3-D Secure 2.0 Merchant Overview 2020 2021

3-D Secure is a protocol providing an additional layer of security for eCommerce transactions prior to authorization. It enables the exchange of data between the merchant, card issuer and, when necessary, the consumer, to validate that the transaction is being initiated by the actual cardholder. Ecommerce transactions includes traditional shopping cart as well as any digital payment where the cardholder initiates and completes the payment process. For example, einvoicing or electronic bill presentment and payment are ecommerce transactions.

Each card network has a name for their product that uses 3-D secure, also referred to as 3D Secure, 3DS, 3-D Secure authentication or EMV 3-D Secure. Visa rebranded Verified by Visa to Visa Secure. MasterCard SecureCode (3DS 1.0) merchants are being encouraged to migrate to Mastercard Identity Check which uses EMV 3-D Secure 2.0. American Express SafeKey 2.0 is also available now. 3-D Secure 2.x helps reduce fraud and minimize the need for one-time passcodes, improving the user experience and reducing shopping cart abandonment.

What are merchant benefits for using 3-D Secure?

  • More authorization approvals. False declines are a significant source of lost revenue.
  • Some cards have reduced interchange rates when the authentication is invoked, which are usually over 90% of fees. American Express does reduce rates.
  • Less friction for customers at checkout.
  • Reduced risk of chargeback losses. Fraud liability for “it wasn’t me” automatically shifts to the issuer; Merchants do not have to defend those chargebacks, they never even see them.

How do merchants get started using 3-D Secure?

There are two elements- the payment gateway and the merchant account. Contact your payment gateway company to see if they support it and how to set it up. In most cases, this is simply a back office set up process. Merchants may also need to sign acceptance of pricing. The transaction fees are minimal and typically more than offset by the 11 to 20 basis point reduction in merchant fees on applicable cards.

Christine Speedy, Founder 3D Merchant Services, QIR certified, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified by the PCI Council. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions.

Express checkout via email or text

Express checkout enables customers to pay for invoices, bills, products and services from an email or text message. During the Covid crisis, many businesses have searched for solutions, but not nearly enough have implemented solutions. As a customer, I’m still stuck trying to reach people in different time zones that are not in the office, or solutions that are frequently down or not compliant with card acceptance rules, which puts my card security at risk.

Checklist for B2B card not present express checkout:

  1. Must offer the ability to store a card (which will be managed by the third party provider).
  2. Storing cards must comply with current rules for storing and managing stored cards, including the ability for the customer to manage on demand which cards are on file, delete on demand, etc. See Visa stored credential mandate.
  3. The process to store a card should include a checkbox to opt-in to store the card.
  4. Merchant should secure the transaction with 3-D Secure to ensure lowest fees and chargeback protection.
  5. If not using an integrated solution, it should include the ability to attach invoice on demand to send with payment request.
  6. Solution must support level 3 processing, again to reduce merchant fees and maximize profits.
  7. Optional: partial payments. Some merchants may want to allow partial payment so at least collecting some money while other portion is in dispute or for other reasons.
  8. If omnichannel, the ability to use the same gateway for all services simplifies security management and accounting.
  9. Solution should be compatible with any merchant account so if you make a change, it does not disrupt consumer or merchant.

eipp payment requestIf merchants follow all the above rules, they will get paid faster, increase customer satisfaction, and incremental sales and profits.

Both EIPP and EBPP refer to electronic bill presentment and payment and the term can be used interchangeably. E-invoicing and Ebilling started out as a way to electronically deliver invoices. But now merchants can simply send a payment request, send an invoice, or send an account sign up for the customer to self-input their card on file so the merchant never, ever inputs cardholder data.

Don’t wait. Your customers will walk away when it’s easier to do business with someone else, especially for product lines available from multiple distributors.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions and is QIR certified by the PCI Council. Call Christine for all merchant services related needs.

Hotel credit card authorization rules compliance fact check

Identify if your hotel is compliant with authorization rules impacting profits and risk in just a few minutes. Card absent rules for card acceptance changed dramatically since April 2017, and in particular for the hotel and lodging industry. Rather than detail the complexities from over one thousand pages of official card acceptance rules, here’s some easy ways to identify if you have a problem.

Any of these fees on merchant statement indicate authorization problems needing correction:

  • Misuse of authorization
  • Standard / STD (any)
  • EIRF
  • Data rate I, (any) i.e. Corporate Data Rate I
  • Chargeback reason: FRAUD TRANS-NO CARDHOLDR AUTHORIZATION
  • Chargeback reason: Compliance

All bullet items have avoidable penalty fees due to authorization issues. Any time that happens, you pay penalty merchant fees and risk chargeback. Even if you usually win chargebacks, it’s an inefficient use of time. This quick fact check is just a tiny piece of rules changes I’ll help you get compliant with.

MasterCard began charging a 0.25% penalty fee, on top of other fees, in 2018 for non-compliance with Final Authorization.

How can merchants fix authorization problems? Transaction management technology, including for managing authorizations. Most problems are due to payment gateway limitations, but could also be outdated or improper payment gateway integration, or some specific piece of software limiting payment gateway functionality. Payment gateways often struggle just like merchants to keep up with the fast pace of changes in payment processing, so while the solution still works, it’s just not helping merchants to maximize profits and minimize risk.

Our suite of cloud commerce solutions solves authorization and data breach risk from credit card authorization form problems:

1.       Sales invoices, deposit needed. Sales can push out deposit request via text or email; customer self-pays, authenticates identity, and stores card (if needed). This is a much more professional interaction. Nobody likes paper credit card authorization forms due to risk of identity theft.

2.      Direct bill accounts. With our quick invoicing, accounting can upload an invoice and we take over the delivery, payment collection, security, authentication etc.

3.     Third party authorization form. Forget the paper. Our online form checks all the boxes you need to get compliant with card acceptance rules, protect against fraud, reduce PCI Compliance scope, and mitigate data breach risk.

Available as SynXis integrated solution or standalone. Keep your current Point of Sale service provider. Our solutions fix problems that haven’t been addressed for a decade- getting cardholder data out of the hands of employees and systems while shifting fraud liability risk to issuers. Plus, our optional 2-Way texting is a game changer for Guest Services, concierge, and sales.

Still not sure?

  • Quick and easy to get started.
  • No capital investment.
  • Proven to boost customer satisfaction via follow up surveys and increased sales.
  • Differentiate your brand with higher security.
  • Highest PCI compliance security certifications
  • GDPR compliant
  • Since the issuer is guarantees payment with cardholder authentication, it’s actually cheaper to process some credit cards!

What are you waiting for?

Call Christine Speedy, PCI Council QIR certified, for hotel Online Credit Card Authorization Form solutions at 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Christine Speedy on Ask the Expert Panel in Boca Raton

Christine Speedy will be on the BocaJS experts panel in Boca Raton, Florida. Christine’s background in ecommerce stems from when the internet first started. With skilled coding labor shortages, Christine learned html to help get stuff done for clients which included the Miami Dolphins, Blockbuster, the Florida Marlins and many others. While leaving serious work up to the coders and integrators today, her payment checkout insights are unparalleled for PCI Compliance and card network rules compliance. Get to know the industries best experts on everything from Development, Design, IT, DevOps, Recruiting, and Learning in Boca Raton, Florida.

Cendyn Spaces, in the Atrium

980 North Federal Highway · Boca Raton, FL

About The BocaJS group

The BocaJS group is here to represent the best that South Florida can bring to the world’s best Language (Javascript). And any else web related as well! In addition to vanilla java script, we’ll be looking at frameworks such as Node, AngularJS (1, 1.5 AND 2,4,5,6,…. 7 beta? ), Ember.js, jQuery, ReactJS and Ionic. Founded in September 2014 by Adam & Hector, and Run currently by Damian Montero and Jermbo Lawson this group continues to grow and thrive. Website: BocaJS.org (https://bocajs.org/)

About Christine Speedy

Christine Speedy is a Qualified Integrator and Reseller payments professional, certified by the Payment Card Industry Security Standards Council, and authorized CenPOS Reseller. Christine is a subject matter expert on PCI compliance and card network rules compliance, offering secure cloud payment technology to businesses, transforming the commerce and customer experience. South Florida Technology Alliance member.

Are You Compliant? B2B Credit Card Processing Fact Check

Merchant compliance with various credit card processing rules maximizes profits while mitigating risk. This is especially true for business to business companies. But that task is getting harder and harder with the onslaught of new rules, and virtually impossible if not using a sophisticated cloud solution to help manage compliance.

b2b visa stored credentialIf your B2B company stores credit cards, there’s a pretty good chance you’re not compliant. For example, Visa’s 2017 Stored Credential Transaction framework (PDF download from Visa) outlines merchant responsibilities to obtain customer consent as well as storing credit cards, using stored credentials (token), and managing stored tokens. Failure to comply with Authorization rules, for example preauthorization and final settlement do not match, has far-reaching consequences including higher interchange rates (the bulk of credit card processing fees), penalty fees and new chargeback risks. With so many new rules across multiple card brands that vary based on business and transaction type how can a business quickly ascertain if they’re compliant?

Quick tips to validate compliance:

  1. Is cardholder authentication performed when a new card is stored? When the cardholder data is entered and submitted, the issuer responds with an approval or declined message. A small charge is not an acceptable practice to submit transaction for approval; instead a zero dollar authorization request for authentication is submitted. If authentication is via 3-D Secure -Verified by Visa, MasterCard Secure Code, whereby the customer self-authenticates vs merchant initiating, reduced rates may apply. Under the new rules, two transactions occur at the time a card is stored. Compliant answer is yes.
  2. Is a transaction receipt delivered to customer when you store a credit card? This will be either for an amount or a zero dollar authorization. When stored credit card credential (token) is created, a transaction receipt is generated with the approval or decline and other mandatory fields. Compliant answer is yes.
  3. Does the receipt include “RECURRING” or “REPEAT SALE” for token transactions? Compliant answer is yes.
  4. Review merchant statements, usually the last 1-2 pages with the heading “pending interchange” or “fees” section. Do you see EIRF, STANDARD (STD), or DATA RATE I? Compliant answer is no.
  5. Can you produce documentation of customer consent to store their card (including with 3rd party service) and how it will be used?

If you’re not in compliance, your payment gateway is the most likely culprit, followed by ERP or other software integration limitation. I can fix that.

Reference: Links for all Card brands.

Need help getting compliant?

Call Christine Speedy, , for simple solutions to complex payment transaction problems, 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.