VISA FRAUD DISPUTE RULES CHANGES IMPACT CARD NOT PRESENT

Posted on April 21, 2017 by Christine Speedy

April 5, 2017—This alert contains critical information regarding new and revised Visa card acceptance rules effective now and coming in the future for merchants. Business to business companies may be at higher risk of associated chargeback losses or declines due to the average size of order. Effective April 22, 2017, Revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment flow related to Disputes.

Christine’s Analysis: Merchants need to support both EMV chip for Card-Present and Verified by Visa for card not present. Verified by Visa is their brand for 3-D Secure, a global security protocol for cardholder authentication across all card brands. For example, a cardholder might be asked to enter a PIN number or answer some other type of authentication question. Cardholder authentication for Card-Absent Transactions shifts liability for “it wasn’t me” disputes to the issuer. This card-absent cardholder authentication process requires cardholders self-initiate payments, eliminating collecting card numbers via phone or paper credit card authorization forms. Merchants are rewarded for using cardholder authentication with reduced interchange rates and increased approvals.

Christine’s TIP: Per Visa rule 5.4.2.5, a US merchant or its agent must not Request the Card Verification Value 2 data on any paper Order Form. Replace paper forms with digital, PCI Compliant forms and online payment solutions with cardholder authentication ASAP.

Online payment solutions include a hosted pay page like the one shown below.

A hosted pay page empowers customers to make secure payments online using a 3rd party provider (Payment Gateway also known as a Payment Facilitator.)

Other solutions include pushing out payment requests, such as via a text or email. With new and revised rules impacting the entire payment ecosystem including issuer, acquirer, gateway, merchant, and potentially other software like ERP’s and ecommerce shopping carts, merchants should verify all parts their payment ecosystem supports them. Desktop terminals are not capable of supporting all the rules for card absent needs; a cloud-based payment gateway is required whether non-integrated, or integrated ecommerce shopping cart, ERP or other software.

Does your online payment solution support Verified by Visa, or do you need a solution? Contact Christine Speedy at 954-942-0483 for a fast and easy solution, compatible with your existing credit card processor.

What is Auth Code 14, declined?

Posted on April 19, 2017 by Christine Speedy

A credit card processing response of Auth Code 14, is a decline for Processor Declined, Fraud Suspected. Why does this happens for recurring billing, including unscheduled recurring billing using a stored credential, also known as a token on file? The method used to store the first transaction, and process subsequent transactions can impact authorization approvals.

For example, a merchant has successfully processed unscheduled transactions using a token on file since 2016. However, in 2017, declined for Auth Code 14 appeared.

Why would a previously stored and working card decline now? Look at the AVS, ZIP, and CVV response above. Compare to the example below.

For the second receipt, AVS match Y= address and 5 digit zip match, Zip match Y=Address and 5 digit zip match, CVV = match X, cannot verify CVV. Because CVV was verified a match on the initial zero dollar authorization it’s not required to be presented on subsequent transactions.

The first example is returning that information does not match, thus the reason for suspected fraud. Without looking at the very first authorization when token was created, several possibilities exist, including cardholder issued a new chip card with same number but other changes occurred in the interim; cardholder address changed or was never validated.

Merchants are at risk of issuer initiated chargeback if authorization rules are not followed. Refer to Visa Product and Service Rules, Table 5-21: Requirements for Prepayments and Transactions Using Stored Credentials for more information. With recent rules changes, and more coming October 2017, merchants need a cloud based solution that can automate compliance. Not all of them have that intelligence. For example, some cloud based payment gateways enable merchants to perform prohibited transaction requests that put the authorization at risk of chargeback for non-compliance.

Due to many recent and upcoming changes for card absent and recurring billing with stored credentials, merchants are advised to review processes to include empowering customers to self-manage adding cards on file, and using cardholder authentication. Visa requires Verified by Visa for cardholder authentication in a card not present environment; without it, expect increasing declines.

Disclaimer: The rules of card acceptance are very complex and change typically twice a year, sometimes with interim bulletins regarding more changes. Merchants should read the manual for complete details regarding card acceptance for your business type.

Christine Speedy, authorized CenPOS reseller, provides universal payment processing solutions, including cardholder authentication, to maximize merchant profits and mitigate risk across multiple sales channels. Contact Christine at 954-942-0483.

Visa Authorization Rentals Rules Change

Posted on March 28, 2017 by Christine Speedy

Visa announced sweeping changes to rental industry card acceptance rules in October 2016. Key changes include defining who initiated transaction, transaction data sent, authorization rules, stored card rules, and customer communications. Compliance will increase approvals and mitigate fraud risk; Failure to comply will increase financial risk and issuer declines while reducing EBIDTA.

Visa Expansion of Special Authorization Allowances

Effective 15 October 2016, 22 April 2017, and 14 October 2017
Revisions have been made to rules related to the processing of Estimated Authorization Requests, Initial Authorization Requests, and Incremental Authorization Requests, as well as Authorization Reversals, Issuer hold releases, and Chargeback rights. These changes impact issuer, merchant, customer, and acquirer- whatever merchants have in place today is not sufficient for the future.

Partial excerpt from section 5, Visa Core Rules. Applicable merchants should read the entire table and additional sections.

Truck and heavy duty equipment rental authorizations. Aircraft rental, Bicycle rental, Boat rental, Car rental, Equipment rental, Motor home rental, Motorcycle rental, Trailer park or campground rental are all impacted.

A core concept is authorization validity, which impacts merchant rights and potentially credit card processing rate qualification. An invalid authorization equates to no authorization. Card issuers will be within their rights to use reason code 72 and chargeback, or ACH, funds from merchant bank account on the next settlement day, for failure to comply with authorization rules. This is a significant change for most rental companies, as in the past, businesses typically responded to cardholder initiated disputes, a completely different scenario, and win a good portion of them.

With payment processing technology updates, rental companies can increase profits by complying with the new rules, including for guaranteed reservations. EBITDA is improved with increased approvals, lower qualified interchange rates, and fewer chargebacks.

What’s a valid authorization? It’s partially described in Special Authorization Request Allowances and Requirements. Key elements:

Stored credential– rules for storing; what associated data is required on file and what is submitted with transaction, including same transaction ID required for all subsequent authorizations after initial approval.
Estimated Authorization– indicator the authorization is an initial estimate and final amount is unknown is sent with transaction. TIP: If the amount could change because the renter did not bring item back in time, or there are other terms in the contract where customer agrees to pay more under certain conditions such as damages or refueling, then the initial transaction is an Estimate.
Incremental authorization – must use same transaction ID as estimate, and submit with incremental authorization indicator
Visa now groups transaction types into ‘customer initiated’ and ‘merchant initiated’. For card not present, a transaction is only considered customer initiated, if Verified by Visa is used. Verified by Visa (VbyV) is their brand name for the global 3-D Secure cardholder authentication protocol for customer initiated card not present transactions.

Updated Checkout Flow For Online Rental Booking:

Opt-in to no-show policy, terms and conditions
Authenticate cardholder
Authorize with the estimate indicator
Deliver email confirmation with the policy
Incremental auths with same Trans ID only.
Close transaction by day 31; partial reversal same transaction ID if applicable.
If ticket closed, open new estimated auth.

KEY DATES

April 22, 2017 – The Merchant must use the Estimated/Initial Authorization Request indicator.
22 April 2017 – The Merchant must use the Incremental Authorization Request indicator and the same Transaction Identifier for all Authorization Requests.

Without action to update rental authorizations in advance of the April dates, financial exposure for prior months may be significant.

Visa Core Rules see Table 5-16: Special Authorization Request Allowances and Requirements and other pages.

Christine Speedy, authorized CenPOS reseller, provides universal payment processing solutions to maximize merchant profits and mitigate risk across multiple sales channels. To get a CenPOS account and Dynamics AX, SAP, Bluebird or other compatible plugin, contact Christine at 954-942-0483.

What is level one level two and level iii processing?

Posted on March 17, 2017 by Christine Speedy

Level 1, Level 2 and level 3 processing are different ways of handling purchasing or p-card, business, commercial, and corporate cards. Each level has unique data specifications that determine the potential rate merchants pay for related card acceptance. Even if Level 1, Level 2 and level 3 data is sent to the acquirer, or credit card processor, the merchant may not qualify for the associated rate due to other rules not being met. Although interchange rates are the non-negotiable fees all merchants pay, they can be influenced.

MYTH: If I use a level 3 processor, I’ll get the lowest rates. False. Many rules must be followed. The payment gateway and integration method, if applicable, is largely in control of potential rate qualification. Few have the necessary technology automation to maximize profits. Additionally, the processor may be certified for one channel, but the merchant accepts payments via multiple channels such as retail and e-billing.

What is level 1 processing?

The default commercial card transaction is level 1.

What is level 2 processing?

Requires level II data, including the entry of customer code, card acceptor type, tax ID and sales tax.

For MasterCard, a sales tax amount is required, and the amount must be greater than $0.00, but no less than 0.1% – 30 % of the transaction amount. This is important because most B2B companies typically are not charging sales tax, therefore cannot qualify for level II rates, and need to focus on level III.
For Visa, a tax amount is not required, but the merchant must indicate whether the transaction is tax exempt.

Most acquirers and payment gateways support level 2 data.

What is level 3 processing?

Level III minimum data requirements include: Summary Record – Discount Amount, Freight/Shipping Amount, Duty Amount and Account Number and Line Item Detail Record – Item Sequence Number, Item Commodity Code, Item Descriptor, Product Code, Quantity, Unit of Measure, Unit Cost, and Discount per Line Item, Line Item Total, and Line Item Detail Indicator.

While that sounds like a lot, this can be managed by the payment gateway, which is required for level III processing. It’s critical to point out that the data is the minimum requirement to even potentially qualify. There are a bunch of other rules. For example, authorization and settlement must be equal and settlement must be within required timeframe. Again, this is an area for B2B that often causes a problem. Payment gateway capabilities and integration method must support all the rules, including numerous new Visa rules.

Each rate below is for the same credit card, but different rules apply to qualify for them.

2016-2017 U.S. Region MasterCard Commercial Rates—Small Business Credit
Interchange Rate Program	Level 4
Standard	3.26% + $.10
Data Rate 1	2.96% + $.10
Data Rate II	2.31% + $.10
Data Rate III	2.06% + $.10
Large Ticket 1/II/III	1.51% + $40

Not to be confused with processing level, MasterCard came out with “Small Business Level”, which is about the cardholder and issuer relationship size (how much the cardholder spends).

Visa Special Authorization Rules Hotel Lodging and Rental Merchants

Posted on February 27, 2017 by Christine Speedy

In 2016, Visa announced new requirements for estimated and incremental authorization requests, introduced new authorization validity periods and merged car and truck rental categories into a new vehicle rental category. These changes are significant, impacting chargeback risk to cruise, lodging and vehicle rental, heavy duty equipment rental and other merchants.

Two changes of note:

Revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment
flow related to Disputes. This will be covered in a separate article. A key component to mitigate chargeback risk is support for Verified by Visa.
Expansion of Special Authorization Allowances Effective 15 October 2016, 22 April 2017, and 14 October 2017.

Revisions to Special Authorization rules include processing of:

Estimated Authorization Requests
Initial Authorization Requests
Incremental Authorization Requests,
Authorization Reversals, Issuer hold, releases, and Chargeback rights

Applicable Merchants Impacted Effective 22 April 2017:

Aircraft rental
Bicycle rental
Boat rental
Equipment rental
Motor home rental
Motorcycle rental
Trailer park or campground rental
Lodging

VISA Authorization Rule Summary:

Must send “estimated” flag with the initial authorization; the amount is not final and may change.
Estimate cannot include amount for potential damage or insurance deductible.
When closing out, must indicated that sale is ‘final’, and do a reversal for any difference within 24 hours.

There are many nuances to the rules and potential chargeback reason code 72 risk, which were non-existent in the past. Rather than consumer initiating a chargeback, the issuer will be within their rights to initiate a chargeback if the merchant fails to comply with the rules, for example, failing to submit the correct authorization flag for an estimate.

Further details about subsequent authorizations vary by industry. For example, Merchant may need to submit a final Incremental Authorization Request. Due to the complexity and variation by industry, merchants are advised to read the rules and ensure the payment processing technology in place will support the new rules. Payment gateways are a key component for compliance; all gateways must be updated if they’re going to support merchant compliance needs.

Reference: Visa Core Rules and Visa Product and Service Rules, 15 October 2016. https://3dmerchant.com/blog/merchant-bulletins-downloads

Contact Christine Speedy, for compliant lodging and rental payment gateway solutions that work with your existing financial partners, including First Data, Chase Paymentech, Tsys, Moneris, Global, and many others.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.

Category Archives: Merchant Services