Hotel credit card authorization rules compliance fact check

Identify if your hotel is compliant with authorization rules impacting profits and risk in just a few minutes. Card absent rules for card acceptance changed dramatically since April 2017, and in particular for the hotel and lodging industry. Rather than detail the complexities from over one thousand pages of official card acceptance rules, here’s some easy ways to identify if you have a problem.

Any of these fees on merchant statement indicate authorization problems needing correction:

  • Misuse of authorization
  • Standard / STD (any)
  • EIRF
  • Data rate I, (any) i.e. Corporate Data Rate I
  • Chargeback reason: Compliance

All bullet items have avoidable penalty fees due to authorization issues. Any time that happens, you pay penalty merchant fees and risk chargeback. Even if you usually win chargebacks, it’s an inefficient use of time. This quick fact check is just a tiny piece of rules changes I’ll help you get compliant with.

MasterCard began charging a 0.25% penalty fee, on top of other fees, in 2018 for non-compliance with Final Authorization.

How can merchants fix authorization problems? Transaction management technology, including for managing authorizations. Most problems are due to payment gateway limitations, but could also be outdated or improper payment gateway integration, or some specific piece of software limiting payment gateway functionality. Payment gateways often struggle just like merchants to keep up with the fast pace of changes in payment processing, so while the solution still works, it’s just not helping merchants to maximize profits and minimize risk.

Our suite of cloud commerce solutions solves authorization and data breach risk from credit card authorization form problems:

1.       Sales invoices, deposit needed. Sales can push out deposit request via text or email; customer self-pays, authenticates identity, and stores card (if needed). This is a much more professional interaction. Nobody likes paper credit card authorization forms due to risk of identity theft.

2.      Direct bill accounts. With our quick invoicing, accounting can upload an invoice and we take over the delivery, payment collection, security, authentication etc.

3.     Third party authorization form. Forget the paper. Our online form checks all the boxes you need to get compliant with card acceptance rules, protect against fraud, reduce PCI Compliance scope, and mitigate data breach risk.

Available as SynXis integrated solution or standalone. Keep your current Point of Sale service provider. Our solutions fix problems that haven’t been addressed for a decade- getting cardholder data out of the hands of employees and systems while shifting fraud liability risk to issuers. Plus, our optional 2-Way texting is a game changer for Guest Services, concierge, and sales.

Still not sure?

  • Quick and easy to get started.
  • No capital investment.
  • Proven to boost customer satisfaction via follow up surveys and increased sales.
  • Differentiate your brand with higher security.
  • Highest PCI compliance security certifications
  • GDPR compliant
  • Since the issuer is guarantees payment with cardholder authentication, it’s actually cheaper to process some credit cards!

What are you waiting for?

Call Christine Speedy, PCI Council QIR certified, for hotel Online Credit Card Authorization Form solutions at 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Lodging Authorization Rules Change 2017 – Chargeback Prevention Tips

online booking credit card fraudIn October 2016, Visa quietly announced sweeping changes to rules for card not present transactions in the lodging industry. With online booking technology updates, hotels can increase profits by complying with the new rules, including for guaranteed reservations. Failure to comply may significantly increase financial risk.

A core concept is valid “authorization”, which impacts merchant rights and potentially credit card processing rate qualification. An invalid authorization equates to a no authorization. Card issuers will be within their rights to use reason code 72 and chargeback, or ACH, the funds from merchant bank account on the next settlement day, for failure to comply with the rules. This is a significant change, as in the past, hotels would respond to cardholder initiated disputes, a completely different scenario, and win a good portion of them.

What’s a valid authorization? It’s mostly described in Special Authorization Request Allowances and Requirements. Key elements:

  • Stored credential– rules for storing and what associated data is required on file and what is submitted with transaction- same transaction ID required for all after initial approval
  • Estimated Authorization– indicator as to whether the authorization is an estimate or is final is sent with transaction. Authorization is valid for 31 days. (Originally 14 days, but subsequent bulletin released to change it.)
  • Incremental authorization  – must use same transaction ID as estimate, and submit with incremental authorization indicator
  • Visa now groups transaction types into ‘customer initiated’ and ‘merchant initiated’. For card not present, a transaction is only considered customer initiated, if Verified by Visa is used. Verified by Visa (VbyV) is their brand name for the global 3-D Secure cardholder authentication protocol for card not present transactions.

Updated Checkout Flow For Online Booking:

  • Opt-in to no-show policy, terms and conditions
  • Authenticate cardholder
  • Authorize with the estimate indicator
  • Deliver email confirmation with the policy
  • Incremental auths with same Trans ID only.
  • Close transaction by day 31; partial reversal same transaction ID if applicable.
  • If ticket closed, open new estimated auth.


  • Effective through 13 October 2017: In the US Region, for Car Rental Merchants, Cruise Lines, and Lodging Merchants, the Merchant must use the Incremental Authorization Request indicator and the same Transaction Identifier for all Authorization Requests.
  • Effective 14 October 2017 Transaction initiated with an Estimated Authorization
  • Verified by Visa cardholder authentication protects lodging merchants immediately from “it wasn’t me” card not present fraud.

Without hotel action to update online booking in advance of the October dates, financial exposure for prior months may be significant.

Christine Speedy, authorized CenPOS reseller provides universal payment processing solutions to maximize merchant profits and mitigate risk across multiple sales channels. To get a CenPOS account and your booking engine compatible plugin contact Christine at 954-942-0483. 

CenPOS update leverages new CVV rule for magnetic stripe failures

CenPOS, a fast-growing payment processing technology, released a new feature for merchants to enable the automatic collection of CVV at the point of sale for key entered transactions including a failed magnetic stripe read.  The update supports the new Visa rule for card present transactions.

Effective October 15, 2011, merchants that prompt for and validate the Card Verification Value 2 (CVV) on any Visa CPS Key entry transaction (not to be confused with CPS Card-not-present) will no longer be required to take an imprint of the card to prove that the consumer was present at the time of the transaction. More importantly, merchants that implement this new procedure will no longer be liable for charge-back reason code 81 (Fraud Card-Present Environment).


cvv prompt for key entered face to faceThe CenPOS privilege in the Virtual terminal can be dynamically enabled or disabled by the merchant administrator. When enabled, the Virtual Terminal will automatically prompt for the CVV on any and ALL manually entered transactions. If in a retail environment with an attached signature capture terminal, the customer will still be prompted for their signature as usual.

cvv prompt for key entered face to face

To enable, click on the Administrator tab >merchant icon> processing data tab> click on “CVV Manual Entry”

About CenPOS
“Creating efficiencies through payment innovation”

Founded in 2009, Miami-based CenPOS is a payment technology provider. CenPOS is committed to providing its customers and partners with innovative solutions for today’s rapidly evolving consumer payment choices.

CenPOS is an intelligent payment-processing network that streamlines the payment experience for businesses and consumers by using state-of-the-art technology to replace inefficient, outdated payment systems. The network reflects the core values that drive the experienced and innovative CenPOS team: Simplicity, Scalability, Security and a holistic approach to payment processing strategies.

CenPOS provides solutions to a range of organizations including but not limited to retail, card not present merchants, automotive dealers, professional services and academic institutions; special programs are also available for non-profits.

Christine Speedy direct (954) 942-0483

Can I defend a chargeback with pencil rubbing of a card?

Your credit card terminal goes down or your wireless unit can’t get a signal, but you’ve got customers lined up to buy. Is a pencil rubbing of the credit card or a photocopy of the credit card OK to defend against chargebacks?

No. The merchant must have an imprint of the card on a credit card voucher form that is fully completed and signed by the customer.

Below are excerpts of the relevant rule from Visa and the condition I most often see cited on merchant chargeback forms. (Other cards have similar language. Please note the Visa International Operations Guidelines book is over 1100 pages so too keep this brief, this is a very narrow look. Link t

Visa Chargeback Reason Code 81 Fraud Card-Present Environment

Chargeback Conditions – Reason Code 81
pg 825 One of the following:
1. Cardholder did not authorize or participate in a Card-Present Environment Transaction.


  • A signature and imprint or magnetic stripe card data is required on all retail merchant accounts with a Terminal ID that is set up for retail  presentment. For most merchants, this means they need two merchant accounts- one for card present or retail, and another for card not present or MOTO if they have key entered transactions and the card is absent.
  • To save time, merchants will only partially fill in the form, but this is not sufficient. All fields must be completed and the customer must sign.
  • When a merchant account is opened merchants are issued a metal plate with their required merchant account identifying information to use with imprinting forms.  Don’t toss is into a drawer. Buy an imprinter (about $25 from most office supply stores) and some voucher forms, put your plate in and keep it secured but handy in case you need it.  If you don’t know where your plate is, call your processor and ask for a new one.

Editors note: Two merchant accounts will help mitigate risk because card absent aka card not present requirements differ from card present. For example, depending on the transaction method,  address verification and or security code may be required. Merchants with a single dial up terminal that has two merchant accounts my experience costly errors when the salesperson or cashier processes the transaction on the wrong account. It happens.  I see it all the time when I review statements and dig for downgrade reason codes. One solution is automated merchant account switching via Cenpos.


American Express merchant rates

Did you think you had a flat rate fee for your American Express merchant account? I did too. But, there are circumstances where they can charge you more. Key entering a transaction at the point of sale is probably the most common.

Per the American Express April 2010 merchant guidelines PDF, “there are instances when Merchants will need to key-enter an In-Person Transaction. This occurs most often when the POS System cannot read the Magnetic Stripe. There may be a fee assessed for Charges that are key-entered. See subsection 12.2.2, authorization fees.
Transaction fee – A fee applied to any Charge for which we did not receive the full Magnetic Stripe from the Card and the indicator as to whether the Card was swiped.
0.30% of the face amount of the Charge.

This should not come as a surprise. Visa and MasterCard have long had a different rate for key entered transactions on a RETAIL or swipe merchant account.

” One of the requirements of a key-entered Transaction is to validate the Card’s presence. Failure to validate the Card’s presence can render the Merchant liable for Chargebacks if the Cardmember disputes the Charge. This doesn’t change for any type of card and we’ve reported on this before.