Verifone Investigating Data Breach

Reported by Krebs on Security, Verifone is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.

“According to the forensic information to-date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”

Read the full article here https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Visa Authorization Rentals Rules Change

Visa announced sweeping changes to rental industry card acceptance rules in October 2016. Key changes include defining who initiated transaction, transaction data sent, authorization rules, stored card rules, and customer communications. Compliance will increase approvals and mitigate fraud risk;  Failure to comply will increase financial risk and issuer declines while reducing EBIDTA.

Visa Expansion of Special Authorization Allowances

Effective 15 October 2016, 22 April 2017, and 14 October 2017
Revisions have been made to rules related to the processing of Estimated Authorization Requests, Initial Authorization Requests, and Incremental Authorization Requests, as well as Authorization Reversals, Issuer hold releases, and Chargeback rights. These changes impact issuer, merchant, customer, and acquirer- whatever merchants have in place today is not sufficient for the future.

visa rental authorization rules 2017

Partial excerpt from section 5, Visa Core Rules. Applicable merchants should read the entire table and additional sections.

Truck and heavy duty equipment rental authorizations. Aircraft rental, Bicycle rental, Boat rental, Car rental, Equipment rental, Motor home rental, Motorcycle rental, Trailer park or campground rental are all impacted.

A core concept is authorization validity, which impacts merchant rights and potentially credit card processing rate qualification. An invalid authorization equates to no authorization. Card issuers will be within their rights to use reason code 72 and chargeback, or ACH, funds from merchant bank account on the next settlement day, for failure to comply with authorization rules. This is a significant change for most rental companies, as in the past, businesses typically responded to cardholder initiated disputes, a completely different scenario, and win a good portion of them.

With payment processing technology updates, rental companies can increase profits by complying with the new rules, including for guaranteed reservations. EBITDA is improved with increased approvals, lower qualified interchange rates, and fewer chargebacks.

What’s a valid authorization? It’s partially described in Special Authorization Request Allowances and Requirements. Key elements:

  • Stored credential– rules for storing; what associated data is required on file and what is submitted with transaction, including same transaction ID required for all subsequent authorizations after initial approval.
  • Estimated Authorization– indicator the authorization is an initial estimate and final amount is unknown is sent with transaction. TIP:  If the amount could change because the renter did not bring item back in time, or there are other terms in the contract where customer agrees to pay more under certain conditions such as damages or refueling, then the initial transaction is an Estimate.
  • Incremental authorization  – must use same transaction ID as estimate, and submit with incremental authorization indicator
  • Visa now groups transaction types into ‘customer initiated’ and ‘merchant initiated’. For card not present, a transaction is only considered customer initiated, if Verified by Visa is used. Verified by Visa (VbyV) is their brand name for the global 3-D Secure cardholder authentication protocol for customer initiated card not present transactions.

Updated Checkout Flow For Online Rental Booking:

  • Opt-in to no-show policy, terms and conditions
  • Authenticate cardholder
  • Authorize with the estimate indicator
  • Deliver email confirmation with the policy
  • Incremental auths with same Trans ID only.
  • Close transaction by day 31; partial reversal same transaction ID if applicable.
  • If ticket closed, open new estimated auth.

KEY DATES

  • April 22, 2017 – The Merchant must use the Estimated/Initial Authorization Request indicator.
  • 22 April 2017 – The Merchant must use the Incremental Authorization Request indicator and the same Transaction Identifier for all Authorization Requests.

Without action to update rental authorizations in advance of the April dates, financial exposure for prior months may be significant.

Visa Core Rules see PSR 346 and other pages.

Christine Speedy, authorized CenPOS reseller, provides universal payment processing solutions to maximize merchant profits and mitigate risk across multiple sales channels. To get a CenPOS account and Dynamics AX, SAP, Bluebird or other compatible plugin, contact Christine at 954-942-0483. 

On Milestone Anniversary – Vantiv Rings the NYSE Closing Bell as the #1 U.S. Merchant Acquirer

Vantiv marks its 5 year anniversary as a publically-traded company by ringing the closing bell at the NYSE and by being named top payment processor by transactions.

CINCINNATI, March 16, 2017 – Today, Vantiv marks its five-year anniversary as a publicly-traded company with the ringing of the Closing Bell at the New York Stock Exchange. CEO Charles Drucker – joined by some of Vantiv’s most passionate and dedicated team members – will ring the bell at 4:00 pm ET.

top acquirers in the U.S. 2016

Coinciding with this momentous occasion today, The Nilson Report will publish its annual U.S. Merchant Acquirer Rankings, which will show that Vantiv now processes more domestic debit and credit transactions than any other acquirer in the United States.

“This is the first time since 1996 in which a new company has come out on top based on this metric,” said David Robertson, publisher of The Nilson Report. “Congratulations to Vantiv on its success and its five-year anniversary.”

“I always say our success is our people,” said Charles Drucker, president and chief executive officer at Vantiv. “Over the last five years, we have grown dramatically and achieved many milestones thanks to our employees’ relentless hard work and winning attitude. Nilson’s new rankings – published at our five-year anniversary – clearly validates that we are on the right track with a bright future.”

For more information on the U.S. Merchant Acquiring Rankings, go to The Nilson Report, www.nilsonreport.com, one of the most respected sources of news and analysis of the global card and mobile payment industries.

Lodging Authorization Rules Change 2017 – Chargeback Prevention Tips

online booking credit card fraudIn October 2016, Visa quietly announced sweeping changes to rules for card not present transactions in the lodging industry. With online booking technology updates, hotels can increase profits by complying with the new rules, including for guaranteed reservations. Failure to comply may significantly increase financial risk.

A core concept is valid “authorization”, which impacts merchant rights and potentially credit card processing rate qualification. An invalid authorization equates to a no authorization. Card issuers will be within their rights to use reason code 72 and chargeback, or ACH, the funds from merchant bank account on the next settlement day, for failure to comply with the rules. This is a significant change, as in the past, hotels would respond to cardholder initiated disputes, a completely different scenario, and win a good portion of them.

What’s a valid authorization? It’s mostly described in Special Authorization Request Allowances and Requirements. Key elements:

  • Stored credential– rules for storing and what associated data is required on file and what is submitted with transaction- same transaction ID required for all after initial approval
  • Estimated Authorization– indicator as to whether the authorization is an estimate or is final is sent with transaction. Authorization is valid for 31 days. (Originally 14 days, but subsequent bulletin released to change it.)
  • Incremental authorization  – must use same transaction ID as estimate, and submit with incremental authorization indicator
  • Visa now groups transaction types into ‘customer initiated’ and ‘merchant initiated’. For card not present, a transaction is only considered customer initiated, if Verified by Visa is used. Verified by Visa (VbyV) is their brand name for the global 3-D Secure cardholder authentication protocol for card not present transactions.

Updated Checkout Flow For Online Booking:

  • Opt-in to no-show policy, terms and conditions
  • Authenticate cardholder
  • Authorize with the estimate indicator
  • Deliver email confirmation with the policy
  • Incremental auths with same Trans ID only.
  • Close transaction by day 31; partial reversal same transaction ID if applicable.
  • If ticket closed, open new estimated auth.

KEY DATES

  • Effective through 13 October 2017: In the US Region, for Car Rental Merchants, Cruise Lines, and Lodging Merchants, the Merchant must use the Incremental Authorization Request indicator and the same Transaction Identifier for all Authorization Requests.
  • Effective 14 October 2017 Transaction initiated with an Estimated Authorization
  • Verified by Visa cardholder authentication protects lodging merchants immediately from “it wasn’t me” card not present fraud.

Without hotel action to update online booking in advance of the October dates, financial exposure for prior months may be significant.

Christine Speedy, authorized CenPOS reseller provides universal payment processing solutions to maximize merchant profits and mitigate risk across multiple sales channels. To get a CenPOS account and your booking engine compatible plugin contact Christine at 954-942-0483.