Credit card authorization form 2020

Posted on November 23, 2020 by Christine Speedy

Looking for a PCI Compliant Credit card authorization form template? Downloadable PDF or Word forms all over the internet are never PCI compliant nor compliant with card network rules, plus the form might introduce malicious code into your network, leading to a future data breach. In this article learn about compliant credit card authorization form problems and solutions.

Merchants must replace traditional paper credit card authorization forms. Per Visa rules, merchants are never allowed to ask for the security code in any written form. I know companies that are skirting this rule by using a paper form and then calling the customer for the security code. They are stuck on the idea that a signature is going to make a difference if there is a dispute later, which was true in the past but not any more. Merchants also cannot store the form with full card numbers nor store the security code after authorization. Traditional credit card authorization forms increase risk of fraud and identity theft and nobody likes them!

pci security standards — PCI Security Standards Council guidelines for storage of cardholder data.

Is it OK to use a digital credit card authorization form? That depends. Cloud digital credit card authorization forms may not be PCI compliant.

The rise in digital credit card authorization forms is downright scary, because despite claims by sellers, merchant implementation of them is often not PCI Compliant. Here’s a few reasons why:

Neither merchants nor third parties can store the security code after authorization.
Neither merchants nor third parties can store the card number unmasked after authorization.
Merchants will be hard pressed to prove PCI Compliance in the event of a data breach. Who had access to the forms and when? How is the server wiped of the data? What about back up servers?
What’s the point of getting a signed form if you can’t save it?
If the service offers an authorization to verify cardholder, but the merchant then types card number into another system with no connection to the initial verification, all subsequent transactions are in violation of rules for storing and using stored cards thus are open to issuer chargeback risk.

What’s a better solution? Use a third party hosted solution to reduce PCI Compliance burden and empower customers to self-pay and self-store their cardholder data. Ensure that the solution supports 3-D Secure, which shifts friendly fraud (it wasn’t me, I didn’t authorize it) liability to the issuer. This could be a static pay page or secure link you push out via text or email. My CenPOS customers have had this solution for nearly a decade.

Benefits of compliant solution:

Reduced merchant fees for some cards (3-D Secure cardholder authentication such as Verified by Visa must be enabled.)
Increased approvals with cardholder authentication.
Mitigate chargeback risk – with 3-D Secure cardholder authentication, fraud liability shifts to issuer.
More convenient for buyers- 24/7 payments on their schedule, not yours.
Buyers are in control of choosing to store payment methods.

How can merchants get 3-D Secure? Contact us for the latest instructions or call your merchant services provider.

Call Christine Speedy, PCI Council QIR certified, for simple solutions to card not present payment transaction problems, 954-942-0483, 9-5 ET.

References: Search the blog for credential or form or click on the navigation for links for more resources on rules and compliance.

What Is Auth Code 05 decline?

Posted on January 3, 2019 by Christine Speedy

A credit card Authorization Response Code 05 decline transaction, or Do Not Honor, is card issuer response. What can the merchant do?

In the above example, we can see that the AVS, ZIP and CVV were not validated as OK in the transaction authorization request. As this is a card not present sale manually entered by the merchant, failure to validate the security code is reason enough for an issuer to decline to accept the risk of potential chargeback.

Merchants can avoid the scenario by using an even stronger cardholder authentication using 3-D secure protocols such as with Verified by Visa. For example, instead of key entering, require the cardholder self-enter their cardholder data. With the stronger authentication, merchants can expect more approvals, reduced fees, and chargeback risk shifted to the issuer.

Asking the cardholder to call the issuer and request they approve the transaction is not a best practice and won’t provide the highest level of fraud protection.

Call Christine Speedy, PCI Council QIR certified, for simple solutions to complex payment transaction problems, 954-942-0483, 9-5 ET.

Can I charge a credit card convenience fee?

Posted on November 5, 2018 by Christine Speedy

Credit card convenience fees 2018 rules explained.

What’s a convenience fee and when can I use it? Convenience fees can only be charged for a bona fide convenience in the form of an alternative payment channel outside the Merchant’s customary payment channels and not charged solely for the acceptance of a Card. If a merchant only accepts credit cards, it’s prohibited. Alternatively as an example, if a merchant gets 99% checks in the mail, ACH, and wire, they could be eligible to charge a convenience fee.

The following are all elements that can impact whether you can charge a convenience fee:

Federal law
State law
Rules of card acceptance, for example, Visa Core Rules
Merchant acquirer (credit card processor)

Who can and cannot charge a convenience fee?

If the Merchant operates exclusively in a Card-Absent
Environment, cannot charge a convenience fee.
Convenience fee can only be charged by the merchant that provides the goods or services to the cardholder, not a third party.

Visa convenience fee rules excerpts:

Cannot be charged on a Recurring Transaction or an Installment Transaction.
Must be listed as a separate line item on the receipt.
Must be included with the total transaction. In other words, the receipt must split out the amount, but only one transaction is sent.
Added only to a domestic Unattended Transaction. In other words, they self-pay.
Must be disclosed to customers as a charge for alternate payment channel convenience.

How much is allowed for a convenience fee?

Per Visa, the convenience fee must be a flat, or fixed amount, regardless of the value of the payment due. There isn’t a limit on the amount and a merchant may choose to dynamically generate the convenience fee amount. Regardless, the consumer must be able to opt-out prior to completing the transaction.

See Visa Core Rules Table 5-7: Convenience Fee Requirements for more information.

Rules may vary by card brand. A convenience fee is not the same as a credit card surcharge for Visa, which also has another type called a service fee,which applies to government and education only. MasterCard has only this to cite in their rules:

mastercard surcharge convenience 2018 2019

MasterCard surcharge and convenience rules June 28, 2018.

Call Christine Speedy, PCI Council QIR certified, for simple solutions to complex payment transaction problems, 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Please share your convenience fee insights for others and ask any questions below.

Storing credit card for layaway plan prepayments rules

Posted on September 28, 2018 by Christine Speedy

What are guidelines for storing and using stored credit cards for layaway plans? What is solution for auto payment layaway plan? Credit card processing rules have changed.

The process for storing and using stored cards rules are largely set by the Payment Card Industry Data Security Standards (PCI DSS) and Card network acceptance rules. Huge changes went into effect in 2017, starting with the Visa Stored Credential Mandate, and more are coming.

For a layaway plan, you need a payment gateway that supports sending the correct transaction type indicator. That would be either installment or unscheduled credential on file, depending on the agreement with buyer. This is outlined in Visa Core Rules and Visa Product and Service Rules, section 5.9.9 Prepayments, Repeated Payments, and Deferred Payments. If accepting prepayments merchants must comply with Table 5-20, Requirements for Prepayments and Transactions Using Stored Credentials.

Visa specifies that when Cardholder gives their consent to items in table 5-20, it must be displayed separately from the general purchase terms and conditions. The Merchant must provide, and the Cardholder must consent to all of the following in writing at the time of the first or only partial prepayment:

Description of promised merchandise or services
Terms of service
Timing of delivery to Cardholder
Transaction amount
Total purchase price
Terms of final payment, including the amount and currency
Cancellation and refund policies
Date and time that any cancellation privileges expire without prepayment forfeiture
Any associated charges

In addition, for Installment Transactions, both:

Total purchase price
Terms of future payments, including the dates, amounts, and currency

Plus

How the cardholder will be notified of any changes to the agreement
How the Stored Credential will be used
The expiration date of the agreement, if applicable

In summary, merchants documents for compliance:

Sales agreement
Cardholder Agreement for Prepayment
Cardholder Agreement for Storing & Using Stored Cards

Traditional old credit card authorization forms are dead. Merchants cannot get them on paper, and most digital forms are also not compliant. Requirements are specified in Visa Table 5-20.

Merchants payment technology to comply with rules:

Inform the issuer via a transaction that payment credentials are now stored on file.
Identify transactions with appropriate indicators when using stored credentials. (Recurring, installment, or unscheduled credential on file.)

Not all payment gateways are capable of meeting current compliance rules for all transaction types. How much the payment gateway solution helps automate compliance varies widely. If you need a solution for automotive layaway plan, you need an expert in rules compliance to avoid penalty fees, issuer chargebacks, and other costly problems. For help choosing the best solution for your company, contact us.

Resources and documentation /blog/merchant-bulletins-downloads – bookmark it!. Join Christine Speedy’s email list.

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated. Contact a lawyer for legal advice.

Need a solution? Call Christine Speedy, 954-942-0483, 9-5 ET, CenPOS authorized global reseller. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Credit card surcharge rules and laws 2020

Posted on March 21, 2018 by Christine Speedy

Credit card surcharging is very complex, as the rules cross multiple card brands and terms of acceptance. Here’s an updated review of who can surcharge, what card types, and checklist of how to roll out credit card surcharge at your company. The answers are targeted for business to business merchants, my area of expertise.

What is a credit card surcharge?

Surcharge is any fee charged by a merchant for the use of a card.

Card brands agree on this for surcharging:

Brand level – Surcharge must be the same fixed or variable for all Brands (example, Visa, MasterCard) credit card transactions;
Product level – Surcharge must be the same for all specific Product, for example, signature rewards cards or commercial cards, regardless of issuer or card brand.
Merchant Discount Rate is the fee, expressed as a percentage of the total transaction amount that a Merchant pays to its Acquirer or Service Provider for transacting on a Credit Card brand. In short, it’s typically all the fees on your merchant statement EXCEPT PCI compliance, terminal rental fees or any other special fee that is not paid via the mechanism of the per-transaction merchant
discount fee.
The Surcharge amount must be submitted separately (in the defined surcharge field) from the Transaction amount in the authorization and clearing message.
The receipt must list the surcharge amount separately.
If the original transaction has a partial or full refund, the surcharge amount must all be refunded proportionally.
Surcharge on debit or prepaid cards is prohibited for all merchants.To ensure compliance use a payment gateway that can identify the card brand and type of card to allow surcharges only on eligible cards.
The fee must be relative to their average cost of card acceptance.

How much can a merchant surcharge?

In short, surcharging is allowed to cover costs, not to make a profit. Let’s face it, based on the rules above, to simplify implementation, merchants will surcharge at the brand level because they lack the technology to discern between product types on a per transaction basis. Taking all that into account what can you surcharge?

By rule, must calculate average discount rate for the preceding one month or 12 months. Unless the last month was unusual for your business, you’re better off using the one month method because of rising and or new fees that occur during any rolling 12 month period. Calculate https://3dmerchant.com/blog/credit-card-processing-rates/effective-rate-calculator
Cannot exceed Maximum Surcharge Cap, which is currently 4%. (My B2B readers would unlikely ever be able to charge 4%. If your effective rate is over 3%, pick up the phone and call 954-942-0483 now.)

Just because somebody offers it doesn’t make it right. Some companies are offering “free merchant accounts” by offsetting fees with 3.5% surcharge. The average B2B company has much lower than 3.5% effective rate so that is a violation of card acceptance rules, subject to penalty. See this article with free tool for calculating your average merchant discount or effective rate.

Surcharge checklist:

Notify card brands (Visa etc) in writing at least 30 calendar days before assessing a US Credit Card Surcharge; must state whether will surcharge at the brand level or product level.
1. https://www.visa.com/merchantsurcharging
2. http://www.mastercard.us/merchants/support/surcharge-disclosure.html
3. https://www.discoversurcharge.com
4. Amex- none required
For card not present orders, disclose verbally if telephone; for online orders minimum 10-point Arial font, but in any case no smaller or less prominent than surrounding text.
Receipt must be delivered with the surcharge as a separate line item.

Where are merchants prohibited from surcharging?

Ten states—California, Colorado, Connecticut, Florida, Kansas, Maine, Massachusetts, New York, Oklahoma and Texas—and Puerto Rico have laws on the books that prohibit merchants from charging consumers with surcharges on credit card transactions. However, due to federal and other court rulings, multiple states have backed away from the bans. New York agreed to allow them in January 2019, as long as certain requirements are met, which already exist in the card network rules. Only Kansas, Colorado, Connecticut, and Massachusetts have bans. The legislative intent in many of these states was to protect consumers, and not to restrict B2B surcharging.

In 2015, the 11^th U.S. Circuit Court of Appeals, a federal court, overturned Florida state law as being unconstitutional, allowing surcharges to legally continue in Florida and nine other states that had enacted bans against them. The case was a highly contentious 2-1 decision in which the court’s chief judge said the state surcharge bans (like Florida’s) were “being struck down by a federal court for no good reason.”
In December 2019, Oklahoma attorney general official opinion declaring the state’s no-surcharging law unconstitutionally restricts free speech.

Surcharge Laws Stories:

Texas Updated 2020 – https://faq.sll.texas.gov/questions/9631Senate Bill 560, which went into effect on September 1st, 2017, changed the laws relating to credit card surcharges. Previously, the Office of Consumer Credit Commissioner (OCCC) enforced the law on credit card surcharges, but that is no longer the case.
Florida update https://www.epgdlaw.com/are-credit-card-surcharges-legal-in-florida/
California update
https://oag.ca.gov/consumers/general/credit-card-surcharges
January 10, 2019 NY Update
https://www.natlawreview.com/article/parties-case-challenging-constitutionality-ny-no-credit-card-surcharge-law-jointly
NY Court of Appeals issues interpretation of no surcharge law https://www.consumerfinancemonitor.com/2018/10/26/ny-court-of-appeals-issues-interpretation-of-ny-no-credit-card-surcharge-law/
2018 Florida https://www.nbc-2.com/story/40273084/you-can-legally-be-charged-extra-for-using-a-credit-card
2018 case in California http://delfinomadden.com/credit-card-surcharge-ban/
2017 US Supreme Court & NY https://www.usatoday.com/story/news/politics/2017/01/10/supreme-court-new-york-credit-card-surcharge-price-speech/96391718/
http://fortune.com/2017/03/29/credit-card-charges-supreme-court-freedom-speech/
http://www.orlandosentinel.com/business/consumer/os-nsf-florida-credit-card-surcharges-20160706-story.html
https://www.ncsl.org/research/financial-services-and-commerce/credit-or-debit-card-surcharges-statutes.aspx

State statutes on surcharge laws

https://portal.ct.gov/DCP/Legal/Credit-Card-Surcharge
https://malegislature.gov/Laws/GeneralLaws/PartI/TitleXX/Chapter140d/Section28a

For more information, see Surcharge law resources under Merchant Alerts & Rules Links or contact your acquirer for accurate and current information specific to your situation. Neither Christine Speedy nor this web site provide legal advice. Consult an attorney for all your legal questions.

Does your company want to surcharge? Call Christine Speedy right now at 954-942-0483, 9-5 ET for a compliant solution. Please share your surcharge insights for others and ask any questions below. The information herein is based upon public information available at the time written and may change.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.

Category Archives: merchant account Q&A