Need a payment gateway that meets Strong Customer Authentication (SCA) requirements for the EU Payment Services Directive (PSD2)? The EU requirements went into effect September 14, 2019 and like many new regulatory and card acceptance rules changes, some payment gateways are ready, some are not, and some may never get updated. This article addresses online payments and ecommerce transactions only.
How does PSD2 Strong Cardholder Authentication impact US merchants?
It does not apply to Ecommerce transactions from EU cardholders to US merchants with US merchant accounts.
US merchants may experience increased issuer declines if not using SCA.
US merchants will likely experience increased fraud as the pool of web sites shrinks where criminals can commit fraud and get away with it.
GDPR regulations for ecommerce transactions from EU cardholders to US merchants with US merchant accounts does apply; choose payment gateways that support both GDPR and 3DS v2.2.0.
Which online payments are exempt from PSD2?
Recurring transactions for the same amount- PSD 2 applies for the initial transaction. If the amount changes, PSD 2 applies. PSD 2 applies for Unscheduled Credential On File for each transaction unless cardholder whitelists as per next item.
White-lists of trusted beneficiaries- cardholders can notify their issuer to allow payments to go through without SCA after initial transaction.
How can merchants get compliant with PSD2?
Merchants should use a payment gateway that supports 3DS v2.2.0, which supports Strong Customer Authentication or SCA. Visa specifically states in their rules (Table 5-17: Acquirer Support of Visa Secure by Region/Country – Requirements) that acquirers in the EU must process transactions using Visa Secure, which is their version of 3D Secure, a global protocol for securing card not present transactions. Only 3D Secure 2.x, not 1.0, meets the PSD2 requirements, with v2.2.0 being the most current as of this writing. This will get merchants compliant with PSD2.
Which payment gateways support 3DS v2.2.0?
The easiest way is to ask them. Because the payment gateway may one of multiple components in the checkout process it may not be on a certification list. One popular payment gateway apparently is not being updated- Authorize.net; users are advised to upgrade to Cybersource per the Cybersource web site.
EU US Privacy Shield https://ec.europa.eu/info/sites/info/files/2016-08-01-ps-citizens-guide_en.pd_.pdf
EU Law https://eur-lex.europa.eu
UK Financial Conduct Authority https://www.fca.org.uk/firms/revised-payment-services-directive-psd2
Direct from American Express hospitality industry webinar, hotels number one protection from card not present fraud is American Express SafeKey®. SafeKey leverages the global industry standard, 3-D Secure®*, to detect and reduce online fraud by adding an extra layer of security when Card Members pay online.
How to mitigate 3rd party authorization chargeback risk? Merchant best practices:
Ensure the cardholder participated in the initial transactions. Safekey is the best method to prove that, making signatures irrelevant.
Get written authorization of what expenses the cardholder will allow.
Put cardholder name on the folio.
Show where cardholder opted in to all policies, including damages, cancellation etc.
Authorization must be CARD NOT PRESENT.
Use solution that includes cardholder name in the authorization response; retrievable record.
American Express SafeKey
How does Amex SafeKey impact the customer shopping experience? The cardholder may have some or no difference in the checkout experience, based on many factors, including prior online shopping history. The cardholder may be asked authentication question(s) to confirm it’s really the cardholder.
How does Amex SafeKey impact merchants?
Fraud liability for “It wasn’t me, I didn’t authorize it” goes away as liability shifts back to the issuer.
For business to business, where cardholder billing and shipping address frequently vary, cardholder authentication plays an important role not available with four digit CID security code validation only.
At this writing, American Express merchants do not receive a specific interchange discount as may be available with other card brands.
Receive e-mail from SafeKey Certification Team with your SafeKey ID and next steps.
SafeKey Certification Team gets approval from Acquirer.
Acquirer and SafeKey Certification Team complete required setup.
Activate 3-D Secure on the application. (Ecommerce shopping cart, payment gateway, or ERP.) Both payment gateway and application must support the service.
* 3-D Secure is a registered trademark of Visa International Service Association in the United States and other countries.
Want to add American Express SafeKey to your business and get a great third party authorization form solution all included? Contact CenPOS global sales and integrations reseller, Christine Speedy, 954-942-0483 for more information.
Who made the top 10 list of of most payment and card solutions providers? The first ten companies to fork out $3000, which 3D Merchant Services declined to pay. The criteria for getting on the top ten list of anything and then to top google search results is usually all about the money, not the product. Here’s an actual offer for how to get on the top ten list, just pay the bucks and you’re in!
Greetings from MyTechMag, a technology magazine which has already proved its strong hold in various industries and technology vertical. Now MyTechMag is all set to explore the Payment industry focusing on the Payment and Card Solution Providers. With great pleasure I would like to communicate that our Editorial team has selected as one among the “10 Most Promising Payment and Card Solution Providers 2019”.
Payments are now evolving at a rapid pace with new providers, new platforms, and new payment tools launching on a near daily basis.The payments industry would be in a transformational state in 2020. The ongoing war with alternative payment channels will intensify and challenges in emerging markets would force the incumbents to take drastic measures.
I was exploring the possibility of participating in this special edition. We offer a one-page profile to all the Top 10 companies. We would be keen to feature a one-page exclusive profile about in our upcoming Payment and Card edition. The company profile will provide an in-depth perspective of the company’s product offerings, strengths, and unique proposition. The Payment and Card special edition will be sent to 166,000 technology leaders across the industry verticals.
The Branding package is at a cost of $3,000 * would have unlimited digital and prints right for the one-page profile with Senior Executives photo. * One Full Page color advertisement space in the magazine. * will also receive the logo of the “10 Most Promising Payment and Card Solution Providers 2019”. * We would be happy to host all the news from your company on our website.
This is undoubtedly going to optimize your company visibility as it will reach 166,000 senior leaders, and key decision makers across the industry. Kindly go through the same and let me know your thoughts on how you would like to take this opportunity ahead.
I look forward to hearing from you.
When you need to find the best payment processing solution or credit card processing solution, call a professional and have a conversation. How knowledgeable is that person? For web sites, does it have material relevant for your business?
Did you find this web site useful? Call Christine Speedy, PCI Council QIR certified, for all your payment processing solutions needs. Have a knowledgeable professional helping you maximize profits. 954-942-0483, 9-5 ET.
Upgrading to D365 from Microsoft AX? Engaging a payment processing professional can save boatloads of development time while opening up new ways to engage with customers. Additionally, payment gateway selection directly impacts EBITDA project objectives. What three key questions must be asked when choosing a credit card processing solution for your business to business operation?
I’ll save merchants and consultants reading this a lot of time. Ask the 3 questions and then pretty much disregard the answers. You’re unlikely to find anyone who will be able to answer all three questions adequately so on that basis alone, it’s best to contact a subject matter expert like Christine Speedy, here at 3Dmerchant.com.
Does the payment gateway support Unschedule Credential On File? Virtually every business to business operation stores at least a few credit cards for the occasional customer on file need, which is a good thing because if you’re one of those that require customers to call in each time, that’s negative friction impacting cash flow, profits, and satisfaction. What most businesses don’t know is that the rules and technical specifications for storing cards and processing transactions with stored cards changed tremendously in October 2017. Virtually no payment gateway has upgraded to get compliant, leaving businesses exposed to multiple financial penalty risks. Note, this is not just ‘tokenization’, which most gateways support, but rather a specific set of new card acceptance rules. Everyone in the payment ecosystem has some responsibility to make changes for compliance- issuer, acquirer, merchant and payment gateway. No one can ‘automatically’ get merchants compliant with new UCOF rules; if any vendor says they have, call 3Dmerchant to review why it’s not.
If the initial authorization and final settlement amount are not the same, what happens? This is a common scenario for distributors, manufacturing and ecommerce, but if there’s a mismatch, an or an open authorization is not reversed, merchants pay an expensive processing penalty fees. For example, MasterCard Data Rate 1 might appear on merchant statements for interchange rate qualification, which is nearly 100 basis points higher than if settled optimally.
Is there any difference between the type transaction transmitted to the acquirer when a customer self-pays an invoice such as through a payment portal vs when an employee key enters the cardholder data? The answer must be yes. One is submitted as a phone order (MOTO) and one is submitted as an ecommerce order.
BONUS: What’s the process for renewing an expired authorization? Preauthorizations are common in manufacturing and ecommerce. While an expired authorization is usually approved for final settlement within 30 days, there are financial penalties and risk associated with using expired authorizations. Merchants should automate this process as much as possible, removing decisions from employees, which is always fraught with risk.
BONUS 2: Can I process EMV chip transactions with level 3 processing in F&O? Due to October 2019 licensing changes, some merchants may find it more profitable to skip the retail license add-on.
Call Christine Speedy, PCI Council QIR certified, for all your Microsoft Dynamics AX and D365 payment processing needs from ACH to credit cards and more. Get a new or keep existing merchant account at 954-942-0483, 9-5 ET.
The U.S. District Court in the Eastern District of New York has preliminarily approved a proposed settlement of between $5.54 Billion and $6.24 Billion in a class action lawsuit against Mastercard, Visa and member banks. Millions of merchants were sent direct mail solicitations from law firms in 2019, possibly creating confusion about how to process claims.
The final approval hearing is November 9, 2019 and if nothing changes, merchants will be able to file their claim through a simple process. Merchants will automatically be notified about the process; at this time, there is nothing to do.
In the interim, if you have any questions, please visit the official settlement website www.paymentcardsettlement.com.