American Express SafeKey for hotels

Direct from American Express hospitality industry webinar, hotels number one protection from card not present fraud is American Express SafeKey®. SafeKey leverages the global industry standard, 3-D Secure®*, to detect and reduce online fraud by adding an extra layer of security when Card Members pay online.

How to mitigate 3rd party authorization chargeback risk? Merchant best practices:

  • Ensure the cardholder participated in the initial transactions. Safekey is the best method to prove that, making signatures irrelevant.
  • Get written authorization of what expenses the cardholder will allow.
  • Put cardholder name on the folio.
  • Show where cardholder opted in to all policies, including damages, cancellation etc.
  • Authorization must be CARD NOT PRESENT.
  • Use solution that includes cardholder name in the authorization response; retrievable record.

American Express SafeKey

How does Amex SafeKey impact the customer shopping experience? The cardholder may have some or no difference in the checkout experience, based on many factors, including prior online shopping history. The cardholder may be asked authentication question(s) to confirm it’s really the cardholder.

How does Amex SafeKey impact merchants?

  • Fraud liability for “It wasn’t me, I didn’t authorize it” goes away as liability shifts back to the issuer.
  • For business to business, where cardholder billing and shipping address frequently vary, cardholder authentication plays an important role not available with four digit CID security code validation only.
  • At this writing, American Express merchants do not receive a specific interchange discount as may be available with other card brands.

How can merchants adopt the Amex SafeKey service?

  1. Enroll your company on the American Express web site. https://network.americanexpress.com/globalnetwork/safekey/us/en/merchants-acquirers
  2. Receive e-mail from SafeKey Certification Team with your SafeKey ID and next steps.
  3. SafeKey Certification Team gets approval from Acquirer.
  4. Acquirer and SafeKey Certification Team complete required setup.
  5. Activate 3-D Secure on the application. (Ecommerce shopping cart, payment gateway, or ERP.) Both payment gateway and application must support the service.

* 3-D Secure is a registered trademark of Visa International Service Association in the United States and other countries.

Want to add American Express SafeKey to your business and get a great third party authorization form solution all included? Contact CenPOS global sales and integrations reseller, Christine Speedy, 954-942-0483 for more information.

Hotel credit card authorization rules compliance fact check

Identify if your hotel is compliant with authorization rules impacting profits and risk in just a few minutes. Card absent rules for card acceptance changed dramatically since April 2017, and in particular for the hotel and lodging industry. Rather than detail the complexities from over one thousand pages of official card acceptance rules, here’s some easy ways to identify if you have a problem.

Any of these fees on merchant statement indicate authorization problems needing correction:

  • Misuse of authorization
  • Standard / STD (any)
  • EIRF
  • Data rate I, (any) i.e. Corporate Data Rate I
  • Chargeback reason: FRAUD TRANS-NO CARDHOLDR AUTHORIZATION
  • Chargeback reason: Compliance

All bullet items have avoidable penalty fees due to authorization issues. Any time that happens, you pay penalty merchant fees and risk chargeback. Even if you usually win chargebacks, it’s an inefficient use of time. This quick fact check is just a tiny piece of rules changes I’ll help you get compliant with.

MasterCard began charging a 0.25% penalty fee, on top of other fees, in 2018 for non-compliance with Final Authorization.

How can merchants fix authorization problems? Transaction management technology, including for managing authorizations. Most problems are due to payment gateway limitations, but could also be outdated or improper payment gateway integration, or some specific piece of software limiting payment gateway functionality. Payment gateways often struggle just like merchants to keep up with the fast pace of changes in payment processing, so while the solution still works, it’s just not helping merchants to maximize profits and minimize risk.

Our suite of cloud commerce solutions solves authorization and data breach risk from credit card authorization form problems:

1.       Sales invoices, deposit needed. Sales can push out deposit request via text or email; customer self-pays, authenticates identity, and stores card (if needed). This is a much more professional interaction. Nobody likes paper credit card authorization forms due to risk of identity theft.

2.      Direct bill accounts. With our quick invoicing, accounting can upload an invoice and we take over the delivery, payment collection, security, authentication etc.

3.     Third party authorization form. Forget the paper. Our online form checks all the boxes you need to get compliant with card acceptance rules, protect against fraud, reduce PCI Compliance scope, and mitigate data breach risk.

Available as SynXis integrated solution or standalone. Keep your current Point of Sale service provider. Our solutions fix problems that haven’t been addressed for a decade- getting cardholder data out of the hands of employees and systems while shifting fraud liability risk to issuers. Plus, our optional 2-Way texting is a game changer for Guest Services, concierge, and sales.

Still not sure?

  • Quick and easy to get started.
  • No capital investment.
  • Proven to boost customer satisfaction via follow up surveys and increased sales.
  • Differentiate your brand with higher security.
  • Highest PCI compliance security certifications
  • GDPR compliant
  • Since the issuer is guarantees payment with cardholder authentication, it’s actually cheaper to process some credit cards!

What are you waiting for?

Call Christine Speedy, PCI Council QIR certified, for hotel Online Credit Card Authorization Form solutions at 954-942-0483, 9-5 ET. CenPOS authorized reseller based out of South Florida and NY. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.

Lodging Authorization Rules Change 2017 – Chargeback Prevention Tips

online booking credit card fraudIn October 2016, Visa quietly announced sweeping changes to rules for card not present transactions in the lodging industry. With online booking technology updates, hotels can increase profits by complying with the new rules, including for guaranteed reservations. Failure to comply may significantly increase financial risk.

A core concept is valid “authorization”, which impacts merchant rights and potentially credit card processing rate qualification. An invalid authorization equates to a no authorization. Card issuers will be within their rights to use reason code 72 and chargeback, or ACH, the funds from merchant bank account on the next settlement day, for failure to comply with the rules. This is a significant change, as in the past, hotels would respond to cardholder initiated disputes, a completely different scenario, and win a good portion of them.

What’s a valid authorization? It’s mostly described in Special Authorization Request Allowances and Requirements. Key elements:

  • Stored credential– rules for storing and what associated data is required on file and what is submitted with transaction- same transaction ID required for all after initial approval
  • Estimated Authorization– indicator as to whether the authorization is an estimate or is final is sent with transaction. Authorization is valid for 31 days. (Originally 14 days, but subsequent bulletin released to change it.)
  • Incremental authorization  – must use same transaction ID as estimate, and submit with incremental authorization indicator
  • Visa now groups transaction types into ‘customer initiated’ and ‘merchant initiated’. For card not present, a transaction is only considered customer initiated, if Verified by Visa is used. Verified by Visa (VbyV) is their brand name for the global 3-D Secure cardholder authentication protocol for card not present transactions.

Updated Checkout Flow For Online Booking:

  • Opt-in to no-show policy, terms and conditions
  • Authenticate cardholder
  • Authorize with the estimate indicator
  • Deliver email confirmation with the policy
  • Incremental auths with same Trans ID only.
  • Close transaction by day 31; partial reversal same transaction ID if applicable.
  • If ticket closed, open new estimated auth.

KEY DATES

  • Effective through 13 October 2017: In the US Region, for Car Rental Merchants, Cruise Lines, and Lodging Merchants, the Merchant must use the Incremental Authorization Request indicator and the same Transaction Identifier for all Authorization Requests.
  • Effective 14 October 2017 Transaction initiated with an Estimated Authorization
  • Verified by Visa cardholder authentication protects lodging merchants immediately from “it wasn’t me” card not present fraud.

Without hotel action to update online booking in advance of the October dates, financial exposure for prior months may be significant.

Christine Speedy, authorized CenPOS reseller provides universal payment processing solutions to maximize merchant profits and mitigate risk across multiple sales channels. To get a CenPOS account and your booking engine compatible plugin contact Christine at 954-942-0483. 

CenPOS update leverages new CVV rule for magnetic stripe failures

CenPOS, a fast-growing payment processing technology, released a new feature for merchants to enable the automatic collection of CVV at the point of sale for key entered transactions including a failed magnetic stripe read.  The update supports the new Visa rule for card present transactions.

Effective October 15, 2011, merchants that prompt for and validate the Card Verification Value 2 (CVV) on any Visa CPS Key entry transaction (not to be confused with CPS Card-not-present) will no longer be required to take an imprint of the card to prove that the consumer was present at the time of the transaction. More importantly, merchants that implement this new procedure will no longer be liable for charge-back reason code 81 (Fraud Card-Present Environment).

 

cvv prompt for key entered face to faceThe CenPOS privilege in the Virtual terminal can be dynamically enabled or disabled by the merchant administrator. When enabled, the Virtual Terminal will automatically prompt for the CVV on any and ALL manually entered transactions. If in a retail environment with an attached signature capture terminal, the customer will still be prompted for their signature as usual.

cvv prompt for key entered face to face

To enable, click on the Administrator tab >merchant icon> processing data tab> click on “CVV Manual Entry”

About CenPOS
“Creating efficiencies through payment innovation”

Founded in 2009, Miami-based CenPOS is a payment technology provider. CenPOS is committed to providing its customers and partners with innovative solutions for today’s rapidly evolving consumer payment choices.

CenPOS is an intelligent payment-processing network that streamlines the payment experience for businesses and consumers by using state-of-the-art technology to replace inefficient, outdated payment systems. The network reflects the core values that drive the experienced and innovative CenPOS team: Simplicity, Scalability, Security and a holistic approach to payment processing strategies.

CenPOS provides solutions to a range of organizations including but not limited to retail, card not present merchants, automotive dealers, professional services and academic institutions; special programs are also available for non-profits.

Christine Speedy direct (954) 942-0483

Can I defend a chargeback with pencil rubbing of a card?

Your credit card terminal goes down or your wireless unit can’t get a signal, but you’ve got customers lined up to buy. Is a pencil rubbing of the credit card or a photocopy of the credit card OK to defend against chargebacks?

No. The merchant must have an imprint of the card on a credit card voucher form that is fully completed and signed by the customer.

Below are excerpts of the relevant rule from Visa and the condition I most often see cited on merchant chargeback forms. (Other cards have similar language. Please note the Visa International Operations Guidelines book is over 1100 pages so too keep this brief, this is a very narrow look. Link t

Visa Chargeback Reason Code 81 Fraud Card-Present Environment

Chargeback Conditions – Reason Code 81
pg 825 One of the following:
1. Cardholder did not authorize or participate in a Card-Present Environment Transaction.

CHARGEBACK PREVENTION TIPS:

  • A signature and imprint or magnetic stripe card data is required on all retail merchant accounts with a Terminal ID that is set up for retail  presentment. For most merchants, this means they need two merchant accounts- one for card present or retail, and another for card not present or MOTO if they have key entered transactions and the card is absent.
  • To save time, merchants will only partially fill in the form, but this is not sufficient. All fields must be completed and the customer must sign.
  • When a merchant account is opened merchants are issued a metal plate with their required merchant account identifying information to use with imprinting forms.  Don’t toss is into a drawer. Buy an imprinter (about $25 from most office supply stores) and some voucher forms, put your plate in and keep it secured but handy in case you need it.  If you don’t know where your plate is, call your processor and ask for a new one.

Editors note: Two merchant accounts will help mitigate risk because card absent aka card not present requirements differ from card present. For example, depending on the transaction method,  address verification and or security code may be required. Merchants with a single dial up terminal that has two merchant accounts my experience costly errors when the salesperson or cashier processes the transaction on the wrong account. It happens.  I see it all the time when I review statements and dig for downgrade reason codes. One solution is automated merchant account switching via Cenpos.