever that is. Apparently they also have a per-transaction charge.
I do recall that authorize only does the authorizing, then they pass it along to someone else to do the actual transaction of taking money from the customer and passing it on to me. So I guess the $2,444.95 is from them, for processing...nothing!
I'm sick, and Authorize doesn't seem to care. So I need to switch my ResKey processing from Authorize ASAP. Can someone suggest a service that provides real-time CC processing in ResKey the way Authorize does?
 
Good lord!!! I wonder if the hacker was attached to the processor. There should be protectection against hackers like there is for unauthorized charges. THAT is a double horrible hit.
 
Good lord!!! I wonder if the hacker was attached to the processor. There should be protectection against hackers like there is for unauthorized charges. THAT is a double horrible hit..
gillumhouse said:
Good lord!!! I wonder if the hacker was attached to the processor. There should be protectection against hackers like there is for unauthorized charges. THAT is a double horrible hit.
Out of all the ResKey users, only about 4 of us have reported this. No way of knowing if it came through a weakness in ResKey, or Authorize, or the "merchant services" company. And none of them have a word to say about it, of course.
I went by my bank to try to find out who the $2664 "bankcard processing fee" went to, and they don't know. They said "talk to the CC processor." And of course Authorize said "talk to your bank". Grrr.
 
My god! This level of fraud and you’re getting the runaround? Sorry I can’t offer a suggestion, just my sympathy.
angry_smile.gif
 
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time.
 
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time..
Generic said:
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time.
Thanks for the tip on avoiding Square. I'm wanting instant, automatic charging of the deposit at reservation time, so I'm looking at Yapstone and GoEMerchant/FirstPayment. I've known for a long time that Authorize is more expensive than most, but I've resisted changing because when you do, all your stored card info is lost so I'd have to re-run the cards on all existing reservations. But the current situation makes it absolutely necessary. Almost $4000 lost to this crazy hacker assault!
 
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time..
Generic said:
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time.
I also do everything offline. It does take more time, but I'm nervous about these sorts of breaches. It does seem like no one is taking responsibility for it. I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
 
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time..
Generic said:
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time.
I also do everything offline. It does take more time, but I'm nervous about these sorts of breaches. It does seem like no one is taking responsibility for it. I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
.
Morticia said:
I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
Yes I had one contact me asking why I'd tested their CC number. I advised them that I didn't do it and their CC number was probably compromised and to notify their CC company, and they were grateful for the info. It wasn't a CC ResKey had ever processed. It was one that was compromised elsewhere, they just used the ResKey info to test it.

Anyway, when I switch away from Authorize, the RK breach won't be in play anymore so I'm comfortable staying with RK...unless it happens again! I mean, we MUST use someone, and they are all vulnerable. If major companies like Yahoo, Marriott, eBay, Target, even Equifax have been breached, these little reservation processors are easy pickings. It could/will happen to any of them.
 
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time..
Generic said:
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time.
Thanks for the tip on avoiding Square. I'm wanting instant, automatic charging of the deposit at reservation time, so I'm looking at Yapstone and GoEMerchant/FirstPayment. I've known for a long time that Authorize is more expensive than most, but I've resisted changing because when you do, all your stored card info is lost so I'd have to re-run the cards on all existing reservations. But the current situation makes it absolutely necessary. Almost $4000 lost to this crazy hacker assault!
.
Square does the charge instantly, but the authorization token in RK doesn't renew automatically. It's about 60 days, I think.
 
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time..
Generic said:
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time.
I also do everything offline. It does take more time, but I'm nervous about these sorts of breaches. It does seem like no one is taking responsibility for it. I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
.
Morticia said:
I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
Yes I had one contact me asking why I'd tested their CC number. I advised them that I didn't do it and their CC number was probably compromised and to notify their CC company, and they were grateful for the info. It wasn't a CC ResKey had ever processed. It was one that was compromised elsewhere, they just used the ResKey info to test it.

Anyway, when I switch away from Authorize, the RK breach won't be in play anymore so I'm comfortable staying with RK...unless it happens again! I mean, we MUST use someone, and they are all vulnerable. If major companies like Yahoo, Marriott, eBay, Target, even Equifax have been breached, these little reservation processors are easy pickings. It could/will happen to any of them.
.
I told the caller it was Authorize that was breached, and we don't use them. Yes, they are all vulnerable. Problem lies in taking their failure to protect the system out on the small guy. And you ending up with a $3500 bill!
 
This isn’t because of Aut.net. I had this same thing happen last week when a bot was attached to our REskey account. I was not able to process for 5 days because 26,000 cards attempted to be authorized. Our merchant is the one who shut us down and we had to go in and get a new account. It was a major hassle. I will have to look at our bill. But I know the main cause was because REskey does not have a Captcha when someone try’s to make a reservation. So this allows a bot to attach and runs thousands of cards without you knowing. REsKey needs to fix this.
 
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time..
Generic said:
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time.
I also do everything offline. It does take more time, but I'm nervous about these sorts of breaches. It does seem like no one is taking responsibility for it. I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
.
Morticia said:
I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
Yes I had one contact me asking why I'd tested their CC number. I advised them that I didn't do it and their CC number was probably compromised and to notify their CC company, and they were grateful for the info. It wasn't a CC ResKey had ever processed. It was one that was compromised elsewhere, they just used the ResKey info to test it.

Anyway, when I switch away from Authorize, the RK breach won't be in play anymore so I'm comfortable staying with RK...unless it happens again! I mean, we MUST use someone, and they are all vulnerable. If major companies like Yahoo, Marriott, eBay, Target, even Equifax have been breached, these little reservation processors are easy pickings. It could/will happen to any of them.
.
I told the caller it was Authorize that was breached, and we don't use them. Yes, they are all vulnerable. Problem lies in taking their failure to protect the system out on the small guy. And you ending up with a $3500 bill!
.
It’s REskey that is the issue. They need to install a captcha during the reservation process
 
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time..
Generic said:
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time.
I also do everything offline. It does take more time, but I'm nervous about these sorts of breaches. It does seem like no one is taking responsibility for it. I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
.
Morticia said:
I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
Yes I had one contact me asking why I'd tested their CC number. I advised them that I didn't do it and their CC number was probably compromised and to notify their CC company, and they were grateful for the info. It wasn't a CC ResKey had ever processed. It was one that was compromised elsewhere, they just used the ResKey info to test it.

Anyway, when I switch away from Authorize, the RK breach won't be in play anymore so I'm comfortable staying with RK...unless it happens again! I mean, we MUST use someone, and they are all vulnerable. If major companies like Yahoo, Marriott, eBay, Target, even Equifax have been breached, these little reservation processors are easy pickings. It could/will happen to any of them.
.
I told the caller it was Authorize that was breached, and we don't use them. Yes, they are all vulnerable. Problem lies in taking their failure to protect the system out on the small guy. And you ending up with a $3500 bill!
.
It’s REskey that is the issue. They need to install a captcha during the reservation process
.
Hillbilly said:
It’s REskey that is the issue. They need to install a captcha during the reservation process
No reservation system has that. At least not any one that I've used to make a hotel reservation. The system I used for years for my own place didn't have that.
If it's RK that's the problem, then yes, there needs to be a fix such as shutting off after x number of attempts in y minutes.
 
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time..
Generic said:
I do offline processing and/or Square processing. Square with RK is a pain because you have to reauthorize the token from time to time.
I also do everything offline. It does take more time, but I'm nervous about these sorts of breaches. It does seem like no one is taking responsibility for it. I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
.
Morticia said:
I know some users on the RK forum said they were contacted by people asking why they were trying to run their card.
I was approached by another reservation software company saying she knew we were on RK and was I aware they were breached? However, no one is saying they know what happened.
Yes I had one contact me asking why I'd tested their CC number. I advised them that I didn't do it and their CC number was probably compromised and to notify their CC company, and they were grateful for the info. It wasn't a CC ResKey had ever processed. It was one that was compromised elsewhere, they just used the ResKey info to test it.

Anyway, when I switch away from Authorize, the RK breach won't be in play anymore so I'm comfortable staying with RK...unless it happens again! I mean, we MUST use someone, and they are all vulnerable. If major companies like Yahoo, Marriott, eBay, Target, even Equifax have been breached, these little reservation processors are easy pickings. It could/will happen to any of them.
.
I told the caller it was Authorize that was breached, and we don't use them. Yes, they are all vulnerable. Problem lies in taking their failure to protect the system out on the small guy. And you ending up with a $3500 bill!
.
It’s REskey that is the issue. They need to install a captcha during the reservation process
.
Hillbilly said:
It’s REskey that is the issue. They need to install a captcha during the reservation process
No reservation system has that. At least not any one that I've used to make a hotel reservation. The system I used for years for my own place didn't have that.
If it's RK that's the problem, then yes, there needs to be a fix such as shutting off after x number of attempts in y minutes.
.
Morticia said:
No reservation system has that. At least not any one that I've used to make a hotel reservation. The system I used for years for my own place didn't have that.
If it's RK that's the problem, then yes, there needs to be a fix such as shutting off after x number of attempts in y minutes.
thumbs_up.gif

 
Good lord!!! I wonder if the hacker was attached to the processor. There should be protectection against hackers like there is for unauthorized charges. THAT is a double horrible hit..
gillumhouse said:
Good lord!!! I wonder if the hacker was attached to the processor. There should be protectection against hackers like there is for unauthorized charges. THAT is a double horrible hit.
Out of all the ResKey users, only about 4 of us have reported this. No way of knowing if it came through a weakness in ResKey, or Authorize, or the "merchant services" company. And none of them have a word to say about it, of course.
I went by my bank to try to find out who the $2664 "bankcard processing fee" went to, and they don't know. They said "talk to the CC processor." And of course Authorize said "talk to your bank". Grrr.
.
Dumb questions perhaps, do you normally get a much smaller “bank card processing fee” and know that this isn’t also a hack?
I run guest cards through a terminal on the desk when they arrive, and a deposit through Authorize.net online, however the terminal and authorize account are through my local bank, maybe more expensive, I don’t know, but at times like this worth it to me to know I can get help from a local person.
It sure seems someone at the bank could identify what company made the charge even if the bank has no connection
 
This isn’t because of Aut.net. I had this same thing happen last week when a bot was attached to our REskey account. I was not able to process for 5 days because 26,000 cards attempted to be authorized. Our merchant is the one who shut us down and we had to go in and get a new account. It was a major hassle. I will have to look at our bill. But I know the main cause was because REskey does not have a Captcha when someone try’s to make a reservation. So this allows a bot to attach and runs thousands of cards without you knowing. REsKey needs to fix this..
Maybe an option provided on aut.net, but I know that being small I will never have a large volume of business, I think we were set to allow only 100 authorizations a day and after all these problems came to light I’ve reduced that number even more.
 
This isn’t because of Aut.net. I had this same thing happen last week when a bot was attached to our REskey account. I was not able to process for 5 days because 26,000 cards attempted to be authorized. Our merchant is the one who shut us down and we had to go in and get a new account. It was a major hassle. I will have to look at our bill. But I know the main cause was because REskey does not have a Captcha when someone try’s to make a reservation. So this allows a bot to attach and runs thousands of cards without you knowing. REsKey needs to fix this..
Maybe an option provided on aut.net, but I know that being small I will never have a large volume of business, I think we were set to allow only 100 authorizations a day and after all these problems came to light I’ve reduced that number even more.
.
JimBoone said:
Maybe an option provided on aut.net, but I know that being small I will never have a large volume of business, I think we were set to allow only 100 authorizations a day and after all these problems came to light I’ve reduced that number even more.
Well that certainly sounds like a solution - a reasonable limit on daily transactions.
Even in peak season I doubt most of us do more than 20 or so transactions/day. It's not like any of us have tons of rooms.
Even if I had to hold off processing some deposits because we had a whole house check in, that would be ok.
 
This isn’t because of Aut.net. I had this same thing happen last week when a bot was attached to our REskey account. I was not able to process for 5 days because 26,000 cards attempted to be authorized. Our merchant is the one who shut us down and we had to go in and get a new account. It was a major hassle. I will have to look at our bill. But I know the main cause was because REskey does not have a Captcha when someone try’s to make a reservation. So this allows a bot to attach and runs thousands of cards without you knowing. REsKey needs to fix this..
We also had a bot attach to our rezkey acct. and it still seems to be happening. John has tried a few things but nothing seems to work. I can tell it's still happening because I have multiple searches on my activity with the same ip address... I don't know how to get rid of the bot. John has recommended I put something on our site to track but I haven't had time to go in and do this yet. Are you still having issues with the bot?
 
This isn’t because of Aut.net. I had this same thing happen last week when a bot was attached to our REskey account. I was not able to process for 5 days because 26,000 cards attempted to be authorized. Our merchant is the one who shut us down and we had to go in and get a new account. It was a major hassle. I will have to look at our bill. But I know the main cause was because REskey does not have a Captcha when someone try’s to make a reservation. So this allows a bot to attach and runs thousands of cards without you knowing. REsKey needs to fix this..
We also had a bot attach to our rezkey acct. and it still seems to be happening. John has tried a few things but nothing seems to work. I can tell it's still happening because I have multiple searches on my activity with the same ip address... I don't know how to get rid of the bot. John has recommended I put something on our site to track but I haven't had time to go in and do this yet. Are you still having issues with the bot?
.
Baygirl said:
Are you still having issues with the bot?
After the heavy attack in September, I got no attack activity in October after I instituted the daily limit in Authorize. But about a week ago I had another one. About 75 attempts. Bad, but not as bad as before.
Friday I got a new Authorize "transaction key" and installed it in ResKey. It as easy to do and I've received new reservations since I installed it, so it didn't mess anything up. I'm assuming if the bot is using the old key, their attacks won't work anymore.
But I've decided to switch to Stripe because over time it will be a lot cheaper than Authorize. Stripe charges a flat rate of 2.9% + 30¢ per successful card charge. No other charges.
I'm guessing "per successful card charge" means I only pay on the ones that actually charge money. Stripe has no setup fees, no monthly fees, no payout fees, no minimum charges, no validation fees, and no charge for them to store the card numbers for use in future charges. There's no "merchant services" middle man to also pay. Stripe takes the money and sends it directly to my bank account with no middle man.
 
This isn’t because of Aut.net. I had this same thing happen last week when a bot was attached to our REskey account. I was not able to process for 5 days because 26,000 cards attempted to be authorized. Our merchant is the one who shut us down and we had to go in and get a new account. It was a major hassle. I will have to look at our bill. But I know the main cause was because REskey does not have a Captcha when someone try’s to make a reservation. So this allows a bot to attach and runs thousands of cards without you knowing. REsKey needs to fix this..
We also had a bot attach to our rezkey acct. and it still seems to be happening. John has tried a few things but nothing seems to work. I can tell it's still happening because I have multiple searches on my activity with the same ip address... I don't know how to get rid of the bot. John has recommended I put something on our site to track but I haven't had time to go in and do this yet. Are you still having issues with the bot?
.
Baygirl said:
Are you still having issues with the bot?
After the heavy attack in September, I got no attack activity in October after I instituted the daily limit in Authorize. But about a week ago I had another one. About 75 attempts. Bad, but not as bad as before.
Friday I got a new Authorize "transaction key" and installed it in ResKey. It as easy to do and I've received new reservations since I installed it, so it didn't mess anything up. I'm assuming if the bot is using the old key, their attacks won't work anymore.
But I've decided to switch to Stripe because over time it will be a lot cheaper than Authorize. Stripe charges a flat rate of 2.9% + 30¢ per successful card charge. No other charges.
I'm guessing "per successful card charge" means I only pay on the ones that actually charge money. Stripe has no setup fees, no monthly fees, no payout fees, no minimum charges, no validation fees, and no charge for them to store the card numbers for use in future charges. There's no "merchant services" middle man to also pay. Stripe takes the money and sends it directly to my bank account with no middle man.
.
I don't use Rez for payments.. I enter the deposits manually when a reservation gets made. How does stripe work for incidentals if the guest orders an upsell? Do you manually enter any charges on stripe?
 
Back
Top