3-D Secure 2.0 Merchant Overview 2021

How do businesses get started using 3-D Secure? Everything teams need to know to add 3-D Secure, a protocol providing an additional layer of security for eCommerce transactions prior to authorization. Think of it like a phone number or account number. 3-D Secure needs to be tied to your specific merchant account and then enabled on the payment gateway to be active.

  1. Unless the gateway provider is the same as acquirer, also known as credit card processor or merchant account provider, ask the gateway service provider for instructions for acquirer.
  2. Contact your merchant account sales relationship manager to request the service. If you don’t have one, call your merchant account customer support.
  3. The acquirer emails the response information to the requestor.
  4. The requestor then enables on the payment gateway or provides information to the end user for final enablement.

3-D Secure is a protocol providing an additional layer of security for eCommerce transactions prior to authorization. It enables the exchange of data between the merchant, card issuer and, when necessary, the consumer, to validate that the transaction is being initiated by the actual cardholder. Ecommerce transactions includes traditional shopping cart as well as any digital payment where the cardholder initiates and completes the payment process. For example, einvoicing or electronic bill presentment and payment are ecommerce transactions.

Each card network has a name for their product that uses 3-D secure, also referred to as 3D Secure, 3DS, 3-D Secure authentication or EMV 3-D Secure. Visa rebranded Verified by Visa to Visa Secure. MasterCard SecureCode (3DS 1.0) merchants are being encouraged to migrate to Mastercard Identity Check which uses EMV 3-D Secure 2.0. American Express SafeKey 2.0 is also available now. 3-D Secure 2.x helps reduce fraud and minimize the need for one-time passcodes, improving the user experience and reducing shopping cart abandonment.

What are merchant benefits for using 3-D Secure?

  • More authorization approvals. False declines are a significant source of lost revenue.
  • Some cards have reduced interchange rates when the authentication is invoked, which are usually over 90% of fees. American Express does reduce rates.
  • Less friction for customers at checkout.
  • Reduced risk of chargeback losses. Fraud liability for “it wasn’t me” automatically shifts to the issuer; Merchants do not have to defend those chargebacks, they never even see them.

How do merchants get started using 3-D Secure?

There are two elements- the payment gateway and the merchant account. Contact your payment gateway company to see if they support it and how to set it up. In most cases, this is simply a back office set up process. Merchants may also need to sign acceptance of pricing. The transaction fees are minimal and typically more than offset by the 11 to 20 basis point reduction in merchant fees on applicable cards.

Christine Speedy, Founder 3D Merchant Services, QIR certified, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified by the PCI Council. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions.

2021 Convenience Fee Rules Explained

Featured

Credit card convenience fees 2021 rules explained. Visa rules on convenience fees as outlined in Table 5-5 Convenience Fee Requirements remain unchanged since 2020.

What’s a convenience fee and when can I use it? Convenience fees can only be charged for a bona fide convenience in the form of an alternative payment channel outside the Merchant’s customary payment channels and not charged solely for the acceptance of a Card. If a merchant only accepts credit cards, it’s prohibited. Alternatively as an example, if a merchant gets 99% checks in the mail, ACH, and wire, they could be eligible to charge a convenience fee.

The following are all elements that can impact whether you can charge a convenience fee:

  • Federal law
  • State law
  • Rules of card acceptance, for example, Visa Core Rules
  • Merchant acquirer (credit card processor)

Who can and cannot charge a convenience fee?

  • If the Merchant operates exclusively in a Card-Absent
    Environment, cannot charge a convenience fee.
  • Convenience fee can only be charged by the merchant that provides the goods or services to the cardholder, not a third party.

Visa convenience fee rules excerpts:

  • Cannot be charged on a Recurring Transaction or an Installment Transaction.
  • Must be listed as a separate line item on the receipt.
  • Must be included with the total transaction. In other words, the receipt must split out the amount, but only one transaction is sent.
  • Added only to a domestic Unattended Transaction. In other words, customers self-pay.
  • Must be disclosed to customers as a charge for alternate payment channel convenience.

How much is allowed for a convenience fee?

Per Visa, the convenience fee must be a flat, or fixed amount, regardless of the value of the payment due. There isn’t a limit on the amount and a merchant may choose to dynamically generate the convenience fee amount. Regardless, the consumer must be able to opt-out prior to completing the transaction.

See Visa Core Rules Table 5-5: Convenience Fee Requirements for more information. Note, this is a change from the 2018 blog post.

Rules may vary by card brand, but typically, if a merchant complies with Visa rules, they’ll be compliant with the other brands. A convenience fee is not the same as a credit card surcharge for Visa, which also has another type called a service fee,which applies to government and education only.

Call Christine Speedy, PCI Council QIR certified, for simple solutions to complex payment transaction problems, 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Please share your convenience fee insights for others and ask any questions below.

Massachusetts credit card surcharge bill repeals ban

Massachusetts joins other states that still have a credit card surcharge ban on the books, with a bill to repeal. Since the 2017 US Supreme Court ruling regarding the NY case that it regulates speech, every state with a surcharge has repealed, introduced a bill to repeal, has already lost a case in court, or is in the process thereof. This is especially good news for B2B companies.

Massachusetts Senate and House are both in agreement with the February 2021 bill and it is now in committee with status “arrived” as of April 13, 2021.

https://malegislature.gov/Bills/192/HD2907.Html

https://malegislature.gov/Committees/Detail/J17/192/Bills/asc/EntityNumber/?current=True&pageNumber=9

Colorado also has a bill pending. The U.S. District Court for the District of Kansas approved a part of plaintiff’s motion for summary judgment in an action concerning whether a state statute that bans credit card surcharges violates the First Amendment.

Many in the legal and credit card processing community support B2B merchants can surcharge in all states and that the regulations only apply to consumers. Numerous court cases have resulted in positive results for plaintiffs.

Does your company want to surcharge? Call Christine Speedy right now at 954-942-0483, 9-5 ET for a compliant solution. Please share your surcharge insights for others and ask any questions below. The information herein is based upon public information available at the time written and may change.

What is carding and how can merchants mitigate risk?

Ecommerce merchants have been hit by credit card carding attacks by fraudsters for years. There’s tons of cardholder data on the dark web and even DIY instructions on how to commit fraud. With EMV implemented in retail, and the fast growth of ecommerce due to Coronavirus, carding is a serious risk for merchants for both attempted and successful transactions.

What is carding?

Carding, also known as credit card stuffing or card verification, is a web security threat where unauthorized people (carders or attackers) use multiple software tools, primarily bots, to attempt to verify if a debit or credit card is good. A typical bot attack will incur thousands of attempted authorizations. Bots do not typically seek a particular site, just opportunities to exploit a weakness.

What are the costly repercussions of carding attacks?

The merchant is dealt with several financial blows:

  • Attempted transactions will incur a payment gateway fee.
  • Attempted transactions may incur a merchant account authorization fee if the gateway didn’t kill before getting to the acquirer. This can happen if the gateway supports a rules based decision making.
  • Completed transaction fraud whereby the product was shipped to the fraudster because the card was approved.
  • Chargeback fees can be initiated by the issuer or the cardholder. If the merchant is not using 3-D Secure, they will surely be out of luck.

How can merchants mitigate risk of bot attacks?

A key first line of defense is preventing the bot initiating an exchange with payment gateway. For example, reCAPTCHA is a free developer tool from Google to protect your web site from abuse. reCAPTCHA v3 returns a score for each request without user friction, which means if it passes, the user can check out. Have you ever had to go through multiple screen challenges to identify the sidewalks or traffic lights? reCAPTCHA v3 is different from older versions. The score is based on interactions with your site and enables you to take an appropriate action for your site automatically. For more information click here for Google reCAPTCHA.

Note, PCI DSS V 3.2.1 Requirement 6: Develop and maintain secure systems and applications. this section includes web sites. Visa cites using Velocity tools specifically in their ecommerce guidance for merchants. For example, a fraud mitigation velocity tool might automatically manage attempted transactions based upon number of attempts from same IP address or other duplicate data within a specific timeframe. Note, fraudsters have gotten smarter and bot attacks are not as simplistic to detect as just a few years ago. For this reason, the use of AI and other tools is growing, especially for larger merchants.

Call Christine Speedy, for simple solutions to card not present payment transaction problems, 954-942-0483, 9-5 ET. Christine is Founder of 3D Merchant Services, PCI Council Qualfied Integrator Reseller (QIR), and is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified. Christine is an authorized independent sales agent for a variety of merchant services and payment technology solutions.

Free credit card transaction fees checkup 2020

Merchant services fees gradually increased over time? While technology can optimize fee management, there are multiple reasons new fees or rising fees may occur. With this information, you can do a quick self-assessment and determine whether it’s worthwhile to engage with a payments professional for further review. This method is easier than my B2B credit card processing fact check, while still revealing problems that must be resolved.  As a processor neutral payments expert, Christine Speedy offers a unique perspective.

The areas needing most attention are rate qualification and other fees.

Here’s a shortcut to determine if you have authorization problems, which directly impact credit card transaction fees. Why is this important? Because unless you fix the underlying problem, switching merchant accounts will only provide partial relief from escalating transaction fees like the new MasterCard .25% misuse of authorization fee. If you have any of these items below on your merchant statement, there’s a problem that is causing unnecessary extra costs.

  • Misuse
  • Integrity
  • Compliance or Non-compliance
  • Standard / STD (any)
  • EIRF
  • Data rate I
  • Data Rate II or Data Rate 2
  • Chargeback: FRAUD TRANS-NO CARDHOLDR AUTH
  • Chargeback reason: Compliance

Hint: If you open your merchant statement in Adobe Acrobat, in OSX with command F you can copy and paste the terms above. It’s not foolproof due to varying abbreviations, but you only need to have one of the bad items to know there’s a problem.

For card not present business to business, these are two interchange types you should see, but many often don’t and that is also a problems resulting in higher costs.

  • Full UCAF
  • Data Rate III

I don’t know why, but I get calls from other salespeople in the industry looking for solutions to help customers qualify for Data Rate II. Why wouldn’t you want the customer to qualify at Data Rate III? Makes no sense.

I also hear from merchants how they were told that the new solution would fix their level 3 data problems, but it didn’t. If you do preauthorizations, and the solution doesn’t automatically get new authorizations and manage reversals it’s not going to fix authorization problems. Always ask, “how will the payment gateway manage authorization reversals if we don’t settle for the original preauthorization amount’? That’s one of several critical key questions. If they don’t know the answer instantly, move on.

Due to massive changes in card network rules and data security compliance rules over the last two years, a review by a neutral payments expert is essential. Did you have any red items? It’s time for a deeper dive into why.  Your FREE report will identify issues impacting profits and security, include action items how to fix them, and rarely requires changing financial partners.

credit card transaction fee checkup form

Call Christine Speedy, to reduce merchant fees with new or existing merchant account at 954-942-0483, 9-5 ET. Less than 1% of merchant account salespeople are PCI Council QIR certified. With Christine as your account manager you’re assured a unique experience to maximize profits and security without business disruption.