Tag Archives: visa

2026 Credit Card Surcharge Laws Update

Posted on by

What are 2026 surcharge regulations?

Business to business (B2B) credit card surcharge article includes specifics for companies, not government or education, and in particular for B2B and automotive, truck, and related dealers. Merchants must consider Federal and state laws as well as merchant account, Visa, MasterCard and other card networks compliance rules.

Since our Feburary 2025 credit card surcharge update there have been no changes to surcharge, but plenty of other changes that will affect merchants, including Visa VAMP. Most notably, on July 1, 2024, when a new California law called Senate Bill 478 went into effect.

Which states prohibit merchants surcharging?

States with other surcharge regulations

  • Colorado allows credit card surcharging up to 2%. 
  • New York, New Jersey, Nevada, and South Dakota prohibit surcharges from exceeding the cost that the merchant pays to accept the card. (See also Visa merchant surcharge rules.)
  • The legislative intent in many states was to protect consumers, and not to restrict B2B surcharging, therefore, B2B companies may have exceptions. 

Can a B2B company use surcharge to offset fees?

The rules vary across multiple card brands and terms of acceptance. Here’s a 2025 updated review of who can surcharge, what card types, and checklist of how to roll out credit card surcharge at your company. The answers are targeted for business to business merchants, our area of expertise. Historically if a merchant complies with Visa surcharge rules, they’d be compliant with other brands, so we often cite that as the standard. A B2B company that wishes to surcharge in every state should contact an attorney.

What is a credit card surcharge?

Surcharge is any fee charged by a merchant for the use of a card.These disclosure requirements include advance notice to both Mastercard and the merchant’s acquirer of the merchant’s intention to impose a surcharge no less than thirty days before the merchant implements a surcharge.

These disclosure requirements include advance notice to both Mastercard and the merchant’s acquirer of the merchant’s intention to impose a surcharge no less than thirty days before the merchant implements a surcharge.

What’s the difference between a surcharge and convenience fee? Convenience fees can only be charged for a bona fide convenience in the form of an alternative payment channel outside the Merchant’s customary payment channels and not charged solely for the acceptance of a Card. If a merchant only accepts credit cards, it’s prohibited. If a merchant is 100% card absent, merchant cannot charge a convenience fee.

Card brands agree on this for surcharging:

  1. Merchant Discount Rate is the fee, expressed as a percentage of the total transaction amount that a Merchant pays to its Acquirer or Service Provider for transacting on a Credit Card brand. In short, it’s typically all the fees on your merchant statement EXCEPT PCI compliance, terminal rental fees or any other special fee that is not paid via the mechanism of the per-transaction merchant discount fee. Per Visa, merchants must “Limit the amount to your merchant discount rate (MDR) for the applicable credit card or 3% whichever is lowest.” This is the reason merchants can get in trouble if their surcharge solution provider charges a flat amount for every card type.
  2. The Surcharge amount must be submitted separately (in the defined surcharge field) from the Transaction amount in the authorization and clearing message.
  3. The receipt must list the surcharge amount separately.
  4. If the original transaction has a partial or full refund, the surcharge amount must all be refunded proportionally.
  5. Surcharge on debit or prepaid cards is prohibited for all merchants.To ensure compliance use a payment gateway that can identify the card brand and type of card to allow surcharges only on eligible cards.
  6. The fee must be relative to their average cost of card acceptance.
  7. Any surcharge amount, if allowed, must be included in the Transaction amount and not collected separately.

How much can a merchant surcharge?

In short, surcharging is allowed to cover costs, not to make a profit. Let’s face it, based on the rules above, to simplify implementation, merchants will surcharge at the brand level because they lack the technology to discern between product types on a per transaction basis. Taking all that into account what can you surcharge?

  • Cannot exceed Maximum Surcharge Cap, which for Visa is currently 3%, effective April 15, 2023, and MasterCard remains at 4% in 2025.

Just because somebody offers it doesn’t make it right. Some companies are offering “free merchant accounts” by offsetting fees with surcharge of 3.5% or even 4%, both exceeding current rules. The average B2B company has much lower than 3.5% effective rate so that was always a violation of card acceptance rules, subject to penalty. The companies offering these services are making big money on the spread of actual fees vs what customers are paying. Again, these are card brand rules violations.

Non-compliant merchants could face fines ranging from $50,000 to $1 million according to a memo from a. credit card processor to merchants, 12/2023 ahead of expected increase in Visa enforcement in 2024 and beyond.

Surcharge checklist:

  1. Merchants must notify their acquirer 30 days before they begin surcharging; must state whether will surcharge at the brand level or product level.
    1. https://www.visa.com/merchantsurcharging
    https://www.mastercard.us/en-us/business/overview/support/merchant-surcharge-rules.html
    1. Amex- none required
  2. For card not present orders, disclose verbally if telephone; for online orders minimum 10-point Arial font, but in any case no smaller or less prominent than surrounding text.
  3. Receipt must be delivered with the surcharge as a separate line item.
  4. The surcharge amount must be sent with the transaction for authorization.
  5. Retail Point-of-Entry Disclosure example: “We impose a surcharge on credit cards that is not greater than our cost of acceptance. We do not surcharge debit cards. ” Main entrance(s) of the Merchant Outlet, in a minimum 32-point Arial font, but in any case no smaller or less prominent than surrounding text.
  6. Point of transaction sign: Every customer checkout or payment location, in a minimum 16-point Arial font, but in any case no smaller or less prominent than surrounding text.

What’s the penalty for non-compliance with surcharge rules? Fines. Acquirers of any merchant identified as surcharging improperly may be assessed an immediate US $1,000 fine. They pass those down to their clients. Acquirers (the credit card processor or merchant account provider) merchant clients could face fines ranging from $50,000 to $1 million. This is not all inclusive.

  1. Effective January 2025, Kansas allows surcharging.
  2. In 2015, the 11th U.S. Circuit Court of Appeals, a federal court, overturned Florida state law as being unconstitutional, allowing surcharges to legally continue in Florida and nine other states that had enacted bans against them. The case was a highly contentious 2-1 decision in which the court’s chief judge said the state surcharge bans (like Florida’s) were “being struck down by a federal court for no good reason.”
  3. In December 2019, Oklahoma attorney general official opinion declaring the state’s no-surcharging law unconstitutionally restricts free speech. 

Surcharge Laws Stories:

  • NYS new rules in effect on February 11, 2024. https://www.governor.ny.gov/news/governor-hochul-announces-new-law-clarify-disclosure-credit-card-surcharges-goes-effect-sunday
  • Visa Intensifies Enforcement on Merchant Surcharges https://thefinancialtechnologyreport.com/visa-intensifies-enforcement-on-merchant-surcharges/
  • Visa Revises Rules Governing Surcharge Programs https://www.taftlaw.com/news-events/law-bulletins/visa-revises-rules-governing-surcharge-programs-1/
  • 2/2023 NJ Businesses Fined For Credit Card Surcharge Without Proper Notice https://lakewoodalerts.com/cracking-down-businesses-fined-for-credit-card-surcharge-without-proper-notice/
  • California update
    https://oag.ca.gov/consumers/general/credit-card-surcharges
  • 2018 Florida https://www.nbc-2.com/story/40273084/you-can-legally-be-charged-extra-for-using-a-credit-card
  • 2018 case in California http://delfinomadden.com/credit-card-surcharge-ban/
  • http://fortune.com/2017/03/29/credit-card-charges-supreme-court-freedom-speech/

State statutes on surcharge laws

  1. Maine Credit and Debit Card Surcharges https://www.maine.gov/pfr/consumercredit/consumer/surcharge.html
  2. https://oag.ca.gov/hiddenfeeshttps://portal.ct.gov/DCP/Legal/Credit-Card-Surcharge
  3. https://m.flsenate.gov/Statutes/501.0117
  4. https://portal.ct.gov/dcp/legal/credit-card-surcharge?language=en_US
  5. https://sll.texas.gov/faqs/credit-card-surcharge
  6. https://statutes.capitol.texas.gov/Docs/BC/htm/BC.604A.htm#604A.0021
  7. https://malegislature.gov/Laws/GeneralLaws/PartI/TitleXX/Chapter140d/Section28a Massachusetts statutes.
  8. Maine https://legislature.maine.gov/statutes/9-A/title9-Asec8-509.html
  9. Minnesota https://www.revisor.mn.gov/statutes/cite/325G.051

For more information, see Surcharge law resources under Merchant Alerts & Rules Links or contact your acquirer for accurate and current information specific to your situation. Neither Christine Speedy nor this web site provide legal advice. Consult an attorney for all your legal questions.

Does your company want to surcharge? Or do you want to reduce fees with payment optimization? Call Christine Speedy right now at 954-942-0483, 9-5 ET for compliant solutions. Please share your surcharge insights for others and ask any questions below. The information herein is based upon public information available at the time written and may change.

3D Merchant Services is rebranding as Greater Good Tech.

Disclaimer: This information is for reference only and is not legal advice. Rules are constantly changing, and you should verify the accuracy of surcharge laws for your business needs and location.

Visa Acquirer Monitoring Program (VAMP) Explained

Posted on by
Reply

Why does compliance with Visa’s new VAMP program matter and what do merchants need to do?Visa’s new VAMP program for online payments became effective April 1, 2025, consolidating five existing fraud and dispute programs into a single acquirer program. The payment gateway is a critical tool for merchant compliance. Do not assume your payment gateway will get you compliant.

Fraud problems are not just from real buyers but bots attacking web servers. A big mistake is thinking you won’t have a fraud problem with your B2B business. That’s because criminals are not necessarily looking for your business, but they are automatically seeking technical vulnerabilities. For example, card testers can blast a thousand attempted transactions in seconds. Without controls to prevent, you’ll be stuck with potentially thousands of dollars in authorization fees.

Fraud prevention and risk management are critical to maintaining the integrity of financial transactions. One of the ways Visa addresses these concerns is through the Visa Acquirer Monitoring Program (VAMP). This program aims to ensure that merchants and acquirers meet Visa’s security standards and mitigate fraud risks across the payment ecosystem. This article delves into what VAMP is, how it works, and how payment gateways contribute to compliance.

What is Visa VAMP?

The Visa Acquirer Monitoring Program (VAMP) is an initiative by Visa designed to monitor and enforce the compliance of acquirers and merchants with Visa’s security requirements. The program tracks merchant activities and identifies merchants who present an elevated risk for fraud, allowing Visa to take action before fraud risks escalate.

VAMP operates primarily by analyzing transaction data to detect patterns indicative of fraud. It uses a sophisticated risk algorithm that identifies outliers in a merchant’s transaction activity, such as unusual chargeback rates or instances of card-not-present fraud, both of which are major indicators of potential fraud.

If a merchant is flagged by the VAMP program, the acquirer is notified and required to investigate and take corrective actions. This can include additional monitoring or, in more severe cases, suspension of the merchant’s account. The goal is to protect cardholders and the broader Visa ecosystem from fraudulent activity.

Key Elements of the Visa Acquirer Monitoring Program

The Visa Acquirer Monitoring Program includes several important components that aim to maintain compliance and ensure the integrity of transactions:

  1. Risk Scoring and Monitoring: VAMP assigns risk scores to acquirers and merchants based on a variety of factors. Merchants with high chargeback rates, evidence of data breaches, or other signs of fraudulent behavior are placed under heightened scrutiny. Every month, Visa pulls data from your acquirer about:
    • How many of your online transactions were reported as fraud?
    • How many turned into disputes/chargebacks?
    • How many card-not-present transactions have you successfully processed?
    • Visa then plugs these numbers into one formula — the VAMP ratio — to see whether you (or your acquirer’s overall portfolio) are within acceptable limits.
  2. Risk Thresholds: The Visa VAMP ratio is calculated by Fraud Reports plus Disputes divided by the number of transactions.. For USA merchants, the excessive VAMP threshold ratio is 2.20% and a minimum of 1,500 transactions. Merchants who exceed these thresholds are flagged for further investigation. Fraud that turns into a chargeback gets double-counted. Effective April 1, 2026 the Excessive threshold drops to 1.50%, potentially flagging more merchants unless fraud and disputes are reduced.
  3. Corrective Actions and Penalties: Once a merchant is flagged, the acquirer is responsible for taking corrective actions. If corrective actions are not taken, Visa may impose penalties such as fines or even suspension of the merchant’s ability to accept Visa transactions. Acquirers then pass these costs along to merchants.
  4. Education and Resources: Visa provides acquirers with resources to help them better understand compliance and fraud prevention measures. This includes best practices, training, and guidance on preventing fraud and maintaining a secure payment environment.

Why VAMP Matters for Acquirers and Merchants

For acquirers, VAMP is a tool that ensures they are working with merchants who adhere to Visa’s standards for security and risk management. Acquirers are responsible for monitoring their merchants’ activities and reporting any fraudulent or non-compliant behavior to Visa. Failure to comply with VAMP can lead to increased fines, penalties, and even the termination of the ability to process Visa transactions.

For merchants, compliance with VAMP is essential for protecting the business from fraud-related losses. Non-compliance can result in financial penalties and loss of access to the Visa payment network, which can significantly impact the business’s ability to process payments.

How Payment Gateways Play a Role in VAMP Compliance

Payment gateways are a critical component of the payments infrastructure. Payment gateways play a key role in ensuring that merchants comply with proper authorization and Visa’s security protocols, including those outlined in VAMP. If you recall when EMV chips were launched, a lot of players in the payment ecosystem were not compliant, some of them took years to catch up and some never did.

  1. Fraud Detection and Prevention: Payment gateways incorporate various tools and technologies to detect and prevent fraudulent transactions. These tools include features such as Address Verification Service (AVS), CVV checks, velocity checks, 3-D Secure, other filters. By detecting and preventing fraud before it occurs, payment gateways help merchants stay within Visa’s risk thresholds. 3-D Secure can reduce merchant fees. Some gateways have more robust merchant manageable solutions than others.
  2. Security Features: Visa’s security standards require merchants to implement strong encryption and secure payment processes. Payment gateways are responsible for ensuring that all cardholder data is encrypted and stored securely. They also support features like tokenization, which replaces sensitive card data with unique identifiers, further reducing the risk of data breaches and fraud. All of the major payment gateways have robust security.
  3. Chargeback Management: A high chargeback ratio is a major red flag for the VAMP program. Payment gateways provide tools for merchants to manage and reduce chargebacks, such as implementing fraud prevention measures. The most effective solutions automate transaction management to mitigate risk of fraudulent attempts in the first place.
  4. PCI DSS Compliance: Payment gateways are required to comply with the Payment Card Industry Data Security Standard (PCI DSS), which mandates a set of security measures designed to protect cardholder data. PCI DSS compliance is directly linked to Visa’s security expectations and plays a critical role in VAMP compliance. All of the major payment gateways offer PCI compliant solutions.
  5. Reporting and Analytics: Payment gateways also provide merchants and acquirers with detailed transaction reports and analytics that can help identify trends, spot potential fraud, and ensure ongoing compliance with Visa’s monitoring criteria.
  6. Proper Authorization: This is one of the least talked about but critical component to mitigate chargebacks. Examples of challenging rules that many payment gateways don’t comply with are mismatched authorization and settlement, one dollar pre-authorizations, and expired authorizations.

Visa VAMP is a critical initiative for maintaining the security and integrity of the Visa payment ecosystem. It is a program that holds acquirers and merchants accountable for managing fraud risks and ensures that high-risk merchants are identified and monitored effectively. Payment gateways play a central role in compliance by offering essential fraud prevention tools, securing transactions, and supporting proper authorization compliance.

By staying proactive about security, monitoring transaction data, and implementing Visa’s recommended best practices, merchants and acquirers can ensure they remain compliant with Visa’s VAMP program, help protect themselves and their customers from fraud, and reduce fees.

For more detailed guidance on how to comply with Visa VAMP, visit Visa’s official Acquirer Monitoring Program page.

For a free consultation on compliant B2B payment gateways, contact 3D Merchant Services.

Visa Rules Update 2024 For Merchant Credit Card Processing

Posted on by
Reply

The summary of Visa Rules 2024 changes is nearly 20 pages! Translation: Merchants need for advanced payment processing technology to automate processing rules compliance. It’s critical avoid unwanted extra fees and issuer initiated chargebacks. Here’s a simple way to validate whether technology you have now is likely to support new and future changes:

  1. Reviewing your merchant statement, do you have any transactions with interchange rates of 2.95% or 3.15%, the most common “non-qualified” rates? 
  2. Have you had any issuer generated chargebacks?

If you answered yes, please call 954-942-0483 or use our contact form a FREE review.
Bookmark our handy reference list of card brand rules here.

Since 2007, 3D Merchant Services has offered exceptional services to automotive, manufacturing, distribution, and construction related industries.

Call Christine Speedy, For simple solutions to complex B2B payment transaction problems, 954-942-0483, 9-5 ET. With a focus on card not present and omnichannel technology, Christine has been a sought out payment technology resource for clients, consultants, panels/forums, and the media.

Mandatory Visa logo update

Posted on by
Reply

Do you display the Visa logo on your ecommerce web site or other online checkout? Visa mandatory deadline to implement updated logos was August 31, 2021. The merchant signage web page below includes all the logos and general requirements and guidelines for use of Visa brand artwork.

Visit Visa brand logos guidelines for partners, acquirers and online merchants, used across credential-on-file, stored credential and online transactions for immediate logo downloads.

3 Things Accountants Must Advise B2B Clients in 2020

Posted on by
Reply

Credit card processing may be a big part of the revenue stream or a small part. It doesn’t matter. B2B companies all suffer from the same issues that impact EBITDA and risk. Compliance, cost and security. It’s fair to say, most businesses have no idea what the hot buttons or repercussions are.

Three things every B2B company needs to know about credit card processing right now:

  1. If you store credit cards, you must be compliant with Visa Stored Credential Framework. I posted this in 2017. Guess what? Most payment gateways (if you accept payments online from an invoice or any other source, a payment gateway is involved) are still not compliant! There are significant financial and risk consequences for non-compliance, including penalty fees, fines, and issuer generated chargebacks.
  2. Failure to settle transactions with a proper authorization will be even more expensive starting in April 2020. For example, many Visa credit card rates will go to 3.15%, reflecting upwards of 0.75% increase in some cases; that’s strictly interchange fees, nothing more. Instead of assuming you’re already settling properly, go to your merchant statement and look for DATA RATE I (instead of Data Rate III), STD/Standard, and EIRF. Do you have any of these? See also https://3dmerchant.com/blog/merchant-processing-services/credit-card-transaction-fees-checkup
  3. It’s a Visa rules violation to request the card security code on a paper credit card authorization form, or any digital form where the business can decrypt and view it. It can’t be stored, period. Not by the merchant nor service provider, including payment gateway. Yet even the AICPA

Why these 3 things? Because 100% of B2B companies I talk to will fail on at least one, and usually two or three. That includes CPA firms. Among the American Institute of Certified Public Accountants missions is to provide “the most relevant knowledge, resources” etc. Yet as of this writing, AICPA affinity credit card processing partners include a long list of technology solutions that are not compliant with all three of the above.

86% of all data breaches in 2016 were from level 4 merchants, defined as “Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.” By complying with the three items on my list, B2B companies will harden their systems and increase profits. The latter occurs because compliance with rules reduces fees. 

If your current acquirer could truly fix all the problems above, why haven’t they taken the initiative to help you in the past? By the way, if someone ever says they help you qualify for level 2 rates, run! All B2B companies should have the right technology to qualify for level 3 rates. Why pay more?

Christine Speedy, 954-942-0483. For a fast, free checkup on your merchant account, contact us today for a secure, cloud-based solution optimizing acceptance for all payment types across multiple channels without disrupting banking relationships.