What is level one level two and level iii processing?

Posted on March 17, 2017 by Christine Speedy

Level 1, Level 2 and level 3 processing are different ways of handling purchasing or p-card, business, commercial, and corporate cards. Each level has unique data specifications that determine the potential rate merchants pay for related card acceptance. Even if Level 1, Level 2 and level 3 data is sent to the acquirer, or credit card processor, the merchant may not qualify for the associated rate due to other rules not being met. Although interchange rates are the non-negotiable fees all merchants pay, they can be influenced.

MYTH: If I use a level 3 processor, I’ll get the lowest rates. False. Many rules must be followed. The payment gateway and integration method, if applicable, is largely in control of potential rate qualification. Few have the necessary technology automation to maximize profits. Additionally, the processor may be certified for one channel, but the merchant accepts payments via multiple channels such as retail and e-billing.

What is level 1 processing?

The default commercial card transaction is level 1.

What is level 2 processing?

Requires level II data, including the entry of customer code, card acceptor type, tax ID and sales tax.

For MasterCard, a sales tax amount is required, and the amount must be greater than $0.00, but no less than 0.1% – 30 % of the transaction amount. This is important because most B2B companies typically are not charging sales tax, therefore cannot qualify for level II rates, and need to focus on level III.
For Visa, a tax amount is not required, but the merchant must indicate whether the transaction is tax exempt.

Most acquirers and payment gateways support level 2 data.

What is level 3 processing?

Level III minimum data requirements include: Summary Record – Discount Amount, Freight/Shipping Amount, Duty Amount and Account Number and Line Item Detail Record – Item Sequence Number, Item Commodity Code, Item Descriptor, Product Code, Quantity, Unit of Measure, Unit Cost, and Discount per Line Item, Line Item Total, and Line Item Detail Indicator.

While that sounds like a lot, this can be managed by the payment gateway, which is required for level III processing. It’s critical to point out that the data is the minimum requirement to even potentially qualify. There are a bunch of other rules. For example, authorization and settlement must be equal and settlement must be within required timeframe. Again, this is an area for B2B that often causes a problem. Payment gateway capabilities and integration method must support all the rules, including numerous new Visa rules.

Each rate below is for the same credit card, but different rules apply to qualify for them.

2016-2017 U.S. Region MasterCard Commercial Rates—Small Business Credit
Interchange Rate Program	Level 4
Standard	3.26% + $.10
Data Rate 1	2.96% + $.10
Data Rate II	2.31% + $.10
Data Rate III	2.06% + $.10
Large Ticket 1/II/III	1.51% + $40

Not to be confused with processing level, MasterCard came out with “Small Business Level”, which is about the cardholder and issuer relationship size (how much the cardholder spends).

Visa Special Authorization Rules Hotel Lodging and Rental Merchants

Posted on February 27, 2017 by Christine Speedy

In 2016, Visa announced new requirements for estimated and incremental authorization requests, introduced new authorization validity periods and merged car and truck rental categories into a new vehicle rental category. These changes are significant, impacting chargeback risk to cruise, lodging and vehicle rental, heavy duty equipment rental and other merchants.

Two changes of note:

Revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment
flow related to Disputes. This will be covered in a separate article. A key component to mitigate chargeback risk is support for Verified by Visa.
Expansion of Special Authorization Allowances Effective 15 October 2016, 22 April 2017, and 14 October 2017.

Revisions to Special Authorization rules include processing of:

Estimated Authorization Requests
Initial Authorization Requests
Incremental Authorization Requests,
Authorization Reversals, Issuer hold, releases, and Chargeback rights

Applicable Merchants Impacted Effective 22 April 2017:

Aircraft rental
Bicycle rental
Boat rental
Equipment rental
Motor home rental
Motorcycle rental
Trailer park or campground rental
Lodging

VISA Authorization Rule Summary:

Must send “estimated” flag with the initial authorization; the amount is not final and may change.
Estimate cannot include amount for potential damage or insurance deductible.
When closing out, must indicated that sale is ‘final’, and do a reversal for any difference within 24 hours.

There are many nuances to the rules and potential chargeback reason code 72 risk, which were non-existent in the past. Rather than consumer initiating a chargeback, the issuer will be within their rights to initiate a chargeback if the merchant fails to comply with the rules, for example, failing to submit the correct authorization flag for an estimate.

Further details about subsequent authorizations vary by industry. For example, Merchant may need to submit a final Incremental Authorization Request. Due to the complexity and variation by industry, merchants are advised to read the rules and ensure the payment processing technology in place will support the new rules. Payment gateways are a key component for compliance; all gateways must be updated if they’re going to support merchant compliance needs.

Reference: Visa Core Rules and Visa Product and Service Rules, 15 October 2016. https://3dmerchant.com/blog/merchant-bulletins-downloads

Contact Christine Speedy, for compliant lodging and rental payment gateway solutions that work with your existing financial partners, including First Data, Chase Paymentech, Tsys, Moneris, Global, and many others.

What is CAVV Authentication Verification Value?

Posted on November 8, 2016 by Christine Speedy

Cardholder Authentication Verification Value, or CAVV, are potential responses for customer initiated Visa debit and credit card transactions where the Verified by Visa, or Vbyv, authentication method is used. E-commerce, online payments, and Electronic Invoice Presentment & Payment (EIPP or EBPP) are all solutions in which a customer can participate in self-authentication.

How does CAVV impact interchange rates, the bulk of credit card processing fees?

To qualify for CAVV interchange rates, merchants must register for Verified by Visa through their merchant services provider, and must use a payment gateway that supports the service as part of the transaction process. In addition, other rules apply such as settlement time and more; the latter part can be managed automatically with an intelligent payment gateway.

The best Visa Card Not Present Key entered transaction credit rate is 1.80%.
The same Visa transaction as above, but with a valid CAVV response is 1.70%.

How does CAVV impact fraud risk?

If a passed validation response is returned, then fraud risk shifts to the card issuer. Responses other than ‘fail’ may warrant additional scrutiny as part of a layered approach to mitigate fraud risk.

CAVV Transaction Response Code Values:

“ ” – Blank CAVV or AEVV Not Present
0 – CAVV or AEVV Not Validated due to erroneous data submitted
1 – CAVV or AEVV Failed Validation – Authentication Transaction. This is an indication of potential bad or fraudulent data submitted as the CAVV/AEVV.
2 – CAVV or AEVV Passed Validation – Authentication Transaction
3 – CAVV or AEVV Passed Validation – Attempted Authentication Transaction. (Determined that the Issuer ACS generated this value from the use of the Issuer’s CAVV/AEVV key[s]).
4 – CAVV or AEVV Failed Validation – Attempted Authentication Transaction. This is an indication of potential bad or fraudulent data submitted as the CAVV/AEVV. (Determined that Visa generated this value from the use of CAVV/AEVV key[s]).
5 – Reserved for future use – NOT USED
6 – CAVV or AEVV Not Validated – Issuer not participating in CAVV/AEVV validation. This value is generated when an Issuer requests the “do not verify” flag to be established for its BINs. This parameter enables an Issuer to temporarily stop CAVV/AEVV verification while resolving CAVV/AEVV key issues. VisaNet processes this value as a valid CAVV/AEVV.
7 – CAVV or AEVV Failed Validation – Attempted Authentication Transaction. This is an indication of potential bad or fraudulent data submitted as the CAVV/AEVV. (CAVV/AEVV generated with Visa Key)
8 – CAVV or AEVV Passed Validation – Attempted Authentication Transaction. (CAVV/AEVV generated with Visa Key)
9 – CAVV or AEVV Failed Validation – Attempted Authentication Transaction. This is an indication of potential bad or fraudulent data submitted as the CAVV/AEVV (CAVV/AEVV generated with Visa Key – Issuer ACS unavailable)
A – CAVV or AEVV Passed Validation – Attempted Authentication Transaction. (CAVV/AEVV generated with Visa Key – Issuer ACS unavailable)
B – CAVV or AEVV Failed Validation – Attempted Authentication Transaction. This is an indication of potential bad or fraudulent data submitted as the CAVV/AEVV. (CAVV/AEVV generated with Visa Key)
C – CAVV or AEVV Not Validated – Attempted Authentication Transaction. Issuer did not return a CAVV/AEVV results code in the authorization response. VisaNet will treat this as valid CAVV/AEVV if the Issuer approves the authorization.
D – CAVV or AEVV Not Validated – Authentication – Issuer did not return a CAVV/AEVV results code in the authorization response. VisaNet will treat this as valid CAVV/AEVV if the Issuer approves the authorization.
I – Invalid Security Data
U – Issuer does not participate or 3-D Secure data not utilized.
Default space filled

Note, other card brand authentication terms are AEVV, American Express Verification Value and MasterCard Universal Cardholder Authentication Field (UCAF^™). All of these, including VbyV, use the global standardized 3-D Secure XML security protocol. Payment gateways can implement 3-D Secure in different ways, which can potentially impact profits and risk.

For CenPOS solutions to enable customer cardholder authentication, including payment gateway, contact Christine Speedy today. Not all solutions work alike, contact an expert.

Updating credit card expiration dates for recurring billing – card updater

Posted on December 30, 2015 by cspeedy

What happens when a credit card expires for your customer or nonprofit donor who is set up on recurring billing? Card account information changes for many reasons including expirations, compromised, lost, stolen, upgrades, and card product changes. There’s a huge turnover in credit card numbers every year, and with US EMV implementation, millions of cards are being replaced with newer chip cards. A card updater service automates updating cards for recurring billing. The card brands, including Visa and MasterCard, have a card updater solution to benefit those making the payments, and the merchants who receive them.

Visa Account Updater (VAU) enables the automatic electronic exchange of updated account information among participating Merchants, their Visa Merchant Bank, and Visa card Issuers in North America and Europe. MasterCard Automatic Billing Updater does the same for their brand. U.S. for Discover transactions, and American Express does not support.

All parties must be approved for the service. The acquirer (your merchant services provider), the payment gateway (where billing tokens reside), and the merchant.

How does card updater service work?

Participating issuers submit their account changes to the Updater database.
Registered merchants submit their billing files inquiries to their acquirer. (Tokens sent from the gateway)
Acquirers submit the billing file inquiries to the Automatic Updater database.
Acquirers return updated account inquiries records to their specific merchants.
Merchants update their billing files (gateway updated) with the changed account information, and have more successful billing

How can merchants sign up for service?

To get started with a card updater service for recurring billing, contact your credit card processor (merchant services provider). Requirements:

Complete paperwork for each participating card brand via merchant acquirer aka credit card processor.
Register for the service with acquirer
Wait up to 8 weeks for the card brands to respond with approval

How much does the card updater service cost?

There’s an application fee for each brand. Like merchant services, fees are negotiated. I’ve heard of large non-profit software solutions companies charging as much as $.30 per record updated. My merchants pay pass through costs of $0.09 per transaction, and one time Visa Setup fee $250, MC Setup fee $350 per merchant account.

First Data Payment Software, ICVERIFY End of Life, alternative payment gateway

Posted on August 7, 2015 by Christine Speedy

ICVerify user? I hope not. Because the product is officially end of life and end of support. If merchants have an issue, there will be no help to recover and process transactions. What are First Data Payment Software aka ICVERIFY alternatives?

Essential criteria to identify potential solutions to replace First Data Payment Software, formerly ICVERIFY:

Any card present transactions? If yes, choose a payment solution with EMV certified terminals today. Beware solutions that will ‘get you EMV ready’. With the October 1 liability shift nearing, don’t rely on a last minute certification that may or may not happen.
Any commercial business component, i.e. business to business (B2B)? If yes, only choose a payment solution that supports level 3 data for all sales channels, for your processor. That means a virtual terminal and or payment gateway is required because desktop terminals do not support level III. TIP: Most gateways also do not support level III for retail, so if that’s a need, the list of options gets small very fast.
Any ecommerce or online payment transactions? If yes, consider requiring 3-D Secure. Historically, card not present fraud increases dramatically after a country adopts EMV. Criminals always find a way to go after the lowest hanging fruit, so even if there was none before, merchants are exposed. The EMV equivalent for CNP is 3D-Secure, which includes Verified by Visa or Vbyv. This case study by Visa Europe is a good overview of the benefits for merchants.
Does card data need to be stored? How is authorization from customer to charge the card with token managed? How does that compare to current methods?
Any customers on account? If yes, ask how the solution might help with collections management.
How long is data stored for? In addition to daily business needs, audits are simplified and cheaper when electronic data is available via remote access.
How flexible do you need to be? Do you want to be able to change processors without disrupting operations? Do you anticipate future software or other business changes?

B2B ICVerify replacement options:

If you there’s any retail sales: CenPOS, a merchant centric, processor agnostic end to end payment engine, has US EMV certified terminals and is certified for level III retail.

If 100% card not present: First Data gateway, 3Delta, and CenPOS all support level III. CenPOS provides the greatest value for accounts receivable. First Data gateway is proprietary and if you want to change acquirers at a later date, it’s unlikely you’ll be able to get your data to migrate. FDMS also requires multiple extra steps for submitting level III data and there’s multiple ways that the transaction can downgrade to non-qualified rates; Customers I’ve switched to CenPOS more than offset their fees while also increasing flexibility and security.

Why choose CenPOS to replace ICVerify? It’s a robust payment processing platform that solves many business problems, including eliminating the ubiquitous paper credit card authorization form.

Save time. I know your business. For sales and integrations, contact Christine Speedy 954-942-0483, authorized payment gateway reseller including for any B2B merchant solutions needs.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.

Category Archives: merchant account Q&A