VerifiedbyVisa is designed to make online purchases with your Visa credit card even more secure. Visa announced via the merchant business news digest March 28, 2019 the Verified by Visa (VbV) program name will be rebranded to Visa Secure. Visa Secure uses 3DS, the industry-wide e-commerce authentication standard.
Existing VbV marks will be replaced with a Visa Secure badge across consumer-facing merchant and issuer channels, while all 3DS authentication screens will simply display the Visa logo.
Old Verified by Visa logoNew Visa Secure logo
Visa developed the 3-D Secure standard—currently branded for Visa cardholders as Verified by Visa— to provide merchants and issuers a way to authenticate the cardholder for card-not-present payments.
Starting 1 October 2019, merchants must use the new badge and messaging whenever EMV 3DS technology is used.
How can merchants get compliant with the Visa Stored Credential Transaction framework and mandates effective October 14, 2017?
Step by step getting started guide for B2B merchants:
Plan how you’ll comply with consent record requirements. See Improving Authorization Management for Transactions with Stored Credentialshttps://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf . Are you going to manage documenting everything or are you going to use technology to help you manage it? Ask your gateway if they’re going to provide a checkbox for consent and if you’ll be able to pull the opt-in records on demand. CenPOS, a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement will automates multiple elements for clients.
Update workflow and documents. Ensure your sales order or associated credit documents include sale, refund and cancellation policies. Add a checkbox for customer opt-in to terms, including online payments. CenPOS has an opt-in box and you can customize the text.Verify if you have a system to manage authorization validity. What the heck does that mean? Many B2B companies have complex needs including pre-authorizations, incremental authorizations, delayed shipping etc. While you may get issuer approvals, that doesn’t mean the authorization is valid. The two most common rules B2B businesses struggle with are Settlement within timeframe for card not present sales, and Authorization amount and settlement amount must be equal. Per Visa Core Rules October 2017, for typical distributor and manufacturer card not present transactions, the authorization must settle no later than 7 calendar days from the date of the initial Approval Response. CenPOS automates compliance. Other payment gateways are incapable or may leave it up to developers to create a solution. Are you compliant now? Look at your merchant statement ‘pending interchange fees. If you see EIRF or STD, that’s a red flag there’s a problem.
Replace paper credit card authorization forms, and any digital form that you can decrypt and view sensitive card data. Offer your customers a way to self-manage their own wallet with either a hosted online pay page or Electronic Bill Presentment & Payment. CenPOS offers both options, including a lite ‘request a payment’ option, and lets your customers choose both text and email. For those not ready to give up paper, CenPOS creates a printable PCI Compliant credit card authorization form for every stored card.
New to online payments? See Visa best practices to prevent brute force attacks. https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html. CenPOS includes recaptcha and client managed velocity and other rules as part of a layered security approach.
Verify your gateway is ready or will be ready to send correct transaction data for the initial transaction and subsequent transactions for both customer initiated and merchant initiated use of the stored credential. You’ll want the payment gateway to perform a zero dollar authorization and authenticate the cardholder with 3-D Secure. Ask your gateway if it will automatically flag a transaction as customer initiated stored credential or merchant initiated stored credential, or if they’ll require you to have multiple gateway accounts, one for each type. CenPOS does all this for you now in a single account.
Get an ecommerce merchant account. This is needed for online payments. Don’t run mail order telephone order (MOTO) transactions on the ecommerce account unless you know your payment gateway can alter the flag sent with transaction to change the transaction type. Many cannot. CenPOS manages all compliance seamlessly in the background; whether you need multiple merchant accounts varies by acquirer/processor.
Register for 3-D Secure, including Verified by Visa, with your acquirer. Don’t do this until you know which payment gateway will be used and get their instructions if applicable.
Communicate with customers. Advise any upcoming changes will increase efficiency and security for everyone.
Why comply? With full compliance, merchants can expect better qualified interchange rates, increased approvals (avoid declines based on issuer risk averse algorithms), reduced PCI Compliance burden, and increased efficiency for both buyer and seller. The cost of non-compliance is hefty, including higher interchange rates, penalty fees, and risk of both issuer and cardholder chargebacks.
The same transaction can process at different rates as shown above, depending on which rules you follow. CenPOS Smart Rate Selector automates compliance to qualify transactions at the lowest rate possible. Which rates are on your merchant statement now?
Why should developers choose CenPOS for their integrated payment gateway? CenPOS has native modules for ERP, shopping cart, accounting and other software.
Increase profits faster
More efficient, quicker reconciliation
More secure- from Encrypted Virtual Keypad to elimination of credit card auth forms
More robust- Wire, ACH, check, Paypal, credit card and more; text and email payments supported. No 3rd party Electronic Invoice solution needed such as BillTrust; CenPOS invoice portal and automated collections included.
Where can I buy CenPOS or learn more? You’ve already found one of the top salespeople, Christine Speedy. All agreements are direct with CenPOS, no middle man.
DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.
With the fast pace of changing rules, companies need a technology partner to automate compliance. Did you know?
CenPOS has a suite of solutions for companies just like yours, solving common problems and increasing profits virtually overnight.
For those not ready to give up paper, CenPOS creates a printable PCI Compliant credit card authorization form for every stored card.
CenPOS has ERP, ecommerce shopping cart, accounting and other plug-in modules available for quick and easy implementation.
I’ve been selling for CenPOS since day 1. Though I have other payment gateways available in my arsenal, nothing else compares for meeting business to business needs.
Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.
Insurance companies must comply with new VISA installment credit card processing rules changes effective October 2017 to maximize business profits and mitigate chargeback risk. Everyone in the payment ecosystem has or will need to make changes to comply, including acquirer, issuer, payment gateway, merchant, and sometimes integrated billing software.
VISA DEADLINE:
October 14, 2017 Visa stored credentials compliance mandate.
INSTALLMENT CREDIT CARD PROCESSING BEST PRACTICES:
Obtain cardholders’ consent to store the credentials. Opt-in check box stored with payment gateway record is recommended.
Have a solution to retrieve consent records on request.
Disclose to cardholders how stored credentials will be used.
Notify cardholders when any changes are made to the terms of use.
When capturing card data for the first time, use a PCI compliant payment gateway to create a random token replacing sensitive data; eliminate paper credit card authorization forms or digital signature forms where payment data is collected on the form, not via a payment gateway.
Inform the issuer via a transaction that payment credentials are now stored. For example, perform an Account Number Verification Transaction via a Zero Dollar Authorization with 3-D Secure Verifed by Visa.This is managed by the payment gateway, and requires specific transaction indicator. TIP: If the solution you’re using performs a $1 authorization, often with a void or reversal after, that’s because the payment gateway, and or the implementation, are out of date and don’t support current requirements. Ask how yours works- assume nothing!
Identify subsequent transactions with appropriate indicators when using stored credentials. Payment gateway to identify all future transactions after storing:
– With an indicator that shows that the Transaction is using a Stored Credential for either Installment, Recurring or Unscheduled Credential On File.
– With the Transaction Identifier of the Initial Transaction.
Follow all cardholder disclosure and consent requirements specified in the Visa Rules. Opt-in check box with digital record managed by the payment gateway is recommended to comply with issuer records requests.
If performing a preauthorization for any transactions, additional new requirements must be met, including for reversals and reauthorizations.
INSURANCE INSTALLMENT BEST PRACTICES
Increasingly complicated rules vary by card brand, business type and many other factors. This article may oversimplify such complexities. Merchants are advised to:
Use tools, including intelligent cloud-based payment gateways, to help comply automatically.
Segregate payment acceptance from applications; example, embedded payment object or i-frame.
Review Visa Stored Credential Transaction Framework bulletins
Review Visa Core Rules and Visa Product and Service Rules
Review workflow for the customer payment experience and confirm payment technology workflow is compliant with new rules. There is no automated update; merchants must actively participate in process to ensure compliance.
COMPLIANCE RISKS AND REWARDS:
Compliance will increase approvals, customer satisfaction, and profits.
Reduce time spent on collections, increase automation, reduce attrition.
Cardholder authentication can qualify some transactions for lower interchange rates plus mitigate losses related to “it wasn’t me”, more commonly seen in higher risk insured policy holders.
Compliance required to participate in Visa Account Updater service.
Non-compliant transactions are essentially invalid authorizations, and issuers will be within their rights to chargeback via Reason Code 72. This is different than a consumer generated chargeback. Issuers are getting slammed with missed payment cardholders and need to get their money back some way; JP Morgan wrote off about $1B in Q1 2017 according to one source. The Wall Street Journal has published several articles over the last year about the surge in subprime credit cardholders missing payments. Overall, we’re looking at a national rate over 4% per quarter- over 16% annually, representing over a trillion dollars. Issuers may want to offset losses from subprime cardholders by collecting monies from merchants for the same.
Chargeback Risk includes the initial transaction and all subsequent transactions that are not in compliance for the allowable chargeback period. For example, if non-compliant the issuer could chargeback installments on October 14, November 14, and December 14.
Before selecting a payment gateway for installments payments, ask these questions:
How will it help with new Visa Stored Credential Mandates compliance?
Does it support 3-D Secure cardholder authentication, for customer initiated payments?
What type of digital record is created at the time of customer opt-in to terms, how is it retrieved, and how long is it retained?
Does it support Zero Dollar Authorization?
Does the receipt dynamically change based on type of transaction, i.e. cash, credit card single payment, installment payment etc.
Does it support level 3 processing for commercial cards (if applicable to business type)?
If I change banks or payment processors, how will it affect my customers? My business?
TIP: Most payment gateways will not be compliant on October 14. An easy starting point to reduce the list of vendor choices is to ask the payment gateway what type of digital record is created at the time of creating an installment agreement, and how will it be accessed? Need help to get compliant? Contact Christine Speedy to learn more about solutions for your business that are quick and easy to adopt, increasing efficiency and growing profits virtually overnight.
Christine Speedy, CenPOS authorized reseller, 954-942-0483 is based out of South Florida and NY. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.
Hotel and lodging industry must update best practices due to 2016 and 2017 changes in Visa and MasterCard rules. Cardholder authentication and multiple authorization indicators are two key components of change. Hotels that comply will maximize profits and security. Noncompliance will result in higher credit card acceptance fees due to penalties, increased declines, reduced profits, and new chargeback risk.For those still using paper credit card authorization forms, few are in compliance with Visa Core Rules 5.4.2.5 Prohibition against Requiring Cardholder or Account Data – US Region.
“A US Merchant or its agent must not: Request the Card Verification Value 2 data on any paper Order Form.”
Authorization validity is front and center to the 2017 rules changes. Merchants used to get and authorization, and settle it later at checkout. Now merchants must send the correct transaction types and link them all together with a unique identifier:
The ESTIMATE (Visa) or UNDEFINED (MasterCard) indicator is sent when the final settlement amount is unknown. The customer must be informed that it is an estimate as well.
INCREMENTAL authorization is obtained when the original authorization expires or to increase the amount on hold.
Final Authorization says this is the final transaction.
TIP: Merchants need 3-D Secure (Verified by Visa, MasterCard SecureCode), a global cardholder authentication standard for card absent transactions, to maximize profits and compliance for card not present transactions, which is only available with customer initiated transactions: hosted pay page, digital payment request, online booking. Paper forms don’t create a digital record tied to the credit card, and cardholder authentication is not possible, as defined by the card brands. It’s also not possible to comply with the rule by key entering data into any desktop terminal.
The unique transaction transaction identifier can be a point of breakdown in the process. For example, the events manager obtains a paper credit card authorization form. The first charge is a deposit; the second charge is at the end of the event; a third charge occurs after assessing damages to a room. In each case, the amount is key entered into the payment processing terminal. Since there is no transaction identifier tying them all together, the authorizations are invalid and the ISSUER is within their rights to chargeback for invalid authorization, example Visa reason code 72.
There are so many nuances to the rules, and changes needed in the payments ecosystem, hotels should not assume existing partners have completed the required updates to comply. Technology that can automatically manage the authorization and settlement process- not the old way, but with all the new rules changes- requires a sophisticated payment gateway. Like EMV, there will be vendors that struggle to adapt.
For compliant solutions that can be used standalone or integrated, improving your customer experience, contact Christine Speedy, 954-942-0483.
Reference materials:
MasterCard® Pre & Final Authorization Mandate by CyberSource, December 2016.
Visa Core Rules October 2016.
MasterCard Revises Standards for Processing Authorizations and Preauthorizations by Vantiv December 2016.
MasterCard Transaction Processing Rules, November 2016.
In 2016, Visa announced new requirements for estimated and incremental authorization requests, introduced new authorization validity periods and merged car and truck rental categories into a new vehicle rental category. These changes are significant, impacting chargeback risk to cruise, lodging and vehicle rental, heavy duty equipment rental and other merchants.
Two changes of note:
Revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment
flow related to Disputes. This will be covered in a separate article. A key component to mitigate chargeback risk is support for Verified by Visa.
Expansion of Special Authorization Allowances Effective 15 October 2016, 22 April 2017, and 14 October 2017.
Revisions to Special Authorization rules include processing of:
Estimated Authorization Requests
Initial Authorization Requests
Incremental Authorization Requests,
Authorization Reversals, Issuer hold, releases, and Chargeback rights
Applicable Merchants Impacted Effective 22 April 2017:
Aircraft rental
Bicycle rental
Boat rental
Equipment rental
Motor home rental
Motorcycle rental
Trailer park or campground rental
Lodging
VISA Authorization Rule Summary:
Must send “estimated” flag with the initial authorization; the amount is not final and may change.
Estimate cannot include amount for potential damage or insurance deductible.
When closing out, must indicated that sale is ‘final’, and do a reversal for any difference within 24 hours.
There are many nuances to the rules and potential chargeback reason code 72 risk, which were non-existent in the past. Rather than consumer initiating a chargeback, the issuer will be within their rights to initiate a chargeback if the merchant fails to comply with the rules, for example, failing to submit the correct authorization flag for an estimate.
Further details about subsequent authorizations vary by industry. For example, Merchant may need to submit a final Incremental Authorization Request. Due to the complexity and variation by industry, merchants are advised to read the rules and ensure the payment processing technology in place will support the new rules. Payment gateways are a key component for compliance; all gateways must be updated if they’re going to support merchant compliance needs.
Contact Christine Speedy, for compliant lodging and rental payment gateway solutions that work with your existing financial partners, including First Data, Chase Paymentech, Tsys, Moneris, Global, and many others.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
