VISA FRAUD DISPUTE RULES CHANGES IMPACT CARD NOT PRESENT

April 5, 2017—This alert contains critical information regarding new and revised Visa card acceptance rules effective now and coming in the future for merchants. Business to business companies may be at higher risk of associated chargeback losses or declines due to the average size of order. Effective April 22, 2017, Revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment flow related to Disputes.

Christine’s Analysis: Merchants need to support both EMV chip for Card-Present and Verified by Visa for card not present. Verified by Visa is their brand for 3-D Secure, a global security protocol for cardholder authentication across all card brands. For example, a  cardholder might be asked to enter a PIN number or answer some other type of authentication question. Cardholder authentication for Card-Absent Transactions shifts liability for “it wasn’t me” disputes to the issuer. This card-absent cardholder authentication process requires cardholders self-initiate payments, eliminating collecting card numbers via phone or paper credit card authorization forms. Merchants are rewarded for using cardholder authentication with reduced interchange rates and increased approvals.

Christine’s TIP: Per Visa rule 5.4.2.5, a US merchant or its agent must not Request the Card Verification Value 2 data on any paper Order Form. Replace paper forms with digital, PCI Compliant forms and online payment solutions with cardholder authentication ASAP.

Online payment solutions include a hosted pay page like the one shown below.

hosted paypage online payments

A hosted pay page empowers customers to make secure payments online using a 3rd party provider (Payment Gateway also known as a Payment Facilitator.)

Other solutions include pushing out payment requests, such as via a text or email. electronic invoice presentment and payment eippWith new and revised rules impacting the entire payment ecosystem including issuer, acquirer, gateway, merchant, and potentially other software like ERP’s and ecommerce shopping carts, merchants should verify all parts their payment ecosystem supports them. Desktop terminals are not capable of supporting all the rules for card absent needs; a cloud-based payment gateway is required whether non-integrated, or integrated ecommerce shopping cart, ERP or other software.

Does your online payment solution support Verified by Visa, or do you need a solution? Contact Christine Speedy at 954-942-0483 for a fast and easy solution, compatible with your existing credit card processor.

What is Auth Code 14, declined?

A credit card processing response of Auth Code 14, is a decline for Processor Declined, Fraud Suspected. Why does this happens for recurring billing, including unscheduled recurring billing using a stored credential, also known as a token on file? The method used to store the first transaction, and process subsequent transactions can impact authorization approvals.

For example, a merchant has successfully processed unscheduled transactions using a token on file since 2016. However, in 2017, declined for Auth Code 14 appeared.

auth code decline 14

Why would a previously stored and working card decline now? Look at the AVS,  ZIP, and CVV response above. Compare to the example below.

token billing

For the second receipt, AVS match Y= address and 5 digit zip match, Zip match Y=Address and 5 digit zip match, CVV = match X, cannot verify CVV. Because CVV was verified a match on the initial zero dollar authorization it’s not required to be presented on subsequent transactions.

The first example is returning that information does not match, thus the reason for suspected fraud. Without looking at the very first authorization when token was created, several possibilities exist, including  cardholder issued a new chip card with same number but other changes occurred in the interim; cardholder address changed or was never validated.

Merchants are at risk of issuer initiated chargeback if authorization rules are not followed. Refer to  Visa Product and Service Rules, Table 5-21: Requirements for Prepayments and Transactions Using Stored Credentials for more information. With recent rules changes, and more coming October 2017, merchants need a cloud based solution that can automate compliance. Not all of them have that intelligence. For example, some cloud based payment gateways enable merchants to perform prohibited transaction requests that put the authorization at risk of chargeback for non-compliance.

Due to many recent and upcoming changes for card absent and recurring billing with stored credentials, merchants are advised to review processes to include empowering customers to self-manage adding cards on file, and using cardholder authentication. Visa requires Verified by Visa for cardholder authentication in a card not present environment; without it, expect increasing declines.

Disclaimer: The rules of card acceptance are very complex and change typically twice a year, sometimes with interim bulletins regarding more changes. Merchants should read the manual for complete details regarding card acceptance for your business type.

Christine Speedy, authorized CenPOS reseller, provides universal payment processing solutions, including cardholder authentication, to maximize merchant profits and mitigate risk across multiple sales channels. Contact Christine at 954-942-0483. 

Hotel credit card authorization form 2017 change

Hotel and lodging industry must update best practices due to 2016 and 2017 changes in Visa and MasterCard rules. Cardholder authentication and multiple authorization indicators are two key components of change. Hotels that comply will maximize profits and security. Noncompliance will result in higher credit card acceptance fees due to penalties, increased declines, reduced profits, and new chargeback risk.hotel credit card authorization formFor those still using paper credit card authorization forms, few are in compliance with Visa Core Rules 5.4.2.5 Prohibition against Requiring Cardholder or Account Data – US Region.

“A US Merchant or its agent must not: Request the Card Verification Value 2 data on any paper Order Form.”

Authorization validity is front and center to the 2017 rules changes. Merchants used to get and authorization, and settle it later at checkout. Now merchants must send the correct transaction types and link them all together with a unique identifier:

  1. The ESTIMATE (Visa) or UNDEFINED (MasterCard) indicator is sent when the final settlement amount is unknown. The customer must be informed that it is an estimate as well.
  2. INCREMENTAL authorization is obtained when the original authorization expires or to increase the amount on hold.
  3. Final Authorization says this is the final transaction.

TIP: Merchants need 3-D Secure (Verified by Visa, MasterCard SecureCode), a global cardholder authentication standard for card absent transactions, to maximize profits and compliance for card not present transactions, which is only available with customer initiated transactions: hosted pay page, digital payment request, online booking. Paper forms don’t create a digital record tied to the credit card, and cardholder authentication is not possible, as defined by the card brands. It’s also not possible to comply with the rule by key entering data into any desktop terminal.

The unique transaction transaction identifier can be a point of breakdown in the process. For example, the events manager obtains a paper credit card authorization form. The first charge is a deposit; the second charge is at the end of the event; a third charge occurs after assessing damages to a room. In each case, the amount is key entered into the payment processing terminal. Since there is no transaction identifier tying them all together, the authorizations are invalid and the ISSUER is within their rights to chargeback for invalid authorization, example Visa reason code 72.

There are so many nuances to the rules, and changes needed in the payments ecosystem, hotels should not assume existing partners have completed the required updates to comply. Technology that can automatically manage the authorization and settlement process- not the old way, but with all the new rules changes- requires a sophisticated payment gateway. Like EMV, there will be vendors that struggle to adapt.

For compliant solutions that can be used standalone or integrated, improving your customer experience, contact Christine Speedy, 954-942-0483.

Reference materials:

  • MasterCard® Pre & Final Authorization Mandate by CyberSource, December 2016.
  • Visa Core Rules October 2016.
  • MasterCard Revises Standards for Processing Authorizations and Preauthorizations by Vantiv December 2016.
  • MasterCard Transaction Processing Rules, November 2016.

See merchant bulletins – downloads for links to many resources.

Visa and Viewpost to Accelerate Electronic Bill Payments for U.S. Businesses

Partnership to Simplify B2B Payments with Visa Virtual Credit Cards

SAN FRANCISCO & ORLANDO, Fla.–(BUSINESS WIRE)–Mar. 28, 2017– Visa Inc. (NYSE:V) and Viewpost®, a secure B2B network for electronic invoicing, payments and real-time cash management, today announced an exclusive partnership to bring electronic business payments to Viewpost’s small to medium-sized business clients (SMBs). By using Visa virtual commercial cards through their participating financial institutions, SMBs will increase automation, convenience and security for their B2B transactions.

Viewpost’s SMB customers will be able to benefit from Viewpost electronic payment capabilities and the use of a secure, one-time Visa virtual account number. When a virtual card payment is made through Viewpost, the supplier will receive a one-time virtual account number for posting funds to its merchant account. Viewpost will then deliver data-rich remittance information to both businesses, such as, paid invoices, the amount paid and the due date. If a supplier does not accept virtual commercial card payments, an invitation can be extended through a proprietary automation method, which makes enrollment quick and simple.

“Providing access to simple, secure working capital solutions for SMBs is a critically-important focus for our business,” said Vicky Bindra, global head of products & solutions at Visa Inc. “Our collaboration with Viewpost gives SMBs comprehensive financial management tools in a single portal – right where they bank. We are thrilled to partner with Viewpost and make our customers’ lives easier by significantly reducing time, cost and friction around payment, so they can focus on what is most important – managing and growing their businesses.”

As a trusted, open B2B network available to businesses of all sizes, Viewpost gives financial institutions the tools that enable SMBs to connect and exchange electronic invoices and payments, share transaction data and access working capital on demand with unprecedented ease and visibility. Visa’s partnership with Viewpost will help financial institutions in the U.S. bring to market a fully integrated and optimized SMB finance management solution that seamlessly integrates with their online banking site.

“We’re excited to partner with a renowned brand and payments technology leader like Visa,” said Max Eliscu, CEO at Viewpost. “This partnership accelerates our ability to address costly pain points in the multi-trillion-dollar B2B payments ecosystem1 while also, and perhaps most importantly, bringing flexibility, cost savings and simplicity of payment to the massive and underserved small business marketplace.”

“According to our 2016 Small Business Payments and Banking Survey, over two thirds of respondents indicated they preferred to pay bills through online banking tools, rather than a supplier’s website,” said Ken Paterson, vice president of research operations, Mercator Advisory Group. “The Visa/Viewpost partnership promises to offer a seamless integration for banks who are looking to enable their customers to have one centralized destination for all of their corporate payment needs.”

About Visa Inc.

Visa Inc. (NYSE: V) is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories to fast, secure and reliable electronic payments. We operate one of the world’s most advanced processing networks — VisaNet — that is capable of handling more than 65,000 transaction messages a second, with fraud protection for consumers and assured payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa’s innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, pay ahead of time with prepaid or pay later with credit products.

About Viewpost

Viewpost North America is revolutionizing the way businesses transact with each other. Viewpost built the most trusted open business network to empower businesses of all sizes with real-time cash management for anytime operating decisions. On the secure Viewpost network, companies connect and exchange electronic invoices and payments with unprecedented ease and visibility, accessing working capital on demand. Enterprise clients are using Viewpost to cut costs, increase efficiency and improve cash management, including Accenture, Florida Hospital Medical Center, Georgetown University, the Orlando Magic and Whole Foods Market. With enterprise-grade security, including ISO 27001 and SSAE16 audited certifications and the TRUSTe Privacy Seal and Skyhigh CloudTrust Enterprise-Ready Rating, Viewpost is partnering with financial institutions to bring cash management tools to business customers at U.S. Bank, Bank of America and Fifth Third Bank. Viewpost innovation has been awarded Best in Show by Barlow Research, Best CISO/CSO by FireEye Cyber Defense Summit, CSO50 Award (four-time honoree) by IDG’s CSO, and Best B2B Payments Platform by Tradestreaming. Since Viewpost was opened to the public in early 2015, the total invoices presented and payments processed has reached $71.4 billion across the network. Founded in 2011, Viewpost is headquartered in the Orlando area with additional teams in Boston, Minneapolis and San Francisco.

1 Source: Accenture, https://www.accenture.com/us-en/~/media/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Industries_5/Accenture-FS-Payment-Services-Corporate-Payments-PoV.pdf

Source: Visa Inc.

Visa Authorization Rentals Rules Change

Visa announced sweeping changes to rental industry card acceptance rules in October 2016. Key changes include defining who initiated transaction, transaction data sent, authorization rules, stored card rules, and customer communications. Compliance will increase approvals and mitigate fraud risk;  Failure to comply will increase financial risk and issuer declines while reducing EBIDTA.

Visa Expansion of Special Authorization Allowances

Effective 15 October 2016, 22 April 2017, and 14 October 2017
Revisions have been made to rules related to the processing of Estimated Authorization Requests, Initial Authorization Requests, and Incremental Authorization Requests, as well as Authorization Reversals, Issuer hold releases, and Chargeback rights. These changes impact issuer, merchant, customer, and acquirer- whatever merchants have in place today is not sufficient for the future.

visa rental authorization rules 2017

Partial excerpt from section 5, Visa Core Rules. Applicable merchants should read the entire table and additional sections.

Truck and heavy duty equipment rental authorizations. Aircraft rental, Bicycle rental, Boat rental, Car rental, Equipment rental, Motor home rental, Motorcycle rental, Trailer park or campground rental are all impacted.

A core concept is authorization validity, which impacts merchant rights and potentially credit card processing rate qualification. An invalid authorization equates to no authorization. Card issuers will be within their rights to use reason code 72 and chargeback, or ACH, funds from merchant bank account on the next settlement day, for failure to comply with authorization rules. This is a significant change for most rental companies, as in the past, businesses typically responded to cardholder initiated disputes, a completely different scenario, and win a good portion of them.

With payment processing technology updates, rental companies can increase profits by complying with the new rules, including for guaranteed reservations. EBITDA is improved with increased approvals, lower qualified interchange rates, and fewer chargebacks.

What’s a valid authorization? It’s partially described in Special Authorization Request Allowances and Requirements. Key elements:

  • Stored credential– rules for storing; what associated data is required on file and what is submitted with transaction, including same transaction ID required for all subsequent authorizations after initial approval.
  • Estimated Authorization– indicator the authorization is an initial estimate and final amount is unknown is sent with transaction. TIP:  If the amount could change because the renter did not bring item back in time, or there are other terms in the contract where customer agrees to pay more under certain conditions such as damages or refueling, then the initial transaction is an Estimate.
  • Incremental authorization  – must use same transaction ID as estimate, and submit with incremental authorization indicator
  • Visa now groups transaction types into ‘customer initiated’ and ‘merchant initiated’. For card not present, a transaction is only considered customer initiated, if Verified by Visa is used. Verified by Visa (VbyV) is their brand name for the global 3-D Secure cardholder authentication protocol for customer initiated card not present transactions.

Updated Checkout Flow For Online Rental Booking:

  • Opt-in to no-show policy, terms and conditions
  • Authenticate cardholder
  • Authorize with the estimate indicator
  • Deliver email confirmation with the policy
  • Incremental auths with same Trans ID only.
  • Close transaction by day 31; partial reversal same transaction ID if applicable.
  • If ticket closed, open new estimated auth.

KEY DATES

  • April 22, 2017 – The Merchant must use the Estimated/Initial Authorization Request indicator.
  • 22 April 2017 – The Merchant must use the Incremental Authorization Request indicator and the same Transaction Identifier for all Authorization Requests.

Without action to update rental authorizations in advance of the April dates, financial exposure for prior months may be significant.

Visa Core Rules see Table 5-16: Special Authorization Request Allowances and Requirements and other pages.

Christine Speedy, authorized CenPOS reseller, provides universal payment processing solutions to maximize merchant profits and mitigate risk across multiple sales channels. To get a CenPOS account and Dynamics AX, SAP, Bluebird or other compatible plugin, contact Christine at 954-942-0483.