Point of Sale for Heavy Equipment Rentals – Credit Card Processing Rules Changes 2017

Heavy equipment rental companies and dealers must make changes to comply with new Visa credit card acceptance rules. The sweeping changes to rental industry card acceptance rules were announced in October 2016, with April and October 2017 mandates for compliance.  The changes are complex and require cloud technology to automate compliance. Countertop terminals are not capable of compliance, and must be replaced.

fd130 emv terminal

Countertop terminals such as the FD130 and the Verifone VX520 are not capable of compliance for heavy equipment rentals, and must be replaced.

Visa rules changes include:

  • Defining who initiated the transaction (customer self-pay or merchant)
  • Transaction data sent
  • Authorization rules
  • Stored card rules
  • Customer communications.

Compliance will increase approvals and mitigate fraud risk; Failure to comply will increase risk of financial losses and issuer declines while reducing EBIDTA. These changes are significant, impacting chargeback risk and financial penalties to heavy duty equipment rental.

Visa compliant solutions:

The complexity of compliance with both card present and card not present rules requires a solution that can dynamically manage it, removing employees from making decisions that could impact profits. Everyone must change in the ecosystem- card issuer, acquirer (credit card processor),  payment gateway and merchant. Whatever you had in 2016 was not compliant since all the other players were not ready yet.

Merchants should update to a payment gateway that supports at a minimum:

  • Estimated, initial, incremental, and final authorization requests (traditional terminals cannot comply
  • Authorization Reversals for unused authorization (amount changed)
  • Authorization validity periods
  • Stored credential rules
  • Creation and retrieval of customer opt-in records
  • Automated authorization and settlement amount matching (otherwise transaction downgrades to worst rate possible and other repercussions)
  • Verified by Visa, which uses the 3-D Secure protocol to shift fraud liability to the issuer, much like EMV does for retail.
  • verifone MX915 EMV terminal

    The Verifone MX915 EMV chip terminal is an option to use in a compliant rental solution.

If you have a payment gateway, or need one, ask these questions:

  • How will you help us comply with the new Disclosure to Cardholder and Cardholder Consent rules?
  • What does the consent record look like?
  • How will we retrieve records?
  • How long are the records retained?

Contact Christine Speedy to get a compliant solution for your rental services needs. 954-942-0483. The ROI for most businesses is virtually overnight! Month to month risk free solutions.

Another change of note is revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment
flow related to Disputes. For merchants that comply, it’s all good. For merchants that do not comply, there will be more risk of financial penalties and risk of issuer initiated chargeback. A key component to mitigate chargeback risk is support for Verified by Visa.

There are many nuances to the rules and potential chargeback reason code 72 risk, which were non-existent in the past. Rather than consumer initiating a chargeback, the issuer will be within their rights to initiate a chargeback if the merchant fails to comply with the rules, for example, failing to submit the correct authorization flag for an estimate.

Reference: Visa Core Rules and Visa Product and Service Rules, 15 October 2016. See especially Table 5-14, 5-21, 5-22. https://3dmerchant.com/blog/merchant-bulletins-downloads

Resources:

• https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html see articles on Visa Stored Credentials mandate and updated revisions on Visa Stored Credentials framework

• Some acquirers put out statement alerts on their April, June and or July merchant statements.

See also, Visa Stored Credential Mandate.

Contact Christine Speedy to get a compliant solution for your rental services needs. 954-942-0483. You’ll be more profitable, efficient, and

MasterCard Bin 2 Series In Play: Declines and Fines

Previously, MasterCard announced a new card number BIN series, requiring everyone in the payment ecosystem to update in order to support the new card acceptance. Merchants need to update software and or terminals to comply by the June 30, 2017 mandate deadline. The consequences are both transaction declines and heavy fines.

Credit card processing:

  • Traditional countertop terminals may need a software download, contact your processor.

    Verifone vx520 emv terminal

    Verifone vx520

  •  Point of Sale solutions or the payment gateway that drives terminals need to be updated. This may occur seamlessly in the background with no impact to merchants and nothing to download.
    verifone MX915 EMV terminal

    Verifone MX915 EMV chip terminal

    Equipment & Payment Gateway NOT affected:

    • Authorize.net
    • BridgePay
    • Cayan
    • CenPOS
    • Clover
    • Ingenico w/ EMV Chip Card Technology
    • First Data w/ EMV Chip Card Technology
    • Future POS (Version 5.0.96.30)
    • Gravity Gateway
    • Lavu
    • Merchant Link
    • Micros
    • NMI
    • Payeezy
    • Paytrace
    • Shift 4
    • Shopkeep
    • Swipe Simple
    • USAePay/Gravity Link

    Credit Card Terminals Requiring a Software Update:

    • Apriva cellular terminal
    • FD 50 TI (Non EMV Chip Card)
    • FD 100 TI (Non EMV Chip Card)
    • FD 130 (Non EMV Chip Card)
    • FD 200 TI (Non EMV Chip Card)
    • Ingenico (Non EMV Chip Card)
    • Verifone VX520

    Credit Card Terminals Requiring Replacement: These terminals are end of life and cannot be updated.

    • All Hypercomm Terminals
    • Fd 50 (non TI)
    • FD 100 (non TI)
    • FD 200 (non TI)
    • FD 300 (non TI)
    • VX 510
    • VX 570

    Consequences for non-compliance with MasterCard Bin 2 Series

  • Mastercard Transactions for cards beginning with a 2 in the range of 222100-272099 will be declined.
  • If you do not update your software before the deadline, you will fall into a status of non-compliance. A non-compliant occurrence is defined as any attempted and failed transaction that is confirmed as failed due to a merchant’s lack of readiness to support 2-Series BIN transactions.
    • $2,500 per occurrence in the first 30 days.
    • Escalating up to $10,000 in the next 60 days.
    • Up to $20,000 per occurrence for the subsequent violations.

    These fines may be assessed per merchant location per failed transaction for not implementing support of the new cards.

    Fines will be pushed to acquirers. If acquirers are compliant, but the merchant is not, the fines will be passed down. If you’re sitting on old software and terminals, now is the time to change! It’s simple for MasterCard to identify non-compliance.  Contact us for immediate help- keep your merchant account, get new compliant credit card processing technology.

Disclaimer: This list and accompanying information may be out of date at any time. Check with your acquirer for the most current information.

 

Mastercard Lane and Unique Terminal Identification (TID) Mandate

The Mastercard Unique Terminal ID mandate is another attempt to stem and more quickly identify fraud at merchants using integrated retail point of sale solutions. This mandate was announced back in 2013, and requires unique terminal identifiers for each independent card reading device at a single location, not to be confused with the acquiring TID.

Effective January 1, 2017, merchants who do not adhere to the MasterCard Unique Terminal ID mandate will fall into a status of noncompliance. Fines for non-compliance go into effect December 31, 2017. Multiple card-reading devices, such as PIN pads and terminals, connected to a single host terminal are each required to have a Unique Device ID to remain compliant and avoid potential fines from Mastercard.

MasterCard Fines will be assessed for each transaction that violates this mandate.

If you do not regularly update your POS software, as is also required for PCI Compliance, you’re probably not compliant. with MasterCard and may be fined. Action: contact your POS provider for further information. Read your merchant statement messages for these and other critical alerts.

CenPOS Announces its Relationship Renewal with Verifone and the MX Line

CenPOS renews their relationship with Verifone and MX link by purchasing 5,000 Verifone MX 915 devices.

Integrated payment services and gateway provider, CenPOS, purchased 5,000 Verifone MX 915 devices and is deploying point-to-point encryption and advanced data security to auto dealers of all sizes, higher-education, law firms, insurance, manufacturing and distribution.

CenPOS SECURE is a suite of solutions designed to remove sensitive cardholder data from software applications like the merchant’s primary ERP, POS, PMS, DMS, etc. The suite consists of point-to-point encryption, tokenization and encrypted virtual PIN Pads that protect software systems by securing data in-flight and at rest.

When using CenPOS SECURE, merchants can reduce the time requirement and scope of their PCI DSS assessments. The Verifone MX line of products encrypts data at the point of interaction and facilitates a robust shopping experience for the consumer that includes secure PIN entry and signature capture.

“Merchants have enjoyed the CenPOS omni-channel shopping experience and the security that comes from it for the last 8 years. Verifone’s platform was the right choice for CenPOS. Their team of professionals have worked well with CenPOS to incorporate the next level of data security into the solution,” said Christopher Justice, CEO of CenPOS. “We’re pleased with the collaboration and diligence of the technology teams to launch these advancements.”

The Verifone MX line of products provides solid capabilities at the point-of-sale. Its design and attractive styling deliver a comfortable checkout experience while the state-of-the art technology provides added security.

“As a global payments and commerce solutions provider, Verifone’s goal is to create a world-class platform capable of supporting the ingenuity that’s constantly shaping the future of commerce. In a shared effort with CenPOS, we work to bring the highest level of security to transactions,” said Joe Mach, President, Verifone North America.

CenPOS Secure protects card present, eCommerce, mobile, mail order/phone order, and portable device transactions at the point of interaction with multiple layers of security. Integrated into the merchant’s software applications, no sensitive data is ever processed nor stored by those applications eliminating them from the scope of PCI DSS.

To better understand how CenPOS SECURE can help your business, call 877-630-7960 Or visit our website.

About CenPOS:
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.
| CenPOS | @CenPOS

About Verifone:
Verifone is transforming everyday transactions into opportunities for connected commerce. We’re connecting payment devices to the cloud—merging the online and in-store shopping experience and creating the next generation of digital engagement between merchants and consumers. We are built on a 35-year history of uncompromised security with approximately 30 million devices and terminals deployed worldwide. Our people are trusted experts that work with our clients and partners, helping to solve their most complex payments challenges. We have clients and partners in more than 150 countries, including the world’s best-known retail brands, financial institutions and payment providers.
Verifone.com | @verifone

###

Blog author Christine Speedy, CenPOS global sales and integrated solutions, can be reached at 954-942-0483.

What is Auth Code 14, declined?

A credit card processing response of Auth Code 14, is a decline for Processor Declined, Fraud Suspected. Why does this happens for recurring billing, including unscheduled recurring billing using a stored credential, also known as a token on file? The method used to store the first transaction, and process subsequent transactions can impact authorization approvals.

For example, a merchant has successfully processed unscheduled transactions using a token on file since 2016. However, in 2017, declined for Auth Code 14 appeared.

auth code decline 14

Why would a previously stored and working card decline now? Look at the AVS,  ZIP, and CVV response above. Compare to the example below.

token billing

For the second receipt, AVS match Y= address and 5 digit zip match, Zip match Y=Address and 5 digit zip match, CVV = match X, cannot verify CVV. Because CVV was verified a match on the initial zero dollar authorization it’s not required to be presented on subsequent transactions.

The first example is returning that information does not match, thus the reason for suspected fraud. Without looking at the very first authorization when token was created, several possibilities exist, including  cardholder issued a new chip card with same number but other changes occurred in the interim; cardholder address changed or was never validated.

Merchants are at risk of issuer initiated chargeback if authorization rules are not followed. Refer to  Visa Product and Service Rules, Table 5-21: Requirements for Prepayments and Transactions Using Stored Credentials for more information. With recent rules changes, and more coming October 2017, merchants need a cloud based solution that can automate compliance. Not all of them have that intelligence. For example, some cloud based payment gateways enable merchants to perform prohibited transaction requests that put the authorization at risk of chargeback for non-compliance.

Due to many recent and upcoming changes for card absent and recurring billing with stored credentials, merchants are advised to review processes to include empowering customers to self-manage adding cards on file, and using cardholder authentication. Visa requires Verified by Visa for cardholder authentication in a card not present environment; without it, expect increasing declines.

Disclaimer: The rules of card acceptance are very complex and change typically twice a year, sometimes with interim bulletins regarding more changes. Merchants should read the manual for complete details regarding card acceptance for your business type.

Christine Speedy, authorized CenPOS reseller, provides universal payment processing solutions, including cardholder authentication, to maximize merchant profits and mitigate risk across multiple sales channels. Contact Christine at 954-942-0483.