MasterCard and Visa Class Action Suit Update 2019

The U.S. District Court in the Eastern District of New York has preliminarily approved a proposed settlement of between $5.54 Billion and $6.24 Billion in a class action lawsuit against Mastercard, Visa and member banks. Millions of merchants were sent direct mail solicitations from law firms in 2019, possibly creating confusion about how to process claims.

visa mastercar payment card settlment
Official court notification sample and official settlement web site.

The final approval hearing is November 9, 2019 and if nothing changes, merchants will be able to file their claim through a simple process. Merchants will automatically be notified about the process; at this time, there is nothing to do.

In the interim, if you have any questions, please visit the official settlement website www.paymentcardsettlement.com.

EBA publishes an Opinion on the elements of strong customer authentication under PSD2

The European Banking Authority (EBA) published today an Opinion on the elements of strong customer authentication (SCA) under the revised Payment Services Directive (PSD2). The Opinion is a response to continued queries from market actors as to which authentication approaches the EBA considers to be compliant with SCA. The Opinion also addresses concerns about the preparedness and compliance of some actors in the payments chain with the SCA requirements that apply as of 14 September 2019.

Today’s Opinion provides a non-exhaustive list of the authentication approaches currently observed in the market and states whether or not they are considered to be SCA compliant. The Opinion does so separately for each of the three SCA elements of knowledge, possession and inherence, and also provides clarifications regarding combinations of these elements.

The Opinion also responds to the concerns about market preparedness, by clarifying that the EBA is legally not able to postpone an application date that is set out in EU law. The Opinion also explains that sufficient time has been available for the industry to prepare for the application date of SCA, given that the definition of SCA had been set out in PSD2 when it was published in 2015, which gave clear indications that existing authentication approaches would need to be phased out, and because PSD2 already granted an additional 18-month period for the industry to implement SCA.

However, the Opinion acknowledges the complexity of the payments markets across the EU and the challenges arising from the changes that are required, in particular by actors that are not payment service providers (PSPs) and, therefore, not directly subject to PSD2 and the EBA’s technical standards, such as e-merchants, which may lead to some actors in the payments chain not being ready by 14 September 2019.  

The EBA, therefore, accepts that, on an exceptional basis and in order to avoid unintended negative consequences for some payment service users after 14 September 2019, NCAs may decide to work with PSPs and relevant stakeholders, including consumers and merchants, to provide limited additional time. This is to allow issuers to migrate to authentication approaches that are compliant with SCA, such as those described in this Opinion, and acquirers to migrate their merchants to solutions that support SCA.

This supervisory flexibility is available under the condition that PSPs have set up a migration plan, have agreed the plan with their NCA, and will execute the plan in an expedited manner.

In order to fulfil the objectives of PSD2 and the EBA of achieving consistency across the EU, the EBA will later this year communicate deadlines by which the aforementioned actors will have to have completed their migration plans.

Background

The revised Payment Services Directive was published in November 2015, entered into force on 13 January 2016 and applies since 13 January 2018. The Directive brings fundamental changes to the payments market in the EU, in particular by requiring SCA to be applied by payment services providers (PSPs) when carrying out remote electronic transactions.

SCA is defined in the Directive as an “authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.” The Directive also provides that SCA is to be applied to all electronic payments, unless one of the exemptions applies.

The EBA had been mandated to support the Directive by developing regulatory technical standards (RTS) setting out the details on strong customer authentication and common and secure communication (RTS on SCA and CSC), including its exemptions, and to regulate the access to customer payment account data held in account servicing payment service providers.

The RTS were developed in 2015/16, consulted on during 2016/17, adopted as Commission Delegated Regulation (EU) 2018/389 on 27 November 2017, published in the Official Journal on 13 March 2018, and will legally apply from 14 September 2019. The RTS deliberately refrains from referring to any particular authentication approaches in the industry, in order to ensure that the RTS remains technology neutral and future-proof.

Legal basis

The EBA issued the Opinion in accordance with Article 29(1)(a) of its Founding Regulation, which mandates the Authority to play an active role in building a common Union supervisory culture and consistent supervisory practices, as well as in ensuring uniform procedures and consistent approaches throughout the Union.

Visa Prevents Approximately $25 Billion in Fraud Using Artificial Intelligence

Since pioneering AI in payments, continuous evolution of the technology in Visa Advanced Authorization helps drive commerce and consumer confidence

SAN FRANCISCO–(BUSINESS WIRE)–Visa Inc. (NYSE: V) today announced new analysis showing Visa Advanced Authorization (VAA) using artificial intelligence (AI) helped financial institutions prevent an estimated $25 billion in annual fraud—making the global payment ecosystem safer for retailers and consumers.i VAA is a comprehensive risk management tool that monitors and evaluates transaction authorizations on the Visa global payment network, VisaNet, in real time to help financial institutions promptly identify and respond to emerging fraud patterns and trends. Visa processed more than 127 billion transactions between merchants and financial institutions on VisaNet last year, and employed AI to analyze 100 percent of the transactions—each in about one millisecond—so financial institutions can approve legitimate purchases while quickly identifying and preventing fraudulent transactions.

“One of the toughest challenges in payments is separating good transactions made by account holders from bad ones attempted by fraudsters without adding friction to the process,” said Melissa McSherry, senior vice president and global head of Data, Risk and Identity Products and Solutions, Visa. “Visa was the first payment network to apply neural network-based AI in 1993 to analyze the riskiness of transactions in real time, and the impact on fraud was immediate. By striking the right balance between human expertise and technology innovation, we continue to evolve our capabilities as new AI breakthroughs expand the realm of what’s possible.”

For financial institutions, friction in the payment process can lead to the abandonment of a payment card. A study by Javelin Strategy & Research revealed more than half of cardholders affected by false declines (51 percent) used a secondary payment card to complete the purchase at the same merchant, which can push a competitor’s card to the top of wallet.ii However, removing friction cannot come at the expense of identifying and preventing fraud. As a survey by the National Retail Federation and Forrester discovered, the top payment-related challenge faced by retailers is fraud, cited by 55 percent of those surveyed.

Visa Advanced Authorization is a layer of fraud prevention that can help drive down risk and fraud for financial institutions and retailers, and help reduce friction due to false declines for payment account holders. More than 8,000 financial institutions in 129 countries use Visa Advanced Authorization.

Preventing fraud near the speed of light

Visa pioneered using neural networks modeled after the human brain to power its AI platform to identify possible fraud. This delivers faster and deeper insights through previously unknown correlations. Delivered through Visa Advanced Authorization, retailers and financial institutions benefit from:
• Machine Learning models used for real-time examination of each transaction for indicators of fraud—looking at activities, patterns and more than 500 risk attributes—all in about one millisecond.
• Risk scoring, which Visa shares with the account holder’s financial institution, where the decision is made to either approve or decline the transaction, or flag the transactions for follow up with the account holder.
• The ability to identify good transactions even when made by new or infrequent shoppers, reducing the likelihood of false declines.
• Real-time authorization using integrated, global predictive analytics to identify and prevent fraud.
Visa has kept global fraud rates at historic lows—less than 0.1 percent—through a multi-layered approach of investing in human intelligence and technology like A.I.; empowering consumers and clients with tools, resources and control to manage risk; and setting governance processes to help businesses and regulators stay nimble.iv
“Consumers identified Visa as the most trusted company to provide financial services or payments among all payment networks and we believe it is due to Visa’s unrelenting focus on eliminating fraud and protecting the payment ecosystem,” said McSherry.v

Additional Risk Solutions Using AI
Visa champions security every day to protect the payment ecosystem and offers a portfolio of risk products and services that can help consumers, merchants and financial institutions prevent fraud. This includes Visa Risk Manager (VRM), Visa Consumer Authentication Services (VCAS) and CyberSource Decision Manager (DM), among others. For more information about Visa’s Risk solution portfolio, visit Visa Security.

Additional Resources

About Visa Inc.

Visa Inc. (NYSE: V) is the world’s leader in digital payments. Our mission is to connect the world through the most innovative, reliable and secure payment network – enabling individuals, businesses and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s relentless focus on innovation is a catalyst for the rapid growth of digital commerce on any device for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce. For more information, visit About Visa,visa.com/blog and @VisaNews.

i For the 12 months ended April 30, 2019.

ii “Addressing the Threat of False Positive Declines” by Kyle Marchini and Al Pascual, Javelin Strategy & Research, October 17, 2018.

iii “The State of Retail Payments Report – Outlook for 2019” by Brendan Miller, principal analyst, Forrester, November 2018.

iv Visa Global Fraud Data, Visa Inc., April 2019.

v “Omnichannel and Branch: The Current U.S. Consumer Banking Environment,” by Peter Reville, Director of Primary Data, Mercator Advisory Group, March 2019.

Source: Visa Inc.

Cannabis Payment Processing

Recreational shop and medical marijuana dispensaries both face challenges because major banks and the federal government present financial roadblocks. Cannabis is a controlled substance on a federal level, so many financial organizations make it extremely difficult for businesses selling marijuana products to safeguard their profits. This article provides the tips you need to maximize profits while mitigating risk.

Cannabis Payment Processing Current Laws

Cannabis is still part of the Controlled Substances Act, so major banks typically won’t process payments for businesses participating in federally prohibited activities, including cannabis and any cannabis-related activities, regardless of state laws. Banks put themselves at risk of being seized by the Federal Deposit Insurance Corporation (FDIC), which is a risk the big financial institutions won’t take. Independent banks are more flexible and willing to cooperate with those related to the legal cannabis market.

In 2014, the Financial Crimes Enforcement Network (FinCen) issued guidance to financial institutions for providing financial services to marijuana related businesses. Banks can provide services to legal cannabis companies, provided they comply fully with anti money-laundering regulations. Regardless, most of the big banks choose to stay clear of the industry. While it’s technically legal for a bank to support a legal marijuana business, many simply choose not to because it’s not worth the risk of more federal government oversight.

The Secure and Fair Enforcement (SAFE) Banking Act creates protections for depository institutions that provide financial services to cannabis-related legitimate businesses and service providers for such businesses, and for other purposes. This bill has moved forward under the premise that the American people have already spoken about legalizing marijuana and the government must enable the commerce required to support it. It’s winding its way through Congress, with a major step forward in March 2019; the House Committee on Financial Services voted to issue a report to the full chamber recommending that the bill be considered further. Only about 1 in 4 bills are reported out of committee. Track the progress of H.R. 1595 SAFE Banking Act here.

The bill prohibits a federal banking regulator from: (1) terminating or limiting the deposit insurance or share insurance of a depository institution solely because the institution provides financial services to a legitimate marijuana-related business; (2) prohibiting or otherwise discouraging a depository institution from offering financial services to such a business; (3) recommending, incentivizing, or encouraging a depository institution not to offer financial services to an account holder solely because the account holder is affiliated with such a business; or (4) taking any adverse or corrective supervisory action on a loan made to a person solely because the person either owns such a business or owns real estate or equipment leased to such a business.

Cash Only Risks and How to Avoid Them

Cash is great until it isn’t. Gobs of cash require lots of security. Businesses are at higher risk of internal theft, and higher risk of robberies. Any cannabis payment processing solution must include tools to mitigate risk of internal theft. At a minimum, that means a cash drawer that opens and closes based on transaction need, and full tracking by employee of cash sales. With the imminent change in banking laws, businesses need a solution that supports cash and credit cards, in addition to other payment methods.

Accepting Credit Cards for Cannabis

Can merchants accept credit cards for marijuana? No. Any company offering cannabis credit card processing is doing some type of hack that could get your business services shut down instantly if the card networks are fully informed of the activity. It’s only a matter of time and how will that disrupt daily operations? For example, here’s the stated rule in Visa Core Rules, April 2019:

An Acquirer must ensure that a Merchant, Marketplace, Payment Facilitator, Sponsored Merchant, or Staged Digital Wallet Operator does not accept Visa Cards for, or display a Visa-Owned Mark on a website and/or application that is used in relation to, the purchase or trade of photographs, video imagery, computer-generated images, cartoons, simulation, products that claim or imply a similar efficacy as prescription drugs, controlled substances, or recreational/street drugs, irrespective of claims of legality or any other media or activities including, but not limited to, activities listed in Section X.

Tips for Legal Payment Processing in 2019

  • Branded re-loadable stored value cards are the simplest way to provide customers with a cashless experience.
  • Accepting cash, have a solution you can remotely audit, including by cashier details. For example, some lower cost solutions let you delete transactions after the sale; that’s not acceptable. A cloud solution that enables businesses to view all transaction types across multiple locations in or near real-time is best.
  • Be ready to accept EMV chip and pin. New laws are likely to be enacted. With a plug an play solution, add an EMV terminal either standalone or integrated. Note, semi-integrated has inherently greater risk of data breach.
  • Choose a cloud solution that supports all current and future sales channels. This means a payment gateway for in-store and online. Get your advice from a payment professional, not a developer as only the former has the financial expertise to help you understand consequences of choices.
  • Maximize customer fraud protection with in-store EMV chip and pin plus 3-D Secure for online purchases; both shift fraud liability, ‘it wasn’t me, I didn’t authorize’ to the issuer.
  • If you want to surcharge for credit cards to offset the fees, then only choose a solution that supports the proper rules, including the surcharge amount as a separate line item on the receipt.

In my opinion, it’s only a matter of time before the flood gates open for cannabis credit card processing, Congress moves slowly, but there’s enough money and American will to get this done sooner or later. In the interim, a cloud solution that supports other payment methods, with full cashier transparency, and will support future needs like EMV chip and pin, is the best payment processing solution.

The Christine Speedy difference. Don’t get suckered by misleading guidance. Call someone who knows the rules. 954-942-0483, 9-5 ET.