Insurance companies must comply with new VISA installment credit card processing rules changes effective October 2017 to maximize business profits and mitigate chargeback risk. Everyone in the payment ecosystem has or will need to make changes to comply, including acquirer, issuer, payment gateway, merchant, and sometimes integrated billing software.
- October 14, 2017 Visa stored credentials compliance mandate.
INSTALLMENT CREDIT CARD PROCESSING BEST PRACTICES:
- Obtain cardholders’ consent to store the credentials. Opt-in check box stored with payment gateway record is recommended.
- Have a solution to retrieve consent records on request.
- Disclose to cardholders how stored credentials will be used.
- When capturing card data for the first time, use a PCI compliant payment gateway to create a random token replacing sensitive data; eliminate paper credit card authorization forms or digital signature forms where payment data is collected on the form, not via a payment gateway.
- Inform the issuer via a transaction that payment credentials are now stored. For example, perform an Account Number Verification Transaction via a Zero Dollar Authorization with 3-D Secure Verifed by Visa.This is managed by the payment gateway, and requires specific transaction indicator. TIP: If the solution you’re using performs a $1 authorization, often with a void or reversal after, that’s because the payment gateway, and or the implementation, are out of date and don’t support current requirements. Ask how yours works- assume nothing!
- Identify subsequent transactions with appropriate indicators when using stored credentials. Payment gateway to identify all future transactions after storing:
– With an indicator that shows that the Transaction is using a Stored Credential for either Installment, Recurring or Unscheduled Credential On File.
– With the Transaction Identifier of the Initial Transaction.
- Follow all cardholder disclosure and consent requirements specified in the Visa Rules. Opt-in check box with digital record managed by the payment gateway is recommended to comply with issuer records requests.
- If performing a preauthorization for any transactions, additional new requirements must be met, including for reversals and reauthorizations.
INSURANCE INSTALLMENT BEST PRACTICES
Increasingly complicated rules vary by card brand, business type and many other factors. This article may oversimplify such complexities. Merchants are advised to:
- Use tools, including intelligent cloud-based payment gateways, to help comply automatically.
- Segregate payment acceptance from applications; example, embedded payment object or i-frame.
- Review Visa Stored Credential Transaction Framework bulletins
- Review Visa Core Rules and Visa Product and Service Rules
- Review workflow for the customer payment experience and confirm payment technology workflow is compliant with new rules. There is no automated update; merchants must actively participate in process to ensure compliance.
COMPLIANCE RISKS AND REWARDS:
- Compliance will increase approvals, customer satisfaction, and profits.
- Reduce time spent on collections, increase automation, reduce attrition.
- Cardholder authentication can qualify some transactions for lower interchange rates plus mitigate losses related to “it wasn’t me”, more commonly seen in higher risk insured policy holders.
- Compliance required to participate in Visa Account Updater service.
- Non-compliant transactions are essentially invalid authorizations, and issuers will be within their rights to chargeback via Reason Code 72. This is different than a consumer generated chargeback. Issuers are getting slammed with missed payment cardholders and need to get their money back some way; JP Morgan wrote off about $1B in Q1 2017 according to one source. The Wall Street Journal has published several articles over the last year about the surge in subprime credit cardholders missing payments. Overall, we’re looking at a national rate over 4% per quarter- over 16% annually, representing over a trillion dollars. Issuers may want to offset losses from subprime cardholders by collecting monies from merchants for the same.
- Chargeback Risk includes the initial transaction and all subsequent transactions that are not in compliance for the allowable chargeback period. For example, if non-compliant the issuer could chargeback installments on October 14, November 14, and December 14.
Reference: Visa Stored Credential Transaction Mandates and also Visa Core RulesTable 5-21: Requirements for Prepayments and Transactions Using Stored Credentials.
Before selecting a payment gateway for installments payments, ask these questions:
- How will it help with new Visa Stored Credential Mandates compliance?
- Does it support 3-D Secure cardholder authentication, for customer initiated payments?
- What type of digital record is created at the time of customer opt-in to terms, how is it retrieved, and how long is it retained?
- Does it support Zero Dollar Authorization?
- Does the receipt dynamically change based on type of transaction, i.e. cash, credit card single payment, installment payment etc.
- Does it support level 3 processing for commercial cards (if applicable to business type)?
- If I change banks or payment processors, how will it affect my customers? My business?
TIP: Most payment gateways will not be compliant on October 14. An easy starting point to reduce the list of vendor choices is to ask the payment gateway what type of digital record is created at the time of creating an installment agreement, and how will it be accessed? Need help to get compliant? Contact Christine Speedy to learn more about solutions for your business that are quick and easy to adopt, increasing efficiency and growing profits virtually overnight.
Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.