2021 Convenience Fee Rules Explained

Credit card convenience fees 2021 rules explained. Visa rules on convenience fees as outlined in Table 5-5 Convenience Fee Requirements remain unchanged since 2020.

What’s a convenience fee and when can I use it? Convenience fees can only be charged for a bona fide convenience in the form of an alternative payment channel outside the Merchant’s customary payment channels and not charged solely for the acceptance of a Card. If a merchant only accepts credit cards, it’s prohibited. Alternatively as an example, if a merchant gets 99% checks in the mail, ACH, and wire, they could be eligible to charge a convenience fee.

The following are all elements that can impact whether you can charge a convenience fee:

  • Federal law
  • State law
  • Rules of card acceptance, for example, Visa Core Rules
  • Merchant acquirer (credit card processor)

Who can and cannot charge a convenience fee?

  • If the Merchant operates exclusively in a Card-Absent
    Environment, cannot charge a convenience fee.
  • Convenience fee can only be charged by the merchant that provides the goods or services to the cardholder, not a third party.

Visa convenience fee rules excerpts:

  • Cannot be charged on a Recurring Transaction or an Installment Transaction.
  • Must be listed as a separate line item on the receipt.
  • Must be included with the total transaction. In other words, the receipt must split out the amount, but only one transaction is sent.
  • Added only to a domestic Unattended Transaction. In other words, customers self-pay.
  • Must be disclosed to customers as a charge for alternate payment channel convenience.

How much is allowed for a convenience fee?

Per Visa, the convenience fee must be a flat, or fixed amount, regardless of the value of the payment due. There isn’t a limit on the amount and a merchant may choose to dynamically generate the convenience fee amount. Regardless, the consumer must be able to opt-out prior to completing the transaction.

See Visa Core Rules Table 5-5: Convenience Fee Requirements for more information. Note, this is a change from the 2018 blog post.

Rules may vary by card brand, but typically, if a merchant complies with Visa rules, they’ll be compliant with the other brands. A convenience fee is not the same as a credit card surcharge for Visa, which also has another type called a service fee,which applies to government and education only.

Call Christine Speedy, PCI Council QIR certified, for simple solutions to complex payment transaction problems, 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Please share your convenience fee insights for others and ask any questions below.

Chinese PAX payment terminal manufacturer raided by FBI in Florida

PAX Technology Warehouse in Jacksonville Florida was the subject of a search and investigation October 26, 2021 by the Federal Bureau of Investigation, the Department of Homeland Security, and several other agencies. PAX is a Chinese credit card terminal provider that significantly grew it’s global reach, including the US, during the transition to EMV chip terminals.

Brian Krebs, a cybersecurity investigative journalist, reported a major US payment processor noticed that PAX terminals were being used both as a malware “dropper” — a repository for malicious files — and as “command-and-control” locations for staging attacks and collecting information. Something didn’t add up and PAX didn’t give any good answers.

FBI Statement: “The FBI Jacksonville Division, in partnership with Homeland Security Investigations, Customs and Border Protection, Department of Commerce, and Naval Criminal Investigative Services, and with the support of the Jacksonville Sheriff’s Office, is executing a court-authorized search at this location in furtherance of a federal investigation. We are not aware of any physical threat to the surrounding community related to this search. The investigation remains active and ongoing and no additional information can be confirmed at this time.”

US vendors in the payments ecosystem were quick to respond. The sale and installation of PAX terminals has already been prohibited by some.

Fresno Woman Pleads Guilty to Committing $100,000 in Credit Card Fraud

FRESNO, Calif. — Alena Nicole George, 43, of Fresno, pleaded guilty today to access device fraud, Acting U.S. Attorney Phillip A. Talbert announced.

According to court documents, from February through April 2019, George used a credit card that was fraudulently opened in the identity of a victim with a name similar to her own name to make $100,000 in purchases at national retailers and cash advances at a national bank.

This case is the product of an investigation by the Federal Bureau of Investigation and the U.S. Postal Inspection Service. Assistant U.S. Attorneys Vincente Tennerelli and Joseph Barton are prosecuting the case.

George is scheduled to be sentenced by U.S. District Judge Dale A. Drozd on Jan. 21, 2022. George faces a maximum statutory penalty of 10 years in prison and a $250,000 fine. The actual sentence, however, will be determined at the discretion of the court after consideration of any applicable statutory factors and the Federal Sentencing Guidelines, which take into account a number of variables.

https://www.justice.gov/usao-edca/pr/fresno-woman-pleads-guilty-committing-100000-credit-card-fraud

Miami Man Pleads Guilty to Participating in Access Device Fraud and Money Laundering Conspiracies for his Roles in Nationwide Gas Station Skimming Scheme

ALBANY, NEW YORK – Hugo Hernandez, age 34, of Miami Lakes, Florida, pled guilty today to a superseding indictment charging him with being part of access device fraud and money laundering conspiracies for his roles in a nationwide gas station skimming scheme that involved stealing banking and personal information of residents in and around the Northern District of New York, as well as multiple other parts of the country, who used the “pay at the pump” feature to make gasoline purchases.

The announcement was made by United States Attorney Carla B. Freedman; Janeen DiGuiseppi, Special Agent in Charge of the Albany Field Office of the Federal Bureau of Investigation (FBI); and Inspector in Charge Ketty Larco-Ward, Boston Division, United States Postal Inspection Service (USPIS).

As part of his guilty plea, Hernandez admitted that between December 2015 and July 2019,  he conspired with others to commit access device fraud by building skimming devices designed to steal gas station customer information, installing those devices inside gas pumps in Albany, Broome, and Montgomery Counties, and elsewhere, and then using the information collected by those devices to create fake credit and debit cards. The fake cards were used to obtain money orders, gift cards, cash, and other things of value.

Hernandez also admitted to being part of a conspiracy to launder funds obtained through the access device fraud conspiracy, and, in facilitating that conspiracy, causing at least 162 money orders, worth $173,257, to be deposited into a bank account he controlled. As part of his plea agreement, Hernandez agreed to be subject to a forfeiture money judgment in the amount of $173,257.

A sentencing hearing is set to take place on March 1, 2022, before Senior United States District Judge Gary L. Sharpe. Hernandez faces up to 20 years in prison; a fine of up to $500,000 or twice the value of the property involved in the transaction, whichever is greater; and up to 3 years of supervised release. A defendant’s sentence is imposed by a judge based on the particular statute the defendant is charged with violating, the U.S. Sentencing Guidelines and other factors.

This case was investigated by the FBI Albany Field Office and USPIS Boston Division, with assistance from the FBI Field Offices in Miami, Pittsburgh, and San Juan, the USPIS Miami Division, the United States Secret Service Miami Field Office, as well as the New York State Department of Agriculture, Division of Weights and Measures. The case is being prosecuted by Assistant U.S. Attorneys Rick Belliss and Emily C. Powers.

https://www.justice.gov/usao-ndny/pr/miami-man-pleads-guilty-participating-access-device-fraud-and-money-laundering

U.S. data breaches Q3 2021

Identity Theft Resource Center to Share Latest Data Breach Analysis with U.S. Senate Commerce Committee; Number of Data Breaches in 2021 Surpasses all of 2020

The number of data breach victims dramatically increased in Q3 2021 due to a series of data exposures during the quarter 

SAN DIEGO, October 6, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter?(Q3)?of 2021. According to the data breach analysis,?the number of data breaches publicly-reported in the U.S. decreased nine (9) percent in Q3 2021 (446 breaches) compared to Q2 2021 (491 breaches). However, the number of data breaches through September 30, 2021 has exceeded the total number of events in Full-Year (FY) 2020 by 17 percent (1,291 breaches in 2021 compared to 1,108 breaches in 2020). The trendline continues to point to a record-breaking year for data compromises (the all-time high of 1,529 breaches was set in 2017). 

For Q3 2021, the number of data compromise victims (160 million) is higher than Q1 and Q2 2021 combined (121 million). The dramatic rise in victims is primarily due to a series of unsecured cloud databases, not data breaches. Also, the total number of cyberattack-related data compromises year-to-date (YTD) is up 27 percent compared to FY 2020. Phishing and Ransomware continue to be, far and away, the primary attack vectors. 

Download the ITRC’s 2021 Q3 Data Breach Analysis and Key Takeaways 

“While the total number of data breaches dropped slightly in Q3, we are only 238 data breaches away from tying the all-time record for data compromises in a single year,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “It’s also interesting to note that the 1,111 data breaches from cyberattacks so far this year exceeds the total number of data compromises from all causes in 2020. Everyone needs to continue to practice good cyber-hygiene to protect themselves and their loved ones as these crimes continue to increase.” 

Other findings in the analysis include: 

  • There have been no publicly-reported data breaches to date in 2021 attributed to payment card skimming services.  
  • Some organizations and state agencies are not including specifics about data compromises or reporting them on a timely basis. One state has not posted a data breach notice since September 2020. 

Enhancing Data Security – U.S. Senate Committee Hearing – Oct. 6, 2021

The ITRC will testify before the U.S. Senate Committee on Commerce, Science & Transportation today to present the findings from our Q3 Data Breach Analysis. Watch the hearing on enhancing data security live at 10 a.m. EST/7 a.m. PST.  ITRC COO, James E. Lee, issued a written statement for the record as part of a hearing with the U.S. Senate Committee. 

For more information about recent data breaches, or?the increase in the number of?data breaches discussed in?the?latest?trend analysis, consumers and businesses should visit the ITRC’s data breach tracking tool,?notified.??? 

Anyone?can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting ?www.idtheftcenter.org to live-chat.?? 

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC)?is a?national?nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.?Through public and private support, the ITRC provides no-cost victim assistance and consumer education through?its website?live-chat?idtheftcenter.org?and?toll-free phone number 888.400.5530.?The ITRC also?equips?consumers and businesses?with?information about recent data breaches through its data breach tracking tool,?notified.?The ITRC offers help to specific?populations, including?the?deaf/hard of?hearing and?blind/low?vision?communities.?