Thursday, September 10, 2009

Cardholder-Activated Terminal Level Requirements

The following acceptance requirements apply to the specific CAT levels indicated:
  • Automated Dispensing Machines (ADMs) / Level 1.
    1. The Automated Dispensing Machine (ADM) must accept a personal identification number (PIN) as a substitute for signature, and ensure that all requirements are met in accordance with the published specifications.
      • The PIN requirement is contingent upon PIN being adopted as a standard within a country as well as card issuers providing the required PIN. If PIN is not adopted as a standard within a country or supported in accordance with the processing requirements for PIN-based transactions, this level of service is not available.
      • The PIN authorization must be made via a secured transmission, in accordance with the published specifications.
      • ADM terminals must be able to support numeric, alpha, or alphanumeric PINs with a minimum length of four digits and a maximum length of six digits.
    2. The acquiring bank may decline a transaction after four attempts and four consecutive negative responses of "invalid PIN" or "invalid transaction" from the network. Optionally, the acquiring bank may allow more than four consecutive PIN entry attempts that each received a negative response at an ADM.
    3. All transactions regardless of amount must be authorized on a zero floor limit basis with full, unaltered card-read data transmitted. All acquiring banks of ADMs must have received one-time CVC / CVV certification.
    4. Card retention at an ADM is not required, however, if the terminal capability is available, the merchant may do so only at the card issuer's specific direction.
      • The retained card must be logged and secured under appropriate audit controls.
      • The retained card must promptly be rendered useless and then returned to the acquiring bank.
    5. "No Cardholder Authorization" (reason code 4837) chargeback rights for this reason code are not available to card issuers for transactions processed at ADMs where a PIN and full, unaltered card-read data are transmitted because PIN is a valid proxy for the cardholder's signature.
    6. An ADM that is also a hybrid terminal may perform fallback procedures unless it is prohibited by a region. Member banks use fallback procedures when a smart card is present at a hybrid terminal and the merchant processes the transaction by using the magnetic stripe or by manually entering the PAN because the merchant cannot process the transaction using smart card technology.
  • Self-Service Terminal / Level 2.
    1. Self-Service Terminals do not process PIN. They include (but are not limited to) automated fuel dispensers identified with MCC 5542.
    2. All Self-Service Terminal (SST) devices must comply with the following requirements:
      • Zero floor limit for authorization purposes.
      • Acquiring banks must read and transmit full, unaltered card read data.
    3. The Authorization System will send all transactions identified as Self-Service Terminals in the Authorization Request / 0100 message to the card issuer's host, regardless of Limit-1 parameters.
    4. The maximum transaction amount is $100 or its equivalent.
    5. Chargebacks processed for reason code 4837, "No Cardholder Authorization," for Self-Service Terminal transactions will be allowed only if the card issuer certifies that the account number used in the transaction is fraudulent, as documented in a letter written by the cardholder to the card issuer.In addition, the card issuer must block the account number on the issuer's host until card expiration on or before the Central Site processing date of chargeback reason code 4837, "No Cardholder Authorization." The card issuer also must list the cardholder account number on the Visa and MasterCard Account File with a "capture card" response until card expiration. Card issuers in the Europe region (region D) also must list such accounts on the European Stop List (ESL).

      Counterfeit transactions occurring at Self-Service Terminals for which the acquiring bank has transmitted the full magnetic stripe data in the authorization request message and for which an authorization was obtained are ineligible for chargeback reason code 4837, "No Cardholder Authorization."

    6. A U.S. region merchant acquiring automated fuel dispenser transactions at Self-Service Terminals / Level 2 may forward an Authorization Request / 0100 message for $1 if properly identified by MCC 5542 (automated fuel dispenser) and CAT level indicator 2. If authorization is obtained, the acquiring bank is protected from authorization related chargebacks "requested / required authorization not obtained" (reason code 4808), or "exceeds floor limit—not authorized and fraudulent transaction" (reason code 4847) for transactions less than or equal to $75. The acquiring bank protection is limited to $75 for transactions that exceed $75, and issuers may charge back only the difference between the transaction amount and the implied $75 limit.
    7. A Self-Service Terminal that also is a hybrid terminal may perform fallback procedures from chip to magnetic stripe unless it is prohibited by a region.
  • Limited Amount Terminals / Level 3.
    1. A Limited Amount Terminal must check the account number against the Electronic Warning Bulletin file if the terminal has such a capacity.
    2. The maximum transaction amount is $40 or its equivalent.
    3. Chargeback rights for reason code 4837, "No Cardholder Authorization," are not available to issuers for properly identified CAT / Level 3 transactions. Chargeback rights for "requested / required authorization not obtained" (reason code 4808), or "exceeds floor limit - not authorized and fraudulent transaction" (reason code 4847) are available if the maximum transaction amount of $40 or its equivalent has been exceeded.
    4. A Limited Amount Terminal that also is a hybrid terminal is prohibited from performing fallback procedures from chip to magnetic stripe.

1 comment:

  1. Pretty good post. I hope you create more in the future..

    ReplyDelete