Insurance Installment Payments: Visa Credit Card Processing Rules Change 2017

Insurance companies must comply with new VISA installment credit card processing rules changes effective October 2017 to maximize business profits and mitigate chargeback risk. Everyone in the payment ecosystem has or will need to make changes to comply, including acquirer, issuer, payment gateway, merchant, and sometimes integrated billing software.

payment gateway SaaS recurringVISA DEADLINE:

  • October 14, 2017 Visa stored credentials compliance mandate.

INSTALLMENT CREDIT CARD PROCESSING BEST PRACTICES:

  • Obtain cardholders’ consent to store the credentials. Opt-in check box stored with payment gateway record is recommended.
  • Have a solution to retrieve consent records on request.
  • Disclose to cardholders how stored credentials will be used.
  • Notify cardholders when any changes are made to the terms of use.
  • When capturing card data for the first time, use a PCI compliant payment gateway to create a random token replacing sensitive data; eliminate paper credit card authorization forms or digital signature forms where payment data is collected on the form, not via a payment gateway.
  • Inform the issuer via a transaction that payment credentials are now stored. For example, perform an Account Number Verification Transaction via a Zero Dollar Authorization with 3-D Secure Verifed by Visa.This is managed by the payment gateway, and requires specific transaction indicator.  TIP: If the solution you’re using performs a $1 authorization, often with a void or reversal after, that’s because the payment gateway, and or the implementation, are out of date and don’t support current requirements. Ask how yours works- assume nothing!
  • Identify subsequent transactions with appropriate indicators when using stored credentials. Payment gateway to identify all future transactions after storing:

With an indicator that shows that the Transaction is using a Stored Credential for either Installment, Recurring or Unscheduled Credential On File.
With the Transaction Identifier of the Initial Transaction.

  • Follow all cardholder disclosure and consent requirements specified in the Visa Rules. Opt-in check box with digital record managed by the payment gateway is recommended to comply with issuer records requests.
  • If performing a preauthorization for any transactions, additional new requirements must be met, including for reversals and reauthorizations.

INSURANCE INSTALLMENT BEST PRACTICES

Increasingly complicated rules vary by card brand, business type and many other factors. This article may oversimplify such complexities. Merchants are advised to:

  • Use tools, including intelligent cloud-based payment gateways, to help comply automatically.
  • Segregate payment acceptance from applications; example, embedded payment object or i-frame.
  • Review Visa Stored Credential Transaction Framework bulletins
  • Review Visa Core Rules and Visa Product and Service Rules
  • Review workflow for the customer payment experience and confirm payment technology workflow is compliant with new rules. There is no automated update; merchants must actively participate in process to ensure compliance.

COMPLIANCE RISKS AND REWARDS:

  • Compliance will increase approvals, customer satisfaction, and profits.
  • Reduce time spent on collections, increase automation, reduce attrition.
  • Cardholder authentication can qualify some transactions for lower interchange rates plus mitigate losses related to “it wasn’t me”, more commonly seen in higher risk insured policy holders.
  • Compliance required to participate in Visa Account Updater service.
  • Non-compliant transactions are essentially invalid authorizations, and issuers will be within their rights to chargeback via Reason Code 72. This is different than a consumer generated chargeback. Issuers are getting slammed with missed payment cardholders and need to get their money back some way; JP Morgan wrote off about $1B in Q1 2017 according to one source. The Wall Street Journal has published several articles over the last year about the surge in subprime credit cardholders missing payments. Overall, we’re looking at a national rate over 4% per quarter- over 16% annually, representing over a trillion dollars. Issuers may want to offset losses from subprime cardholders by collecting monies from merchants for the same.
  • Chargeback Risk includes the initial transaction and all subsequent transactions that are not in compliance for the allowable chargeback period. For example, if non-compliant the issuer could chargeback installments on October 14, November 14, and December 14.

Reference: Visa Stored Credential Transaction Mandates and also Visa Core RulesTable 5-21: Requirements for Prepayments and Transactions Using Stored Credentials.

Before selecting a payment gateway for installments payments, ask these questions:

  • How will it help with new Visa Stored Credential Mandates compliance?
  • Does it support 3-D Secure cardholder authentication, for customer initiated payments?
  • What type of digital record is created at the time of customer opt-in to terms, how is it retrieved, and how long is it retained?
  • Does it support Zero Dollar Authorization?
  • Does the receipt dynamically change based on type of transaction, i.e. cash, credit card single payment, installment payment etc.
  • Does it support level 3 processing for commercial cards (if applicable to business type)?
  • If I change banks or payment processors, how will it affect my customers? My business?

TIP: Most payment gateways will not be compliant on October 14. An easy starting point to reduce the list of vendor choices is to ask the payment gateway what type of digital record is created at the time of creating an installment agreement, and how will it be accessed? Need help to get compliant? Contact Christine Speedy to learn more about solutions for your business that are quick and easy to adopt, increasing efficiency and growing profits virtually overnight.

Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

B2B Donations Checkout Solution: Accept Donations Anywhere

Collect charitable donations for your favorite causes wherever your customers pay with our simple donations checkout solution for all sales channels and payment types. Fully compliant with credit card processing rules, such as producing a receipt that lists the subtotal sale of goods and services, a separate line for the donation, and a total for the complete amount.

  • Employees don’t ask- customers never feel uncomfortable. The system automates the donation process via each sales channel. For example, if it’s an e-invoice or hosted pay page, the customer sees a donations field to add an amount if desired.
  • Easy to adopt- Works with multiple accounting, software and financial partners such as First Data.
  • Activate, deactivate and change the beneficiary on demand. You’re in control.

We’re helping your business help others. The donations service is included at no additional cost with our standard services.

Christine Speedy, 954-942-0483, specializes in enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. Secure, cloud-based solutions optimize acceptance for all payment types across multiple channels without disrupting merchant banking relationships.

Point of Sale for Heavy Equipment Rentals – Credit Card Processing Rules Changes 2017

Heavy equipment rental companies and dealers must make changes to comply with new Visa credit card acceptance rules. The sweeping changes to rental industry card acceptance rules were announced in October 2016, with April and October 2017 mandates for compliance.  The changes are complex and require cloud technology to automate compliance. Countertop terminals are not capable of compliance, and must be replaced.

fd130 emv terminal

Countertop terminals such as the FD130 and the Verifone VX520 are not capable of compliance for heavy equipment rentals, and must be replaced.

Visa rules changes include:

  • Defining who initiated the transaction (customer self-pay or merchant)
  • Transaction data sent
  • Authorization rules
  • Stored card rules
  • Customer communications.

Compliance will increase approvals and mitigate fraud risk; Failure to comply will increase risk of financial losses and issuer declines while reducing EBIDTA. These changes are significant, impacting chargeback risk and financial penalties to heavy duty equipment rental.

Visa compliant solutions:

The complexity of compliance with both card present and card not present rules requires a solution that can dynamically manage it, removing employees from making decisions that could impact profits. Everyone must change in the ecosystem- card issuer, acquirer (credit card processor),  payment gateway and merchant. Whatever you had in 2016 was not compliant since all the other players were not ready yet.

Merchants should update to a payment gateway that supports at a minimum:

  • Estimated, initial, incremental, and final authorization requests (traditional terminals cannot comply
  • Authorization Reversals for unused authorization (amount changed)
  • Authorization validity periods
  • Stored credential rules
  • Creation and retrieval of customer opt-in records
  • Automated authorization and settlement amount matching (otherwise transaction downgrades to worst rate possible and other repercussions)
  • Verified by Visa, which uses the 3-D Secure protocol to shift fraud liability to the issuer, much like EMV does for retail.
  • verifone MX915 EMV terminal

    The Verifone MX915 EMV chip terminal is an option to use in a compliant rental solution.

If you have a payment gateway, or need one, ask these questions:

  • How will you help us comply with the new Disclosure to Cardholder and Cardholder Consent rules?
  • What does the consent record look like?
  • How will we retrieve records?
  • How long are the records retained?

Contact Christine Speedy to get a compliant solution for your rental services needs. 954-942-0483. The ROI for most businesses is virtually overnight! Month to month risk free solutions.

Another change of note is revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment
flow related to Disputes. For merchants that comply, it’s all good. For merchants that do not comply, there will be more risk of financial penalties and risk of issuer initiated chargeback. A key component to mitigate chargeback risk is support for Verified by Visa.

There are many nuances to the rules and potential chargeback reason code 72 risk, which were non-existent in the past. Rather than consumer initiating a chargeback, the issuer will be within their rights to initiate a chargeback if the merchant fails to comply with the rules, for example, failing to submit the correct authorization flag for an estimate.

Reference: Visa Core Rules and Visa Product and Service Rules, 15 October 2016. See especially Table 5-14, 5-21, 5-22. https://3dmerchant.com/blog/merchant-bulletins-downloads

Resources:

• https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html see articles on Visa Stored Credentials mandate and updated revisions on Visa Stored Credentials framework

• Some acquirers put out statement alerts on their April, June and or July merchant statements.

See also, Visa Stored Credential Mandate.

Contact Christine Speedy to get a compliant solution for your rental services needs. 954-942-0483. You’ll be more profitable, efficient, and

MasterCard Bin 2 Series In Play: Declines and Fines

Previously, MasterCard announced a new card number BIN series, requiring everyone in the payment ecosystem to update in order to support the new card acceptance. Merchants need to update software and or terminals to comply by the June 30, 2017 mandate deadline. The consequences are both transaction declines and heavy fines.

Credit card processing:

  • Traditional countertop terminals may need a software download, contact your processor.

    Verifone vx520 emv terminal

    Verifone vx520

  •  Point of Sale solutions or the payment gateway that drives terminals need to be updated. This may occur seamlessly in the background with no impact to merchants and nothing to download.
    verifone MX915 EMV terminal

    Verifone MX915 EMV chip terminal

    Equipment & Payment Gateway NOT affected:

    • Authorize.net
    • BridgePay
    • Cayan
    • CenPOS
    • Clover
    • Ingenico w/ EMV Chip Card Technology
    • First Data w/ EMV Chip Card Technology
    • Future POS (Version 5.0.96.30)
    • Gravity Gateway
    • Lavu
    • Merchant Link
    • Micros
    • NMI
    • Payeezy
    • Paytrace
    • Shift 4
    • Shopkeep
    • Swipe Simple
    • USAePay/Gravity Link

    Credit Card Terminals Requiring a Software Update:

    • Apriva cellular terminal
    • FD 50 TI (Non EMV Chip Card)
    • FD 100 TI (Non EMV Chip Card)
    • FD 130 (Non EMV Chip Card)
    • FD 200 TI (Non EMV Chip Card)
    • Ingenico (Non EMV Chip Card)
    • Verifone VX520

    Credit Card Terminals Requiring Replacement: These terminals are end of life and cannot be updated.

    • All Hypercomm Terminals
    • Fd 50 (non TI)
    • FD 100 (non TI)
    • FD 200 (non TI)
    • FD 300 (non TI)
    • VX 510
    • VX 570

    Consequences for non-compliance with MasterCard Bin 2 Series

  • Mastercard Transactions for cards beginning with a 2 in the range of 222100-272099 will be declined.
  • If you do not update your software before the deadline, you will fall into a status of non-compliance. A non-compliant occurrence is defined as any attempted and failed transaction that is confirmed as failed due to a merchant’s lack of readiness to support 2-Series BIN transactions.
    • $2,500 per occurrence in the first 30 days.
    • Escalating up to $10,000 in the next 60 days.
    • Up to $20,000 per occurrence for the subsequent violations.

    These fines may be assessed per merchant location per failed transaction for not implementing support of the new cards.

    Fines will be pushed to acquirers. If acquirers are compliant, but the merchant is not, the fines will be passed down. If you’re sitting on old software and terminals, now is the time to change! It’s simple for MasterCard to identify non-compliance.  Contact us for immediate help- keep your merchant account, get new compliant credit card processing technology.

Disclaimer: This list and accompanying information may be out of date at any time. Check with your acquirer for the most current information.

 

Mastercard Lane and Unique Terminal Identification (TID) Mandate

The Mastercard Unique Terminal ID mandate is another attempt to stem and more quickly identify fraud at merchants using integrated retail point of sale solutions. This mandate was announced back in 2013, and requires unique terminal identifiers for each independent card reading device at a single location, not to be confused with the acquiring TID.

Effective January 1, 2017, merchants who do not adhere to the MasterCard Unique Terminal ID mandate will fall into a status of noncompliance. Fines for non-compliance go into effect December 31, 2017. Multiple card-reading devices, such as PIN pads and terminals, connected to a single host terminal are each required to have a Unique Device ID to remain compliant and avoid potential fines from Mastercard.

MasterCard Fines will be assessed for each transaction that violates this mandate.

If you do not regularly update your POS software, as is also required for PCI Compliance, you’re probably not compliant. with MasterCard and may be fined. Action: contact your POS provider for further information. Read your merchant statement messages for these and other critical alerts.