An online credit card authorization form enables a business to charge a credit card one-time or for recurring purchases. Looking for a PCI Compliant authorization form meeting 2018 and 2019 standards? Read on.
Online credit card authorization form options:
Hosted pay page. The merchant directs customers to web page to pay any invoice or store card for future payment online. For maximum reduced PCI burden, send customers directly to the 3rd party payment gateway web URL. The gateway may or may not be the same as your processor. NOTE: If hosting on your own web site with an embedded payment (iframe) object, acceptable implementation methods for PCI requirements have changed; any old forms should be updated.
Electronic Bill Presentment & Payment. (EBPP or EIPP) This is basically a proactive version of the above. Log in to a gateway web portal, and send a payment request via text or email which the customer clicks and pays. Whether integrated or standalone, we have options to include the invoice as an attachment. No login required to make a payment, but a customer portal is also included.
All the major payment gateways include a Virtual terminal, hosted pay page, and shopping cart checkout capability, tokenization to store card data for future orders. Some, including CenPOS also offer EBPP. So how do you differentiate your choices?
Critical elements online credit card authorization form:
- Must not be able to decrypt and view the security code and or sensitive cardholder data.
- If only authorizing and not capturing (settling) final amount immediately, must comply with Visa 5.8.3.1 Authorization Amount Requirements. The Merchant must use the Estimated/Initial Authorization Request indicator for the first transaction,
then the Incremental Authorization Request indicator for interim if applicable, and Final Authorization Request indicator when closing out the transaction; the same Transaction Identifier must be included for all Authorization Requests. A reversal of extra funds must be completed within 24 hours of final settlement. These are tough questions the average salesperson probably can’t answer. Work with a professional that knows the rules. - Stored cards. Are you storing cards for any type of ongoing charges?
Partial PCI Compliant stored credential authorization form.
Comply with Visa Rules Table 5-20: Requirements for Prepayments and Transactions Using Stored Credentials. There are too many variables to list here so I recommend downloading the rules and getting familiar or call us to save time. When capturing card data for the first time:
- Obtain express consent per specifications for your refund and cancellation policies, how you’ll use the stored card, when your agreement expires and how the Cardholder will be notified of any changes to the agreement.
- Perform a cardholder verification either via transaction or zero dollar authorization with the proper indicator.
- This is a change! Two transactions occur when capturing cardholder data for the first time. Technical part can be handled by a payment gateway that supports it, but other elements are left to you.
- Provide a stored card receipt to customer.
- 3-D Secure cardholder authentication. For example, Verified by Visa. Merchants register for 3-D Secure with their acquirer; always consult with the payment gateway first for instructions and to confirm they’re registered to offer service. Friendly fraud liability, “it wasn’t me, I didn’t authorize it”, shifts to the issuer and some cards with qualify for even lower rates because there is lower risk to the issuer. Because there are many parts to any transaction, including acquirer and issuer communications, plus continually changing rules, it’s possible that it will not be invoked.
Online Credit Card Authorization Forms and Qualified Rates
Most cards, except regulated debit, can qualify for multiple rates depending on how the transaction is submitted. For example, MasterCard World card rates:
| Rate Name | Rate | Qualified Rate Reason |
| Standard | 2.95% + $.10 | Not all criteria met for another rate. |
| Merit I | 2.05% + $.10 | Key-entered or ecommerce and valid authorization + other criteria met. |
| Full UCAF | 1.87% = $.10 | Ecommerce; Cardholder authentication and other criteria met. |
To qualify for UCAF, the customer must initiate payment and all the other rules must be met, which is not always easy, especially for B2B. Note, ‘ecommerce’ includes online paypage and other electronic payment channels the customer initiates.
Call Christine Speedy, PCI Council QIR certified, for Online Credit Card Authorization Forms at 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.
Christine offers more than one solution so that you have the best for your business type and needs.