About Christine Speedy

B2B cloud payment acceptance solutions and CenPOS enterprise cloud payment solutions expert. Authorized reseller.

VISA FRAUD DISPUTE RULES CHANGES IMPACT CARD NOT PRESENT

April 5, 2017—This alert contains critical information regarding new and revised Visa card acceptance rules effective now and coming in the future for merchants. Business to business companies may be at higher risk of associated chargeback losses or declines due to the average size of order. Effective April 22, 2017, Revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment flow related to Disputes.

Christine’s Analysis: Merchants need to support both EMV chip for Card-Present and Verified by Visa for card not present. Verified by Visa is their brand for 3-D Secure, a global security protocol for cardholder authentication across all card brands. For example, a  cardholder might be asked to enter a PIN number or answer some other type of authentication question. Cardholder authentication for Card-Absent Transactions shifts liability for “it wasn’t me” disputes to the issuer. The card-absent cardholder authentication process requires cardholders self-initiate payments, eliminating collecting card numbers via phone or paper credit card authorization forms. Merchants are rewarded for using cardholder authentication with reduced interchange rates and increased approvals.

Christine’s TIP: Per Visa rule 5.4.2.5, a US merchant or its agent must not Request the Card Verification Value 2 data on any paper Order Form. Replace paper forms with digital, PCI Compliant forms and online payment solutions with cardholder authentication ASAP.

Online payment solutions include a hosted pay page like the one shown below.

hosted paypage online payments

A hosted pay page empowers customers to make secure payments online using a 3rd party provider (Payment Gateway also known as a Payment Facilitator.)

Other solutions include pushing out payment requests, such as via a text or email. electronic invoice presentment and payment eippWith new and revised rules impacting the entire payment ecosystem including issuer, acquirer, gateway, merchant, and potentially other software like ERP’s and ecommerce shopping carts, merchants should verify all parts their payment ecosystem supports them. Desktop terminals are not capable of supporting all the rules for card absent needs; a cloud-based payment gateway is required whether non-integrated, or integrated ecommerce shopping cart, ERP or other software.

Does your online payment solution support Verified by Visa, or do you need a solution? Contact Christine Speedy at 954-942-0483 for a fast and easy solution, compatible with your existing credit card processor.

What is Auth Code 14, declined?

A credit card processing response of Auth Code 14, is a decline for Processor Declined, Fraud Suspected. Why does this happens for recurring billing, including unscheduled recurring billing using a stored credential, also known as a token on file? The method used to store the first transaction, and process subsequent transactions can impact authorization approvals.

For example, a merchant has successfully processed unscheduled transactions using a token on file since 2016. However, in 2017, declined for Auth Code 14 appeared.

auth code decline 14

Why would a previously stored and working card decline now? Look at the AVS,  ZIP, and CVV response above. Compare to the example below.

token billing

For the second receipt, AVS match Y= address and 5 digit zip match, Zip match Y=Address and 5 digit zip match, CVV = match X, cannot verify CVV. Because CVV was verified a match on the initial zero dollar authorization it’s not required to be presented on subsequent transactions.

The first example is returning that information does not match, thus the reason for suspected fraud. Without looking at the very first authorization when token was created, several possibilities exist, including  cardholder issued a new chip card with same number but other changes occurred in the interim; cardholder address changed or was never validated.

Merchants are at risk of issuer initiated chargeback if authorization rules are not followed. Refer to  Visa Product and Service Rules, Table 5-21: Requirements for Prepayments and Transactions Using Stored Credentials for more information. With recent rules changes, and more coming October 2017, merchants need a cloud based solution that can automate compliance. Not all of them have that intelligence. For example, some cloud based payment gateways enable merchants to perform prohibited transaction requests that put the authorization at risk of chargeback for non-compliance.

Due to many recent and upcoming changes for card absent and recurring billing with stored credentials, merchants are advised to review processes to include empowering customers to self-manage adding cards on file, and using cardholder authentication. Visa requires Verified by Visa for cardholder authentication in a card not present environment; without it, expect increasing declines.

Disclaimer: The rules of card acceptance are very complex and change typically twice a year, sometimes with interim bulletins regarding more changes. Merchants should read the manual for complete details regarding card acceptance for your business type.

Christine Speedy, authorized CenPOS reseller, provides universal payment processing solutions, including cardholder authentication, to maximize merchant profits and mitigate risk across multiple sales channels. Contact Christine at 954-942-0483. 

Hotel credit card authorization form 2017 change

Hotel and lodging industry must update best practices due to 2016 and 2017 changes in Visa and MasterCard rules. Cardholder authentication and multiple authorization indicators are two key components of change. Hotels that comply will maximize profits and security. Noncompliance will result in higher credit card acceptance fees due to penalties, increased declines, reduced profits, and new chargeback risk.hotel credit card authorization formAuthorization validity is front and center to the rules changes. Merchants used to get and authorization, and settle it later at checkout. Now merchants must send the correct transaction types and link them all together with a unique identifier:

  1. The ESTIMATE (Visa) or UNDEFINED (MasterCard) indicator is sent when the final settlement amount is unknown. The customer must be informed that it is an estimate as well.
  2. INCREMENTAL authorization is obtained when the original authorization expires or to increase the amount on hold.
  3. Final Authorization says this is the final transaction.

TIP: Merchants need 3-D Secure (Verified by Visa, MasterCard SecureCode), a global cardholder authentication standard for card absent transactions, to maximize profits and compliance for card not present transactions, which is only available with customer initiated transactions: hosted pay page, digital payment request, online booking. Paper forms don’t create a digital record tied to the credit card, and cardholder authentication is not possible, as defined by the card brands.

The unique transaction transaction identifier can be a point of breakdown in the process. For example, the events manager obtains a paper credit card authorization form. The first charge is a deposit; the second charge is at the end of the event; a third charge occurs after assessing damages to a room. In each case, the amount is key entered into the payment processing terminal. Since there is no transaction identifier tying them all together, the authorizations are invalid and the ISSUER is within their rights to chargeback for invalid authorization, example Visa reason code 72.

There are so many nuances to the rules, and changes needed in the payments ecosystem, hotels should not assume existing partners have completed the required updates to comply. Technology that can automatically manage the authorization and settlement process- not the old way, but with all the new rules changes- requires a sophisticated payment gateway. Like EMV, there will be vendors that struggle to adapt.

For compliant solutions that can be used standalone or integrated, improving your customer experience, contact Christine Speedy, 954-942-0483.

Reference materials:

  • MasterCard® Pre & Final Authorization Mandate by CyberSource, December 2016.
  • Visa Core Rules October 2016.
  • MasterCard Revises Standards for Processing Authorizations and Preauthorizations by Vantiv December 2016.
  • MasterCard Transaction Processing Rules, November 2016.

See merchant bulletins – downloads for links to many resources.

US EMV Verifone MX 915 for BB&T TSYS

Yes, we provide US EMV with chip and pin for BB&T customers wanting to use Verifone MX 915 terminals. BB&T merchants are on the First Data platform. One unique benefit of our solution on First Data is we can process retail, MOTO (mail order/telephone order), and ecommerce, including electronic bill presentment and payment (EBPP), all in a single merchant account, with proper representment to mitigate chargeback risk and maximize profits.

The transaction process is different for EMV than magnetic swipe transaction, in order to support the different flow for processing chip cards.

To use CenPOS as shown in the video, merchants need high speed internet, web browser, Verifone MX 915, and CenPOS account. No other software is needed. CenPOS can be used standalone or integrated. Integrated solutions include Infor, SAP, Dynamics AX, Quickbooks etc. In all cases, CenPOS segregates payments from the application to reduce PCI Compliance scope and improve security.

TIP:  Having an EMV capable terminal does not mean a merchant is ready to accept chip cards. In the CenPOS environment, if a merchant installed a future proof, EMV capable terminal to get ready for EMV, the next step is to convert to EMV enabled. This always requires turning on EMV at the merchant account level, in addition to other steps.

If you do not own a Verifone terminal, do not purchase one on your own via EBAY or some other source. For PCI Compliance, and overall security, the purchasing and installation process must be tightly controlled.

If you’re not a current CenPOS customer, contact Christine Speedy for sales and integrations at 954-942-0483. Don’t just get ready, get EMV Compliant.

Visa and Viewpost to Accelerate Electronic Bill Payments for U.S. Businesses

Partnership to Simplify B2B Payments with Visa Virtual Credit Cards

SAN FRANCISCO & ORLANDO, Fla.–(BUSINESS WIRE)–Mar. 28, 2017– Visa Inc. (NYSE:V) and Viewpost®, a secure B2B network for electronic invoicing, payments and real-time cash management, today announced an exclusive partnership to bring electronic business payments to Viewpost’s small to medium-sized business clients (SMBs). By using Visa virtual commercial cards through their participating financial institutions, SMBs will increase automation, convenience and security for their B2B transactions.

Viewpost’s SMB customers will be able to benefit from Viewpost electronic payment capabilities and the use of a secure, one-time Visa virtual account number. When a virtual card payment is made through Viewpost, the supplier will receive a one-time virtual account number for posting funds to its merchant account. Viewpost will then deliver data-rich remittance information to both businesses, such as, paid invoices, the amount paid and the due date. If a supplier does not accept virtual commercial card payments, an invitation can be extended through a proprietary automation method, which makes enrollment quick and simple.

“Providing access to simple, secure working capital solutions for SMBs is a critically-important focus for our business,” said Vicky Bindra, global head of products & solutions at Visa Inc. “Our collaboration with Viewpost gives SMBs comprehensive financial management tools in a single portal – right where they bank. We are thrilled to partner with Viewpost and make our customers’ lives easier by significantly reducing time, cost and friction around payment, so they can focus on what is most important – managing and growing their businesses.”

As a trusted, open B2B network available to businesses of all sizes, Viewpost gives financial institutions the tools that enable SMBs to connect and exchange electronic invoices and payments, share transaction data and access working capital on demand with unprecedented ease and visibility. Visa’s partnership with Viewpost will help financial institutions in the U.S. bring to market a fully integrated and optimized SMB finance management solution that seamlessly integrates with their online banking site.

“We’re excited to partner with a renowned brand and payments technology leader like Visa,” said Max Eliscu, CEO at Viewpost. “This partnership accelerates our ability to address costly pain points in the multi-trillion-dollar B2B payments ecosystem1 while also, and perhaps most importantly, bringing flexibility, cost savings and simplicity of payment to the massive and underserved small business marketplace.”

“According to our 2016 Small Business Payments and Banking Survey, over two thirds of respondents indicated they preferred to pay bills through online banking tools, rather than a supplier’s website,” said Ken Paterson, vice president of research operations, Mercator Advisory Group. “The Visa/Viewpost partnership promises to offer a seamless integration for banks who are looking to enable their customers to have one centralized destination for all of their corporate payment needs.”

About Visa Inc.

Visa Inc. (NYSE: V) is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories to fast, secure and reliable electronic payments. We operate one of the world’s most advanced processing networks — VisaNet — that is capable of handling more than 65,000 transaction messages a second, with fraud protection for consumers and assured payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa’s innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, pay ahead of time with prepaid or pay later with credit products.

About Viewpost

Viewpost North America is revolutionizing the way businesses transact with each other. Viewpost built the most trusted open business network to empower businesses of all sizes with real-time cash management for anytime operating decisions. On the secure Viewpost network, companies connect and exchange electronic invoices and payments with unprecedented ease and visibility, accessing working capital on demand. Enterprise clients are using Viewpost to cut costs, increase efficiency and improve cash management, including Accenture, Florida Hospital Medical Center, Georgetown University, the Orlando Magic and Whole Foods Market. With enterprise-grade security, including ISO 27001 and SSAE16 audited certifications and the TRUSTe Privacy Seal and Skyhigh CloudTrust Enterprise-Ready Rating, Viewpost is partnering with financial institutions to bring cash management tools to business customers at U.S. Bank, Bank of America and Fifth Third Bank. Viewpost innovation has been awarded Best in Show by Barlow Research, Best CISO/CSO by FireEye Cyber Defense Summit, CSO50 Award (four-time honoree) by IDG’s CSO, and Best B2B Payments Platform by Tradestreaming. Since Viewpost was opened to the public in early 2015, the total invoices presented and payments processed has reached $71.4 billion across the network. Founded in 2011, Viewpost is headquartered in the Orlando area with additional teams in Boston, Minneapolis and San Francisco.

1 Source: Accenture, https://www.accenture.com/us-en/~/media/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Industries_5/Accenture-FS-Payment-Services-Corporate-Payments-PoV.pdf

Source: Visa Inc.