MasterCard Rewards for Capturing a Card

The acquirer may pay the merchant reward for capturing a MasterCard card in accordance with local practices. The acquirer must follow these Standards when paying a reward:

• Pay no less than $50 to the merchant capturing a card listed on the Electronic Warning Bulletin file or in the Warning Notice.
• Pay the merchant $100, if a merchant initiates an authorization call because of a suspicious transaction or captures a card not listed in the Electronic Warning Bulletin file or in the Warning Notice.
• Pay a reward to a financial institution for the capture of another issuer's card if it is the acquirer's practice to pay its tellers rewards for picking up its own cards. The amount of the reward should be the same amount paid for the capture of the acquirer's own cards.
• Charge the issuer for reimbursement of the reward paid upon dispatching each captured card. The Fee Collection / 1740 message with an IPM message reason code (data element 25) equal to 7601 will settle the reward.

Reward Amounts

The acquirer should follow these guidelines for determining reward amounts.

IF the capture…	THEN pay this amount…
Resulted from a “Merchant Suspicious” phone call	$ 100
Did not result from a “Merchant Suspicious” phone call	$50
Leads to the capture of additional cards	$ 50 for each card captured, with a maximum total of $250 for any one incident

The recovering member bank may collect an administrative fee of $15 for expenses incurred in processing the captured card. The capturing member may add this fee to the amount of the reward reimbursement or collect the fee independently, using the Fee Collection / 1740 message.

Reimbursement of Rewards

The following specifications apply to reward reimbursement:

• Upon returning the card to the issuer, the acquirer will obtain reimbursement for the reward paid and the $15 fee by processing the Fee Collection / 1740 message.
• If an acquirer returns a card to an issuer and a reward is not paid, the acquirer may collect a $15 fee by processing a Fee Collection / 1740 message record.
• Upon receipt of the Interchange Card Recovery Form (ICA-6), the issuer should match it to the Fee Collection / 1740 message record based on the acquirer member ID, account number, and recovery date comparisons.
• If an exempt member has an electronic reward payment processed, clearing receives the record by an information slip. The transaction is part of the Net Settlement System for settlement purposes.
  

Point-of-Sale (POS) Card Retention

Acquirers and merchants are required to recover a card by reasonable and peaceful means if:

• The card issuer advises the acquirer or merchant to recover the card in response to an authorization request.
• The Electronic Warning Bulletin file or an effective regional Warning Notice lists the account number.

After recovering a card, the merchant must notify its authorization center or its acquirer and receive instructions for returning the card. If mailing the card, the merchant first should cut the card in half through the magnetic stripe.

Returning Recovered Cards

The acquirer must follow these procedures when returning a recovered card to the issuer:

• If the merchant has not already done so, the acquirer must cut the card in half vertically through the magnetic stripe.
• The acquirer must forward the recovered card to the issuer within five calendar days of receiving the card along with the first copy (white) of the Interchange Card Recovery Form (ICA-6). The additional copies are file copies for the acquirer's records. A recovered card must be returned to the security contact of the issuer.
  

Returning Counterfeit Cards

The acquirer or merchant must return counterfeit cards to the issuer by following the instructions provided by its authorization center. The following information identifies an issuer:

• The issuers bank identification number (BIN) embossed on the front of the card.
• The member ID imprinted in the Card Source Identification area on the back of the card.

Sales Receipt Requirements

Below is a list of the types of sales receipts discussed in this post:

• Retail sale.
• Credit.
• Cash disbursement.
• Information.

If the merchant uses a manual imprinter, the produced sales receipt is called a formset or slip. If a transaction begins at an electronic terminal, the merchant may substitute a terminal receipt for a formset. Terminal receipts have no prescribed physical specifications but must be numbered sequentially for reference purposes.

Formset Contents

Each copy of a retail sale, credit, or cash disbursement formset must satisfy minimum statutory and regulatory requirements in the jurisdiction in which the slip originates and any applicable regulations, issued by the U.S. Board of Governors of the Federal Reserve System or other regulatory authorities, and must contain the following:

• In the case of retail sale and credit slips, a space for the description of goods, services, or other things of value sold by the merchant to the customer and the cost thereof, in sufficient detail to identify the transaction.
• Adequate spaces for:
  
  • Customer's signature.
  • Card imprint and the merchant or bank identification plate imprint.
  • Date of the transaction.
  • Authorization number (except on credit slips).
  • Sales clerk's or teller's initials or department number.
  • Currency conversion field.
  • Merchant's signature on credit slips.
  • Description of the ID supplied by the cardholder on cash disbursements and retail sale slips for certain unique transactions.
• A legend clearly identifying the slip as a retail sale, credit, or cash disbursement and identifies the receiving party of each copy.
• On the customer copy of the formset, the words (in English, local language, or both): "IMPORTANT—retain this copy for your records," or words to similar effect.
• Such other contents as are not inconsistent with these rules.

It is recommended that each retail sale, credit, and cash disbursement slip identify the member bank that distributed the slip to the merchant.

Terminal Receipt Contents

A terminal or other device at a point of sale (POS) must not display magnetic stripe track data other than card account number, expiration date, and cardholder name. Each copy of a POS terminal receipt must contain the following information:

• Doing Business As (DBA) merchant name, city and state, country, or the point of banking location.
• Transaction date.
• Card account number.
• Transaction amount in the original transaction currency.
• Adequate space for the customer's signature (required on merchant copy only).
• Authorization approval code (except on credit receipts). Optionally, the acquirer also may print the transaction certificate, the application cryptogram, or both for EMV chip card transactions.
• Merchant's signature on credit receipts only.

Each receipt must clearly identify the transaction as a retail sale, credit, or cash disbursement.

Primary Account Number Truncation

ATM acquirers must truncate a minimum of four digits of the Primary Account Number (PAN). PAN truncation is also required for all receipts generated at Cardholder-Activated Terminals (CATs). PAN truncation is permitted for receipts generated at all other points of sale.

The cardholder receipt generated by point of sale (POS) terminals, whether attended or unattended, must reflect only the last four (4) digits of the PAN. All preceding digits must be replaced with fill characters that are neither blank spaces nor numeric characters, such as "X," "*," or "#."

Truncation Considerations

Truncating a greater number of digits, when compared to the total number of digits in the PAN, increases the effectiveness of the effort. However, it also increases the confusion and difficulty that cardholders may have reconciling their ATM terminal receipts to their monthly statements. The following practices are recommended:

• Truncation of the routing BIN alone, while helpful, may not prevent duplication of the PAN. It is possible to observe the card in use in order to obtain issuer identification.
• Truncating the check digit and several other digits does not improve PAN security. Absent the check digit, calculation of several missing digits within the PAN, especially if the routing BIN also is truncated, is substantially more complicated and time consuming.
• Truncating a small number of digits, when compared to the total number of digits in the PAN, reduces the effectiveness of the effort. It is possible to reconstruct a few missing digits by using a trial-and-error approach.
• Truncating a greater number of digits, when compared to the total number of digits in the PAN, increases the effectiveness of the effort.

Electronic Signature Capture Technology (ESCT)

An acquirer using Electronic Signature Capture Technology (ESCT) must ensure that:

• Proper electronic data processing (EDP) controls and security are in place, so that digitized signatures are recreated on a transaction-specific basis. The acquirer may recreate the signature captured for a specific transaction only in response to a retrieval request for the transaction.
• Appropriate controls exist over employees with authorized access to digitized signatures maintained in the acquirer or merchant computers. Only employees and agents with a "need to know" should be able to access the stored, electronically captured signatures.
• Digitized signatures are not accessed or used against applicable standards and regulations.

In-flight Commerce Terminals / Level 4 Requirements

The following requirements apply to In-flight Commerce Terminals / Level 4.

1. Acquirer / Service Provider requirements and transaction identification specifications:
   
   • Acquiring banks must ensure timely delivery and installation of the IFC Blocked Gaming File to gaming service providers. IFC Blocked Gaming File access is required before every gaming transaction.
   • The acquiring bank must identify in-flight commerce services or merchandise with the most appropriate merchant category code (MCC) in the authorization message and merchant business code (MCC) in First Presentment / 1240 messages. If an airline also acts as the service provider, the acquiring bank may not use an airline MCC but must assign the proper MCC for each type of IFC transaction. The following list of IFC transaction types must be identified with the designated MCC.
     
     

     IFC Transaction Type	MCC
     Catalog card acceptor	5964
     Duty-free store	5309
     Gaming	7995
     Miscellaneous services	7299
     Video game	7994

     
     
   • Transactions must be consolidated by MCC, per flight, for each MasterCard cardholder account. "Flight" is defined as one or more segments of a continuous air flight with the same flight number.
   • The acquiring bank must identify the transaction with the most appropriate transaction category code (TCC) in the authorization request message.
     
     

     IF the IFC transaction is for…	THEN the acquirer must use TCC…
     Gaming	U for Unique Transaction.
     Anything other than gaming	R for Retail Purchase

     
     
   • The Merchant Name / Location (DE 43) must include the service provider's name and flight identification. The flight identification must be a recognizable identification of the airline (not necessarily the airline alphabetic International Air Transport Association [IATA] indicator).
   • The city field description should contain the following:
     
     

     For…	The city field description…
     Mailed purchases and gaming transactions	Must include the service provider’s customer service telephone number. It is not required to be a toll-free number.
     All IFC transactions other than mailed purchases and gaming	Optionally may be a customer service telephone number.

     
     
   • For all IFC transactions except IFC mailed purchase transactions, the transaction date is defined as the date that the flight departs from the originating city. The transaction date for mailed purchases is defined as the shipment date unless otherwise disclosed to the cardholder.
   • The acquiring bank must ensure that the service provider provides full disclosure to the cardholder via the video monitor screen prior to the initiation of any IFC transactions, as detailed below. The screen must prompt the cardholder to acknowledge these disclosure terms before initiating transaction. The disclosure must include the following:
     
     • Full identification of the service provider and provision for recourse in terms of cardholder complaints or questions.
     • Notification that transactions will be billed upon the card issuer's approval of the authorization request.
     • For mailed purchases only, any additional shipping or handling charges.
     • Policy on refunds or returns.
     • Provision for a paper receipt.
     
     For IFC gaming transactions, service providers must additionally disclose the following:
     
     
     • Maximum winnings ($3,500) and maximum losses ($350).
     • Notification that total net transaction amount (whether a net win or loss) will be applied against the cardholder's account
     • Notification that cardholder must be at least 18 years of age to play.
     • Notification that some card issuers may not allow gaming.
   • The acquiring bank must ensure that the service provider is capable of providing an itemized receipt to the cardholder for all IFC transactions and that, at the cardholder's option, the service provider can effect this offer in one of three ways:
     
     • Printing a receipt at the passenger's seat.
     • Printing a receipt from a centralized printer on the plane.
     • Mailing a receipt to the cardholder.
     
     The mailed receipt offer is to be made available via the video monitor and must require the cardholder to input his or her name and address. For IFC gaming transactions the service provider must provide a receipt to the cardholder by one of the first two methods, described above.
     
     The receipt must contain the following elements:
     
     
     • Identification of the passenger's flight, seat number, and date of departure.
     • Itemized transaction detail.
     • Gaming transaction specified as a net win or net loss.
     • The cardholder's account number truncated on the receipt. Acquirers must ensure that transaction receipts provided to cardholders reflect a minimum of four and a maximum of 12 digits of the cardholder account number. The remaining digits are to be truncated, or rendered indeterminable. In all cases, at least four digits must be truncated. It is recommended that the receipt reflect only the last four digits of the primary account number, and that all preceding digits are truncated. It is also recommended that truncated digits are replaced with fill characters such as "X", "*", or "#" and not with blank spaces or numeric characters.
   • For IFC terminals, the assurance and demonstration of security of the transmission of authorization and clearing data between the on-board client server and the acquiring bank and the physical controls over hardware and operating software. Encryption of transmitted data is advised.
     
2. Transaction requirements.
   
   • No maximum transaction amount applies to any IFC transaction, with the exception of IFC gaming transactions.
   • An IFC terminal that also is a hybrid terminal is prohibited from performing fallback procedures from chip to magnetic stripe.
3. Additional requirements for IFC gaming transactions.
   
   • Net gaming losses cannot exceed $350 per flight per cardholder account. Net payouts to cardholders for gaming wins cannot exceed $3,500 per flight per cardholder account. This must be monitored throughout the flight by the service provider to ensure compliance.
   • A gaming win transaction will result in posting of net winnings (credit) to the cardholder's account. Under no circumstance may winnings be paid in cash or other form of payment.
   • Before participating in IFC gaming activity, the acquiring bank must take all reasonable and necessary steps to ensure that all IFC gaming activity will be effected in full compliance with all applicable laws and regulations.
4. Cardholder account number verification - in-flight verification prior to transaction initiation.
   
   • The acquirer must ensure that the service provider conducts a Mod-10 check digit routine to verify card authenticity.
   • The acquirer must ensure that the service provider confirms that the card account number is a valid one.
   • For IFC gaming transactions, the acquirer must ensure that the cardholder's account number is checked against the IFC Blocked Gaming File. Cardholders whose account numbers are listed on the IFC Blocked Gaming File must be prohibited from initiating any IFC gaming transaction.
5. Authorization requirements for all IFC transactions.
   
   • The Authorization Request / 0100 message must include the cardholder-activated terminal level 4 indicator.
   • The acquirer must read and transmit full, unaltered card-read data. An IFC authorization request may not contain a key-entered account number or expiration date.
   • Transactions are either authorized air-to-ground during the transaction or authorized in a delayed batch. All are authorized on a zero floor limit basis.
   • The acquirer must convert all "refer to card issuer" and "capture card" messages received from issuers to "declines."
6. Additional authorization requirements for IFC gaming transactions. All IFC gaming losses authorized post-flight must be submitted for authorization for the net amount. All gaming transactions authorized during the flight will be for the full wager amount ($350 or a lower amount predetermined by the airline and gaming service provider). No gaming wins will be submitted for authorization.
7. Clearing requirements for all IFC transactions.
   
   • An acquirer is not permitted to submit declined transactions (including those defined in 5.d. above) into clearing.
   • No surcharges or service fees may be assessed on any IFC transaction, including IFC gaming transactions.
     
8. Additional clearing requirements for IFC gaming transactions.
   
   • IFC gaming transactions submitted for clearing must be for the net amount that is won or lost.
   • IFC gaming win transactions will be submitted as a credit transaction. Interchange will be paid to issuers by acquirers on gaming win transactions.
   • An acquirer may resubmit a gaming transaction for a different amount within the specified transaction limits if it was previously rejected for exceeding the specified transaction limits $3,500 for wins and $350 for losses.
9. Effective date of the IFC blocked gaming file. Updates to the IFC Blocked Gaming File will be effective on the first and the 15th day of each month. MasterCard must receive account ranges or BINs that issuers choose to list on the next effective updated IFC Blocked Gaming File at least two weeks before the effective date.
   

Cardholder-Activated Terminal Level Requirements

The following acceptance requirements apply to the specific CAT levels indicated:

• Automated Dispensing Machines (ADMs) / Level 1.
  
  1. The Automated Dispensing Machine (ADM) must accept a personal identification number (PIN) as a substitute for signature, and ensure that all requirements are met in accordance with the published specifications.
     
     • The PIN requirement is contingent upon PIN being adopted as a standard within a country as well as card issuers providing the required PIN. If PIN is not adopted as a standard within a country or supported in accordance with the processing requirements for PIN-based transactions, this level of service is not available.
     • The PIN authorization must be made via a secured transmission, in accordance with the published specifications.
     • ADM terminals must be able to support numeric, alpha, or alphanumeric PINs with a minimum length of four digits and a maximum length of six digits.
  2. The acquiring bank may decline a transaction after four attempts and four consecutive negative responses of "invalid PIN" or "invalid transaction" from the network. Optionally, the acquiring bank may allow more than four consecutive PIN entry attempts that each received a negative response at an ADM.
  3. All transactions regardless of amount must be authorized on a zero floor limit basis with full, unaltered card-read data transmitted. All acquiring banks of ADMs must have received one-time CVC / CVV certification.
  4. Card retention at an ADM is not required, however, if the terminal capability is available, the merchant may do so only at the card issuer's specific direction.
     
     • The retained card must be logged and secured under appropriate audit controls.
     • The retained card must promptly be rendered useless and then returned to the acquiring bank.
  5. "No Cardholder Authorization" (reason code 4837) chargeback rights for this reason code are not available to card issuers for transactions processed at ADMs where a PIN and full, unaltered card-read data are transmitted because PIN is a valid proxy for the cardholder's signature.
  6. An ADM that is also a hybrid terminal may perform fallback procedures unless it is prohibited by a region. Member banks use fallback procedures when a smart card is present at a hybrid terminal and the merchant processes the transaction by using the magnetic stripe or by manually entering the PAN because the merchant cannot process the transaction using smart card technology.
• Self-Service Terminal / Level 2.
  
  1. Self-Service Terminals do not process PIN. They include (but are not limited to) automated fuel dispensers identified with MCC 5542.
  2. All Self-Service Terminal (SST) devices must comply with the following requirements:
     
     • Zero floor limit for authorization purposes.
     • Acquiring banks must read and transmit full, unaltered card read data.
  3. The Authorization System will send all transactions identified as Self-Service Terminals in the Authorization Request / 0100 message to the card issuer's host, regardless of Limit-1 parameters.
  4. The maximum transaction amount is $100 or its equivalent.
  5. Chargebacks processed for reason code 4837, "No Cardholder Authorization," for Self-Service Terminal transactions will be allowed only if the card issuer certifies that the account number used in the transaction is fraudulent, as documented in a letter written by the cardholder to the card issuer.In addition, the card issuer must block the account number on the issuer's host until card expiration on or before the Central Site processing date of chargeback reason code 4837, "No Cardholder Authorization." The card issuer also must list the cardholder account number on the Visa and MasterCard Account File with a "capture card" response until card expiration. Card issuers in the Europe region (region D) also must list such accounts on the European Stop List (ESL).
     
     Counterfeit transactions occurring at Self-Service Terminals for which the acquiring bank has transmitted the full magnetic stripe data in the authorization request message and for which an authorization was obtained are ineligible for chargeback reason code 4837, "No Cardholder Authorization."
  
  
  6. A U.S. region merchant acquiring automated fuel dispenser transactions at Self-Service Terminals / Level 2 may forward an Authorization Request / 0100 message for $1 if properly identified by MCC 5542 (automated fuel dispenser) and CAT level indicator 2. If authorization is obtained, the acquiring bank is protected from authorization related chargebacks "requested / required authorization not obtained" (reason code 4808), or "exceeds floor limit—not authorized and fraudulent transaction" (reason code 4847) for transactions less than or equal to $75. The acquiring bank protection is limited to $75 for transactions that exceed $75, and issuers may charge back only the difference between the transaction amount and the implied $75 limit.
  7. A Self-Service Terminal that also is a hybrid terminal may perform fallback procedures from chip to magnetic stripe unless it is prohibited by a region.
• Limited Amount Terminals / Level 3.
  
  1. A Limited Amount Terminal must check the account number against the Electronic Warning Bulletin file if the terminal has such a capacity.
  2. The maximum transaction amount is $40 or its equivalent.
  3. Chargeback rights for reason code 4837, "No Cardholder Authorization," are not available to issuers for properly identified CAT / Level 3 transactions. Chargeback rights for "requested / required authorization not obtained" (reason code 4808), or "exceeds floor limit - not authorized and fraudulent transaction" (reason code 4847) are available if the maximum transaction amount of $40 or its equivalent has been exceeded.
  4. A Limited Amount Terminal that also is a hybrid terminal is prohibited from performing fallback procedures from chip to magnetic stripe.