Merchant Account

E-Commerce Merchant Account Chargeback Requests

2011-07-27T17:26:00.004-04:00

A chargeback, as previously stated, is the reversal of a portion, or the entire amount, of a card transaction that is being disputed, resulting in a refund to the issuer and debit to the e-commerce merchant account provider or the retailer in the amount listed to the dispute. Chargebacks can be initiated as a result of a processor's or retailer's failure to provide a complete and on-time response to a sales ticket retrieval request or for the failure of the retailer to follow applicable credit card processing procedures.

If the card issuer has sufficient evidence that supports a dispute of a transaction, the e-commerce merchant account provider will not require the submission of a ticket retrieval request prior to initiating a chargeback request. An image of the sales receipt supporting the chargeback request must be submitted to the processor within five business days of the issuer initiating it, except for disputes related to authorizations where the evidence is saved as an electronic record. The content of a processor's or retailer's response to a retrieval request may constitute sufficient evidence needed to resolve the dispute.

Each chargeback request needs to contain the following pieces of information:

Details of any correspondence between the customer and the retailer documenting the authenticity of the chargeback request; or
Sufficient evidence supporting the dispute.

Additionally required information regarding some types of transactions may include the following:

For airline e-commerce merchant account transactions, the original ticket if a paper ticket was produced, a copy of the original ticket with adequate proof that the consumer did not use the ticket or evidence of the sale of an electronic ticket (such as the confirmation code);
Assignment of claim by a consumer that received a refund; and
Other documentation that may be requested by the processor.

Upon receiving the chargeback request from the issuer, each processor or retailer is required to repay the amount of the resulting Chargeback to the Association (Visa or MasterCard). If the evidence proves that the chargeback was indeed improper, they should request a re-presentment.

If Visa or MasterCard does not receive sufficient evidence supporting the chargeback request from the card issuer within the time-frame stated (five business days) or if the Association does receive a request that is not compliant with the above requirements, a chargeback may not be processed or if it had done so already, the Association may process a re-presentment.

Merchant Payment Account Easy Payment Service

2011-07-20T12:38:00.003-04:00

Visa's Easy Payment Service (VEPS) for merchant payment account users enables face-to-face retailers from more than 98 percent of Merchant Category Codes (MCCs) to accept credit cards and other bank cards without the need for a signature and only need to print out a receipt upon a request from the customer.

The VEPS program offers retailers the potential to speed up the check-out process at the point of sale, improve customer satisfaction and provide operating efficiencies for merchant payment account users. It can also help increase customer retention by helping cardholders use their bank cards quickly, securely and easily.

Merchant Payment Account Easy Payment Service Advantages

For qualifying payments, the VEPS program:

Eliminates the need for card acceptors to obtain a signature.
Eliminates the transaction receipt requirement, unless specifically requested by the cardholder.
Eliminates the necessity for retailers to store sales receipts and bans issuers from placing retrieval requests.
Provides strong chargeback protection against fraudulent transactions and for the receipt requirement.

Which Transactions Qualify

Transactions qualify for the VEPS service if they comply with all of the following criteria:

The transaction takes place at a qualified merchant payment account user.
It is a purchase (as opposed to credit) transactions with a valid card.
It is a card-present environment (for amounts of $25 and lower) or unattended environment ( for $15 and under).
Payments are authorized.
Applies to all MCCs except those explicitly excluded (list is provided below).
All card types are eligible, including magnetic-stripe, chip-and-PIN and proximity payments.
The POS device must read and transmit unaltered magnetic-stripe, chip, or contactless payment information.
The information must be transmitted in the authorization message.

Unqualified Merchants

The following business types are not qualified for VEPS:

Wire Transfer Money Orders.
Insurance Services.
Automated Fuel Dispensers.
Travel Related Arrangement Services.
Catalog Merchants.
Combination Catalog and Retail Merchants.
Outbound and Inbound Telemarketing Merchants.
Continuity / Subscription Merchants.
Manual and Automated Cash Disbursements.
Financial Institutions - Merchandise and Services.
Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting, and Wagers at Race Tracks.
Intra-Government Purchases.
International Automated Referral Service.
GCAS Emergency Services.
Intra-Company Purchases.

There are no program registration requirements. If a merchant payment account user is eligible, they should just run the transaction as they normally would, skipping the signature, and offering the sales receipt as an optional service.

Bank Merchant Services Interchange

2011-07-12T17:18:00.003-04:00

Bank merchant services interchange provides incentives for banks to issue credit cards and for businesses to accept them. It is a fee that is paid by the retailer's bank (the acquirer or processor) to the customer's bank (the card issuer) and is designed to compensate the latter for the risks and costs it takes to manage its cardholder accounts. These include the finance costs for the interest-free period that lasts from the time a customer makes a sale to when he pays his bill, as well as for credit losses, fraud prevention and processing costs.

Setting the various interchange fees necessitates achieving a careful balance. If they are set too high, the bank merchant services user' desire for accepting bank cards will diminish. If interchange fees are set too low, on the other hand, the issuers' desire to continue issuing cards and maintaining cardholder accounts will decrease and so will the use of cards.

MasterCard and Visa periodically re-examine interchange fees to make sure that the rates provide to everyone involved: the merchants, the issuers and the cardholders. Each Association keeps dozens of different interchange rates that account for the differences between the various card programs, like e-commerce, gas stations or restaurants.

The discount rate that merchants pay when they accept credit cards is typically a small percentage of the cost of the products or services the retailer pays its bank when a card is used. It includes the interchange fee and is negotiated between the retailer and its bank. The Associations are not parties to these negotiations.

The Associations operate networks that facilitate the communications among four separate parties:

The issuer markets and issues bank cards to customers and provides credit to cardholders from when a purchase is made until a payment is due.
The cardholder uses the bank card to buy merchandise and services at millions of locations around the globe.
The bank merchant services user accepts bank cards for the payment of products and services.
The acquirer contracts with retailers and provides them with bank card acceptance and processing services.

By contrast, three-party systems, like Discover, charge discount rates that are often higher than the ones for accepting Visa and MasterCard cards. As three-party system providers act as both issuers and processors, they do not have to set interchange rates. They can use the fees collected directly from retailers to cover the costs for the issuing of the cards.

Merchant Bank Account Fraud Liability

2011-07-06T17:00:00.004-04:00

To replace the current data compromise recovery compliance process with one that minimizes retailers' exposure while it is cost-efficient and equitable for all involved parties, merchant bank account providers have developed the Account Data Compromise Recovery (ADCR) process.

ADCR is used predominantly for mag-stripe data that have been discovered or suspected to be compromised. It caps counterfeit fraud liability for credit card processing companies to a time frame that is limited at 13 months, whereas the current process where data exposure risk can extend up to the date of expiration of the compromised cards. Moreover, ADCR enables the partial recovery of some expenses incurred by issuers.

Under the ADCR rules, merchant bank account providers first determines the processor's mag-stripe read fraud liability resulting from inadequate data storage by estimating the amount of the counterfeit fraud that would have resulted in the system for the duration of the 13-month event window if the data breach had never occured. This base-line sets the expected level of fraud for which a processor is not liable. The merchant bank account provider then deducts the baseline from the final confirmed amount of mag- stripe read counterfeit fraud that took place during the event window. This gives you the so-called "incremental fraud" assessment of the processor's liability. This is the fraud loss that exceeds the normal level and is so attributable to the mag-stripe exposure. Moreover, any card number that was in a previous mag-stripe exposure event within the previous 12 months is excluded.

Issuers enrolled in the ADCR procedure can recoup $1 per account involved in the compromise to cover some of their operating expenses, such as the re-issuing of the cards and the higher volume of incoming customer service calls. Any card number involved in a previous mag-stripe exposure event within the past 12 months is excluded.

Merchant bank account providers are only liable for up to 80 percent of the entire number of card accounts involved in a magnetic-stripe information type of compromise. The other 20 percent is the approximate share of accounts that will require some or no work by the issuing institutions. Put another way, these are account numbers that have expired or were closed, reissued, or blocked before the time they appeared on the fraud alert.

The Visa Compromised Account Management System (CAMS) provides a secure and effective way for merchant bank account providers, retailers, law enforcement entities, and issuing banks to communicate compromised and stolen or card account data to and from the Associations through an encrypted site.

Novus Credit Card Processing Easy Payment Transactions

2011-06-29T16:50:00.002-04:00

Sales of $25 or less represent a substantial ratio of all customer spending. The Novus credit card processing Easy Payment Service (EPS) assists in delivering a greater efficiency and convenience to both retailers and consumers.

The EPS program gives face-to-face retailers the opportunity to take credit cards issued in any given country for sales without asking for a cardholder signature or PIN and not even issuing a transaction receipt unless explicitly requested by the consumer. This program can potentially increase the speed at the point-of-sale, improve customer satisfaction and provide operating efficiencies for the Novus credit card processing account user. It can build customer loyalty by assisting cardholders use their bank cards securely, quickly and easily.

Novus Credit Card Processing EPS Requirements

Sales qualify for the EPS program if they adhere to the following criteria:

Value is lower than or equal to the specific country's transaction limit.
Face-to-face setting.
Authorized.
Applies to all Merchant Category Codes (MCCs), with the exclusion of those specifically listed by the Associations.
The POS terminal must read and transmit the entire magnetic stripe data, unaltered chip-and-PIN data, or unaltered contactless
data.

EPS Qualifications

The following types of transactions do not qualify for the EPS program:

Fallback transactions.
Card funding transactions.
Cash-back payments.
Manual cash disbursement items.
Quasi-cash items.
Prepaid loads.
Payments where Dynamic Currency Conversion is used.

The following MCC codes are excluded from the Novus credit card processing Easy Payment Service Program:

4829 - Wire Transfer Money Orders.
5542 - Automated Fuel Dispensers.
5960 - Insurance Services.
5962 - Travel Related Arrangement Services.
5964 - Catalog Merchants.
5965 - Combination Catalog and Retail Merchants.
5966 - Outbound Telemarketing Merchants.
5967 - Inbound Telemarketing Merchants.
5968 - Continuity/Subscription Merchants.
5969 - Direct Marketers (Not elsewhere classified).
6010 - Financial Institutions - Manual Cash Disbursements.
6011 - Financial Institutions - Automated Cash Disbursements.
7995 - Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting, and Wagers at Race Tracks.
9405 - Intra-Government Purchases (Government only).
9700 - International Automated Referral Service (Visa use only).
9701 - Visa Credential Server (Visa use only).
9702 - GCAS Emergency Services (Visa use only).
9751 - UK Supermarkets - Electronic Hot File (Region use only).
9752 - UK Petrol Stations - Electronic Hot File (Region use only).
9950 - Intra-Company Purchases.

American Credit Card Processing Chargeback Remedies

2011-06-23T19:42:00.004-04:00

Even when an American credit card processing account user receives a chargeback, it could still be able to get it resolved it without losing the sale. It will have to provide its merchant processing services provider with additional information about the sale or the actions it has already taken related to it. For instance, it could receive a chargeback due to the customer claiming that a refund has not been issued for a returned item. It may be able to resolve the dispute by offering proof that it had issued the refund on a specific date. These data should be sent to the merchant account provider in a timely fashion.

The most important thing in this and similar instances is to always send to the acquiring bank as much data as possible to help it cure the chargeback. With adequate information, the acquirer may be able to resubmit, or "re-present," the sale to the card issuer for payment.

Timeliness is also crucial when American credit card processing account holders attempt to cure a chargeback. Each step in the chargeback process has a pre-defined time frame, within which action needs to be taken. If the retailer or its acquiring bank does not respond to the request during the specified time frame, which can vary depending on the acquiring bank the merchant will not be able to cure the chargeback.

Even though most chargebacks are resolved without the retailer losing the sale, some of them cannot be remedied. In such instance, accepting the chargeback may be the best option, saving the merchant the time and expense of needlessly fighting it.

Card-not-present American credit card processing account holders should be familiar with the chargeback re-presentment rights that are associated with the use of the Address Verification Service (AVS), the card security codes, and with the option to provide solid information. More to the point, the acquiring bank can re-present a charged-back transaction if:

The retailer received an AVS positive match and if the billing and shipping addresses are identical.
The retailer submitted an AVS or security code request and received a "U" response code. These response codes mean that the card issuer is not available or does not support AVS or security codes.

Verified by Visa participating retailers are protected by their acquiring bank from receiving some fraud-related chargebacks. If merchants are not participating in Verified by Visa at the present time, they can contact their processor for details on enrolling.

Merchant Credit Card Account Basics

2011-06-17T16:29:00.004-04:00

When processing credit cards, there are several participants in an average transaction:

Cardholder. A cardholder is an individual to whom a card has been issued or someone who is authorized to use the card. During a transaction, the cardholder offers the card or its account number for payment in exchange for products or services.
Merchant credit card account user. This is a commercial or non profit entity or an individual that, according to a merchant processing agreement is authorized to accept bank cards and access terminals when properly presented.
Acquirer. An acquirer (processor) is a licensed Visa and MasterCard member bank that acquires the information relating to a transaction from the merchant credit card account user and submits that information for authorization. The processor also provides clearing and settlement functions to exchange funds between the retailer and the issuer.
Card issuer. An issuer is a licensed Visa and MasterCard member bank that issues bank cards or access POS terminal to consumers. Issuers are responsible for approving or rejecting authorization requests. The issuer also manages their cardholders' accounts and facilitates clearing and settlement to exchange funds between the cardholder and the processor.

Transaction Authorization

Each authorization request generates an authorization response that directs the processor or the merchant credit card account user on how to proceed with the payment. The response is usually a code that suggests the action that the retailer should take.

If the processor is available, the authorization request's response message will include a 2-digit response code. This code tells the acquirer and merchant credit card account user what action should be taken (approve, reject, refer to card issuer, pick up card, or valid).

Transaction Clearing

Processors and issuers perform clearing to exchange payment data. From the information provided during the clearing process, the Associations' systems calculate the amounts for settlement. Member banks and acquirers contracting with merchant credit card account users to accept cards are required to perform clearing to exchange payment data.

Settlement

Settlement is the process through which the money is actually exchanged. The funds are calculated as the net equivalent of the amount derived at the clearing. This money is exchanged every day between processors and issuers for the net amount of the cleared transactions. The Associations calculate in reconciliation currency the net positions of each processor and issuer that participate in the clearing process and facilitate the following two settlement functions:

Exchanging advisements.
Transferring money (when applicable).

Verified by Visa E-Commerce Credit Card Processing

2011-06-14T17:51:00.002-04:00

Verified by Visa offers cardholder authentication for merchants using e-commerce credit card processing services. VbV is based on the so-called 3-D Secure protocol and verifies the genuineness of cardholders. It enables consumers to choose a password with their card issuer, and then use it to validate themselves while making a purchase online. This helps make sure that their account number cannot be fraudulently used at an e-commerce website.

Verified by Visa E-Commerce Credit Card Processing Activation

To use VbV, consumers must initially activate their existing card with the Verified by Visa system. There are several ways they can do this:

Card issuers usually offer an online activation site.
Visa, the card issuers, and participating merchant account users can display an "Activation Anytime" banners or buttons that allow consumers to activate their bank card.
Customers can also activate cards during the shopping process, where available.

If the customer elects to activate while shopping, he or she gives information to their issuer for identification purposes. The consumer then selects a password. On future sales at participating e-commerce merchants, the consumer's VbV password will be required at checkout, limiting the potential for fraudulent use of the card.

Once VbV is activated, a customer's card is automatically identified when used for e-commerce credit card processing at participating web stores. The customer is asked for her password; the password is validated; and then the sale is completed. If the password is not validated, the cardholder is not confirmed, and an error message is displayed and the transaction must not be completed.

VbV Processing Cycle

Verified by Visa retailers need to:

Add the VbV logo on their home, security information, and checkout pages to promote secure and reliable web shopping. Use one of the following two approaches:
- Activation Anytime - This is the approach that will guide consumers directly to an page where they can activate their bank cards for the VbV service without leaving the retailer's site.
- Learn More - This approach routes customers to a service description page (on the merchant's site) where they can educate themselves about VbV and activate their cards for the service.
Add a pre-authentication notice on the checkout page to tell customers that they may be offered to activate their card for VbV.
Complete the VbV authentication process. Offer the authentication information in the authorization request as requested.
If VbV authentication fails, request payment by other means.

Processing Credit Cards at Fixed Transaction Fees

2011-06-09T17:36:00.002-04:00

Processing credit cards at fixed types of bundled percentage discount fee agreements have the problem of frequently tacking on a fixed per-transaction fee assessed by the merchant account provider on each transaction. These charges can range quite widely from just pennies to amounts higher $0.25 per item.

This type of fee must not be confused with the per-item part of the interchange rate for processing credit cards, which is covered by bundled discount rate. The acquirer might add on an additional per-item fee resulting in a total fee to the merchant of, say 3.25 percent + $0.25. This may look like an interchange fee, but the actual Interchange - which also features both a percentage and per-transaction fee – is going to be much lower! The $0.25 per-transaction fee goes directly to the acquirer as an additional fee. If the merchant account user feels this is confusing, well, it is. This kind of pricing model is unfortunately widely used by acquirers processing credit cards, and is among the leading reasons why retailers look for payment acceptance audits.

The actual cost of this per-transaction fee is in fact proportional to the cost of the item being sold. So the lower the average sale's amount, the bigger the actual cost in terms of an actual percentage. This may not be a problem for many retailers processing credit cards. Per Visa regulations, the average sale's amount of the four major card brands (Visa, MasterCard, American Express and Discover) weighted to account for market share is about $80 or so. If the client is a merchant with a low average ticket amount, however, this per item fee can pile up rather quickly. For example, the $0.25 per-transaction fee used above would cause the fee on a $10.00 item to rise by 2.5 percent, raising the overall fee to 5.75 percent. This represents an overall increase of 77 percent over the base 3.25 bundled discount rate. on the other hand, this low-average-ticket-amount retailer has an advantage over the average merchant when it comes to the absolute cost that is associated with the base 3.25 percent bundled discount. The $10 retailer will pay $0.325 in base discount, while the $80 one will pay $2.60.

Retailers processing credit cards also need to be aware of other per-item charges, such as the authorization fees, as they also can lead to an increase in the overall cost of processing a payment. So, what a sophisticated, knowledgeable retailer has learned is that discount rates, fixed per-transaction fees, and interchange all have a deep correlation to the average ticket amount. Understanding the importance of these elements usually contributes to better pricing, sales and marketing decisions.

Chargeback Policies of Credit Card Processing Companies

2011-06-07T16:25:00.003-04:00

The credit card processing companies monitor the number of disputes and chargebacks at all of their merchants and locations. If the number of disputes and / or chargebacks at a merchant or location is considered excessive, they may take action to limit their exposure.

Credit card processing companies typically chargeback by deducting, withholding, recouping from, or otherwise offsetting against their payments to a merchant or debiting the retailer's bank account, or they may inform the merchant account user of its obligation to pay them, which it is required to do immediately and fully.

Chargeback Reasons

The most typical reasons for chargebacks include:

A refund has not been issued when the customer expected it would be.
Merchandise that was ordered was never received.
A service was not provided as expected.
The customer did not participate in the purchase, which was fraudulent.
Missing or questionable customer signature.
Transaction was processed after the authorization request was declined.
Expired card.
Processing errors.

Chargeback Programs

Chargebacks can be initiated because the retailer is in one of the chargeback programs listed below. The credit card processing companies can place the retailer in any of these programs upon signing the merchant agreement, or at any time during its term.

Immediate chargeback program.
Partial immediate chargeback program.
Fraud full recourse program.

Chargeback Reversals

Merchants can request a chargeback reversal if it was applied in error. In order for the credit card processing companies to consider the request, the retailer is required to:

Have responded to the original information inquiry within the specified time frame.
Request the chargeback reversal within twenty days from the date of the chargeback, and
Provide all relevant supporting documentation to substantiate the error.

If the chargeback is applied under any of the above mentioned chargeback programs,the chargeback reversal may only be requested if the retailer proves that a refund was already issued to the customer for the amount of the disputed sale.

How to Receive Inquiries and Chargebacks

The credit card companies have a wide array of options for the exchange of transaction information with retailers. In addition to the old-fashioned paper by mail method, retailers could be able to receive and reply to information inquiries and chargebacks using various web-based tools, which are usually issuers' preferred method of handling customer disputes and chargebacks.

How to Respond to Chargebacks

Merchants can respond to information inquiries via online tools, fax and mail depending on how they receive the copy request.

Credit Card Payment Processing Life Cycles

2011-06-02T12:35:00.004-04:00

The following chain of interactions illustrates the credit card payment processing life cycle for MasterCard and Visa transactions, both in card-present and in card-not-present environment. Processing interactions and activities can vary slightly for any given retailer, merchant bank, or card issuer, based on factors including card and transaction type, as well as the type of payment processing system used.

Credit Card Payment Processing Life Cycles

Following are the stages of the bank card transaction process:

The customer presents a bank card for payment for purchases. In a card-not-present environment, the consumer provides the retailer with the card number, expiration date, billing address, and card security code.
The retailer swipes the card, key-enters the transaction amount, and submits an authorization request to the acquiring bank. For card-not-present settings, the account number and other data may be digitally-entered.
The acquiring bank electronically routes the authorization request on to MasterCard's or Visa's payment system.
The Association (Visa or MasterCard) routes on the request to the issuer.
The issuer approves or rejects the transaction authorization.
The Association routes the issuer's authorization response to the acquiring bank.
The acquirer forwards the response to the retailer.
The retailer receives the authorization decision and completes the payment accordingly.
The retailer deposits the sale's receipt with the acquiring bank.
The acquirer funds the retailer's account and electronically sends the transaction to Visa or MasterCard for settlement.
At this point the Association either:
- Facilitates the settlement or
- Pays the acquiring bank and debits the issuer's account, then immediately sends the transaction to the issuer.
The card issuer now:
- Posts the payment to the cardholder's account and
- Sends the monthly credit card statement to their customer.
The cardholder receives the statement and makes a payment.

Retailers or their agents that collect, save, process, or transmit transaction information are not permitted to store sensitive authentication data (contained in the card's magnetic stripe or chip). Card security codes (CVV2, CVC 2 and CID), or PIN Verification Value (PVV), even in cases when it is encrypted. Once an authorization is processed and a decision is received, whether an approval or rejection, such information must no longer be on file. The only details of the magnetic stripe that are allowed to be stored are customer name, 16-digit account number, and expiration date. This requirement applies to both face-to-face and non-face-to-face types of operations.

Best Practices to Accept Credit Cards Over the Phone

2011-05-30T17:47:00.002-04:00

Industry regulations state that merchants are permitted to accept credit cards over the phone or in the mail, provided they follow the procedures disclosed in this article for the processing of such card transactions. First of all, it should be understood that the floor limit of all telephone and transactions is zero and retailers are required to obtain authorization approvals for each one such sale. Retailers need to also document the card transaction and send the sale data to the credit card company or association as described below. Additionally, for each merchant, the transaction form will indicate if their payment programs are primarily telephone and or mail order (MO / TO) sales.

Validating Cardholder Identity

For each mail or telephone order card transaction, the retailer should verify the address of the cardholder associated with the card account and validate the location for shipping with the customer by using the address verification service (AVS) procedures.

Documenting Payment Card Transactions

When they accept credit cards over the phone or by mail, retailers need to obtain the following data from their customer for each sale:

Customer name.
Customer's 16-digit card number.
Card' "good-through" date.
Customer's shipping address.

The merchant must keep all such information, together with the delivery date, for the document retention period that is stated in the merchant processing agreement. Retailers need to communicate the expected date of shipping to the consumer at the time of each telephone order being placed and then upon request by the consumer or the issuer.

Communication of Transaction Information

When you accept credit cards over the phone are required to communicate the transaction information to their processing provider each day in the form and format that is specified. All transaction information needs to be communicated to the processor through an electronic means of transmittal. The retailer is not allowed to transmit transaction information to the acquirer for items or services purchased by a customer until the product or services have been delivered or furnished to the consumer or at the very least have been shipped. The retailer is allowed, however, to accept a card for a deposit on a sale of item or services and the merchant is permitted to communicate the transaction data pertaining to such a deposit before the time of shipment or delivery of the item or services bought in such a sale.

You will need to follow the above guidelines for all of your phone sales and you will be sure to do itright every time and prevent customer disputes and chargebacks.

Recurring Non-Profit Credit Card Processing Basics

2011-05-20T19:44:00.002-04:00

If non-profits take credit cards for donations on a recurring or installment basis, they have to be compliant with all appropriate rules for the processing of each individual card installment. A recurring or installment type of plan is defined as an obligation that could be for a variable or fixed amount, that is agreed to by a customer and paid for with a chain of payments over certain time period.

Recurring Non-Profit Credit Card Processing Requirements

Non-profit credit card processing must comply with a series of requirements for amounts billed to a single card account in relation to a recurring or installment sales arrangement. If a non-profit entity fails to achieve compliance with any one of these rules, or if a donor submits a dispute at any given time over any installment of a recurring plan for the merchandise or services that the non-profit has agreed to perform in connection with it, the issuing bank can, if it decides, charge back the amount of the installment, as well as any preceding installment.

Installment Authorization Approval

Non-profits must obtain an individual authorization approval from the card issuer for each one of the installments billed to a card in relation to a recurring or installment arrangement and the retailer must get this approval before depositing the transaction data with the processor. If the issuing institution authorizes a given installment, this should not be seen as an insurance that any other installments would be either approved or paid.

Consumer Approval

The retailer must obtain the consumer's approval for each recurring installment. Keep in mind that a verbal termination request is all that is required from the cardholder to cancel a recurring plan. The consumer's approval should provide all of the following information:

Consumer's name, billing address and card number.
The amount of each single installment, unless it changes.
Time frame or frequency of the payment installments.
Length of time for which the consumer authorizes the card acceptor to bill installments to his card account.
The non-profit entity's merchant account number with the processor.
Card's date of expiration.
Installment's single amount.

Recurring Non-Profit Credit Card Processing Rules for Submission of Transaction Data

The payment information that the non-profit entity sends to the processor must be in compliance with the acquirer's requirements. If the merchant agreement is canceled, the non-profit must not submit information for installment types of payments that are payable after the termination's effective date. If a consumer who agreed to an installment plan gets his card terminated, the non-profit should not submit sales information for it as well.

How to Accept Credit Cards Online and In Person

2011-05-18T18:44:00.003-04:00

Payment processing has to be done in compliance with a set of requirements established by the bank card networks and companies that are mandatory for all merchants, operating both in card-present and card-not-present environment. Listed below are the main guidelines on how to accept credit cards online and in person that retailers need to adhere to.

Card "Good Through" Date

Retailers need to always inspect the "good through" date on the front of the offered card. You can accept credit cards online and in person if the current date is prior to the expiration date listed on the card. If the card has passed the "good through" date, the merchant is not permitted to take it for payment and is required to contact its merchant account provider's authorization center.

Card Signature

The retailer has to always validate that the customer has signed the bank card where required on its back and verify that the consumer's name as signed is the same as the one printed on the face of it.

If the offered card has not been signed, the card acceptor will need to ask for two ID documents, of which one must display a photograph of the consumer (a driver's license would answer perfectly). Whenever the merchant has verified that the person offering the card is actually the valid cardholder, the consumer will have to be requested to provide a signature where needed.

Approval of Transaction Authorizations

If the retailer does not accept credit cards online but in person, it will need to route the full data taken from the magnetic stripe, together with its transaction authorization request through a swipe of the payment card through the processing terminal. If the POS machine is unable read the data from the magnetic stripe and the merchant has to resort to manually entering the transaction details in order to ask for authorization, the retailer needs to also obtain a physical imprint of the front of the card as evidence that it was available during the interaction. If, however, the card acceptor is unable to obtain a physical imprint for some transaction or other, the issuing bank will be able to charge back the transaction free of recourse.

Whenever the processing machine is not able to communicate with the processing bank's electronic authorization system, the card acceptor is required to request one by calling its acquirer's voice authorization center.

For payments for items or services that are delivered or offered or also for payments made back to the retailer in excess than 30 days past the date on which the order was placed, the merchant is required to request an authorization approval both when the order is made and then additionally immediately prior to the item being shipped the services provided to the consumer.

How to Accept Credit Card Transactions

2011-05-13T17:00:00.003-04:00

When you accept credit card transactions, there are multiple interactions occurring among multiple participants. There are three basic processes that make up each transaction:

Authorization is the process through which card issuers either approve or decline each individual bank card transaction.
Clearing and settlement are the processes that involve the electronic exchange of transactions between acquiring banks and issuers as follows:

Transaction data is exchanged between the acquiring banks and the issuers for posting to the cardholders' statements.
The payment for each transaction is processed from the issuers to the acquiring banks to be later credited to the card acceptors' account.

The following article will review how merchants accept credit card transactions in both face-to-face and non-face-to-face environments. Payment processing occurrences and activities can possibly vary insignificantly for any one card acceptor, processing bank, or card issuer, depending on card type or transaction environment, as well as the POS system used.

How to Accept Credit Card Transactions: Transaction Authorization

Here is the credit card transaction authorization process:

The customer offers a bank card to pay for an item. For non-face-to-face transactions, the customer gives the retailer he account number, address, expiration date and card security code.
The card acceptor swipes the card, keys in the dollar amount, and routes an authorization request to the processing bank. For non-face-to-face payments, the account number and the other data can be digitally entered online or key-entered.
The acquiring (processing) bank routes the authorization request on to MasterCard or Visa (the Association).
The Association sends the request on to the card issuer.
The issuer authorizes or declines the transaction.
The Association routes the card issuer's authorization decision to the acquiring bank.
The acquirer sends the response on to the card acceptor.
The card acceptor receives the authorization decision and finalizes the payment accordingly.

How to Accept Credit Card Transactions: Clearing and Settlement

For authorized transactions the payment process goes as follows:

The card acceptor deposits the payment receipt with the acquiring bank.
The acquirer credits the card acceptor's account and then submits the transaction to the Association for settlement.
The Association facilitates the settlement, pays the acquiring bank and simultaneously debits the card issuer's account. Only then does it send the payment receipt to the card issuer.
The issuer posts the payment to the cardholder's account and issues the monthly statement.
The cardholder gets the statement and makes the payment.

Merchant Account Services Data Compromise Management

2011-05-06T11:46:00.002-04:00

Merchant account services data compromise event (ADC) is an instance that results, in some way or other, in the unallowed access to personal card account information. A potential ADC event is an instance that may lead to, in some way or other, to the unpermitted access to card account data.

Data security failings in an online payment processing setting does not necessarily have to be known. Still, there can be indications of an information security breach, unallowed access, or probable signs of misuse of data within the credit card processing setting that may be indicating an ADC occurrence or a potential ADC event. The list below shows a few such events:

Internet connections from an internet protocol (IP) address that is not business-related or an inbound internet connection coming from locations that have no sort of business relationship to the potentially affected business or an outbound web connection to a not business-related IP address or country or both.
Access from an unidentified or a not active user's ID or inordinate user activity.
Discovering of malware, suspicious programs or files in an environment, or unusual action or volume in the processing systems.
SQL suspicious action on web-facing systems.
Point-of-sale (POS) devices and ATM machines displaying indications of tampering.
Key-logging activities discovered.
Card-skimming devices discovered.
Lost or stolen sales receipts.
Lost or stolen payment card information.
Lost or stolen PCs, laptops, hard drives, or any other electronic machines that store bank card data.
Files featuring bank account information mistakenly communicated to an unauthorized party.

If any action related to any of the above features is found, it is necessary to immediately begin an investigation.

Once the ADC occurrence is reported, the requesting party has to monitor the ADC reporting activity form status codes. If the respective Credit Card Association gets a report of a potential ADC occurrence or an ADC event, it can validate the data shared by the affected bank via the ADC Reporting Form. When possible, the Card Network will cooperate with the processing banks of record to make sure there is compliance with the rules.

Registered bank users from the respective acquiring bank need to access the ADC Reporting Form over the web within no more than five days of the received e-mail by using the step-by-step process below:

Logging in.
Navigate to "My Products" in the "Products" drop-down list.
Choose "Association Alerts."
Select "Yes" in the "Security Warning" option box. The "Association Alerts" disclaimer page will open up.
Examine the disclaimer, and then select "Agree" if you agree to the terms.
From the list on the the "Association Alerts" page, choose "ADC Summary."
From the "ADC Summary" section, choose the number that is the same as the one in the e-mail notification.
Choose the "Section B" tab and populate the data fields requesting the processing bank's contact information.
Select "Save."

Credit Card Merchant Account Partial Authorizations

2011-05-03T12:15:00.004-04:00

Any time the available balance on a cardholder's debit or prepaid card account is lower than the transaction's amount, partial authorizations enable credit card merchant account holders to complete a sale by taking the remaining available balance on the originally presented card, plus another form of payment, such as cash or yet another card. This type of transaction is called a "split tender" sale.

Whenever a prepaid payment card that is also used as a gift card or an incentive type of card, the available balance will be communicated by default to the merchant's point-of-sale (POS) device where it may be printed out on the sales receipt.

How Credit Card Merchant Account Partial Authorizations Work

Following is the step-by-step process of managing a partial authorization request:

The cardholder's debit or prepaid card's available balance is lower than the sale's amount.
The merchant submits a credit card processing authorization request for the entire transaction's amount (not adding the tip, though) with an indicator for a Partial authorization.
Because of the insufficient balance, the card's issuer will send a partial authorization approval back to the merchant.
The merchant's POS device identifies the received response code and subtracts the partially approved amount from the entire sale's amount. Bear in mind that if there is a full service setting, the POS machine prints out two receipts - one displaying the partial authorization sale's amount (not including a tip line), and another one showing the residual amount due and the tip line to indicate that the amount is still due.
The customer pays the balance due of the transaction's amount using another form of payment.
The transaction is finalized and a receipt is printed out, showing the split tender amounts. If, as it is with a Balance Return response, the available card balance is also indicated, however it can be formatted as displayed below to keep cardholder privacy:
- If the indicated account balance is less than $200, the POS device prints the exact balance on the receipt (i.e., "Balance Remaining: ($69.37").
- If the displayed remaining account balance is higher than $200, the POS device prints a "Confirmed" indication, rather than the outstanding dollar amounts (that is, "Balance Remaining: Confirmed").

Protect Your Credit Card Merchant Account from Fraud

While requesting the transaction authorization and waiting for the response, use the time to inspect the card's security features. Any sign of tampering with the card may indicate that you are handling a counterfeit card.

If you receive an authorization approval response, yet still suspect possible fraud, you may have to make a Code 10 call to your processor. You will then be routed to the card issuer's own authorization center and one of their representatives will ask you a series of questions to validate the transaction. Then she will instruct you on how to proceed with the transaction.

High Risk Merchant Account Visa Chargeback Management

2011-04-28T15:35:00.002-04:00

Each Credit Card Association (Visa and MasterCard), as well as Discover and American Express, have designed and implemented their very own high risk merchant account programs for monitoring and handling of the chargeback ratios of the card acceptors processing their cards.

Visa, for example, monitors the chargeback rates of all commercial and non-profit entities processing their cards on a monthly basis and informs the affected acquiring banks (also known as processing or merchant banks or simply an acquirer) any time one of its merchants reaches or goes above the level of excessive chargeback rates. Visa views a chargeback ratio of one percent or more as excessive.

Whenever it is notified of a retailer with an excessive chargeback ratio, acquiring banks are mandated to take strong actions in order to lower the business' chargeback level. Exactly how this is achieved will depend on the mutual interaction among a number of factors, including the business type, processing amounts, geographic location, and other high risk merchant account factors. Often retailers are mandated to provide their sales staff with additional training on payment processing procedures. Retailers can also be requested to work with their processing banks to devise and implement a convincing chargeback-minimizing plan.

Visa can assess severe penalties on acquiring banks that are not able to decrease their retailers' excessive chargeback ratios. Visa has devised two different chargeback management programs:

Merchant Chargeback Monitoring Program (MCMP). MCMP keeps track of chargeback levels for all merchant banks and retailers on a monthly basis. If a retailer exceeds excessive chargeback rates, Visa contact the affected merchant bank in writing. MCMP is applicable to all high risk merchant account users who have more than 100 total monthly transactions, including sales, credits, etc., over 100 chargebacks, and an overall chargeback-to-sales rate of 1 percent or greater. The initial notification for an excessive chargeback level for a given retailer is viewed as a warning. Visa charges fines only if corrective actions are not provided within a pre-determined period of time to get the chargeback level back to lower rates.
High-Risk Chargeback Monitoring Program (HRCMP). HRCMP is precisely developed to minimize excessive chargeback ratios by high-risk merchant account holders. Such retailers include ticket brokers, timeshare advertising services, travel agents, tour operators, pyramid or multi-level marketing distribution, outbound telemarketing merchants, payment facilitators, internet payment services, etc. HRCMP is applicable to all high-risk merchant account holders with more than 100 total transactions per month, including sales, refunds, etc., greater than 100 chargebacks, and a total chargeback-to-transaction ratio of 1 percent or higher. Unlike the MCMP, under the HRCMP, there is no warning period and fees of $100 per sale are imposed right after a retailer has been caught with an excessive chargeback ratio.

Visa additionally monitors international sales and chargeback ratios through its Global Merchant Chargeback Monitoring Program (GMCMP).

Wireless Payment Processing Services Platforms

2011-04-26T12:31:00.002-04:00

As their name implies, wireless payment processing services platforms enable businesses and non-profit organization to accept credit cards and other forms of electronic money on wireless devices, enabling the processing of payments at locations outside of stores and offices. Depending on the kind of wireless payment processing service, the wireless terminals will be operating on either short- or long-range signal networks to transmit the transaction data collected by the device from the bank card’s magnetic stripe.

There are two primary groups of wireless payment processing services:

Long-range wireless payment processing. Long-range mobile platforms utilize the same wireless networks that mobile phone carriers use for transmitting their customers' voice and data exchanges. This type of service is available everywhere the network's signal can be caught. It is the best solution for card acceptors that often accept credit cards at their customers' places of operation or at industry conferences and similar kinds of events.
Short-range wireless payment processing. Short-range mobile devices utilize the same wireless services that cordless phones use. The wireless processing terminal can be used within a radius of a few hundred feet from the location of its base unit that is connected to a phone land line. The short-range wireless payment processing services is ideal for card acceptors with limited wireless requirements, that is businesses who need credit card processing capabilities at various locations all over their premises.

There are many great advantages to using wireless solutions for processing credit card payments, including:

Alternative card acceptance options. A wireless payment processing service enables businesses to quickly accept card payments at trade shows, industry gatherings or on their customers' own premises.
Improved fraud detection. With a mobile terminal the cardholder remains in physical possession of the card throughout the transaction, thus minimizing the probability of a fraudulent activity taking place.
Limited processing costs. As mobile transactions are accepted in the safer card-present setting, they typically receive the lowest processing rates available.

There are also a few disadvantages of using wireless payment processing platforms that card acceptors need to be aware of:

High terminal cost. The cost of wireless terminals is much higher than that of regular point-of-sale (POS) machines and can be the biggest factor in your decision, especially if your card acceptance volumes are low.
Carrier signal presence. Usually listed as the number one drawback, carrier signal presence is constantly being improved. Card acceptors will have to check the availability and strength of the network that your prospective processor is using in the particular area you will be working at prior to setting up a wireless payment processing account.

Managing Invalid Chargebacks with an E-Commerce Merchant Account

2011-04-21T18:11:00.003-04:00

Charged-back sales are bad business for everyone involved in the process and the Credit Card Networks of Visa and MasterCard have set up sophisticated chargeback verification systems that greatly reduce chargeback rates and greatly improve the chargeback process. These procedures can also help limit frivolous customer disputes and especially invalid chargebacks, limiting their negative impact on the business' bottom line in the process.

Managing Invalid Chargebacks with an ECommerce Merchant Account

Whenever Visa or MasterCard detect an invalid chargeback, they immediately return it to the card's issuer that initiated it, and the business and its e-commerce merchant account provider will never see it. Most of these providers have also set up systems that regularly review exception items, enabling them to resolve problems before a chargeback is initiated. Together, these systems make sure that the chargebacks that businesses receive are valid or that these that get through can only be resolved by the merchant.

At the same time, even though chargeback validation systems are becoming ever more sophisticated and reliable, there is always a chance that an invalid chargeback will find its way around the system and into your transaction processing statement. In addition, a chargeback may get through the validation systems, as it meets the e-commerce merchant account provider's requirements, and still be invalid. In such cases you need to follow through as fast as possible and re-present your supporting evidence (e.g. sales receipt, invoices, etc.) to your online payment processing provider as a proof that the sale was valid.

Invalid chargebacks simply cannot be entirely eliminated but you can substantially minimize their number by implementing and following through with a set of best practices for credit card acceptance. The way you accept and process credit card orders and other types of electronic payments must be compliant with Visa and MasterCard regulations that were set up precisely to help you limit chargebacks and downgrades (the process of processing non-compliant payments at rates that are much higher than your headline rate).

If the rate of invalid chargebacks is consistently high, even though you have expended all these efforts to limit them and you have received help from your e-commerce merchant account provider, it may just be possible that your processor lacks the expertise to resolve the issue and your best course of action may be to move to another service provider. Make sure that you do your due diligence when evaluating the different prospects and consider all sides of their service. Contact businesses that are currently using your prospective processing provider's platform and try to gauge their rate of satisfaction. Bear in mind that the right processor can save you money and help grow your business.

Online Payment Processing Fraud Prevention

2011-04-19T15:31:00.002-04:00

Regular readers know full well that, as far as fraud prevention goes, card-not-present transactions are much more challenging in that they are very different from the ones that businesses operating in a face-to-face setting face. Because online payment processing is by definition done in the virtual world, the business never gets to see and examine either the card or the customer.

There are, however, a great number of services and best practices that, if implemented consistently and followed scrupulously, will help direct marketing merchant account users and their e-commerce counterparts limit fraud and improve their bottom line.

Online Payment Processing Fraud Prevention Guidelines

If you accept credit cards in a non-face-to-face environment, implement the following
suggestions when processing each of your transactions:

Obtain authorization approvals for all transactions. The floor limit for all non-face-to-face transactions is zero and that means that you need to receive an authorization approval for every single one of them, regardless of the transaction amount.
Get the expiration date. Always have your customer to provide her card's expiration date. This is used as a way to verify that the customer is in a physical possession of her card during the time of the transaction.
Get the card security code. Card security codes are the 3- (for MasterCard, Visa and Discover cards) and 4-digit (for American Express cards) non-embossed codes on the back (for MasterCard, Visa and Discover) or the front of a bank card (for American Express). Having the card security code in a non-face-to-face transaction is another and very powerful way to validate that your customer is in physical possession of her card. Keep in mind that you should never save the card security codes anywhere in your system. It is forbidden by the Credit Card Networks and violators, if caught, will be assessed steep fines.
Use the Address Verification Service (AVS). The (AVS) enables card acceptors to validate the authenticity of the billing address that a customer has provided at the checkout. It does that by sending the provided address, through the Credit Card Networks, to the card's issuer. The issuer then compares the submitted address to the one it has on file for its own cardholder and responds by issuing a response code that details the result of its investigation.

Implementing the above mentioned fraud prevention services and procedures will help minimize fraud and limit chargebacks. Contact your online payment processing provider if you need additional information or help.

How to Accept Online Payments with AVS

2011-04-15T17:58:00.004-04:00

AVS (Address Verification Service) is a widely utilized fraud prevention tool that enables merchants to accept online payments in a way that enables them to verify the billing address provided by the customer by matching it to the one on file with the card issuer.

How Accept Online Payments with AVS

Using the AVS is very simple, provided your credit card processing company has set up the service for your company. First ask that the consumer provides his billing address and submit the data, along with the other needed payment data, to your acquirer for authorization approval. If you support AVS, the cardholder's address will be sent on to the issuer for verification. The issuer will then compare it to the one it has on file for its own cardholder and will respond by routing back an AVS Response Code.

AVS and transaction authorization are processed simultaneously and, within just a few seconds, the retailer will receive the two results.

AVS Responses and Explanation

AVS Response Code	Explanation
X - Exact Match	The address and the 9-digit ZIP match. So if all other fraud results raise no suspicion, just process the transaction.
Y - Match	The address and the 5-digit ZIP match. Again follow the instructions above.
A - Partial Match	The address is the same, but the ZIP is not. This is a sign of a possible fraud. You may want to do some additional investigation before reaching a decision.
Z - Partial Match	The ZIP matches, but the address does not. This is again a sign of a possible fraud, so just follow the instructions stated above.
N - No Match	Neither the address nor the ZIP are the same. This is a solid sign of possible fraud. You will have to take additional verification steps.
U - Unavailable	The issuer's verification system is not reachable and the address cannot be verified. You will need to make a decision without the AVS result.
R - Retry	The issuer's system is unresponsive. You need to try again later.
U - no AVS Support	If the issuer does not support AVS, you will need to reach a decision on whether to go forward with the transaction or not based on the other data you have available.
G - Global	The address is not in the U.S. where the AVS service cannot be used. You will have to take additional steps to verify the legitimacy of the transaction, provided you accept payments from abroad.

Remember that if a payment was authorized and the AVS Response Code was "U" (no AVS support) and the transaction is charged back to you, your processor can re-present it again. In the U.S. issuers are required to support AVS or else they simply lose their right to fraud-related chargebacks for virtual transactions.

Basic Facts about Payment Gateways

2011-04-12T17:08:00.002-04:00

I have seen a ton of inquiries coming into our company's mail box over the past few weeks that convinced me that I need to offer a refresher on the basics of payment gateways. This article will detail what they are and do and go over the payment process.

Payment Gateway Basics?

Payment gateway is an internet-based service that transmits payment information from an e-commerce website to a processing bank. In short, it is the internet equivalent of the brick-and-mortar point-of-sale machines that is used by physical retailers in face-to-face payment processing settings. The so collected data are encrypted to make sure that the sensitive data is transmitted in a secure fashion.

Payment Gateway Transaction Process

Payment gateways connect the website's shopping cart (you need to have a shopping cart) with the acquirer's back-end system. The payment stages are as follows:

A visitor on your website places an order on an e-commerce website and provides his or her credit card account information.
The payment details is encrypted using a service called secure socket layer (SSL) and forwarded on to the merchant's server.
The payment gateway now collects the payment information and, after yet another SSL encryption, sends it on to the merchant account company's server.
The acquiring bank at this point forwards the payment information to Visa or MasterCard.
If the consumer has used a Discover or an American Express credit card, the card issuer also serves as a processing bank and makes a decision on whether or not to approve authorization of the payment and then sends its response back to the merchant.
The Credit Card Network (Visa or MasterCard) sends the payment data on to the card issuer.
The card issuer either approves or declines authorization of the payment and routes its response via a code (using the exact same channel) back to the acquiring bank. The authorization responses for declined transactions also offer details for the reason the transaction did not get authorized.
The acquiring bank now routes the response code (again through the payment gateway) to the e-commerce website where it is shown to the cardholder.

The process may sound complicated, but in its entirety, from submitting the payment to receiving the response code, only takes seconds.

The merchant now provides the service or ships the product and then deposits the payment. It is incredibly important that transactions do not get settled prior to the merchandise being shipped. If your customer sees the amount on her statement or payment activity log (now accessible online in virtually real time), prior to receiving the item, the sale may be disputed, setting in motion a chargeback process.

Online Credit Card Payment Processing Set-up Cost

2011-04-06T16:23:00.002-04:00

In order to set up an online credit card payment processing service, a business needs the following:

An up-and-running website with a valid SSL certificate to encrypt sensitive account data.
A shopping cart to enable customers to organize their shopping selection.
An e-commerce payment gateway - the online equivalent of a physical credit card machine that facilitates the transmission of data between the website and the acquiring bank, quickly and safely.

The first two items should be supplied by your website designer. The payment gateway service should be offered and set up by the online credit card payment processing provider. The merchant should not be charged for any application or set up fees. There will most likely be a monthly gateway fee for the gateway that should not be in excess of $15 a month. There is another service fee that the card acceptor will be charged on a monthly basis and it goes by different names. Whatever it may be called, the merchant should not be paying more than $15 for it.

Also the merchant should not be asked to pay anything until the service is actually set up and usable. The biggest consideration, however, as far as fees are concerned, should be the credit card processing rates. The merchant should carefully examine the pricing proposals prior to making any decision on which service provider to choose. I would advise that the card acceptor contacts at least a dozen different processing providers and request a detailed pricing proposal from each one of them. The online credit card payment processing cost is made up of several components and the merchant needs to know precisely how much it will be paying for each one of them. Following below is a list of the most typical fees and charges associated with a web-based merchant account:

Discount rate - the fee a merchant is charged by its processor for accepting card transactions.
Authorization fee - a "per-transaction" fee.
Application and set up fee.
Monthly statement fee.
Support fee.
Payment gateway fee - unique to the online credit card payment processing accounts.

If the merchant sees any other fees in the pricing proposal, it will most likely be best to look elsewhere for a processor. Moreover, when evaluating a new pricing proposal, each prospective acquirer should provide a comparison table on how its fees stack up against the competition. Remember, you have plenty of choices, so don't rush into a decision, although that is precisely what the processor will want you to do.

Requirements for Merchant Processing Services Providers

2011-04-01T16:04:00.002-04:00

Merchant processing services providers allow for-profit and non-commercial institutions to take credit cards, debit cards, checks and other methods of payment online, over the phone or in person. Whatever the card acceptance circumstances, a credit card processing service is needed to facilitate the process.

How Do you Become a Merchant Processing Services Provider

In order for an company to become a merchant processing services provider, it first has to be licensed by the Credit Card Associations of Visa and MasterCard. The registration process involves an examination of the credit files of both the applicant organization and its owners, a review of the business and marketing plans of the applicant. If the application is approved, the applicants are charges registration fees currently at $5,000 for each Association.

Why Don't Banks Do That

Well, actually some banks do offer merchant merchant processing services directly to the end clients. They are all members of MasterCard and Visa and can do that. However, they prefer contracting with third parties and focusing instead on what they do best: moving money around. By outsourcing the job, the bank assumes the role of a sponsor of the third party entity throughout the application process with the Associations.

>Merchant processing services providers are known in the industry as Independent Sales Organizations (ISOs) when they are registered by Visa and as Member Service Providers (MSPs) when they are registered by MasterCard. Typically, businesses apply at the same time for the two licenses, using the same sponsor bank.

ISO / MSP Relationship with the Processing Bank

Upon approval of the application, the sponsor bank becomes a "processing bank" for the newly fledged ISO / MSP. That means that the bank processes the sales and credit transactions generated by the merchants, signed up by its merchant processing services provider. Moreover, the processor is also responsible for the funding of the transaction amounts to the merchant, once it has subtracted its own processing fees as well as the interchange fees charged by the issuers of the cards. At the same time the processing bank sends a payment request, through the Associations, to the card issuer.

ISOs and MSPs are mandated to prominently identify the name of their processing bank (or banks in some cases) on all of their marketing materials, including all website pages. ISOs / MSPs typically display this statement in the footer of their websites, which makes it clearly visible from all pages.

Once registered, merchant processing services providers can contract with their own sales agents to look for merchants. These sales agents can only promote themselves as representatives of their ISO / MSP.

Merchant Credit Card Processing Fees for Online Merchants

2011-03-29T16:49:00.003-04:00

Internet businesses pay higher processing rates for their merchant credit card processing services than physical retailers. This is a fact that I suspect will come as no surprise to you. The reason for the discrepancy is that card-present transactions are far more probable to lead to customer disputes than card-present ones. This is bad because customer disputes all too often result in chargebacks, which are incredibly costly for both the merchant and the merchant account provider.

Why Are Chargebacks Bad?

The problem is that if chargeback rates are allowed to go over 1% of the total transaction number, the credit card processing service will be suspended by the Credit Card Associations. Or that is what the rule says. In practice, however, the processor will suspend the account well before the ratio comes anywhere close to 1%, because it too will be fined by the Visa and MasterCard, if it exceeds it.

So you can see that the excessive rates that card-not-present transactions are processed at are in effect an insurance against future chargebacks.

Card-not-Present Fee Guidelines

Listed below are the various fees that make up the total processing cost for e-commerce merchants, as well as our suggestions for what would be reasonable to agree to for each one of them:

Discount rate. E-commerce processing fees have fallen drastically over the pastdecade and you should not be paying anything more than 2.14% for credit and 1.94% for debit card transactions for regular consumer types of cards. Special types of cards, e.g. business-to-business, commercial, purchase, etc., are usually processed at higher rates. However, much of that would depend on the pricing structure used by your service provider. Some acquirers, for instance, will provide you one rate for credit and debit cards. The problem here is that debit interchange rates are much lower, so in such cases you would be overcharged. A better choice would be the cost-plus pricing model, where your acquirer's fees will be added directly to the interchange fees, so ensuring that no transaction costs you more than it should.
Per-item fee. You should not be charged more than $0.30 per transaction.
Application processing and service set-up fees. You should not be agreeing to any such fees!
Payment gateway set-up and monthly fees. E-commerce payment gateways are tools that connect e-commerce websites with the payment processor's back-end systems and transmit payment data between them. The most widely used gateway is Authorize.Net. You could be able to have it set up at no charge and your monthly fee should never be above $20.
Monthly maintenance fee. This fee can have a variety of names, but whatever it is, you should not be paying anything more than $10, preferably $0.
PCI fee. This fee could be charged monthly or annually. Usually it is in the range of $99 - $199 a year.

You should always evaluate your pricing model as a whole, taking into account all of its components, rather than basing your decision on how much a particular service costs.

Credit Card Services for Cruise Lines

2011-03-25T15:40:00.002-04:00

Managers of cruise line businesses need to follow credit card services procedures that are somewhat different from these required of most other cad acceptors that take credit cards in retail stores or other traditional types of settings.

In this short post I will examine the best practices that you should implement each time you accept a card payment to help you achieve the lowest possible processing rates:

Get an authorization approval for any on-board charges that were not originally authorized. To obtain an additional transaction authorization approval from the card issuer for the amount that your customer has incurred on board of the cruise liner:
1. Implement regular authorization procedures to get an approval for the additional amount.
2. If your authorization request is declined by the issuer, do not push the payment through, but instead ask your customer for another method of payment.
If the additional authorization request was not approved, only submit for settlement the amount that is already approved. The following best practices for transaction settlement will help you minimize customer dispute and chargeback rates, which will lower your processing costs and potential losses from declined authorizations. In particular, you will need to:
1. Only settle the approved authorization amount, leaving out any of the on-board charges, for which authorization from the issuer has not received.
2. Ask your customer that he provides a different form of payment for the rejected additional amount.
If the amount of the initially approved authorization is bigger than the real final cost of the service, submit an authorization reversal for the overcharge. To finalize the settlement and to ensure that you do not overcharge your customer, you will have to issue an authorization reversal for the excessive amount.
How to use the final authorization and the 15% rules. At the check-out at the end of the cruise, transaction authorization is only needed in the following instances:
1. If, for one reason or other, you did not obtain an authorization approval at the beginning. If that is the case, authorize the whole transaction amount.
2. You did get an authorization approval initially, but the final amount is bigger than the initially authorized amount. It is here that you will need to use the 15% rule to see if you need to request an additional authorization approval. Here is a step-by-step guide on how this is to be done:
  1. Begin by adding 15% to the initially authorized amount.
  2. Compare the sum you received above to the final transaction amount.
  3. If the final transaction amount is bigger than the sum you received, you will have to request an authorization approval for the difference.
Disclose and obtain acceptance of all terms and conditions of the sale. It is really critical that visitors to your website fully understand the terms and conditions of the sale, prior to placing an order. In particular, these details will have to be disclosed:
1. The total sale's amount, with all booking fees and other charges.
2. How these additional charges will be posted on your customer's monthly card statement.
3. When and how these charges will be applied.
Now that you have disclosed your terms and conditions, you need to get the consumer to agree to them, before taking her to the checkout to complete the transaction.

How to Take Credit Cards At Hotels

2011-03-21T16:59:00.002-04:00

Credit card acceptance at hotels, motels and other lodging types of businesses is done differently than it is at most other businesses. The are specific rules on how to take credit cards that need to be followed. Hotel managers and owners will have to be familiar with these rules and able to implement them into their credit card processing procedures.

The reason for these peculiarities is that credit card processing at hotels and motels follows a slightly different path than transactions at other types of businesses. In this article I will offer a step-by-step guide on exactly how to do it:

Often a customer will extend her stay. When that happens or, if additional charges have been incurred, there will be a need to obtain an additional authorization approval for the difference, not for the total final amount. Keep in mind that you have already received an authorization approval for the original amount and there is no need to do it again. Following are the guidelines on how to do this:
1. Keep in mind that for the additional amount you will need to follow your standard transaction authorization process for obtaining an approval.
2. Sometimes your authorization request for the additional amount will be rejected. When that happens, do not submit the payment for settlement. Instead ask that your customer provides an alternative form of payment (another card, check, etc.) for the additional charges.
If you have not received an authorization approval for the additional amount, only deposit for settlement the originally authorized amount. If the authorization request for the additional amount was declined, you should:
1. Only settle the amount that was originally authorized, without including any amount for which authorization was rejected.
2. Immediately call your customer and demand an alternative form of payment for the amount for which authorization was declined.
Request an authorization reversal if the originally authorized amount is greater than the final cost of your service. In such cases, you will have to request an authorization reversal for the balance between the originally authorized amount and the actual cost of the hotel stay.
Understand and use the final authorization and the fifteen percent rules. Be advised that at check out, authorization approval is required in the following circumstances:
1. You did not obtain an initial authorization. If that is the case, issue an authorization request for the total amount.
2. You did obtain an authorization approval originally, but the final amount is greater than the authorized one. Whenever this is the case, use the fifteen percent rule to estimate whether or not an additional authorization approval is needed. Here is how to do this:
  1. Add fifteen percent to the already authorized amount.
  2. Compare the so-received total to the final transaction amount.
  3. If the final transaction amount is greater than the newly calculated total, you need to request an authorization approval for the difference between the initially authorized amount and the final transaction amount.
Require that your customers accept the terms and conditions of the sale. You need to inform your customers what all of the terms and conditions of the sale are prior to them completing a reservation for a hotel room. More particularly, you need to disclose the following details:
1. Your business' cancellation policy.
2. Whether or not a "no-show" charge will be applied to the total amount or will be charged individually.
3. When the "no show" fee will be charged, if applicable.
4. The way your hotel's name will be shown on your customer's monthly credit card statement.
The full disclosure of these terms will help limit customer inquiries and disputes which will, in turn, minimize chargebacks. This should be a primary goal for you, as chargebacks are extremely costly and time consuming.

For best results, require that your customers accept the above-mentioned terms and conditions of the sale by clicking on an "Accept," "Agree" or another button to that effect under the disclosure statement on your website.

Interchange-Plus Credit Card Processing Pricing

2011-03-17T18:50:00.008-04:00

UniBul Merchant Services has just added interchange-plus pricing to its line-up of pricing models. The new pricing structure will be available to merchants accepting credit and debit cards in both face-to-face and card-not-present setting.

Most businesses place pricing at the very top of their lists of priorities when selecting a credit card processing provider. It is understandable and anyway most of us do exactly the same when selecting service providers. Nevertheless, offering low pricing is the only way a payment processor can be competitive and it is the reason UniBul Merchant Services has designed an interchange-plus credit card processing model. It works by adding UniBul's own cost to the interchange fee charged by Visa and MasterCard for each card transaction. By ensuring that its mark-up is as low as possible, UniBul guarantees that merchants get the lowest possible processing rate.

UniBul Merchant Services' new interchange-plus pricing model comes with no fixed monthly fees. Here is a list of the applicable rates and fees:

Application fee - $0.
Merchant account set-up fee - $0.
Equipment set-up or reprogramming fee - $0.
Authorize.Net gateway set-up fee - $0.
Authorize.Net gateway monthly fee - $0.
Monthly statement fee - $0.
Visa / MasterCard discount rate – 0.25% + $0.15 above interchange cost.

The merchant's processing rate is the sum of whatever the processor (e.g. UniBul Merchant Services) charges and what Visa or MasterCard charge. With the interchange-plus credit card processing model, the rate the processor charges is exactly the same for all types of cards, which ensures that the merchant does not get arbitrarily overcharged for transactions that may otherwise have been classified as "mid-" or "non-qualified." The total processing cost will vary by transaction, because the fees charged by Visa and MasterCard vary by card type.

Other service benefits include:

Fast application decision.
Full pricing disclosure prior to any contract agreement.
Acceptance of all major cards.
PayPal, Google Checkout, Amazon Payments, eChecks and eBillme third party payment options.
Daily ACH deposits into the merchant's checking account.
Risk management services to limit fraud exposure.
Web-based client center for complete account management.
US-based merchant support.

"This is the best interchange-plus pricing model in the industry and it guarantees lowest total cost of accepting credit cards," says Greg Stanski, VP of Sales for UniBul Merchant Services "When comparing pricing models, merchants need to estimate the total processing costs. Lower headline fees may be advertised on other websites, but you will get hit with set-up fees , additional fees for accepting rewards cards and corporate cards (the so-called mid-qualified and non-qualified fees), etc.," he added.

Non-Acceptable Businesses for Credit Card Merchant Services

2011-03-14T18:57:00.003-04:00

There are quite a few business types that are restricted or outright barred from setting up credit card merchant services in the U.S. The ultimate decision on exactly what business categories are included in these "black lists" are made by the payment processing providers, although the Credit Card Associations of Visa and MasterCard certainly play a role in the process. These lists are periodically updated and certain types may be included or excluded.

The single biggest factor taken into account by the processors when determining whether or not a particular type of business should be allowed to set up a US-based merchant account is the risk of generating chargebacks. Historical data show that in some industries the chargeback risk is simply too high. It should be said that, even when credit card merchant services are set up, chargeback levels are monitored on a continuous basis and, if they go over one percent of the total transaction count for any single month, the business will be categorized as excessive chargeback merchant (ECM) and subjected to heavy additional requirements. Businesses that can't fix their chargeback issue within three consecutive months lose their processing accounts altogether.

Following is a sample of business types for which credit card merchant services will be rejected, however remember that each processor makes their own list.

Advanced payments greater than 1 year.
Airlines.
Any merchant engaged in illegal products or activities.
Bidding fee auctions.
Business / investment types operating as "get-rich-quick" schemes.
Adult oriented products or services (all media types: internet, telephone, printed material etc.).
Cash advances (except regulated financial institutions).
Internet and mail order / telephone order (MO / TO) pharmacies (where the fulfillment of the prescription is performed with an online or telephone consultation, without a physical visit with a physician).
Charities without proof of 501( C ) (3) status.
Check cashing establishments.
Collection agencies or any other entities engaged in the collection of past due receivables.
Companion or escort services.
Internet or MO / TO firearm or weapons sales (including ammunition).
Credit card protection or identity theft service.
Internet or MO / TO cigarette tobacco sales.
Occult services or materials.
Internet gambling.
Credit repair or restoration services.
Currency exchanges.
Any types of lotteries or raffles.
Sports forecasting services or odds making.
Extended warranty companies.
Foreclosure protection and guarantees.
Herbal smoking blends and herbal incense.
Lifetime subscriptions for any product or service.

Essential Facts About Credit Card Processing Floor Limits

2011-03-10T16:08:00.004-05:00

Floor limit is the threshold above which all credit card payments must receive an authorization approval from the issuer before being processed. Floor limits vary from one card acceptor to another and are specified in the credit card processing agreement.

E-commerce and MO / TO businesses, as well as all others accepting credit card payments in a non-face-to-face setting, have a zero floor limit, which means that all of their transactions must be authorized, whatever the payment amount. All card-present transactions, including payments at cardholder-activated terminals (CATs), like the ones at your gas, bus or train stations, typically have a floor limit.

So if a convenience store's floor limit is $50.00, all purchases of $49.99 or less will not have to be authorized, while transactions of $50.00 or more will need to obtain one. Transaction authorization is the process through which the issuer of the card approves or declines a transaction, after comparing the provided information to what it has on file for its cardholder.

In a card-present setting, the authorization is requested automatically after the cardholder swipes his card through the store's point-of-sale (POS) machine. In a card-not-present environment, the authorization is again requested automatically, after the card account's information is provided on a website or over the telephone. Either way, once the transaction information is submitted, it is sent to the card issuer via Visa's or MasterCard's payment systems and then the issuer's decision is sent back to the merchant through the same channel.

There was a time when floor limits had a much bigger importance than they have today. Years ago the card acceptor had to request an authorization approval for any transaction amount that was over a pre-defined level. Back then credit card processing involved the taking of a physical imprint of the card and the authorization process required a personal review of the transaction, which made the process both time consuming and expensive. Today card acceptors have at their disposal electronic authorization systems that make the process a very simple and inexpensive one. Once a transaction is authorized, the merchant gets an additional, and very powerful, protection against fraud.

Yet, even today, the concept of a floor limit gets discussed every now and again. For example, if a card acceptor is unable to connect to the credit card processing provider's authorization system, she will not be able to obtain an electronic authorization and will have no protection against fraud or a customer dispute, both of which can very easily deteriorate into a chargeback. At the same time, if the payment amount is lower than the floor limit, an authorization is not necessary. If, however, the amount exceeds the floor limit, the card acceptor must request an authorization approval for the transaction and should do this by making a telephone call to the processor's voice authorization center and obtaining a "voice authorization." You should only do that as a last resort, because voice authorizations circumvent the processor's system and leave you unprotected against chargebacks. If you have to do it, you should take the card's imprint on the transaction receipt.

Merchant Account Application Requirements

2011-03-06T19:36:00.002-05:00

Applying for a merchant account is not exactly a straightforward process. In order to understand why this is so, you will have to first understand this type of service is.

Merchant account is seen by processing banks as a form of line of credit they extend to a card acceptor. The reason is that, when you accept credit cards for payment, your processor pays you before it gets paid. So there is a certain risk involved that they have to account for.

To achieve that, the application process is set up to establish the credit worthiness of both the business n and its owners. Listed below are the documents that you will have to provide to your processor:

Merchant processing agreement. It collects details about your business and its owner, including the addresses (business and personal), SSN, tax ID (if applicable), telephone number, email address, etc.
Personal guarantee. Unless you are running a publicly listed corporations or a non-profit, the personal guarantee is a must.
Articles of Organization. LLCs and all types of corporations must provide their legal papers, as well as their DBA names. You cannot open a merchant account under your personal name.
Business permit or license. If required by your state or municipality, you will have to provide one of these documents.
Financial statements. Most existing businesses are required to provide financials for the latest two years. The same requirement applies to their principal owners.
Monthly statements with the current processor. If the business is presently accepting electronic payments and is looking for a new service provider, it will be asked to provide the three latest statements.
Voided business check. A copy of a voided permanent business check is needed, so that the processor knows where to make deposits. If the permanent checks are not yet available, a bank letter can substitute.

So the list of requirements for merchant account applicants is quite long, as you can see and it has to be said that this is its short version. The person reviewing the documents may request additional paperwork if what they have is not sufficient to make a decision.

When they have all the information they need, the processors try to establish first of all whether or not the business is a legitimate entity and that its principals have a good credit history, without major issues. Additionally, however, processors try to precisely pinpoint the industry where the business operates. Certain industries are considered higher risk than others and require deeper examination, while other industries are banned from merchant account services altogether.

It is always a good idea to check your prospective processor's credit policies before applying to avoid potential unpleasant surprises.

Payment Processing when the POS Terminal is Down

2011-03-01T22:56:00.005-05:00

In a face-to-face setting you should always try to complete a swiped transaction. It reduces the probability of a fraudulent transaction taking place and it gives you the best processing rate. The card's magnetic stripe is read and the information is sent to your payment processing bank for authorization.

You are responsible for making sure that the transaction is valid and are required to examine the card for signs of alteration and to verify the cardholder's signature by comparing it to the one on the sales receipt.

But what do you do if the terminal cannot read the card? You still must be able to accept credit card payments, right? Yes and I will show you how to do it.

Why Is the Card Unreadable?

It actually happens quite often that the credit card machine will be unable to read the magnetic stripe. There can be several reasons for that, including the following:

The POS terminal is malfunctioning.
The customer is swiping the card improperly.
The magnetic stripe is damaged or demagnetized. If that is the case you should not jump to the conclusion that a fraudulent transaction is being attempted. Yes, that is definitely possibility, but it can also happen by accident. I have seen a Starbucks barista deal with the problem by wrapping the card into a plastic bag and successfully swiping it. I don't necessarily advertise it, but it worked.

Payment Processing When the Terminal is Down

So when the credit card machine cannot read the card, for whatever reason, follow these guidelines:

Make sure the terminal functions properly. Check the connection and all other signs that a fully functional POS terminal normally displays.
Make sure the card is swiped correctly. Verify that the customer swipes her card the right way and in the right direction.
Examine the card. If the machine is in order and the card is being swiped correctly, the problem must be with the card itself, so check for signs of alteration.
If the card is altered, do not complete the transaction. Instead return the card to your customer and request an alternative payment form.
If there are no signs of alteration, key-enter the information. Sometimes you will have to pay a higher price for accepting payments and this is just such an occasion.
Take an imprint of the card. Take the card's imprint for all key-entered and voice authorized transactions and place it on the front of the card as a proof that the card was present when the payment was made.

That's it. Again, key-entering transaction information should be your last resort, so always exhaust all other possibilities before doing it.

Flat Rate Merchant Account Pricing

2011-03-01T16:48:00.002-05:00

At UniBul Merchant Services we have been offering a flat rate merchant account pricing model to all of our applicants for several months now and I wanted to share our reasons for creating it in the first place and to offer a brief overview of how it compares to its most prominent alternatives: the tiered and the pass-through pricing structures.

Why did We Create the Flat Rate Merchant Account Pricing?

The biggest challenge that we've had to overcome ever since we started offering merchant processing services to U.S.-based businesses and non-profit organizations years ago has been coming up with a pricing structure that is at the same time simple, so that all applicants could immediately understand how it worked, and cost-efficient, so that it would save them money. Easier said than done.

Let me explain what I mean. The dominant pricing models, which we still support and provide to merchants who insist on having their accounts based on one of them, are either cost-efficient or simple, but not a combination of the two. The reasons are many and complex and we have discuss them at length in other articles.

The flat rate merchant account pricing, however, solved our predicament, much to our merchants' satisfaction.

How Does Flat Rate Merchant Accounts Work?

There are several variations of the flat rate pricing, but I will focus here on our own model, not least because it is the one I am familiar with the most. In any case, our competitors will be best suited to review the types of flat rate pricing structures they offer.

So here it is and it is as simple, as it gets. We give you one flat rate to be applied to all of your transactions, irrespective of the type of card used or any other factors. So no more no-qualified rates, as all of your transactions become in effect qualified. Additionally, we have eliminated the authorization fees.

How Does the Flat Rate Pricing Compare to the Other Models?

This is exactly the question you should ask and, as it happens, the answer is incredibly easy to get. I will show you how you can estimate your costs if we provided your merchant services, so that you can compare them to your current provider's total fees.

All right, let's say that in March you processed a grand total of $50,000 on 500 card transactions and your flat rate was 2.20% + $0.30 per transaction, which is exactly how much we would have charged you. In this case your total cost is ($50,000 x 2.20%) + (500 x $0.30) = $1,100 + $150 = $1,250. So if we did your processing your effective processing rate for March would have been: [($1,250 / $50,000) x 100] = 2.50%.

Now you can compare it to the total amount you paid to your current processor. As I said, simple.

Best Practices to Accept Credit Cards Face-to-Face

2011-02-25T16:59:00.004-05:00

Cards are considered accepted in a face-to-face setting when the card and the cardholder are both physically available during the transaction. Card acceptors that accept credit cards face-to-face include grocery stores, restaurants, coffee shops, etc.

The credit card associations also consider payments made at unattended terminals, such as gas stations, as face-to-face. In such settings the card acceptor never actually has possession of the card, it is still swiped through a physical machine which is sufficient to qualify.

Card-present payments are less plagued by fraud than non-face-to-face ones, because the card acceptor has much more tools at her disposal to validate the legitimacy of the card and cardholder. What is more, retailers are required to ensure, to the best of their ability, that all transactions are valid.

To achieve that goal, card acceptors should to develop procedures for processing face-to-face payments and provide sufficient training to the staff operating the terminals. Listed below are our suggestions for the card acceptance procedures that you need to incorporate into your payment processing manual.

Follow these steps and you will be in compliance with Visa and MasterCard regulations:

Card swiping. First, swipe the card through the terminal. Then take the credit card from your customer.
Verify the card's authenticity. Examine the card and ensure that it has not been changed in any way.
Get the customer's signature. If the transaction is authorized, obtain a signature from your customer on the sales receipt.
Verify the signature. Compare the signature your customer just made to the one on the card and ensure that they match.
Return the card. Once you are satisfied with the validity of the card and the authenticity of your customer, return the card and a copy of the sales receipt to complete the transaction.

If you have grounds to doubt that either the card or the cardholder may not be genuine, make a Code 10 call to your processor's authorization center and you will be instructed on how to proceed.

What Is Virtual Terminal and How Much It Costs

2011-02-24T18:12:00.003-05:00

All of us have made credit card payments in a card-present setting and know how it works. You just swipe a credit card through the credit card processing machine; it reads the information stored in the card’s mag-stripe and the data are then transmitted to the card issuer, who would either authorize or decline the transaction. That's it. Now, what happens if your customer Makes the order over the telephone and wants to make a payment the same way? Well, that’s when you need the virtual terminal.

What Exactly is Virtual Terminal?

Virtual terminal is the web-based version of the physical credit card machine. Both do the exact same things, which are to collect the payment information, encrypt it and transmit it securely between the merchant and their processing bank. The only difference is that, Instead of reading the cardholder's account data from the card's mag-stripe, the virtual terminal collects it from a payment form, which is filled out by the merchant in a browser. The best thing about virtual terminals is that they can be accessed from anywhere web access is available, from a computer or a smart phone.

If you have ever paid any of your utilities bills online, you would have used a virtual terminal. The only difference between paying your own utility bill and processing someone else’s payment is in the first instance you are doing it for yourself, while in the latter the payment is coming from your customer’s credit card account.

There are virtual terminals that can be set up to enable you to accept ACH payments, in addition to bank cards. You should not take it for granted, though, and if you need ACH processing, make sure that you ask your prospective processor if they support it.

How to Process Recurring Payment Plans?

Some merchants' business operations involve the charging of fees for products or services that are delivered over time. For example, an auto insurance plan typically involves regular monthly payments of the same amount that are charged on a pre-arranged schedule. These are called recurring payment plans and in theory can last indefinitely, until the service is canceled by the customer. Similarly, a payment plan can be agreed-on for the purchase of, say a refrigerator. In such cases both the payment amounts and the number of payments will be pre-defined and the plan will be automatically discontinued when the last payment is made. These are called installment payment plans.

Virtual terminals provide the best platform for setting up recurring and installment payment plans. It enables you to store your customer information securely on your processing bank’s server. Then you can use the built-in managed billing service to manage your payment plans.

How Much Do Virtual Terminals Cost?

Ideally, your pricing plan to accept credit cards would be based on the flat rate merchant account pricing. You should try to get the merchant account together with the virtual terminal and the payment gateway (there are offers out there for a free Authorize.Net merchant account). Your cost will vary by vendor and processor, but there are certain parameters you can use for guidance.

Set-up cost. Some processors may ask you for a set-up fee, but you should stay away from them. You can easily find a vendor who would set it up for free.
Monthly fee. Your monthly fee can be anything from $10 to $30. Don't pay more than that, because all virtual terminals do the same thing; there is is no need to be going overboard.
Authorization fee. Your authorization fees should not exceed $0.10 per transaction.

In addition to these fees you will have your merchant account fees. As I suggested above, your best option would be to get your services as a package, which typically guarantees a discount.

Authorize.Net Payment Gateway and Merchant Account

2011-02-23T23:07:00.003-05:00

UniBul Merchant Services offers payment acceptance solutions mostly to e-commerce and MO / TO merchants and we are fielding a never-ending stream of inquiries about payment gateways and virtual terminals. There is little doubt that our free Authorize.Net merchant account is a substantial reason why there is so much interest. One thing we learn from these inquiries is that there often is a great deal of misunderstanding about the role a payment gateway plays in the credit card processing cycle. I will try to shed some light on the subject with this post.

Authorize.Net Payment Gateway Essentials

Think of a payment gateway as a service for collecting and transmitting information, which is exactly what a point of sale (POS) credit card processing machine does. Authorize.Net provides the link between your e-commerce website and the processing bank that set up your credit card acceptance service.

Of course there are differences between the functions performed by a POS terminal and a payment gateway and the most prominent one is that the former gathers the payment data directly from the customer's card by "reading" the card's mag-stripe. Authorize.Net, by contrast, collects the data that the customer has key-entered into the checkout's payment form. Still, this is a quite minor technical detail.

Once the transaction data is collected, both the payment gateway and the POS machine encrypt it before transmittal to the processor for protection against hackers. The processing bank communicates the transaction data with the card issuing bank, which approves or declines the transaction and sends its response back to the website through the same channel.

Authorize.Net Payment Gateway Cost

There are variations from one vendor to another, but the pricing should be within a certain range. Authorize.Net usually costs about $20 per month, although it could be as little as $10 or less. There could also be a set-up fee of up to $100 and there will certainly be an authorization fee, typically of $0.10 per transaction (which incidentally is how Authorize.Net makes its money).

One very important thing you need to understand is that the Authorize.Net fees are completely independent from the merchant account fees. So when evaluating pricing proposals, you must scrutinize the whole package, including the merchant account fees. Don't be misled by incredibly low headline rates. You know what they say, if it looks too good to be true, it probably is. Authorize.Net, as well as all other payment gateways and merchant accounts are certainly no exception to this rule.

By the way, check out UniBul's Twitter lists on Mashable.

Merchant Account Basic Facts

2011-02-23T22:45:00.006-05:00

What Is a Merchant Account?

Merchant account is a type of financial service that a processing bank provides to an organization that needs to accept credit cards for payments. It represents a form of line of credit that the bank extends to the card acceptor enabling the latter to accept the card brands that are specified in the processing agreement.

Typically, merchants are enabled to accept Visa, MasterCard, Discover, American Express credit and debit cards and at least the major European and Japanese card brands.

How Merchant Accounts Work

When a merchant accepts a card for payment, either through a point-of-sale (POS) terminal or on an e-commerce website, it is transmitted to the processing bank. The bank then pays the merchant the transaction amount, minus the interchange fees and the processing costs, and submits a payment request to the card issuer. The issuer then pays the processing bank the transaction amount, minus the interchange fees and posts the transaction on the cardholder's monthly statement. The cardholder then pays the issuing bank to close the transaction cycle.

Types of Merchant Accounts

There are a number of different merchant account types but the most widely used are:

Card-Present Merchant Accounts. This type of credit card processing service includes all payment acceptance solutions that use POS terminals to read the account information from the magnetic stripe of a card. Because the merchant is in actual possession of the card (hence, card-present) as the payment is being made, these merchant accounts are considered less likely to generate fraudulent transactions and enjoy lower processing rates.
Card-not-Present Merchant Accounts. Included in this group are all card payment processing services where the card account information is manually entered into the processing bank's system, using a web browser or a telephone keypad. The card itself is absent (hence, card-not-present). Because the merchant is never in possession of the card and the information is given to him or her, card-not-present transactions are considered more likely to generate fraudulent activity or processing errors and are processed at higher rates. There are two distinct sub-groups here:

E-Commerce Merchant Accounts. These credit card processing services are used by web-based merchants and enable cardholders to enter their payment card information into a payment form on the merchant's website. Once submitted, the payment details are automatically transmitted, via a payment gateway, to the processing bank.
Mail Order and Telephone Order Merchant Accounts. Also known as MO / TO merchant accounts, these payment acceptance solutions enable merchants to enter the payment information, provided to them by their customers into a form on the merchant bank's payment system's website or, using a telephone keypad, to call it into the processing bank's system.

Your business may of course need a combination of the above types, which your processor should be able to accommodate.

Screening New Merchants

2010-01-07T18:35:00.004-05:00

Before signing a merchant agreement, acquiring banks must verify that the merchant that is applying for a merchant account is a valid business. Such verification must include at least all of the following:

Credit check, background investigations, and reference checks of the merchant.

If the credit check of the merchant raises questions, the acquirer also should conduct a credit check of:
- The owner, if the merchant is a sole proprietor; or
- The partners, if the merchant is a partnership; or
- The principal shareholders, if the merchant is a corporation.

Inspection of the premises and records to ensure the merchant has the proper facilities, equipment, inventory, agreements and personnel required and if necessary, license or permit and other capabilities to conduct the business. If the merchant has more than one outlet, the acquirer must inspect at least one outlet from which it will acquire card transactions.

Inquiry to the Member Alert to Control (High-risk) Merchants (MATCH) system. If an acquirer chooses to enter into a merchant agreement with a merchant that is listed in the MATCH system, the acquirer will be responsible for all fraudulent transactions.

Investigation of the merchant’s previous merchant agreements.

An acquirer is not required to conduct a credit check of a public or private company that has annual sales revenue in excess of $50 million (or the foreign currency equivalent), provided the acquirer reviews, and finds satisfactory, the most recent annual report of the merchant, including audited financial statements. A private company that does not have a recent audited financial statement is subject to a credit check and inspection even if its annual sales revenue exceeds $50 million.

MasterCard Fraud Loss Control Program Standards

2009-12-26T13:16:00.002-05:00

In order to be eligible for counterfeit loss reimbursement, a member bank must make a good-faith attempt to demonstrate the existence and use of meaningful controls to limit total fraud losses and losses for all fraud types.

Acquirer Fraud Loss Control Programs

An acquirer's fraud loss control program must meet the following minimum requirements, and preferably will include the recommended additional parameters. The program must automatically generate daily fraud monitoring reports or real-time alerts. Acquirer staff trained to identify potential fraud must analyze the data in these reports within 24 hours. To comply with the fraud loss control standards, acquirers also must transmit complete and unaltered data in all card-read authorization request messages, and also CVC 2 for all card not present (formerly MO / TO), voice, and e-commerce transactions.

Additionally, acquirers with high fraud levels must:

Install "read and display" terminals in areas determined to be at high risk for fraud or counterfeit activity, or
Install EMV chip terminals.

Acquirer Authorization Monitoring Requirements

Daily reports or real-time alerts monitoring merchant authorization requests must be generated at the latest on the day following the authorization request, and must be based on the following parameters:

Number of authorization requests above a threshold set by the acquirer for that merchant.
Ratio of non-card-read to card-read transactions that is above the threshold set by the acquirer for that merchant.
PAN key entry ratio that is above threshold set by the acquirer for that merchant.
Repeated authorization requests for the same amount or the same cardholder account.
Increased number of authorization requests.
"Out of pattern" fallback transaction volume.

Acquirer Merchant Deposit Monitoring Requirements

Daily reports or real-time alerts monitoring merchant deposits must be generated at the latest on the day following the deposit, and must be based on the following parameters:

Increases in merchant deposit volume.
Increase in a merchant's average ticket size and number of transactions per deposit.
Change in frequency of deposits.
Frequency of transactions on the same cardholder account, including credit transactions.
Unusual number of credits, or credit dollar volume, exceeding a level of sales dollar volume appropriate to the merchant category.
Large credit transaction amounts, significantly greater than the average ticket size for the merchant's sales.
Credits issued subsequent to the receipt of a chargeback with the same account number and followed by a second presentment.
Credits issued to an account number not used previously at the merchant location.

90-day Rule

The acquirer must compare daily deposits against the average transaction count and amount for each merchant over a period of at least 90 days, to lessen the effect of normal variances in a merchant's business. For new merchants, the acquirer should compare the average transaction count and amount for other merchants within the same merchant code (MCC) assigned to the merchant. In the event that suspicious credit or refund transaction activity is identified, if appropriate, the acquirer should consider the suspension of transactions pending further investigation.

150% Recommendation

To optimize the effectiveness of fraud analysis staff, merchants that appear in the monitoring reports should exceed the average by 150% or more. However, the amount over the average is at the acquirer's discretion.

Recommended Additional Acquirer Monitoring

MasterCard recommends that acquirers additionally monitor the following parameters:

Fallback methods.
Credit transactions (such as refunds) and merchant authorization reversals.
Transactions conducted at high-risk merchants.
Personal account number (PAN) key-entry transactions exceeding ratio.
Abnormal hours or seasons.
Inactive merchants.
Transactions with no approval code.
Transactions that were declined.
Inconsistent authorization and clearing data elements for the same transactions.

Reporting Fraudulent Use of Cards

2009-12-14T19:33:00.001-05:00

All MasterCard member banks must report accurately and completely the fraudulent use of MasterCard cards to the System to Avoid Fraud Effectively (SAFE) at least once a month and within 60 days from the date of the transaction, or 30 days from the date of cardholder notification. If there are no fraudulent transactions to report during the month, member banks must submit a Fraud Negative Report (FDN) Record when transmitting their transactions to SAFE or use the Report No Fraud feature of SAFE OnLine.

Reporting by the Issuer

MasterCard issuers must submit all fraudulent transactions on its MasterCard accounts to SAFE on a monthly basis. For the benefit of all members, MasterCard analyzes the data and produces statistics relating to the fraudulent use of MasterCard accounts and all chargebacks that originate from transactions using accounts with a fraud status.

An issuer must report fraudulent transactions even if it recovered losses through chargebacks, compliance cases, restitution, insurance, or any other means.

Reporting by the Acquirer

An acquirer receiving a transaction that cannot be identified by a MasterCard BIN or member ID is liable for that transaction. If it is determined that the transaction is a fraudulent or counterfeit MasterCard transaction, the acquirer must notify, in writing, the Security and Risk Management Department of such an occurrence. This notification must include all mandatory information as described in the Security Systems Specifications manual.

MasterCard Rewards for Capturing a Card

2009-12-04T19:05:00.003-05:00

The acquirer may pay the merchant reward for capturing a MasterCard card in accordance with local practices. The acquirer must follow these Standards when paying a reward:

Pay no less than $50 to the merchant capturing a card listed on the Electronic Warning Bulletin file or in the Warning Notice.
Pay the merchant $100, if a merchant initiates an authorization call because of a suspicious transaction or captures a card not listed in the Electronic Warning Bulletin file or in the Warning Notice.
Pay a reward to a financial institution for the capture of another issuer's card if it is the acquirer's practice to pay its tellers rewards for picking up its own cards. The amount of the reward should be the same amount paid for the capture of the acquirer's own cards.
Charge the issuer for reimbursement of the reward paid upon dispatching each captured card. The Fee Collection / 1740 message with an IPM message reason code (data element 25) equal to 7601 will settle the reward.

Reward Amounts

The acquirer should follow these guidelines for determining reward amounts.

IF the capture…	THEN pay this amount…
Resulted from a “Merchant Suspicious” phone call	$ 100
Did not result from a “Merchant Suspicious” phone call	$50
Leads to the capture of additional cards	$ 50 for each card captured, with a maximum total of $250 for any one incident

The recovering member bank may collect an administrative fee of $15 for expenses incurred in processing the captured card. The capturing member may add this fee to the amount of the reward reimbursement or collect the fee independently, using the Fee Collection / 1740 message.

Reimbursement of Rewards

The following specifications apply to reward reimbursement:

Upon returning the card to the issuer, the acquirer will obtain reimbursement for the reward paid and the $15 fee by processing the Fee Collection / 1740 message.
If an acquirer returns a card to an issuer and a reward is not paid, the acquirer may collect a $15 fee by processing a Fee Collection / 1740 message record.
Upon receipt of the Interchange Card Recovery Form (ICA-6), the issuer should match it to the Fee Collection / 1740 message record based on the acquirer member ID, account number, and recovery date comparisons.
If an exempt member has an electronic reward payment processed, clearing receives the record by an information slip. The transaction is part of the Net Settlement System for settlement purposes.

Point-of-Sale (POS) Card Retention

2009-12-02T17:36:00.002-05:00

Acquirers and merchants are required to recover a card by reasonable and peaceful means if:

The card issuer advises the acquirer or merchant to recover the card in response to an authorization request.
The Electronic Warning Bulletin file or an effective regional Warning Notice lists the account number.

After recovering a card, the merchant must notify its authorization center or its acquirer and receive instructions for returning the card. If mailing the card, the merchant first should cut the card in half through the magnetic stripe.

Returning Recovered Cards

The acquirer must follow these procedures when returning a recovered card to the issuer:

If the merchant has not already done so, the acquirer must cut the card in half vertically through the magnetic stripe.
The acquirer must forward the recovered card to the issuer within five calendar days of receiving the card along with the first copy (white) of the Interchange Card Recovery Form (ICA-6). The additional copies are file copies for the acquirer's records. A recovered card must be returned to the security contact of the issuer.

Returning Counterfeit Cards

The acquirer or merchant must return counterfeit cards to the issuer by following the instructions provided by its authorization center. The following information identifies an issuer:

The issuers bank identification number (BIN) embossed on the front of the card.
The member ID imprinted in the Card Source Identification area on the back of the card.

Sales Receipt Requirements

2009-11-16T16:40:00.005-05:00

Below is a list of the types of sales receipts discussed in this post:

Retail sale.
Credit.
Cash disbursement.
Information.

If the merchant uses a manual imprinter, the produced sales receipt is called a formset or slip. If a transaction begins at an electronic terminal, the merchant may substitute a terminal receipt for a formset. Terminal receipts have no prescribed physical specifications but must be numbered sequentially for reference purposes.

Formset Contents

Each copy of a retail sale, credit, or cash disbursement formset must satisfy minimum statutory and regulatory requirements in the jurisdiction in which the slip originates and any applicable regulations, issued by the U.S. Board of Governors of the Federal Reserve System or other regulatory authorities, and must contain the following:

In the case of retail sale and credit slips, a space for the description of goods, services, or other things of value sold by the merchant to the customer and the cost thereof, in sufficient detail to identify the transaction.
Adequate spaces for:
- Customer's signature.
- Card imprint and the merchant or bank identification plate imprint.
- Date of the transaction.
- Authorization number (except on credit slips).
- Sales clerk's or teller's initials or department number.
- Currency conversion field.
- Merchant's signature on credit slips.
- Description of the ID supplied by the cardholder on cash disbursements and retail sale slips for certain unique transactions.
A legend clearly identifying the slip as a retail sale, credit, or cash disbursement and identifies the receiving party of each copy.
On the customer copy of the formset, the words (in English, local language, or both): "IMPORTANT—retain this copy for your records," or words to similar effect.
Such other contents as are not inconsistent with these rules.

It is recommended that each retail sale, credit, and cash disbursement slip identify the member bank that distributed the slip to the merchant.

Terminal Receipt Contents

A terminal or other device at a point of sale (POS) must not display magnetic stripe track data other than card account number, expiration date, and cardholder name. Each copy of a POS terminal receipt must contain the following information:

Doing Business As (DBA) merchant name, city and state, country, or the point of banking location.
Transaction date.
Card account number.
Transaction amount in the original transaction currency.
Adequate space for the customer's signature (required on merchant copy only).
Authorization approval code (except on credit receipts). Optionally, the acquirer also may print the transaction certificate, the application cryptogram, or both for EMV chip card transactions.
Merchant's signature on credit receipts only.

Each receipt must clearly identify the transaction as a retail sale, credit, or cash disbursement.

Primary Account Number Truncation

ATM acquirers must truncate a minimum of four digits of the Primary Account Number (PAN). PAN truncation is also required for all receipts generated at Cardholder-Activated Terminals (CATs). PAN truncation is permitted for receipts generated at all other points of sale.

The cardholder receipt generated by point of sale (POS) terminals, whether attended or unattended, must reflect only the last four (4) digits of the PAN. All preceding digits must be replaced with fill characters that are neither blank spaces nor numeric characters, such as "X," "*," or "#."

Truncation Considerations

Truncating a greater number of digits, when compared to the total number of digits in the PAN, increases the effectiveness of the effort. However, it also increases the confusion and difficulty that cardholders may have reconciling their ATM terminal receipts to their monthly statements. The following practices are recommended:

Truncation of the routing BIN alone, while helpful, may not prevent duplication of the PAN. It is possible to observe the card in use in order to obtain issuer identification.
Truncating the check digit and several other digits does not improve PAN security. Absent the check digit, calculation of several missing digits within the PAN, especially if the routing BIN also is truncated, is substantially more complicated and time consuming.
Truncating a small number of digits, when compared to the total number of digits in the PAN, reduces the effectiveness of the effort. It is possible to reconstruct a few missing digits by using a trial-and-error approach.
Truncating a greater number of digits, when compared to the total number of digits in the PAN, increases the effectiveness of the effort.

Electronic Signature Capture Technology (ESCT)

An acquirer using Electronic Signature Capture Technology (ESCT) must ensure that:

Proper electronic data processing (EDP) controls and security are in place, so that digitized signatures are recreated on a transaction-specific basis. The acquirer may recreate the signature captured for a specific transaction only in response to a retrieval request for the transaction.
Appropriate controls exist over employees with authorized access to digitized signatures maintained in the acquirer or merchant computers. Only employees and agents with a "need to know" should be able to access the stored, electronically captured signatures.
Digitized signatures are not accessed or used against applicable standards and regulations.

In-flight Commerce Terminals / Level 4 Requirements

2009-10-12T11:41:00.011-04:00

The following requirements apply to In-flight Commerce Terminals / Level 4.

Acquirer / Service Provider requirements and transaction identification specifications:

Acquiring banks must ensure timely delivery and installation of the IFC Blocked Gaming File to gaming service providers. IFC Blocked Gaming File access is required before every gaming transaction.

The acquiring bank must identify in-flight commerce services or merchandise with the most appropriate merchant category code (MCC) in the authorization message and merchant business code (MCC) in First Presentment / 1240 messages. If an airline also acts as the service provider, the acquiring bank may not use an airline MCC but must assign the proper MCC for each type of IFC transaction. The following list of IFC transaction types must be identified with the designated MCC.

IFC Transaction Type	MCC
Catalog card acceptor	5964
Duty-free store	5309
Gaming	7995
Miscellaneous services	7299
Video game	7994

Transactions must be consolidated by MCC, per flight, for each MasterCard cardholder account. "Flight" is defined as one or more segments of a continuous air flight with the same flight number.

The acquiring bank must identify the transaction with the most appropriate transaction category code (TCC) in the authorization request message.

IF the IFC transaction is for…	THEN the acquirer must use TCC…
Gaming	U for Unique Transaction.
Anything other than gaming	R for Retail Purchase

The Merchant Name / Location (DE 43) must include the service provider's name and flight identification. The flight identification must be a recognizable identification of the airline (not necessarily the airline alphabetic International Air Transport Association [IATA] indicator).

The city field description should contain the following:

For…	The city field description…
Mailed purchases and gaming transactions	Must include the service provider’s customer service telephone number. It is not required to be a toll-free number.
All IFC transactions other than mailed purchases and gaming	Optionally may be a customer service telephone number.

For all IFC transactions except IFC mailed purchase transactions, the transaction date is defined as the date that the flight departs from the originating city. The transaction date for mailed purchases is defined as the shipment date unless otherwise disclosed to the cardholder.
The acquiring bank must ensure that the service provider provides full disclosure to the cardholder via the video monitor screen prior to the initiation of any IFC transactions, as detailed below. The screen must prompt the cardholder to acknowledge these disclosure terms before initiating transaction. The disclosure must include the following:
- Full identification of the service provider and provision for recourse in terms of cardholder complaints or questions.
- Notification that transactions will be billed upon the card issuer's approval of the authorization request.
- For mailed purchases only, any additional shipping or handling charges.
- Policy on refunds or returns.
- Provision for a paper receipt.
- Maximum winnings ($3,500) and maximum losses ($350).
- Notification that total net transaction amount (whether a net win or loss) will be applied against the cardholder's account
- Notification that cardholder must be at least 18 years of age to play.
- Notification that some card issuers may not allow gaming.
The acquiring bank must ensure that the service provider is capable of providing an itemized receipt to the cardholder for all IFC transactions and that, at the cardholder's option, the service provider can effect this offer in one of three ways:
- Printing a receipt at the passenger's seat.
- Printing a receipt from a centralized printer on the plane.
- Mailing a receipt to the cardholder.
- Identification of the passenger's flight, seat number, and date of departure.
- Itemized transaction detail.
- Gaming transaction specified as a net win or net loss.
- The cardholder's account number truncated on the receipt. Acquirers must ensure that transaction receipts provided to cardholders reflect a minimum of four and a maximum of 12 digits of the cardholder account number. The remaining digits are to be truncated, or rendered indeterminable. In all cases, at least four digits must be truncated. It is recommended that the receipt reflect only the last four digits of the primary account number, and that all preceding digits are truncated. It is also recommended that truncated digits are replaced with fill characters such as "X", "*", or "#" and not with blank spaces or numeric characters.
For IFC terminals, the assurance and demonstration of security of the transmission of authorization and clearing data between the on-board client server and the acquiring bank and the physical controls over hardware and operating software. Encryption of transmitted data is advised.

Transaction requirements.
- No maximum transaction amount applies to any IFC transaction, with the exception of IFC gaming transactions.
- An IFC terminal that also is a hybrid terminal is prohibited from performing fallback procedures from chip to magnetic stripe.
Additional requirements for IFC gaming transactions.
- Net gaming losses cannot exceed $350 per flight per cardholder account. Net payouts to cardholders for gaming wins cannot exceed $3,500 per flight per cardholder account. This must be monitored throughout the flight by the service provider to ensure compliance.
- A gaming win transaction will result in posting of net winnings (credit) to the cardholder's account. Under no circumstance may winnings be paid in cash or other form of payment.
- Before participating in IFC gaming activity, the acquiring bank must take all reasonable and necessary steps to ensure that all IFC gaming activity will be effected in full compliance with all applicable laws and regulations.
Cardholder account number verification - in-flight verification prior to transaction initiation.
- The acquirer must ensure that the service provider conducts a Mod-10 check digit routine to verify card authenticity.
- The acquirer must ensure that the service provider confirms that the card account number is a valid one.
- For IFC gaming transactions, the acquirer must ensure that the cardholder's account number is checked against the IFC Blocked Gaming File. Cardholders whose account numbers are listed on the IFC Blocked Gaming File must be prohibited from initiating any IFC gaming transaction.
Authorization requirements for all IFC transactions.
- The Authorization Request / 0100 message must include the cardholder-activated terminal level 4 indicator.
- The acquirer must read and transmit full, unaltered card-read data. An IFC authorization request may not contain a key-entered account number or expiration date.
- Transactions are either authorized air-to-ground during the transaction or authorized in a delayed batch. All are authorized on a zero floor limit basis.
- The acquirer must convert all "refer to card issuer" and "capture card" messages received from issuers to "declines."
Additional authorization requirements for IFC gaming transactions. All IFC gaming losses authorized post-flight must be submitted for authorization for the net amount. All gaming transactions authorized during the flight will be for the full wager amount ($350 or a lower amount predetermined by the airline and gaming service provider). No gaming wins will be submitted for authorization.
Clearing requirements for all IFC transactions.
- An acquirer is not permitted to submit declined transactions (including those defined in 5.d. above) into clearing.
- No surcharges or service fees may be assessed on any IFC transaction, including IFC gaming transactions.
Additional clearing requirements for IFC gaming transactions.
- IFC gaming transactions submitted for clearing must be for the net amount that is won or lost.
- IFC gaming win transactions will be submitted as a credit transaction. Interchange will be paid to issuers by acquirers on gaming win transactions.
- An acquirer may resubmit a gaming transaction for a different amount within the specified transaction limits if it was previously rejected for exceeding the specified transaction limits $3,500 for wins and $350 for losses.
Effective date of the IFC blocked gaming file. Updates to the IFC Blocked Gaming File will be effective on the first and the 15th day of each month. MasterCard must receive account ranges or BINs that issuers choose to list on the next effective updated IFC Blocked Gaming File at least two weeks before the effective date.

Cardholder-Activated Terminal Level Requirements

2009-09-10T16:37:00.003-04:00

The following acceptance requirements apply to the specific CAT levels indicated:

Automated Dispensing Machines (ADMs) / Level 1.
1. The Automated Dispensing Machine (ADM) must accept a personal identification number (PIN) as a substitute for signature, and ensure that all requirements are met in accordance with the published specifications.
  - The PIN requirement is contingent upon PIN being adopted as a standard within a country as well as card issuers providing the required PIN. If PIN is not adopted as a standard within a country or supported in accordance with the processing requirements for PIN-based transactions, this level of service is not available.
  - The PIN authorization must be made via a secured transmission, in accordance with the published specifications.
  - ADM terminals must be able to support numeric, alpha, or alphanumeric PINs with a minimum length of four digits and a maximum length of six digits.
2. The acquiring bank may decline a transaction after four attempts and four consecutive negative responses of "invalid PIN" or "invalid transaction" from the network. Optionally, the acquiring bank may allow more than four consecutive PIN entry attempts that each received a negative response at an ADM.
3. All transactions regardless of amount must be authorized on a zero floor limit basis with full, unaltered card-read data transmitted. All acquiring banks of ADMs must have received one-time CVC / CVV certification.
4. Card retention at an ADM is not required, however, if the terminal capability is available, the merchant may do so only at the card issuer's specific direction.
  - The retained card must be logged and secured under appropriate audit controls.
  - The retained card must promptly be rendered useless and then returned to the acquiring bank.
5. "No Cardholder Authorization" (reason code 4837) chargeback rights for this reason code are not available to card issuers for transactions processed at ADMs where a PIN and full, unaltered card-read data are transmitted because PIN is a valid proxy for the cardholder's signature.
6. An ADM that is also a hybrid terminal may perform fallback procedures unless it is prohibited by a region. Member banks use fallback procedures when a smart card is present at a hybrid terminal and the merchant processes the transaction by using the magnetic stripe or by manually entering the PAN because the merchant cannot process the transaction using smart card technology.
Self-Service Terminal / Level 2.
1. Self-Service Terminals do not process PIN. They include (but are not limited to) automated fuel dispensers identified with MCC 5542.
2. All Self-Service Terminal (SST) devices must comply with the following requirements:
  - Zero floor limit for authorization purposes.
  - Acquiring banks must read and transmit full, unaltered card read data.
3. The Authorization System will send all transactions identified as Self-Service Terminals in the Authorization Request / 0100 message to the card issuer's host, regardless of Limit-1 parameters.
4. The maximum transaction amount is $100 or its equivalent.
5. Chargebacks processed for reason code 4837, "No Cardholder Authorization," for Self-Service Terminal transactions will be allowed only if the card issuer certifies that the account number used in the transaction is fraudulent, as documented in a letter written by the cardholder to the card issuer.In addition, the card issuer must block the account number on the issuer's host until card expiration on or before the Central Site processing date of chargeback reason code 4837, "No Cardholder Authorization." The card issuer also must list the cardholder account number on the Visa and MasterCard Account File with a "capture card" response until card expiration. Card issuers in the Europe region (region D) also must list such accounts on the European Stop List (ESL).
  
  Counterfeit transactions occurring at Self-Service Terminals for which the acquiring bank has transmitted the full magnetic stripe data in the authorization request message and for which an authorization was obtained are ineligible for chargeback reason code 4837, "No Cardholder Authorization."
6. A U.S. region merchant acquiring automated fuel dispenser transactions at Self-Service Terminals / Level 2 may forward an Authorization Request / 0100 message for $1 if properly identified by MCC 5542 (automated fuel dispenser) and CAT level indicator 2. If authorization is obtained, the acquiring bank is protected from authorization related chargebacks "requested / required authorization not obtained" (reason code 4808), or "exceeds floor limit—not authorized and fraudulent transaction" (reason code 4847) for transactions less than or equal to $75. The acquiring bank protection is limited to $75 for transactions that exceed $75, and issuers may charge back only the difference between the transaction amount and the implied $75 limit.
7. A Self-Service Terminal that also is a hybrid terminal may perform fallback procedures from chip to magnetic stripe unless it is prohibited by a region.
Limited Amount Terminals / Level 3.
1. A Limited Amount Terminal must check the account number against the Electronic Warning Bulletin file if the terminal has such a capacity.
2. The maximum transaction amount is $40 or its equivalent.
3. Chargeback rights for reason code 4837, "No Cardholder Authorization," are not available to issuers for properly identified CAT / Level 3 transactions. Chargeback rights for "requested / required authorization not obtained" (reason code 4808), or "exceeds floor limit - not authorized and fraudulent transaction" (reason code 4847) are available if the maximum transaction amount of $40 or its equivalent has been exceeded.
4. A Limited Amount Terminal that also is a hybrid terminal is prohibited from performing fallback procedures from chip to magnetic stripe.

General Acceptance Requirements for Cardholder-Activated Terminal (CAT)

2009-09-09T14:57:00.002-04:00

The following general card acceptance requirements apply to cardholder-activated terminals:

All card-not-present transactions initiated by the cardholder where the card number is either captured as a result of reading the card electronically or by using an electronic device (such as a transponder, PC, or mobile phone) must include the proper cardholder-activated terminal (CAT) level indicator in both the authorization message and clearing records. Depending on the CAT level indicator, other specific data is required for authorization and clearing.
- The Authorization Request / 0100 message must include a valid merchant category code, POS country code, POS postal code, and CAT level indicator (Level 1, 2, 3, 4, 6, or 7).
- Messages used at the CAT must communicate to the cardholder, at a minimum, the following:
  - Invalid transaction.
  - Unable to route.
  - Invalid PIN—re-enter (Level 1 only).
  - Capture card (subject to the terminal's ability to retain cards).
- The merchant identification number and the CAT level indicator must be present in the First Presentment / 1240, First Chargeback / 1442, Second Presentment / 1240, and Arbitration Chargeback / 1442 messages.
The acquiring bank must ensure that the description of goods or services on the CAT TID is clearly recognizable to the cardholder.
The acquiring bank is responsible for providing requested transaction information documents.
No cardholder-activated terminal may accept a card for the purchase of scrip.
Acquiring banks must ensure that transaction receipts provided to cardholders reflect only the last four digits of the primary account number, and that all preceding digits are truncated. The truncated digits must be replaced with fill characters such as "X," "*," or "#" and not with blank spaces or numeric characters.

Cardholder-Activated Terminal (CAT)

2009-09-08T17:16:00.000-04:00

Cardholder-activated terminals (CATs) are typically unattended terminals that accept various payment cards. These terminals are frequently installed at rail ticketing stations, petrol stations, toll roads, parking garages, and other merchant locations. There are four types of cardholder-activated terminals:

Automated Dispensing Machines / Level 1.
Self-Service Terminals / Level 2.
Limited Amount Terminals / Level 3.
In-flight Commerce (IFC) Terminals / Level 4.

Cardholder-activated terminal requirements specify the maximum allowed dollar amount of transactions as well as authorization, clearing, chargeback, and addendum record requirements and related transaction liability for each cardholder-activated terminal type.

As CATs are usually unattended, the traditional point-of-sale (POS) acceptance procedures do not apply, such as the merchant's examination of the card to detect irregularities in the logo, hologram, embossed account number, or the security features and the comparison of the cardholder signature to the signature on the sales receipt.

MasterCard identifies eCommerce transactions using a value of CT6 in Terminal Type (PDS 0023) within First Presentment / 1240, Chargeback / 1442, Second Presentment / 1240, and Arbitration Chargeback / 1442 messages. There are currently no registration requirements established for these types of transactions, however, MasterCard requires acquiring banks to identify eCommerce transactions using a value of CT6 in Terminal Type (PDS 0023). Additionally, member banks can use a CAT level indicator 7 (a value of CT7 in Terminal Type [PDS 0023]) to identify transponder transactions. Acquiring banks may optionally provide a value of CT7 in Terminal Type (PDS 0023) in First Presentment / 1240, First Chargeback / 1442, Second Presentment / 1240, and Arbitration Chargeback / 1442 messages.

Unique Transaction Requirements

2009-09-04T16:46:00.003-04:00

Unique transactions are subject to standards governing retail sales transactions except as otherwise provided here.

The floor limit for all unique transactions must be zero.
With the exception of truck stop transactions and of card-read transactions where a non-signature CVM is used, if a unique transaction is processed in a card-present environment, the cardholder must present a personal identification of the cardholder identical to that required for a cash disbursement as follows:The identification must be an official government document that has not expired and bears the customer's signature (for example, a passport, identification document, or driver's license).

Acquiring banks should ensure that their merchants shall, to the extent allowed by applicable law, record on the face of the sales receipt:
- A description of the identification.
- Any serial number, expiration date, and jurisdiction of issue.
- The name of the customer (if not the same as the embossed name).
- The address of the customer.
Except for card-read transactions where a non-signature CVM is used, to ensure that the cardholder's signature compares positively, the signature on the card must be compared to both of the following:
- The cardholder's signature on the identification presented.
- The cardholder's signature on the merchant receipt.
If the identification has a photograph of the cardholder, the merchant must check that the person presenting the card appears to be the same person.

Authorization requests and clearing messages must identify the transactions as unique.

Processing Procedures for Unique Transactions

2009-09-03T17:51:00.002-04:00

At merchant locations processing unique transactions via a Point of Sale (POS) terminal, acquiring banks must incorporate the following requirement into merchant agreements with gambling merchants and ensure compliance:

"A merchant must not credit winnings, unspent chips, or other value usable for gambling to a cardholder account."

Acquiring banks must properly identify all unique transactions in all authorization and clearing messages. In addition, acquirers must ensure that electronic commerce transactions are properly identified in the authorization and clearing messages.

Acquiring banks must incorporate the following requirements into all merchant agreements with internet casino merchants:

Internet casino merchants must request that cardholders identify the state or foreign country where they are physically located at the time of the transaction. They must record the response and retain it, along with the cardholder's account number, the transaction amount, and the date. Internet casino merchants must retain this information for a minimum of one year from the transaction date and provide it to the acquirer on request.
As a condition of having a merchant account, internet casino merchants must post a notice on their websites (in a position such that the notice will be displayed before requesting a card account number, such as a click-through notice) stating that assertions have been made that internet gambling may not be lawful in some jurisdictions, including California, and suggesting that the cardholder check whether internet gambling is lawful under applicable law.
Internet casino merchants must not sell chips or other value that can be used, directly or indirectly, to gamble other than at a merchant that sells such chips or other value.
Internet casino merchants must not credit winnings or unspent chips or other value usable for gambling to a cardholder account.

Advance Resort Deposit

2009-09-02T16:32:00.002-04:00

If a hotel, motel, or resort is participating in the Advance Resort Deposit service for all cards, the following procedures will apply:

If a cardholder calls a participating merchant wishing to make an advance deposit with his or her card, the merchant explains the terms of the reservation, cancellation, and refund policy procedure to the cardholder.
The merchant takes the cardholder's account number, card expiration date, name, and address and confirms the room rate and location.
The merchant is required to confirm the status of the card. The authorization procedure is determined by the location (region) of the lodging facility. The applicable procedure follows.
- If located within the U.S. region, the merchant is required to follow the appropriate authorization procedures to obtain approval for the transaction. If authorization is not obtained, the merchant accepts responsibility for the transaction.
- For all regions other than the U.S., the merchant is required to check the Warning Notice. (This may be done subsequent to the phone call.) If the account number is listed in the Warning Notice, the merchant should follow the usual procedures provided by the acquiring bank.
The merchant is required to call for authorization if the amount of the advance deposit exceeds $50. If the result of the authorization call is denial, the merchant must advise the cardholder.

The merchant completes a sales ticket filling in the cardholder's name, card account number, card expiration date, reservation confirmation number, and merchant identification and writes the words "advance deposit" in place of the cardholder's signature. It is recommended that the merchant note on the sales ticket any special terms and conditions regarding its refund policy.
The merchant mails a letter of confirmation, a copy of the sales ticket, including the reservation confirmation number, and information concerning its cancellation and refund policy to the cardholder at the address previously provided.
The merchant deposits the sales ticket for the advance deposit in the usual manner. There are no special deposit requirements imposed on the merchant.
If a cardholder cancels his or her reservation in accordance with the agreed upon procedures, the merchant is obligated to cancel the reservation and issue a credit to the cardholder.
- The merchant prepares a credit slip in the usual manner for the amount of the previously-submitted advance deposit, writing the words "deposit cancellation" in place of the cardholder's signature on the credit slip.
- The merchant prepares a notice of cancellation issuing a cancellation number to the cardholder.
- The merchant mails a copy of the credit slip and notice of cancellation to the cardholder.
- The merchant records the cancellation number on the slip and deposits the credit slip in the usual manner. There are no special deposit requirements imposed on the merchant.
If the transaction results in a dispute, and if the account number used to make the deposit is unidentifiable as to a specific card issuer or was fictitious, the bearer of the liability will be the acquiring bank. Where the transaction is identifiable to a specific card issuer but is not identifiable to a specific account number within that institution, the bearer of the liability will again be the acquiring bank.

Express Checkout Guidelines

2009-08-31T16:51:00.000-04:00

If a merchant is participating in the Express Checkout service, the merchant must comply with the following requirements:

At the time of check-in, inquire whether the cardholder would like to use the Express Checkout service or routinely provide the necessary form (Express Checkout Authorization Form) in its "welcome package."
Have the cardholder complete and sign the Express Checkout Authorization Form. It is recommended that the Express Checkout Authorization Form at the very least include the name, address, and phone number of the merchant for the cardholder's name, address, room number, cardholder signature, and account number that may optionally be imprinted. The form should state clearly that the cardholder directs the merchant to charge his or her account number for his or her bill and process his or her sales ticket without a cardholder signature.
Imprint a sales ticket with the cardholder's account number, and follow its normal authorization procedures. The "pre-authorized order" floor limit of $50 does not apply.
On the cardholder's departure the merchant should complete the sales ticket, indicating the total amount of the bill, and print legibly in the space allotted for the customer's signature the words "signature on file - express checkout."
Process the sales ticket in the usual manner. There are no special deposit requirements imposed on the merchant outlet.
Mail a copy of the itemized bill, sales ticket, and the Express Checkout Authorization Form to the cardholder at the address noted on the authorization form within three business days after the cardholder checks out.
Retain and make available to the card issuer all records pertaining to the itemized bill and authorization requests in the event of a dispute.

MasterCard Guaranteed Reservations

2009-08-28T16:32:00.001-04:00

If a hotel, motel, or resort is participating in the MasterCard Guaranteed Reservations service for all MasterCard cardholders, the hotel, motel, or resort is obligated to have a room available when the cardholder arrives (until checkout time the next day). The cardholder is obligated to cancel a confirmed reservation before 18:00 at the hotel, motel, or resort (merchant's local time). Failure to do this will allow the hotel, motel, or resort to charge the cardholder a no-show charge equal to one night's lodging. The following procedure will prevail:

If a cardholder calls a participating merchant and wants to guarantee a room with his or her card, the reservation clerk explains the terms of the MasterCard Guaranteed Reservations service, specifically including the fact that an authorization check will be made at the time of arrival and the cancellation procedure the cardholder must follow to avoid being charged a no show charge equal to one night’s lodging.
The clerk takes the cardholder's account number, card expiration date, name embossed on the card, and address; confirms the room rate and location; issues the cardholder a reservation confirmation number; and advises the cardholder to retain it. It is recommended that the merchant also confirm that guaranteed reservation in writing, advising the cardholder of his or her confirmation number and cancellation procedures.
If a cardholder who has guaranteed his or her reservation by use of his or her card calls the merchant to cancel the reservation within the agreed upon period, the hotel, motel, or resort is obligated to cancel the guaranteed reservation and issue the cardholder a cancellation number that is verification that the reservation has been canceled. The cardholder should be advised to retain the cancellation number. It is also recommended that the merchant confirm the cancellation in writing advising the cardholder of the cancellation number.
If a cardholder who has guaranteed a reservation by use of his or her card arrives within the specified period (until checkout time the next day), the merchant is obligated to provide a room. If the merchant is unable to provide a room, it is obligated to provide at no additional charge a comparable room for one night, transportation to the other lodging and a three-minute domestic or long distance phone call, whichever the cardholder deems necessary to advise of a change of location.
Before the cardholder's expected arrival, the merchant must prepare a registration card and assign a room number on that card.
If the cardholder does not cancel and does not stay at the hotel, motel, or resort, the merchant may bill the cardholder for one night's room rate. The following procedure should be followed:
- The merchant completes a sales ticket filling in the cardholder's name, card account number, expiration date, date of no show, assigned room number and merchant identification, and writes the words "guaranteed reservation / no-show" in place of the cardholder's signature.
- Follow your usual authorization procedures.
- Assuming the account is not on the Warning Notice (or the Electronic Warning Bulletin file in the United States), if under the floor limit, or authorization has been given, the merchant deposits the no-show charge in the usual manner. There are no special deposit requirements imposed on the merchant outlet.
- The actual no-show registration card, reflecting the assigned room number, must be retained six months from the date the sales ticket is deposited.
Where the account number used to guarantee the transaction that results in a no show was unidentifiable as to a specific card issuer or was fictitious, the bearer of the liability will be the acquiring bank.
Where the transaction is identifiable to a specific card issuer but is not identifiable to a specific account number within that institution, the bearer of the liability will be the acquiring bank.
MasterCard reserves the right to prevent the acquiring bank from allowing a specific hotel, motel, or resort to participate in the MasterCard Guaranteed Reservations service where the hotel, motel, or resort has been abusing the privilege.

Returned Merchandise, Adjustments, Credits and Other Specific Terms of a Transaction

2009-08-27T16:41:00.001-04:00

The following requirements concern returned merchandise, adjustments, credits and other specific terms of a transaction.

Merchant disclosure of specific transaction terms. The merchant may impose specific terms governing a transaction. In the event of a dispute, such specific terms will be given effect, provided that such specific terms were disclosed to and accepted by the cardholder before completion of the transaction. The merchant may impose specific transaction terms by, for example, printing the specific terms on the invoice or sales receipt in close proximity to the cardholder signature line before presenting the invoice or sales receipt to the cardholder for signature. Specific transaction terms also may be disclosed by other means, such as by signage or literature, provided the disclosure is sufficiently prominent and clear so that a reasonable person would be aware of and understand the disclosure before the transaction is completed.Specific transaction terms may include, for example, such words as "Exchange Only," "In-Store Credit Only" or "Original Packaging Required for Returns." Specific terms may address such matters as late delivery, delivery charges, or insurance charges.
Returned merchandise and canceled services. A merchant is not required to accept returned merchandise or the cancellation of services unless a right of return or cancellation was a condition of the transaction. If the merchant agrees to accept merchandise for return or to cancel services, the merchant must credit the same account used to purchase the merchandise or service.If the merchandise or service is purchased with a card, upon a partial or entire return of merchandise or cancellation of service, or if the merchant agrees to a price adjustment, the merchant may not provide a full or partial refund or adjustment by cash or check or by any means other than by a credit to the card account used to purchase the merchandise or service. The cardholder must be provided a copy of the credit receipt. A cash or check refund is permitted for involuntary refunds by airlines or other carriers or merchants only when required by law.
- Credit receipt requirements. The credit receipt must contain the following information:
  - The date.
  - A description of the returned merchandise, canceled services or adjustment made.
  - The amount of the credit.
  - The merchant's signature.

Multiple Sales Receipts and Partial Payment

2009-08-26T16:27:00.002-04:00

Following are requirements concerning multiple sales receipts and partial payments:

Split tickets are prohibited. A merchant is prohibited from using two or more sales receipts, also known as a split ticket, to avoid an authorization request.
Include all goods on a single sales receipts. All products and services purchased in a single transaction must be included in one total amount on a single sales receipt except in the following instances:
- Multiple cards are presented. More than one card is presented for payment on a single transaction, and an authorization is obtained for the portion of the transaction charged to a each card.
- Multiple items are billed. Multiple items are purchased and individually billed to the same account, and an authorization is obtained for each item purchased.
- Partial payment. A merchant is prohibited from processing a card transaction where only a part of the total amount is included on a single sales receipt except in the following instances:
  - When the cardholder bills a portion of the transaction amount to a card and pays the remaining balance by cash or check.
  - When the products or services will be delivered or performed after the transaction date, one sales receipt represents a deposit, and the second sales receipt represents payment of the balance. The second sales receipt is conditioned upon the delivery or performance of the goods or services.
  An authorization must be obtained for the total amount of the transaction if it exceeds the applicable floor limit. The merchant must note on the sales receipt the words "deposit" or "balance," as appropriate. The sales receipt representing the balance must not be presented until the products or services are delivered or performed.

Completing the Sales Receipt

2009-08-20T16:30:00.004-04:00

The following information and requirements are relevant to the completion of the sales receipt:

Include all goods on one sales receipt. All goods and services purchased in the same transaction must be included on a single sales receipt.
Sales receipt information requirements. The following information must be included on the sales receipt.
- A description of the goods. A description of the goods and services and their price, including applicable taxes, must be entered on the sales receipt in detail sufficient to identify the transaction. If no currency is identified on the sales receipt, the transaction is considered to have taken place in the currency that is legal tender at the point of interaction. If the merchant offers multiple currencies, then the sales receipt must indicate all of the following information:
  - The transaction amount in the merchant's local currency (the goods or services total).
  - The converted transaction amount in the currency chosen and agreed to by the cardholder and the merchant (the sale total).
  - The currency symbol of each.
  - The method by which the currency agreed to by the cardholder was converted from the amount in the merchant's local currency.
- The transaction date. The transaction date must be entered on the sales receipt.
- An imprint of the card. A legible imprint of the card must be made on the sales receipt, or the merchant may electronically record the customer's card information and the merchant location. If a transaction is completed without obtaining a card imprint or electronically derived card information, the merchant must note legibly on the sales receipt sufficient detail to identify the cardholder, the merchant, and the card issuer. This information must include at least the name and address of the merchant, the name or trade name of the card issuer as it appears on the face of the card, the account number, the security code, the expiration date (or dual date), the cardholder name, and any company name.If the transaction is completed without obtaining a card imprint or electronically derived card information, the merchant is considered to have verified the true identity of the customer as the cardholder, unless the merchant obtained and noted on the sales receipt independent evidence of the cardholder's true identity.
  
  Transactions based on mail orders, telephone orders, preauthorized orders, electronic commerce orders, Guaranteed Reservations and Advanced Resort Deposits may be completed without a card imprint.
- The authorization number. If an authorization is obtained from the card issuer, unless the transaction is an offline chip-read transaction, the authorization number must be entered on the sales receipt. If more than one authorization is obtained over the course of the transaction (as may occur for hotel, motel, or vehicle rental transactions), all authorization numbers, the amounts authorized, and the date of each authorization must be entered on the sales receipt.
- The primary account number. The primary account number (PAN) must be truncated on all cardholder-activated terminal sales receipts. Subject to local and national laws, PAN truncation is permitted on any other sales receipt type. It is recommended that only the last four digits of the PAN are printed on the receipt. Truncated digits should be replaced with fill characters such as "x," "*," or "#," and not with blank spaces or numeric characters.
- Delayed presentment. When the merchant receives approval for delayed presentment, the authorization number and the words "Delayed Presentment" must be noted legibly on the sales receipt.
- Cardholder identification. For unique transactions processed in a face-to-face environment (with the exception of truck stop transactions and card-read transactions where a non-signature CVM is used), the merchant must record on the sales receipt a description of the unexpired, official government document provided as identification by the cardholder, including any serial number, expiration date, jurisdiction of issue, customer name (if not the same name as embossed on the card), and customer address.
- The transaction certificate. The transaction certificate is not required on the sales receipt. However, if the acquiring bank elects to record the receipt of a transaction certificate on the sales receipt, then the merchant must enter the complete transaction certificate on the sales receipt.
- Prohibited information. The sales receipt or any other document must not reflect the following information:
  - The PIN, any part of the PIN, or any fill characters representing the PIN.
  - The card security code (CVC2, CVV2 or CID), which is indent-printed on the signature panel of the card.
Obtain the cardholder's signature. In a face-to-face environment, the merchant must give the cardholder the option of a signature-based transaction. Unless the cardholder uses a PIN, the cardholder must sign the sales receipt.
- Compare signatures. Unless the cardholder uses a PIN, the merchant must compare the signature on the sales receipt with the signature on the card to determine whether they appear to be the same.
- Discrepancy between signatures. If the merchant believes that the signature on the card does not match the signature on the sales receipt, the merchant must contact the acquiring bank for instructions. The signature would not match if the signature panel were signed "John P. Smith" and the sales receipt "Stan Smith" or K. Smith." The signature would be acceptable if signed "John P. Smith," "J. P. Smith" or "John Smith." The signature would be acceptable if a title such as Mr., Mrs., or Dr. is missing or is included.
- Signature not required. Transactions based on mail orders, telephone orders, preauthorized orders, electronic commerce orders, Guaranteed Reservations, Advanced Resort Deposits and Express Checkouts may be completed without the cardholder's signature. The merchant must type or legibly print on the signature line of the sales receipt the letters "TO", "MO", "PO", "EC", "Guaranteed Reservation / No Show," "Signature on File – Express Check-out," or "Advance Deposit" as appropriate. The merchant must retain and make available to the acquiring bank upon request the cardholder's written request to the merchant for preauthorization. The merchant must not deliver goods or perform services covered by a preauthorization after receiving notification that the preauthorization is canceled or that the card covered by the preauthorization is not to be honored.
Give the cardholder a copy of the receipt. The merchant must provide the cardholder with a true and completed copy of the sales receipt.

Obtaining an Authorization when a Tip is Added

2009-08-18T16:13:00.001-04:00

The following information and requirements are relevant to the merchant's obtaining of an authorization when a tip is added, either before or after the authorization process.

If the transaction amount is below the merchant's floor limit, and the cardholder adds a tip in an amount less than or equal to 20% of the transaction amount, the merchant is not required to obtain an authorization even though the total transaction amount may exceed the merchant's floor limit.
If a merchant obtained an authorization for a transaction, and the cardholder adds a tip in an amount greater than 20% of the transaction amount, the merchant must obtain an authorization for the additional amount. The card issuer is responsible for the full amount of the transaction.
If the cardholder adds a tip in an amount greater than 20% of the transaction amount and causes the transaction amount to exceed the merchant's floor limit, the merchant must obtain an authorization for the total amount of the transaction.

Completing a Transaction

2009-08-17T17:12:00.002-04:00

When the transaction is completed (i.e., when customer checks out of the hotel / motel or returns the car) and the final transaction amount is determined, the following will apply:

If the final transaction amount does not exceed the merchant's floor limit, the merchant is not required to obtain an authorization, but it must check the account number against the international Warning Notice or the Electronic Warning Bulletin.
If the final transaction amount does not exceed the merchant's estimated amount by 15%, the merchant is not required to request a secondary authorization. The initial authorization guarantees the full amount of the transaction.
If the final transaction amount exceeds the merchant's estimated amount by 15%, the merchant must request a secondary authorization on the additional amount.
If the final transaction amount exceeds the merchant's applicable floor limit, but a previous authorization was not received because the merchant's estimate did not exceed its applicable floor limit, the merchant must obtain an authorization for the full amount of the transaction.

If the card issuer declines a subsequent authorization request, the merchant is guaranteed the cumulative amount of previous authorizations, plus 15%.

If a pick-up-card response is received in response to a subsequent authorization request, the merchant must pick up the card. The merchant is guaranteed the cumulative amount of the previous authorizations, plus 15%.

Obtaining an Authorization for Hotel, Cruise Line, and Car Rental Transactions

2009-08-14T16:18:00.002-04:00

The following information and requirements are relevant to merchants obtaining authorizations for hotel / motel, cruise line, and car rental transactions.

Authorization procedures. Hotel, motel, car rental, and cruise line merchants must comply with the standard authorization procedures and the requirements set out below.
Initiating the transaction. When the transaction is initiated, the merchant must request an authorization for an estimated transaction amount if the estimate exceeds the applicable floor limit. The merchant also may request an authorization for any additional estimated amounts as needed.Merchants engaging in car rental transactions may not include charges representing either:
- The vehicle insurance deductible amount, or
- An amount to cover potential damages when the cardholder waives insurance coverage at the time of the rental.
Charges for damages must be processed as a separate transaction. The merchant must provide a reasonable estimate of the cost to repair the damages and obtain agreement from the cardholder. If the cardholder chooses to pay for the repairs using his or her card, the merchant must:
- Prepare a specific sales slip with proof of card presence.
- Provide the estimated amount for repairs indicating that the amount will be adjusted accordingly pursuant to completion of the repairs and submission of the invoice for such repairs.
- Obtain a signature from the cardholder.

Obtaining an Authorization

2009-08-13T15:45:00.001-04:00

The following information and requirements are relevant to the merchant's obtaining of an authorization.

Treat all transactions the same. With respect to obtaining authorizations of transactions, the acquiring bank must treat all transactions at a merchant location in the same manner.
Retain the card while obtaining authorization. The merchant must use its best efforts, by reasonable and peaceful means, to retain the card while making an authorization request.
When to obtain an authorization. The merchant must obtain an authorization from the card issuer before completing the transaction in the following instances:
- The transaction amount exceeds the merchant's floor limit or the floor limit applicable to the transaction.
- The card is expired or not yet valid.
- The card is not signed.
- The merchant wishes to delay presenting the transaction record.
- The transaction receipt cannot be imprinted although the card is present.
- The merchant's data processing equipment is unable to read the magnetic stripe or the chip (if one is present) on the card.
- The account number is listed on the regional Warning Notice.
- The transaction is a recurring payment and a previous authorization request was declined.
- The merchant is suspicious of the transaction for any reason.
Reporting a suspicious transaction. To report a suspicious transaction, the merchant must contact the authorization center, state "This is a Code 10" and await instructions.In all instances, except where the transaction exceeds the applicable floor limit, the merchant must inform the authorization center of the reason for the authorization request.
Pick-up-card response. If a cardholder account is listed on the electronic Warning Bulletin or regional Warning Notice, the merchant must not complete the transaction. The merchant must retain the card by reasonable and peaceful means and notify the authorization center for further instructions. If the authorization center cannot be reached, the merchant must retain the card by reasonable and peaceful means until the center can be reached.

MasterCard Acceptance Procedures for Purchase Transactions

2009-08-12T17:21:00.001-04:00

The following requirements are relevant to the merchant's acceptance procedures for purchase transactions.

Card must be present. A payment card must be presented to the merchant for all transactions except in the case of mail orders, telephone orders, card-not-present unique transactions, eCommerce transactions, and pre-authorized orders.
Determine whether the card is valid. The merchant must complete the following steps to determine whether each card presented is a valid payment card:
- Check the valid date and the expiration date on the face of the card. If the card is expired or not yet valid, the merchant must obtain an authorization from the card issuer.
- Check the Electronic Warning Bulletin or international Warning Notices. If the account number is listed, the merchant must not complete the transaction without obtaining an authorization from the card issuer.
- Compare the four-digit truncated account number imprinted in the signature panel with the last four digits of the embossed account number on the face of the card.
- Unless a hybrid terminal is used, compare the embossed account number on the face of the card with the number displayed or printed from the point of sale (POS) terminal.
- If a photograph of the cardholder is present on the card, compare the photograph on the card with the person presenting the card.
- Check that the card is signed.
- For unique transactions processed in a face-to-face environment (with the exception of truck stop transactions and card-read transactions where a non-signature CVM is used), request personal identification of the cardholder in the form of an unexpired, official government document. Compare the signature on the personal identification with the signature on the card.
Unsigned cards. If the card is not signed, the merchant must:
- Obtain an authorization from the card issuer.
- Ask the cardholder to provide identification (but not record the cardholder identification information).
- Require the cardholder to sign the card.
Suspicious cards. If the merchant believes that there is a discrepancy in the signature, or if the last four digits of the embossed account number do not match the four-digit truncated account number on the signature panel or displayed on the terminal, or if the photographic identification is uncertain, the merchant must contact its acquiring bank for instructions. If any unexpired MasterCard card does not have a MasterCard hologram on the lower right corner of the card face, the merchant must pick up the card and contact its acquiring bank's Code 10 operator to advise it of the pick-up and to receive mailing instructions.

Handling Account, Cardholder, Transaction, and Merchant Information

2009-08-11T16:17:00.003-04:00

Sale or Exchange of Account and Cardholder Information Prohibited

Merchant banks must not sell, purchase, provide, exchange or in any manner disclose card account number information to anyone other than its acquiring bank, to the Credit Card Association, or in response to a government request. This prohibition applies to card imprints, transaction receipts, carbon copies, mailing lists, tapes, or other media obtained as a result of a card transaction.

Fraudulent or Unauthorized Use of Account Information Prohibited

A merchant must not request or use card account number information for any purpose that it knows or should have known to be fraudulent or in violation of the card Association's standards, or for any purpose that the cardholder did not authorize.

Account, Cardholder and Transaction Data Must Be Kept Secure

Merchants must keep all systems and media containing card account, cardholder, or transaction information (whether physical or electronic) in a secure manner so as to prevent access by, or disclosure to any unauthorized party. Merchants must destroy all media not necessary to retain, in a manner that will render the data unreadable.

If an account compromise occurs, the following will apply:

The merchant must notify its acquiring bank immediately.
The acquiring bank must provide the affected Credit Card Association with complete information about the account compromise.
If the account compromise results from the merchant's failure to comply with this rule, the acquiring bank promptly must engage a data security firm to assess the vulnerability of the merchant systems and provide the results of such audit (or a forensics examination if required) promptly to the affected Credit Card Association.
If the acquiring bank fails to engage promptly the services of a data security firm or fails to promptly provide the findings of the audit, or any forensics examination, the acquiring bank may be assessed a fine by the Credit Card Association.
The acquiring bank must cooperate, and ensure that its merchant cooperates, with the investigation and resolution of the account compromise, including any forensic audit or other measure that the Credit Card Association deems necessary.

Account Information Must Not Be Recorded on a Mailer

A merchant must not ask a cardholder to record a card account number or other account information on the exterior of any order form or other similar device designed to be mailed.

Merchant Identification

A merchant must prominently and unequivocally inform the cardholder of the identity of the merchant at all points of sale so that the cardholder can distinguish the merchant from any other party such as a supplier of goods or services to the merchant.

Data Storage Entity (DSE) Identification

The merchant must inform the acquiring bank promptly of the identity of any DSE that engages, or proposes to engage, in the processing, storage, or both of card account data for the merchant, whether directly or indirectly, regardless of the manner or duration of such activities.

Storage of Account, Cardholder, and Transaction Data

A merchant and any DSE must not store in any system or in any manner, discretionary card-read data, CVC2 / CVV2 data, PIN data, Address Verification Service (AVS) data, or any other prohibited information as set forth in the Credit Card Associations' standards, except during the authorization process for a transaction, that is, from the time an authorization request message is transmitted and up to the time the authorization request response message is received. Storage is permitted of only the card account number, expiration date, cardholder name, and service code, in a secure environment to which access is limited, and then only to the extent that this data is required for bona fide purposes and only for the length of time that the data is required for such purposes.

Transaction Authorization and Presentment Requirements

2009-08-06T17:18:00.001-04:00

Authorizing Transactions

When required by the Credit Card Associations' standards or by its acquiring bank, the merchant must obtain an authorization before completing a transaction. Standards concerning authorizations are published annually by the Credit Card Associations.

Presenting Transactions

The following standards apply to the presentment of transactions.

Valid and invalid transactions. A merchant must present to its acquiring bank only valid transactions between itself and a bona fide cardholder. A merchant must not present transactions that it knows or should have known to be fraudulent or not authorized by the cardholder, or authorized by a cardholder that is in collusion with the merchant for a fraudulent intent. Within the scope of this rule, the merchant is responsible for the actions of its employees.
Present transactions within three business days. The merchant must present records of valid transactions to its acquiring bank no later than three bank business days after the date of the transaction, except:
- The record must not be presented until after the goods are shipped or the services are performed unless, at the time of the transaction, the cardholder agrees to a properly disclosed delayed delivery of the goods or services.
- When the merchant receives authorization for a delayed presentment (in which case the words "Delayed Presentment" must be noted on the TID).
- When the merchant is obligated by law to retain the sales receipt or return it to a buyer upon timely cancellation, in which case the merchant should present the record within 10 business days after the transaction date.

Prohibited MasterCard Card Acceptance Practices

2009-08-05T15:27:00.001-04:00

The following card acceptance practices are prohibited by MasterCard:

Discrimination A merchant must not engage in any acceptance practice that discriminates against or discourages the use of MasterCard cards in favor of any other brand.
Charges to cardholders. A merchant must not directly or indirectly require any MasterCard cardholder to pay a surcharge or any part of any merchant discount or any contemporaneous finance charge in connection with a MasterCard card transaction. A merchant may provide a discount to its customers for cash payments. A merchant is permitted to charge a fee (such as a commission, postage, expedited service or convenience fees, and the like) if the fee is imposed on all like transactions regardless of the form of payment used. The following definitions apply:
- A surcharge is any fee charged in connection with a MasterCard transaction that is not charged if another payment method is used.
- The merchant discount fee is the fee the merchant pays to its acquiring bank to acquire transactions.
Minimum / maximum transaction amount prohibited. A merchant must not require, or post signs indicating that it requires, a minimum or maximum transaction amount to accept a valid MasterCard card.
Prohibited transactions. A merchant must not submit for payment into interchange, and an acquiring bank must not accept from a merchant for submission into interchange, any transaction:
- That represents the refinancing or transfer of an existing cardholder obligation that is deemed to be uncollectible.
- That arises from the dishonor of a cardholder's personal check.
- That arises from the acceptance of MasterCard cards at terminals that dispense scrip.
Other forms of payment. A merchant must not accept any payment from a customer in any other form (for example, cash or check) with respect to a charge for goods or services that are included on a transaction information document (TID) resulting from the use of a MasterCard card.

Honoring Payment Cards

2009-08-04T17:22:00.002-04:00

Merchants must honor all valid payment cards of the types they have contracted to accept without discrimination when they are properly presented for payment. The merchant must maintain a policy that does not discriminate among customers seeking to make purchases with a payment card. A merchant that does not deal with the public at large (for example, a private club) is considered to comply with this rule if it honors payment cards of cardholders that have purchasing privileges with the merchant.

A merchant must not refuse to complete a payment card transaction solely because a cardholder who has complied with the conditions for presentment of a card at the point of sale (POS) refuses to provide additional identification information, except as specifically permitted or required by the Associations. A merchant may require additional identification from the cardholder if the information is required to complete the transaction, such as for shipping purposes. A merchant in a country or region that supports use of the Address Verification Service (AVS) may require the cardholder's ZIP or postal code to complete a cardholder-activated terminal (CAT) transaction, or the cardholder's address and ZIP or postal code to complete a mail order, phone order, or eCommerce transaction. A merchant must not refuse to complete an electronic commerce transaction using a payment card solely because the cardholder does not have a digital certificate or other secured protocol.

Merchant Monitoring Requirements

2009-08-02T09:50:00.001-04:00

Merchant Monitoring

Processors must monitor each of their merchants' activity on an ongoing basis to deter fraud or other wrongful activity. At a minimum, processors must monitor their merchants' deposits and authorization activity

The Credit Card Associations have established certain standards applicable to fraudulent transactions and chargeback activity. Processors whose merchants exceed or violate these standards may be subject to fines or other disciplinary action and may be subject to chargeback liability.

Merchant Noncompliance

If the Credit Card Associations become aware that any merchant has violated any of the rules governing the acceptance of their cards, the use of their marks, the charges to cardholders, the minimum or maximum transaction amount restrictions or the prohibited transactions, they will notify the acquiring bank of the violation and request that it take action to ensure that the merchant discontinues the practice promptly, and in no more than 10 business days.

Acquiring banks may be fined if the Associations become aware of such violations. MasterCard, for instance, may impose an assessment for noncompliance of up to $100,000 per individual violation, with a maximum aggregate assessment of $500,000 for additional or continuing violations during any consecutive 12-month period.

If a processor terminates the merchant processing agreement with a merchant because of a violation by the merchant of one or more of the rules referenced above, the member must report the merchant to the MasterCard MATCH system within five calendar days of the decision to terminate, regardless of the effective date of the termination. All records of rules violations move with the merchant to any new acquiring bank.

Acquirer Obligations and Activities

2009-08-01T11:24:00.000-04:00

Acquiring Transactions

Each acquiring bank must acquire all transactions properly presented to it from each of its merchants on such terms as set forth in the merchant agreement between them and under applicable rules and procedures.

Payments to Merchants

Each acquiring bank must pay its merchant for all transactions received from the merchant no later than the next business day following the day of receipt. The acquiring bank may delay payment for only as long as it is necessary to determine the legitimacy of the deposit, within local law or banking regulation. Payment must be made by cash, check or credit to an account designated by the merchant. This requirement does not apply to transaction amounts withheld by an acquiring bank, by agreement of the merchant, for chargeback reserve or similar purposes.

Supplying Materials

Each acquiring bank must ensure that each of its merchants is provided with all materials necessary to effect card transactions in accordance with applicable rules and regulations and to signify acceptance of the supported brands. These materials may include sales slips, credit slips, terminals, authorization services, acceptance displays, and the like.

Processor Requirements for Signing a Merchant

2009-07-31T11:52:00.001-04:00

Visa and MasterCard member banks must directly enter into a written merchant processing agreement with each merchant from which they acquire transactions.

A member bank can only submit into interchange transactions arising in connection with products and services provided by a commercial entity that a cardholder purchases with a payment card, after the commercial entity has entered into a valid merchant processing agreement with the member. This rule applies regardless of whether the ability to use the payment card is explicit or implied, or whether the card is presented directly to the commercial entity, a third-party payment processor, or any other person. A commercial entity is any person that sells goods or services on an ongoing basis and that maintains a physical or virtual presence for the purpose of selling goods or services. This rule does not prohibit a commercial entity from being the recipient of funds that result from a money transfer transaction, provided the transaction is properly identified as such to the card issuer and cardholder with the appropriate merchant category code (MCC) and transaction category code (TCC) in all authorization and clearing records.

Regardless of whether a member bank uses an Independent Sales Organization (ISO) or a Member Service Provider (MSP), the member must itself execute a written agreement directly with each merchant. The agreement must reflect the member's primary responsibility for the merchant relationship and must comply with Visa and MasterCard standards and regulations. The merchant agreement can contain other provisions that may be agreed upon between the member bank and the merchant, provided that the provisions do not conflict with Visa and MasterCard standards and regulations.

The member bank is responsible for ensuring that each of its merchants complies with Visa and MasterCard and regulations, including those applicable to unique transactions, cardholder-activated terminals, and the like, and is responsible for the merchant's failure to do so. The member bears the responsibility for each merchant's compliance and must take appropriate actions to ensure it, such as reviewing the merchant's deposit records and procedures for effecting transactions.

Before entering into, extending, or renewing a merchant agreement, a member bank must verify that the merchant from which it intends to acquire transactions is a bona fide business and that the transactions will reflect bona fide business between the merchant and the cardholder.

A member bank must retain all records concerning the investigation of any merchant with which it has entered into a merchant agreement for a minimum of two years after the date the agreement is terminated.