Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.

Card Not Present, CenPOS, credit card processing

Main menu

Skip to primary content
Skip to secondary content
  • Home
  • Christine Speedy, Author
  • Interchange Rates
  • How much can I save?
  • Glossary: Payment Processing Terminology
  • Merchant Alerts & Rules Links
  • Merchant Security : PCI Compliance (Sticky)

Tag Archives: Payment Account Reference

Payment Account Reference (PAR) Impact On Recurring Billing

Posted on July 28, 2016 by Christine Speedy
Reply

Payment Account Reference (PAR) will become a major force in changing in how recurring billing transactions are processed, and risks that merchants will bear. Swiped, key-entered, and e-commerce transactions are all impacted because merchants will need to tie subsequent token transactions to the original transaction that customer authorized. This raises questions as to what technology will be able to support it, and how quickly will companies be able to adopt it?

EMVco updated their EMV Payment Tokenization Specification Technical Framework earlier this year to include a new field for PAR. This field must transcend throughout the payment ecosystem to acquirers, issuers, and merchants by updating all those systems to support it. That means changes to payment terminals, gateways, processing systems, and potentially ERP and other integrated solutions. With the framework in place, the rest of the ecosystem can begin updating systems to take advantage of the benefits.

PAR enables the payment acceptance community to link a cardholder’s payment token with their PAN transactions without needing to use their underlying card account number.

Merchant Liability

Official announcement is not yet available, however, following the logic of similar security updates, the merchant would risk chargeback on any transaction that does not include the PAR value. The issuer or the acquirer could potentially initiate on the premise there’s no proof customer approved, and therefore there’s fraud liability risk. To reduce their risk, the merchant could be held liable. That means 3 months into a service, all prior transactions could be ACH’d right out of merchant bank account, plus there’d be chargeback fees for each transaction. Additionally, with multiple chargebacks with a single cardholder it’s foreseeable merchants could end up in oversight pool for excessive chargebacks.

Timeline for Compliance

Official announcement is not yet available, however, technical framework specifications for developers were released about 6 months ago. Changes impacting processing fees etc. are typically effective October and April of each year.

Why PAR now? 

PAR enables the industry to move away from dependence on the PAN as the primary linkage between various payment processing and value-added services, for example, loyalty programs. As EMV grows increasing card present security, fraud tends to move online; PAR is intended to reduce card not present fraud, increase security, and create a consistent global framework for all participants.

Current Recurring Billing Compliance

Today, when a merchant processes a transaction for a card the customer has authorized to keep on file, the ‘recurring‘ transaction type indicator is required to be sent with each authorization request. A payment gateway is a required, since physical terminals are unable to meet requirements. For example, a retail store sends a SALE transaction type, while a company offering SaaS sends Recurring Payment indicator in authorization messages. Business to business merchants run into compliance, and risk of chargeback losses, when a customer agrees authorizes keep card on file, and they key enter the card number.  As far as the issuer and acquirer are concerned, it’s a retail sale, and all the rules of acceptance, risk, and interchange rate qualification apply. 

Some companies use paper credit card authorization forms, and they key enter into a retail terminal or virtual terminal each and every time; those transactions are NOT sent correctly with RECURRING indicator. 

Future Recurring Billing Compliance

Tokens replace sensitive card data and are then used to perform future variable, fixed, or installment recurring billing. PAR cannot be used to initiate payment transactions nor reverse engineered to obtain PAN data. When a token is created, a PAR value will also be created. The PAR must be supplied with all future authorization requests.

Merchants using ‘dumb terminals’, i.e. terminals that are not payment gateway driven, are incapable of supporting such a service. For omnichannel merchants, partnering with a progressive technology company that meets all current and future payment needs is going to be essential to comply with PAR and more payment changes likely to come.

“If your current provider was late to market with EMV, if they don’t support 3D Secure, if they can’t provide one payment gateway for all sales channels, it’s probably time to start looking for another payment technology partner,” Christine Speedy, Global Reseller for CenPOS, a merchant-centric, enterprise payment solutions company.

0
0
Posted in ecommerce, EMV, Payment Gateway, security | Tagged PAR, Payment Account Reference, payment gateway, Recurring Payment, token billing | Leave a reply

Search

Newsletter

privacy

Categories

  • CenPOS (295)
    • knowledege base (25)
  • EBPP (36)
  • ecommerce (23)
  • Equipment-POS (170)
    • EMV (27)
    • virtual terminal (45)
  • ERP (20)
  • industry news (291)
    • dealer services (12)
    • government news (56)
    • merchant blunders (1)
  • managing costs (94)
    • chargebacks (13)
  • Merchant Services (296)
    • changing payment processors (11)
    • check and ACH (2)
    • ecommerce (11)
    • level 3 processing (27)
    • merchant account Q&A (52)
    • mobile payments (31)
    • new business (1)
    • non-profit (15)
    • Payment Gateway (52)
    • recurring billing (11)
    • Review (5)
  • Misc (6)
  • online payments (28)
  • podcast (1)
  • rates (88)
  • security (182)
    • Credit Card Authorization Form (17)
    • data breach report (12)
    • federal & state laws (7)
    • fraud protection (37)
    • identity theft (19)
    • PCI Compliance (76)
  • terminal functions (5)
  • terminology (15)
  • video blog (22)

Recent Comments

  • Rocco Vignone on CAPK expired error messages on VeriFone EMV terminals
  • Christine Speedy on Sekure cost review, Sekure Card, Sekure Merchants Review
  • Christine Speedy on Sekure cost review, Sekure Card, Sekure Merchants Review
  • Christine Speedy on Credit card surcharge rules and laws 2019
  • Christine Speedy on Magento Developer Alert: Visa Mandate and Payment Gateways
Proudly powered by WordPress