hotel | Card Not Present, CenPOS, credit card processing

Hotel and lodging industry must update best practices due to 2016 and 2017 changes in Visa and MasterCard rules. Cardholder authentication and multiple authorization indicators are two key components of change. Hotels that comply will maximize profits and security. Noncompliance will result in higher credit card acceptance fees due to penalties, increased declines, reduced profits, and new chargeback risk.For those still using paper credit card authorization forms, few are in compliance with Visa Core Rules 5.4.2.5 Prohibition against Requiring Cardholder or Account Data – US Region.

“A US Merchant or its agent must not: Request the Card Verification Value 2 data on any paper Order Form.”

Authorization validity is front and center to the 2017 rules changes. Merchants used to get and authorization, and settle it later at checkout. Now merchants must send the correct transaction types and link them all together with a unique identifier:

The ESTIMATE (Visa) or UNDEFINED (MasterCard) indicator is sent when the final settlement amount is unknown. The customer must be informed that it is an estimate as well.
INCREMENTAL authorization is obtained when the original authorization expires or to increase the amount on hold.
Final Authorization says this is the final transaction.

TIP: Merchants need 3-D Secure (Verified by Visa, MasterCard SecureCode), a global cardholder authentication standard for card absent transactions, to maximize profits and compliance for card not present transactions, which is only available with customer initiated transactions: hosted pay page, digital payment request, online booking. Paper forms don’t create a digital record tied to the credit card, and cardholder authentication is not possible, as defined by the card brands. It’s also not possible to comply with the rule by key entering data into any desktop terminal.

The unique transaction transaction identifier can be a point of breakdown in the process. For example, the events manager obtains a paper credit card authorization form. The first charge is a deposit; the second charge is at the end of the event; a third charge occurs after assessing damages to a room. In each case, the amount is key entered into the payment processing terminal. Since there is no transaction identifier tying them all together, the authorizations are invalid and the ISSUER is within their rights to chargeback for invalid authorization, example Visa reason code 72.

There are so many nuances to the rules, and changes needed in the payments ecosystem, hotels should not assume existing partners have completed the required updates to comply. Technology that can automatically manage the authorization and settlement process- not the old way, but with all the new rules changes- requires a sophisticated payment gateway. Like EMV, there will be vendors that struggle to adapt.

For compliant solutions that can be used standalone or integrated, improving your customer experience, contact Christine Speedy, 954-942-0483.

Reference materials:

MasterCard® Pre & Final Authorization Mandate by CyberSource, December 2016.
Visa Core Rules October 2016.
MasterCard Revises Standards for Processing Authorizations and Preauthorizations by Vantiv December 2016.
MasterCard Transaction Processing Rules, November 2016.

See merchant bulletins – downloads for links to many resources.

In October 2016, Visa quietly announced sweeping changes to rules for card not present transactions in the lodging industry. With online booking technology updates, hotels can increase profits by complying with the new rules, including for guaranteed reservations. Failure to comply may significantly increase financial risk.

A core concept is valid “authorization”, which impacts merchant rights and potentially credit card processing rate qualification. An invalid authorization equates to a no authorization. Card issuers will be within their rights to use reason code 72 and chargeback, or ACH, the funds from merchant bank account on the next settlement day, for failure to comply with the rules. This is a significant change, as in the past, hotels would respond to cardholder initiated disputes, a completely different scenario, and win a good portion of them.

What’s a valid authorization? It’s mostly described in Special Authorization Request Allowances and Requirements. Key elements:

Stored credential– rules for storing and what associated data is required on file and what is submitted with transaction- same transaction ID required for all after initial approval
Estimated Authorization– indicator as to whether the authorization is an estimate or is final is sent with transaction. Authorization is valid for 31 days. (Originally 14 days, but subsequent bulletin released to change it.)
Incremental authorization – must use same transaction ID as estimate, and submit with incremental authorization indicator
Visa now groups transaction types into ‘customer initiated’ and ‘merchant initiated’. For card not present, a transaction is only considered customer initiated, if Verified by Visa is used. Verified by Visa (VbyV) is their brand name for the global 3-D Secure cardholder authentication protocol for card not present transactions.

Updated Checkout Flow For Online Booking:

Opt-in to no-show policy, terms and conditions
Authenticate cardholder
Authorize with the estimate indicator
Deliver email confirmation with the policy
Incremental auths with same Trans ID only.
Close transaction by day 31; partial reversal same transaction ID if applicable.
If ticket closed, open new estimated auth.

KEY DATES

Effective through 13 October 2017: In the US Region, for Car Rental Merchants, Cruise Lines, and Lodging Merchants, the Merchant must use the Incremental Authorization Request indicator and the same Transaction Identifier for all Authorization Requests.
Effective 14 October 2017 Transaction initiated with an Estimated Authorization
Verified by Visa cardholder authentication protects lodging merchants immediately from “it wasn’t me” card not present fraud.

Without hotel action to update online booking in advance of the October dates, financial exposure for prior months may be significant.

Christine Speedy, authorized CenPOS reseller provides universal payment processing solutions to maximize merchant profits and mitigate risk across multiple sales channels. To get a CenPOS account and your booking engine compatible plugin contact Christine at 954-942-0483.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.

Tag Archives: hotel

Hotel credit card authorization form 2017 change

Lodging Authorization Rules Change 2017 – Chargeback Prevention Tips