Which Payment Gateways Support Stored Credential Requirements?

Posted on by
Reply

Rules for storing and using stored cards changed for merchants in 2017, yet many payment gateways in 2019 still don’t support the transaction requirements, opening risk of issuer chargeback, fines, and assessments to merchants. Since the card networks are now notifying acquirers of non-complaint merchants, it’s time to get serious about making updates. This article updated authorize.net and Cybersource information on June 4, 2020.

The four types of stored credential transactions are recurring billing, installment billing and Unscheduled Credential On File, where buyer agrees to store the card and future transactions will be initiated either by merchant or buyer. Read more about the stored credential rules either by searching the blog for ‘credential’ or click here for card network rules. The payment gateway manages most of the compliance after merchants make the appropriate changes for standalone or integrated solutions, but merchants also have responsibility for getting the proper wording and opt-in record keeping for agreements to store cards.

Which payment gateways support authorization requirements for stored credentials? Ask gateways if they support your specific card not present transaction type. Even if they do, merchant compliance is not automatic and merchants cannot rely on web developers to automatically get them updated either. This list is valid as of today. Please comment below if you have new information about updates or more payment gateways to add to the list.

  • Authorize.net- No, see developer forum for note. 6/4/2020 update: Upon further information gleaned from various sources, merchants are being advised to ‘upgrade’ to Cybersource not only for stored credential but also Strong Customer Authentication (SCA2) and other items.
  • Bluepay- Unable to determine.
  • Braintree- Yes, added MasterCard 1/18/19, Visa 2018.
  • CenPOS– Yes, since 2017, all transaction types. CenPOS does not publish developer information online. See contact info below for sales, integrations and developer assistance.
  • Cybersource- When this blog post was publised, the answer was no per this article (original link to https://www.cybersource.com/mitsc_mandate/#1 is now 404, page not available, however, as of June 4, 2020, Cybersource documentation is still referring to the same broken page which says they are getting ready.) An April 21, 2020 note says they are ready on some processors https://support.cybersource.com/s/article/Support-for-Merchant-Initiated-Transactions-and-Credential-on-File-for-Visa-Mastercard-and-Discover. I question the accuracy of the zip file contents here https://support.cybersource.com/s/article/Support-for-Merchant-Initiated-Transactions-and-Credential-on-File-for-Visa-Mastercard-and-Discover 1.Establishment of Relationship. The initial transaction must be identified as a COF transaction even when it is the first instance (whether a zero-dollar authorization or first transaction). The cardholder must be present for this initial transaction. I agree with the logic as it applies to Cybersource, however, “cardholder must be present” is not applicable to payment gateways, for example CenPOS, capable of dynamically delivering the correct authentication data regardless of channel at the time of authentication and also future transactions.
  • Ingenico- Maybe. Yes, with Ingenico ePayments DirectLink on the international web site, but I was unable to find the related developer code for updating US ePayments needs.
  • Orbital (Chase)- Unable to determine.
  • Payeezy (First Data)- Yes, developer instructions.
  • PayFlow Pro- Unable to determine, doesn’t look like it.
  • Shift4 – No.
  • Vantiv/WorldPay- Maybe. With the merger of these companies, merchants might or might not be using a payment gateway that supports it. Developer info for Worldpay.

How can you easily identify if you’re compliant with card network rules? Here’s a few items to check for:

  1. Is there a checkbox for customer to accept terms?
  2. Are you asking for the security code? While not required if using alternative 3-D Secure cardholder authentication, in my experience, if you’re not asking for it, it’s outdated 100% of the time.

This article is not meant to be a comprehensive list of requirements and may be outdated. The most important takeaway is merchants and developers should not assume that their partners are automatically keeping them current or compliant with the latest rules for card acceptance compliance. In fact, with the update in 2020, it’s coming up on THREE YEARS since the rules went into effect. For continuous compliance, you need a trusted payments expert that knows the rules. Developers can implement programming, but are not experts in processing.

Call Christine Speedy, CenPOS Global Sales. 954-942-0483, 9-5 ET for a payment gateway compliant with stored credential rules that can be quickly implemented. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

D365 ERP payment gateway

Posted on by
Reply

What’s an economical payment gateway for D365? One that enables business to qualify for the lowest rates possible for any given card type, mitigates chargeback risk, and creates efficiencies. Many businesses using AX 2012 and D365 need to store a card and charge on demand. To qualify for the lowest rates and mitigate risk of penalties and fines, compliance with the card network rules is required.Minimum requirements to potentially qualify for the best rates are:

  • For card not present payments, including invoice portal, support 3-D secure; some issuers offer a lower rate averaging 20 BPS (.20%) less.
  • Compliance with 2017 Visa stored credential mandate (which will also get you compliant with MasterCard etc). Many payment gateways do not support this yet.   Ask, ” Do you support “Unscheduled Credential On File” rules?; store the card, charge on demand. Currently authorize.net, Red Maple and Payflow Pro do not.
  • If doing preauthorizations, a method to reauthorize expired auths, and a method to make initial and final auth the same amount if it changes after the preauth. Failure to do so increases the qualified credit card rate an average of 30% for businesses on pass-through interchange pricing.
  • Reversing unused authorizations; Mastercard penalty is now a hefty .25% for misuse of authorization.

Call Christine Speedy, CenPOS Global Sales. 954-942-0483, 9-5 ET for a D365 payment gateway that can be quickly implemented. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

authorize.net alternative for Visa stored credential

Posted on by
Reply

Need an alternative to Authorize.net to comply with stored credential rules, including for both recurring and Unscheduled Credential On File? Authorize.net does not yet offer a solution for Visa stored credential or Mastercard. This includes both merchant initiated transaction and customer initiated transaction in addition to the other items in the Visa Stored Credential Transaction framework and mandates effective October 14, 2017.

The payment gateway is the biggest piece of the puzzle for compliance. My clients were compliant back in 2017. Whether integrated or standalone, I can help you comply with this and many other rules that impact merchant fees and chargeback risk. Even B2B companies that never have chargebacks are at risk.

Call Christine Speedy, CenPOS Global Sales. 954-942-0483, 9-5 ET for all your recurring billing and stored credential payment gateway and virtual terminal needs. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Verify by Visa Rebrands to Visa Secure

Posted on by
Reply

VerifiedbyVisa is designed to make online purchases with your Visa credit card even more secure. Visa announced via the merchant business news digest March 28, 2019 the Verified by Visa (VbV) program name will be rebranded to Visa Secure. Visa Secure uses 3DS, the industry-wide e-commerce authentication standard.

Existing VbV marks will be replaced with a Visa Secure badge across consumer-facing merchant and issuer channels, while all 3DS authentication screens will simply display the Visa logo.

verified by visa
Old Verified by Visa logo
Visa Secure logo
New Visa Secure logo

Visa developed the 3-D Secure standard—currently branded for Visa cardholders as Verified by Visa— to provide merchants and issuers a way to authenticate the cardholder for card-not-present payments.

Starting 1 October 2019, merchants must use the new badge and messaging whenever EMV 3DS technology is used.

Replacement for Ingenico iSC Touch 480 End of LifeTerminals

Posted on by
Reply

Ingenico announced end of life for the iSC Touch 480 PCI-PTS v3/4.x models in March 2019 with sales ending December 2019. The purpose of this notice is to advise that Ingenico US is announcing a withdrawal from marketing and sale of the PCI-PTS v3/4.x models of the iSC Touch 480, including ISC480-11P2541A, ISC480-11P2809A and their subsequent updates with the last letter changing to B etc.

The market is moving on to new improved models and PCI-PTS v5, including the Ingenico Lane 8000. If you’re using this type of terminal, you need something to drive them, since unlike desktop terminals, they are just slaves to a technology solution that prompts screens for customers. If you do not already have a solution, we have both integrated and non-integrated cloud-based solutions.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in B2B and omnichannel technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions. Call Christine for payment gateway, cloud technology, merchant services and check processing needs.