Hotel credit card authorization form 2017 change

Hotel and lodging industry must update best practices due to 2016 and 2017 changes in Visa and MasterCard rules. Cardholder authentication and multiple authorization indicators are two key components of change. Hotels that comply will maximize profits and security. Noncompliance will result in higher credit card acceptance fees due to penalties, increased declines, reduced profits, and new chargeback risk.hotel credit card authorization formFor those still using paper credit card authorization forms, few are in compliance with Visa Core Rules 5.4.2.5 Prohibition against Requiring Cardholder or Account Data – US Region.

“A US Merchant or its agent must not: Request the Card Verification Value 2 data on any paper Order Form.”

Authorization validity is front and center to the 2017 rules changes. Merchants used to get and authorization, and settle it later at checkout. Now merchants must send the correct transaction types and link them all together with a unique identifier:

  1. The ESTIMATE (Visa) or UNDEFINED (MasterCard) indicator is sent when the final settlement amount is unknown. The customer must be informed that it is an estimate as well.
  2. INCREMENTAL authorization is obtained when the original authorization expires or to increase the amount on hold.
  3. Final Authorization says this is the final transaction.

TIP: Merchants need 3-D Secure (Verified by Visa, MasterCard SecureCode), a global cardholder authentication standard for card absent transactions, to maximize profits and compliance for card not present transactions, which is only available with customer initiated transactions: hosted pay page, digital payment request, online booking. Paper forms don’t create a digital record tied to the credit card, and cardholder authentication is not possible, as defined by the card brands. It’s also not possible to comply with the rule by key entering data into any desktop terminal.

The unique transaction transaction identifier can be a point of breakdown in the process. For example, the events manager obtains a paper credit card authorization form. The first charge is a deposit; the second charge is at the end of the event; a third charge occurs after assessing damages to a room. In each case, the amount is key entered into the payment processing terminal. Since there is no transaction identifier tying them all together, the authorizations are invalid and the ISSUER is within their rights to chargeback for invalid authorization, example Visa reason code 72.

There are so many nuances to the rules, and changes needed in the payments ecosystem, hotels should not assume existing partners have completed the required updates to comply. Technology that can automatically manage the authorization and settlement process- not the old way, but with all the new rules changes- requires a sophisticated payment gateway. Like EMV, there will be vendors that struggle to adapt.

For compliant solutions that can be used standalone or integrated, improving your customer experience, contact Christine Speedy, 954-942-0483.

Reference materials:

  • MasterCard® Pre & Final Authorization Mandate by CyberSource, December 2016.
  • Visa Core Rules October 2016.
  • MasterCard Revises Standards for Processing Authorizations and Preauthorizations by Vantiv December 2016.
  • MasterCard Transaction Processing Rules, November 2016.

See merchant bulletins – downloads for links to many resources.

US EMV Verifone MX 915 for BB&T TSYS

Yes, we provide US EMV with chip and pin for BB&T customers wanting to use Verifone MX 915 terminals. BB&T merchants are on the First Data platform. One unique benefit of our solution on First Data is we can process retail, MOTO (mail order/telephone order), and ecommerce, including electronic bill presentment and payment (EBPP), all in a single merchant account, with proper representment to mitigate chargeback risk and maximize profits.

The transaction process is different for EMV than magnetic swipe transaction, in order to support the different flow for processing chip cards.

To use CenPOS as shown in the video, merchants need high speed internet, web browser, Verifone MX 915, and CenPOS account. No other software is needed. CenPOS can be used standalone or integrated. Integrated solutions include Infor, SAP, Dynamics AX, Quickbooks etc. In all cases, CenPOS segregates payments from the application to reduce PCI Compliance scope and improve security.

TIP:  Having an EMV capable terminal does not mean a merchant is ready to accept chip cards. In the CenPOS environment, if a merchant installed a future proof, EMV capable terminal to get ready for EMV, the next step is to convert to EMV enabled. This always requires turning on EMV at the merchant account level, in addition to other steps.

If you do not own a Verifone terminal, do not purchase one on your own via EBAY or some other source. For PCI Compliance, and overall security, the purchasing and installation process must be tightly controlled.

If you’re not a current CenPOS customer, contact Christine Speedy for sales and integrations at 954-942-0483. Don’t just get ready, get EMV Compliant.

Visa and Viewpost to Accelerate Electronic Bill Payments for U.S. Businesses

Partnership to Simplify B2B Payments with Visa Virtual Credit Cards

SAN FRANCISCO & ORLANDO, Fla.–(BUSINESS WIRE)–Mar. 28, 2017– Visa Inc. (NYSE:V) and Viewpost®, a secure B2B network for electronic invoicing, payments and real-time cash management, today announced an exclusive partnership to bring electronic business payments to Viewpost’s small to medium-sized business clients (SMBs). By using Visa virtual commercial cards through their participating financial institutions, SMBs will increase automation, convenience and security for their B2B transactions.

Viewpost’s SMB customers will be able to benefit from Viewpost electronic payment capabilities and the use of a secure, one-time Visa virtual account number. When a virtual card payment is made through Viewpost, the supplier will receive a one-time virtual account number for posting funds to its merchant account. Viewpost will then deliver data-rich remittance information to both businesses, such as, paid invoices, the amount paid and the due date. If a supplier does not accept virtual commercial card payments, an invitation can be extended through a proprietary automation method, which makes enrollment quick and simple.

“Providing access to simple, secure working capital solutions for SMBs is a critically-important focus for our business,” said Vicky Bindra, global head of products & solutions at Visa Inc. “Our collaboration with Viewpost gives SMBs comprehensive financial management tools in a single portal – right where they bank. We are thrilled to partner with Viewpost and make our customers’ lives easier by significantly reducing time, cost and friction around payment, so they can focus on what is most important – managing and growing their businesses.”

As a trusted, open B2B network available to businesses of all sizes, Viewpost gives financial institutions the tools that enable SMBs to connect and exchange electronic invoices and payments, share transaction data and access working capital on demand with unprecedented ease and visibility. Visa’s partnership with Viewpost will help financial institutions in the U.S. bring to market a fully integrated and optimized SMB finance management solution that seamlessly integrates with their online banking site.

“We’re excited to partner with a renowned brand and payments technology leader like Visa,” said Max Eliscu, CEO at Viewpost. “This partnership accelerates our ability to address costly pain points in the multi-trillion-dollar B2B payments ecosystem1 while also, and perhaps most importantly, bringing flexibility, cost savings and simplicity of payment to the massive and underserved small business marketplace.”

“According to our 2016 Small Business Payments and Banking Survey, over two thirds of respondents indicated they preferred to pay bills through online banking tools, rather than a supplier’s website,” said Ken Paterson, vice president of research operations, Mercator Advisory Group. “The Visa/Viewpost partnership promises to offer a seamless integration for banks who are looking to enable their customers to have one centralized destination for all of their corporate payment needs.”

About Visa Inc.

Visa Inc. (NYSE: V) is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories to fast, secure and reliable electronic payments. We operate one of the world’s most advanced processing networks — VisaNet — that is capable of handling more than 65,000 transaction messages a second, with fraud protection for consumers and assured payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa’s innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, pay ahead of time with prepaid or pay later with credit products.

About Viewpost

Viewpost North America is revolutionizing the way businesses transact with each other. Viewpost built the most trusted open business network to empower businesses of all sizes with real-time cash management for anytime operating decisions. On the secure Viewpost network, companies connect and exchange electronic invoices and payments with unprecedented ease and visibility, accessing working capital on demand. Enterprise clients are using Viewpost to cut costs, increase efficiency and improve cash management, including Accenture, Florida Hospital Medical Center, Georgetown University, the Orlando Magic and Whole Foods Market. With enterprise-grade security, including ISO 27001 and SSAE16 audited certifications and the TRUSTe Privacy Seal and Skyhigh CloudTrust Enterprise-Ready Rating, Viewpost is partnering with financial institutions to bring cash management tools to business customers at U.S. Bank, Bank of America and Fifth Third Bank. Viewpost innovation has been awarded Best in Show by Barlow Research, Best CISO/CSO by FireEye Cyber Defense Summit, CSO50 Award (four-time honoree) by IDG’s CSO, and Best B2B Payments Platform by Tradestreaming. Since Viewpost was opened to the public in early 2015, the total invoices presented and payments processed has reached $71.4 billion across the network. Founded in 2011, Viewpost is headquartered in the Orlando area with additional teams in Boston, Minneapolis and San Francisco.

1 Source: Accenture, https://www.accenture.com/us-en/~/media/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Industries_5/Accenture-FS-Payment-Services-Corporate-Payments-PoV.pdf

Source: Visa Inc.

Verifone Investigating Data Breach

Reported by Krebs on Security, Verifone is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.

“According to the forensic information to-date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”

Read the full article here https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Visa Authorization Rentals Rules Change

Visa announced sweeping changes to rental industry card acceptance rules in October 2016. Key changes include defining who initiated transaction, transaction data sent, authorization rules, stored card rules, and customer communications. Compliance will increase approvals and mitigate fraud risk;  Failure to comply will increase financial risk and issuer declines while reducing EBIDTA.

Visa Expansion of Special Authorization Allowances

Effective 15 October 2016, 22 April 2017, and 14 October 2017
Revisions have been made to rules related to the processing of Estimated Authorization Requests, Initial Authorization Requests, and Incremental Authorization Requests, as well as Authorization Reversals, Issuer hold releases, and Chargeback rights. These changes impact issuer, merchant, customer, and acquirer- whatever merchants have in place today is not sufficient for the future.

visa rental authorization rules 2017

Partial excerpt from section 5, Visa Core Rules. Applicable merchants should read the entire table and additional sections.

Truck and heavy duty equipment rental authorizations. Aircraft rental, Bicycle rental, Boat rental, Car rental, Equipment rental, Motor home rental, Motorcycle rental, Trailer park or campground rental are all impacted.

A core concept is authorization validity, which impacts merchant rights and potentially credit card processing rate qualification. An invalid authorization equates to no authorization. Card issuers will be within their rights to use reason code 72 and chargeback, or ACH, funds from merchant bank account on the next settlement day, for failure to comply with authorization rules. This is a significant change for most rental companies, as in the past, businesses typically responded to cardholder initiated disputes, a completely different scenario, and win a good portion of them.

With payment processing technology updates, rental companies can increase profits by complying with the new rules, including for guaranteed reservations. EBITDA is improved with increased approvals, lower qualified interchange rates, and fewer chargebacks.

What’s a valid authorization? It’s partially described in Special Authorization Request Allowances and Requirements. Key elements:

  • Stored credential– rules for storing; what associated data is required on file and what is submitted with transaction, including same transaction ID required for all subsequent authorizations after initial approval.
  • Estimated Authorization– indicator the authorization is an initial estimate and final amount is unknown is sent with transaction. TIP:  If the amount could change because the renter did not bring item back in time, or there are other terms in the contract where customer agrees to pay more under certain conditions such as damages or refueling, then the initial transaction is an Estimate.
  • Incremental authorization  – must use same transaction ID as estimate, and submit with incremental authorization indicator
  • Visa now groups transaction types into ‘customer initiated’ and ‘merchant initiated’. For card not present, a transaction is only considered customer initiated, if Verified by Visa is used. Verified by Visa (VbyV) is their brand name for the global 3-D Secure cardholder authentication protocol for customer initiated card not present transactions.

Updated Checkout Flow For Online Rental Booking:

  • Opt-in to no-show policy, terms and conditions
  • Authenticate cardholder
  • Authorize with the estimate indicator
  • Deliver email confirmation with the policy
  • Incremental auths with same Trans ID only.
  • Close transaction by day 31; partial reversal same transaction ID if applicable.
  • If ticket closed, open new estimated auth.

KEY DATES

  • April 22, 2017 – The Merchant must use the Estimated/Initial Authorization Request indicator.
  • 22 April 2017 – The Merchant must use the Incremental Authorization Request indicator and the same Transaction Identifier for all Authorization Requests.

Without action to update rental authorizations in advance of the April dates, financial exposure for prior months may be significant.

Visa Core Rules see Table 5-16: Special Authorization Request Allowances and Requirements and other pages.

Christine Speedy, authorized CenPOS reseller, provides universal payment processing solutions to maximize merchant profits and mitigate risk across multiple sales channels. To get a CenPOS account and Dynamics AX, SAP, Bluebird or other compatible plugin, contact Christine at 954-942-0483.