On Milestone Anniversary – Vantiv Rings the NYSE Closing Bell as the #1 U.S. Merchant Acquirer

Posted on March 17, 2017 by Christine Speedy

Vantiv marks its 5 year anniversary as a publically-traded company by ringing the closing bell at the NYSE and by being named top payment processor by transactions.

CINCINNATI, March 16, 2017 – Today, Vantiv marks its five-year anniversary as a publicly-traded company with the ringing of the Closing Bell at the New York Stock Exchange. CEO Charles Drucker – joined by some of Vantiv’s most passionate and dedicated team members – will ring the bell at 4:00 pm ET.

Coinciding with this momentous occasion today, The Nilson Report will publish its annual U.S. Merchant Acquirer Rankings, which will show that Vantiv now processes more domestic debit and credit transactions than any other acquirer in the United States.

“This is the first time since 1996 in which a new company has come out on top based on this metric,” said David Robertson, publisher of The Nilson Report. “Congratulations to Vantiv on its success and its five-year anniversary.”

“I always say our success is our people,” said Charles Drucker, president and chief executive officer at Vantiv. “Over the last five years, we have grown dramatically and achieved many milestones thanks to our employees’ relentless hard work and winning attitude. Nilson’s new rankings – published at our five-year anniversary – clearly validates that we are on the right track with a bright future.”

For more information on the U.S. Merchant Acquiring Rankings, go to The Nilson Report, www.nilsonreport.com, one of the most respected sources of news and analysis of the global card and mobile payment industries.

What is level one level two and level iii processing?

Posted on March 17, 2017 by Christine Speedy

Level 1, Level 2 and level 3 processing are different ways of handling purchasing or p-card, business, commercial, and corporate cards. Each level has unique data specifications that determine the potential rate merchants pay for related card acceptance. Even if Level 1, Level 2 and level 3 data is sent to the acquirer, or credit card processor, the merchant may not qualify for the associated rate due to other rules not being met. Although interchange rates are the non-negotiable fees all merchants pay, they can be influenced.

MYTH: If I use a level 3 processor, I’ll get the lowest rates. False. Many rules must be followed. The payment gateway and integration method, if applicable, is largely in control of potential rate qualification. Few have the necessary technology automation to maximize profits. Additionally, the processor may be certified for one channel, but the merchant accepts payments via multiple channels such as retail and e-billing.

What is level 1 processing?

The default commercial card transaction is level 1.

What is level 2 processing?

Requires level II data, including the entry of customer code, card acceptor type, tax ID and sales tax.

For MasterCard, a sales tax amount is required, and the amount must be greater than $0.00, but no less than 0.1% – 30 % of the transaction amount. This is important because most B2B companies typically are not charging sales tax, therefore cannot qualify for level II rates, and need to focus on level III.
For Visa, a tax amount is not required, but the merchant must indicate whether the transaction is tax exempt.

Most acquirers and payment gateways support level 2 data.

What is level 3 processing?

Level III minimum data requirements include: Summary Record – Discount Amount, Freight/Shipping Amount, Duty Amount and Account Number and Line Item Detail Record – Item Sequence Number, Item Commodity Code, Item Descriptor, Product Code, Quantity, Unit of Measure, Unit Cost, and Discount per Line Item, Line Item Total, and Line Item Detail Indicator.

While that sounds like a lot, this can be managed by the payment gateway, which is required for level III processing. It’s critical to point out that the data is the minimum requirement to even potentially qualify. There are a bunch of other rules. For example, authorization and settlement must be equal and settlement must be within required timeframe. Again, this is an area for B2B that often causes a problem. Payment gateway capabilities and integration method must support all the rules, including numerous new Visa rules.

Each rate below is for the same credit card, but different rules apply to qualify for them.

2016-2017 U.S. Region MasterCard Commercial Rates—Small Business Credit
Interchange Rate Program	Level 4
Standard	3.26% + $.10
Data Rate 1	2.96% + $.10
Data Rate II	2.31% + $.10
Data Rate III	2.06% + $.10
Large Ticket 1/II/III	1.51% + $40

Not to be confused with processing level, MasterCard came out with “Small Business Level”, which is about the cardholder and issuer relationship size (how much the cardholder spends).

Lodging Authorization Rules Change 2017 – Chargeback Prevention Tips

Posted on March 2, 2017 by Christine Speedy

In October 2016, Visa quietly announced sweeping changes to rules for card not present transactions in the lodging industry. With online booking technology updates, hotels can increase profits by complying with the new rules, including for guaranteed reservations. Failure to comply may significantly increase financial risk.

A core concept is valid “authorization”, which impacts merchant rights and potentially credit card processing rate qualification. An invalid authorization equates to a no authorization. Card issuers will be within their rights to use reason code 72 and chargeback, or ACH, the funds from merchant bank account on the next settlement day, for failure to comply with the rules. This is a significant change, as in the past, hotels would respond to cardholder initiated disputes, a completely different scenario, and win a good portion of them.

What’s a valid authorization? It’s mostly described in Special Authorization Request Allowances and Requirements. Key elements:

Stored credential– rules for storing and what associated data is required on file and what is submitted with transaction- same transaction ID required for all after initial approval
Estimated Authorization– indicator as to whether the authorization is an estimate or is final is sent with transaction. Authorization is valid for 31 days. (Originally 14 days, but subsequent bulletin released to change it.)
Incremental authorization – must use same transaction ID as estimate, and submit with incremental authorization indicator
Visa now groups transaction types into ‘customer initiated’ and ‘merchant initiated’. For card not present, a transaction is only considered customer initiated, if Verified by Visa is used. Verified by Visa (VbyV) is their brand name for the global 3-D Secure cardholder authentication protocol for card not present transactions.

Updated Checkout Flow For Online Booking:

Opt-in to no-show policy, terms and conditions
Authenticate cardholder
Authorize with the estimate indicator
Deliver email confirmation with the policy
Incremental auths with same Trans ID only.
Close transaction by day 31; partial reversal same transaction ID if applicable.
If ticket closed, open new estimated auth.

KEY DATES

Effective through 13 October 2017: In the US Region, for Car Rental Merchants, Cruise Lines, and Lodging Merchants, the Merchant must use the Incremental Authorization Request indicator and the same Transaction Identifier for all Authorization Requests.
Effective 14 October 2017 Transaction initiated with an Estimated Authorization
Verified by Visa cardholder authentication protects lodging merchants immediately from “it wasn’t me” card not present fraud.

Without hotel action to update online booking in advance of the October dates, financial exposure for prior months may be significant.

Christine Speedy, authorized CenPOS reseller provides universal payment processing solutions to maximize merchant profits and mitigate risk across multiple sales channels. To get a CenPOS account and your booking engine compatible plugin contact Christine at 954-942-0483.

Visa Special Authorization Rules Hotel Lodging and Rental Merchants

Posted on February 27, 2017 by Christine Speedy

In 2016, Visa announced new requirements for estimated and incremental authorization requests, introduced new authorization validity periods and merged car and truck rental categories into a new vehicle rental category. These changes are significant, impacting chargeback risk to cruise, lodging and vehicle rental, heavy duty equipment rental and other merchants.

Two changes of note:

Revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment
flow related to Disputes. This will be covered in a separate article. A key component to mitigate chargeback risk is support for Verified by Visa.
Expansion of Special Authorization Allowances Effective 15 October 2016, 22 April 2017, and 14 October 2017.

Revisions to Special Authorization rules include processing of:

Estimated Authorization Requests
Initial Authorization Requests
Incremental Authorization Requests,
Authorization Reversals, Issuer hold, releases, and Chargeback rights

Applicable Merchants Impacted Effective 22 April 2017:

Aircraft rental
Bicycle rental
Boat rental
Equipment rental
Motor home rental
Motorcycle rental
Trailer park or campground rental
Lodging

VISA Authorization Rule Summary:

Must send “estimated” flag with the initial authorization; the amount is not final and may change.
Estimate cannot include amount for potential damage or insurance deductible.
When closing out, must indicated that sale is ‘final’, and do a reversal for any difference within 24 hours.

There are many nuances to the rules and potential chargeback reason code 72 risk, which were non-existent in the past. Rather than consumer initiating a chargeback, the issuer will be within their rights to initiate a chargeback if the merchant fails to comply with the rules, for example, failing to submit the correct authorization flag for an estimate.

Further details about subsequent authorizations vary by industry. For example, Merchant may need to submit a final Incremental Authorization Request. Due to the complexity and variation by industry, merchants are advised to read the rules and ensure the payment processing technology in place will support the new rules. Payment gateways are a key component for compliance; all gateways must be updated if they’re going to support merchant compliance needs.

Reference: Visa Core Rules and Visa Product and Service Rules, 15 October 2016. https://3dmerchant.com/blog/merchant-bulletins-downloads

Contact Christine Speedy, for compliant lodging and rental payment gateway solutions that work with your existing financial partners, including First Data, Chase Paymentech, Tsys, Moneris, Global, and many others.

EBA paves the way for open and secure electronic payments for consumers under the PSD2

Posted on February 23, 2017 by Christine Speedy

The European Banking Authority (EBA) published today its final draft Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication. These RTS, which were mandated under the revised Payment Services Directive (PSD2) and developed in close cooperation with the European Central Bank (ECB), pave the way for an open and secure market in retail payments in the European Union.

Following 18 months of intensive policy development work and an unprecedentedly wide number of stakeholders’ views and input, these final draft RTS are the result of difficult trade-offs between the various, at times competing, objectives of the PSD2, such as enhancing security, facilitating customer convenience, ensuring technology and business-model neutrality, contributing to the integration of the European payment markets, protecting consumers, facilitating innovation, and enhancing competition through new payment initiation and account information services.

The EBA received 224 responses to its Consultation Paper, in which more than 300 distinct concerns or requests for clarifications were raised. In the feedback table published today as part of the RTS, the EBA has summarised each one of them and provided its assessment as to whether changes have been made to the RTS as a result of such concerns.

In particular, one of the key concerns addressed by these final draft RTS relates to the exemptions from the application of strong customer authentication on the basis of the level of risk involved in the service provided; the amount and recurrence of the transaction; and the payment channel used for the execution of the transaction. In this respect, the EBA has introduced two new exemptions: one based on transaction-risk analysis based on defined fraud levels and the other for payments at so called ‘unattended terminals’ for transport or parking fares. The exemption on transaction risk analysis is linked to a predefined level of fraud and is subject to an 18-month review clause after the application date of the RTS.

In addition, the EBA has also increased the threshold for remote payment transactions from EUR 10 to EUR 30, and has removed previous references to ISO 27001 and to other specific characteristics of strong customer authentication, so as better to ensure the technological neutrality of the RTS and to facilitate future innovations.

With regards to the communication between account servicing payment service providers (ASPSPs), account Information service providers (AISPs) and payment initiation service providers (PISPs), the EBA has decided to maintain the obligation for the ASPSPs to offer at least one interface for AISPs and PISPs to access payment account information. This is linked to the PSD2 no longer allowing the existing practice of third party access without identification (at times referred to as ‘screen scraping’ or, mistakenly, as ‘direct access’) once the transition period provided for in PSD2 has elapsed and the RTS applies.

However, in order to address the concerns raised by a few respondents, the final RTS now also require that ASPSPs that use a dedicated interface will have to provide the same level of availability and performance as the interface offered to, and used by, their own customers, provide the same level of contingency measures in case of unplanned unavailability, and provide an immediate response to PISPs on whether or not the customer has funds available to make a payment.

Legal basis and background

The draft RTS have been developed according to Article 98 of the revised Payment Services Directive (EU) 2015/2366 (PSD2), which mandates the EBA, in close cooperation with the ECB, to draft Regulatory Technical Standards (RTS) specifying the requirements of the strong customer authentication (SCA), the exemptions from the application of SCA, the requirements with which security measures have to comply in order to protect the confidentiality and the integrity of the payment service users’ personalised security credentials, and the requirements for common and secure open standards of communication (CSC) between account servicing payment service providers, payment initiation service providers, account information service providers, payers, payees and other payment service providers (PSPs). The PSD2 provides that the RTS will apply 18 months after adoption of the RTS by the EU Commission as a Delegated Act.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.