MasterCard and Discover Announce New Processing Rules

March 31st, 2010

MasterCard and Discover are modifying their rules concerning the processing of debit, prepaid and gift cards. Specifically, MasterCard and Discover will now require that most merchants support the processing of partial authorizations, real-time full authorization reversals, and balance response transactions.  MasterCard’s rule changes go into effect May 1, 2010, and Discover’s rule changes go into effect April 16, 2010.

The changes are being made because MasterCard and Discover have identified three main areas of concern that cause transactions to decline for customers using debit, prepaid and gift cards:

  1. Customers do not always know their available balance on their card.
  2. If a customer tries to spend more than the balance available on their card, the purchase is declined, with no option to use the card’s available balance along with another form of payment.
  3. If a customer wants to use a debit, prepaid or gift card, and the merchant gets an authorization, but then the transaction is not completed, the available balance on the card is temporarily reduced unless the merchant reverses the authorization.

The following  section hopefully will answer many questions you may have.  Otherwise,  you need to refer to Customer Service of your processor provider.

What are the new compliance requirements and how will complying with them  benefit me the merchant?

MasterCard and Discover are requiring that merchants support the following three transaction types for debit, prepaid and gift cards:

  1. Partial Approval (or Partial Authorization) — Merchants are required to partially approve a transaction if a cardholder does not have enough balance on their debit, prepaid or gift card.  Also, the merchant must allow cardholders to pay the remaining balance owed with another form of payment. This is called a split-tender purchase transaction.

    Benefit: Prior to implementing partial approvals, a debit, prepaid or gift card with an insufficient balance was declined, often costing the merchant a sale.  By supporting partial approvals, the merchant can turn a potential decline or negative cardholder experience into a completed sale by asking for an additional form(s) of payment to cover a purchase.

  2. Authorization Reversal — Merchants are required to reverse an authorized transaction if a cardholder decides they do not want to proceed with the split-tender purchase upon receiving a partial approval. Authorization reversals will free up the available balance on a customer’s debit, prepaid or gift card when transactions are not completed.

    Benefit: By supporting authorization reversals, the merchant restores the cardholders’ available balance, which enables them to potentially make a purchase (within their debit, prepaid or gift card’s balance) at your store instead of a decline.

    Additional Authorization Reversal Questions

    • If a transaction has been captured (i.e., an auth capture transaction type), can the authorization be reversed?
      No, authorization reversals can only be performed on transactions that have already been authorized but not captured  (auth only transactions). If the transaction has been captured, then the merchant should initiate a void if the transaction has not settled, or a refund if it has been settled.

    • Does this apply to full authorization reversals or partial authorization reversals?
      The requirement applies to both full authorization reversal as well as partial authorization reversals. A partial authorization reversal is applicable for situations where the capture request amount is less than the authorized amount, and the difference will have to be partially reversed. In the case of a partial auth reversal, merchants do not need to do anything; this is done automatically.

 

  1. Balance Response — Merchants are required to print the prepaid card balance on the customer receipt or display it on a customer-facing terminal/POS device/Web page, or both. Prepaid card balance information is made available by the prepaid issuer only for some, but not all, prepaid cards, and support of this requirement is limited to those particular cards.

    Benefit: By supporting balance responses and making the information available to the consumer, the consumer is better informed regarding their available balance on their prepaid cards, and could make additional purchases based on that balance.

    Additional Balance Response Questions

    • Will merchants be required to print the remaining prepaid account balance on both the receipt and display it on the customer-facing POS device or Web page?
      No. Merchants can choose to print the balance, or display the balance to the cardholder, or both.

    • Will the balance be displayed/printed for all debit and prepaid products?
      No. For security reasons, balances will only be returned by the issuer for prepaid cards (and even then, only for select cards) to avoid, for example, printing a customer’s checking account balances. If the”available balance” is present in the record, merchants are required to print and/or display it to the customer, regardless of the dollar amount.

Which payment card types does this change impact?

The compliance requirements apply to regular debit, prepaid and gift cards for the following payment card types:

  • MasterCard
  • Discover
  • Diners Club
  • JCB – U.S. transactions only
When do these requirements go into effect?
MasterCard’s rule changes go into effect May 1, 2010, and Discover’s rule changes go into effect April 16, 2010.   
 
Do I have to support the requirements?
MasterCard and Discover are requiring all merchants to support the requirements with the exception of merchants that exclusively process transactions via batch uploads, mail order/telephone order (MOTO), or recurring payment transactions. Your Merchant Service Provider (MSP) is ultimately responsible for determining if the requirements apply to your business, so please contact them for assistance in determining if your company is exempt.
 
What do I need to do to support the requirements?
The steps that you will need to take to support the requirements depend on how you connect to the payment gateway. For example, if you connect using a shopping cart, point-of-sale device, or other solution, you will need to contact your solution provider to confirm that they will be supporting the requirements. If you connect using a direct integration, you should contact your Web developer for assistance. 
 
Are the requirements global or U.S. only?
At this time, the requirements are mandated for U.S. merchants only.
 
Do issuers support these new compliance requirements?
Yes. Effective November 1, 2008, all Debit MasterCard and Maestro debit and prepaid issuers were required to process and respond appropriately to merchants that support partial approvals and real-time reversals (full and partial). In addition, prepaid Debit MasterCard and Maestro issuers must support the account balance response.
 
Are e-commerce merchants required to support these changes as well?
Yes, e-commerce merchants are required to offer at least one opportunity for customers to submit an additional form of payment after receiving a partial approval.
 
Are there any transaction types that are exempt?
Yes. The following transaction types are exempt: batch uploads, mail order/telephone order (MOTO), and recurring payment transactions.
 
Can the auth reversal be made several days after the original authorization request?
Yes, the authorization reversal for e-commerce and other card-not-present transactions should be generated whenever a purchase transaction is not, or cannot, be completed, and the transaction has not yet been captured.

Note: The account balance response only needs to be supplied to the cardholder in an authorization response to a real-time authorization request.

How do these requirements impact split shipments?
Merchants should be aware of the impact of the requirements on split shipments. A capture submitted for a partial shipment will be matched against the original authorization and release the hold of funds in the cardholder’s account. If the merchant expects to make a second shipment of goods, a new authorization should be taken against the card in the amount of the second shipment and captured when the second shipment is sent.
 
What if a merchant does not comply? Is there a non-compliance fee?
Yes. Merchants are obligated to support the requirements and make the appropriate changes to support these transactions. The payment card brands will be performing frequent “Compliance Monitoring” of these rules changes and will follow through with the appropriate parties if merchants are found to be non-compliant. The amount of fees assessed will be as per the MasterCard and Discover association “non-compliance” fines described in their operating regulations and rules. For more information, please contact your Merchant Service Provider (MSP).

As a reminder, your MSP is ultimately responsible for determining if the requirements apply to your business, so please contact them for assistance in determining if your company is exempt.

Our thanks to Authorize.net for bringing these issues and their clarifications to our attention. 

  • Share/Bookmark

Posted in Data security, Debit Card Processing, Merchant Accounts, Tips & Advise, Useful Business Services, eCommerce | 2 Comments »

Ecommerce in Canada

March 16th, 2010

We get lots of inquiries from Canadian merchants seeking information about obtaining a Canadian Merchant account, particularly online internet processing in Canada.  To this end,  we are pleased to announce our affiliation with the premier Canadian Merchant Account provider in Canada, MSI (Merchant Services Inc. of Canada), Included among the many benefits MSI brings to the table are:

Canadian Merchant Services

Canadian Merchant Services

  • Low rate guarantee.  They ALWAYS quote the best rates and prices in Canada
  • Superior personal service from expert LOCAL reps
  • 24/7 support before and after the sale
  • Fast, timely and dependable deposits of funds into merchant’s bank account
  • Easy to apply for, install and use integrated full-featured internet ecommerce payment processing solutions

CLICK HERE to get more information about Canadian Merchant Services and Merchant Services Inc of Canada (MSI)


Many new ecommerce merchants are intimidated and confused by the perceived complexities of getting set up for ecommerce credit card processing.   Not to worry–it’s really quite simple when you work with a reputable company like MSI experts to clearly explain everything and do all the work.  Here’s a brief outline of the process:

The Basics – What is a Merchant Account?

Understanding e-commerce is easy. There are 3 things that make up an e-commerce transaction:

• A shopping cart
• A payment gateway
• A merchant account

The Shopping Cart

The shopping cart software is what keeps track of the products your customers want to purchase as they surf through your website. It is the software that powers the “Add to Cart” buttons that you have probably seen on many e-commerce websites. There are hundreds of popular shopping cart programs to choose from. Some are extremely easy to use, while others are targeted towards advanced webmasters. Picking a good shopping cart can be a daunting process if you are new to e-commerce and have just started your research. If you would like some help selecting a good shopping cart for your business don’t hesitate to  contact us. The only trick is getting one that’s compatible with your gateway and merchant account–that’s what we’re here to help you with.

Some merchants offer services and do not have a product based website. Even if you don’t sell products on your site, you will still have some type of software that calculates how much the customer is supposed to pay you. Think of the shopping cart as the cashier at the grocery store who rings through your groceries. It is their job to figure out how much money you are supposed to pay. In an e-commerce website, the software performs this job and will determine how much you owe for the sale. Once the shopping cart has figured out how much you owe for the sale, it needs to send this information somewhere so the credit card can be processed. This brings us to the second part of every e-commerce transaction – the payment gateway.

The Payment Gateway

The function of the payment gateway is  quite simple . When you go to a shoe store  and pay with your credit card, the clerk swipes your card through a payment terminal. The payment gateway does the same job as that little electronic device, except because it’s an online transaction the credit card is not physically swiped through a terminal. Instead the shopping cart securely encrypts the credit card and order details and sends it off to the payment gateway to be processed.

The payment gateway will electronically contact the customers card issuing bank and check to see if they have sufficient credit to pay for the sale. If so, the card issuing bank will return an authorization and the funds will be debited from the customers credit card balance.

When those funds are captured from the customers credit card account, they must go somewhere. This is where the final part of an e-commerce transaction comes in – the merchant account.

The Merchant Account

When the payment gateway processes the transaction and the customers credit card is charged for the sale, that money has to go somewhere. Specifically, it needs to deposited into a bank account. Funds from credit card sales are deposited into a special type of bank account — called a “merchant account”.

That really is all a merchant account is – a bank account that is used to hold funds captured from your credit card sales. Then,  the money is ’settled’ or sent out of the merchant account, and into the merchant’s regular business bank account.

  • Share/Bookmark

Tags: , , ,
Posted in Credit Card Processing, Debit Card Processing, Merchant Accounts, Tips & Advise, Useful Business Services, eCommerce | 1 Comment »

High Risk Offshore Merchant Account FAQ’s

March 15th, 2010

What are High Risk Merchants?

High Risk Merchants are specific types of businesses that typically have a higher than normal chargeback ratio and higher than normal risk of returns or customer sales disputes. Chargebacks of more than 1% of total monthly sales are usually considered excessive chargebacks by most processors.  Also, the merchant acquiring banks consider an account a High Risk Merchant Account based on the potential for possible legal violations for selling particular types of services or products, financial liability that the bank or processor will incur for processing for the merchant or bad publicity towards the bank for accepting certain types of businesses.

How long will it take me to get a High Risk Merchant Account established and begin processing?

The length of time varies, depending on how quickly the paperwork and the supporting documents are received. Once all required documentation is submitted, approval may ake as little as  24 – 48 hours . Larger or higher risk accounts may require longer periods of time.

What is the High Risk Merchant Reserve, how much is it and how long is it held?

The reserve is a cash amount held back from your available post-clearing funds. The high risk merchant reserve generally ranges between 5% and 10% of each merchant’s approved volume or monthly sales volume. Reserve amounts are held by the merchant processor to ensure against losses due to uncollected fees, merchant fines, excessive chargebacks, etc.

Can a start-up business get approved for an offshore merchant account?

High-risk acquirers approve companies on an individual basis. If you are a start-up business, what’s important is the strength of your business plan, how you expect to generate sales, supply and service your customers and the history of the principals in your business.

If our company (and ourselves) has been placed on the MATCH list, can we still be approved for a new merchant account?

Very often, but not always.  We will say this with confidence:  Due to our vast network of international offshore and high risk procesors, if we at AMS can’t get you underwritten, you may rest assured nobody can.

We know that individual merchants using a shared merchant account do not have individual descriptors. What does it take to obtain approval for our own merchant account and our own descriptor?

Depending on size, category and risk, merchants can obtain their own custom descriptors once their individual merchant account has been approved to accept credit cards.

Can our merchant account settle transactions in more than one currency?

Yes, multiple currency settlements are available for approved merchants.

Which merchant businesses are considered High Risk?

Businesses or industries that are included in the High Risk Merchant category include  (but are not limited to)  the following:

  • Adult Service Providers
  • Pharmaceutical Merchants
  • MO/TO Accounts (mail order, telephone order)
  • Collections Agencies
  • Telemarketers
  • Adult Oriented Businesses
  • Travel & Cruise Industries
  • Door-to-Door selling
  • High Ticket Sales
  • Furniture Stores
  • Internet Auctions
  • Club Memberships
  • MLM (Multi-Level Marketing)
  • Tobacco Sellers
  • Time Share sales

How much does it cost to apply for an Offshore Merchant Account?

Costs vary by offshore acquirer, and are also a factor of the specifics of each merchant.  Generally, however, we charge no up-front fees, so there is no risk to the applicant.  How the process works is:  After submitted the prospective applicant’s paperwork to various possible underwriters and hopefully receiving at least one (often multiple) offers, we present the best offer to the merchant, who is free to either accept or walk away from the offered program.

QUESTIONS? Please email us at amspcs@juno.com or go to our Home Page at www.MerchantServices-help.com and click the CONTACT US button.

  • Share/Bookmark

Posted in Accepting Checks Safely, Credit Card Processing, Merchant Accounts, Useful Business Services, eCommerce | No Comments »

PCI FAQ’s

March 11th, 2010

PCI Security is a very hot topic in the credit card processing industry these  days  .  Merchants don’t understand or accept PCI, and are frustrated by the new PCI compliance fees they are seeing on their merchant statements (if you haven’t seen yours yet–look harder).  Even worse, several processors and shady merchant services sales people are distorting facts and downright lying in the never-ending quest to steal a merchant account from a competitor in order to make an extra dollar. pcilogo

Let’s set the record straight once and for all.  If you are a merchant of any kind, any size, any industry, here is a concise listing of everything you MUST know about PCI Security compliance:

 

What is PCI DSS?

The Payment Card Industry Data Security Standards are requirements designed to minimize theft and misuse of sensitive credit card data at every level of credit card processing.

Who has to Comply?

Member Banks – Acquiring Bank and Card Issuing Banks.
MerchantsAny merchant who accepts any of the major card brands, including Visa, Mastercard, American Express and Discover.
Service Providers – Internet Gateways, Shopping Cart Vendors and Hosting Companies

What does PCI Compliance mean to my business?

The card associations require that cardholder information be handled and maintained in a secure fashion. ALL merchants are required to meet the PCI compliance guidelines.

What is the difference between compliance and validation?

Compliance is the process of implementing the security controls and policies required by the standard. Validation is the process of proving that you are compliant. PCI compliance requires both functions to be performed.

How often do I have to validate my compliance?

You are required to validate compliance every 12 months.

What if I change my merchant service provider in the next 12 months?

You will receive a Certificate of Compliance once you have completed the required SAQ and scan, if required, that you will be able to provide to your new merchant service provider to validate your compliance.

What happens if I am not in compliance?

Failure to comply with these requirements can result in significant fines and the possible cancellation of payment processing capability.

Am I liable if my service provider is breached?

It depends, but it is certainly possible. If you use a 3rd party service provider to process your credit card transactions it is your responsibility to ensure they are PCI compliant. If they aren’t and they are breached you can be held liable also. There are known cases of that happening currently.

Does PCI compliance apply to non-profit organizations?

Yes, the liability and risks still exist and need to be addressed. In fact, because you are a non-profit organization the effects of a data breach could be even more damaging to your business due to the fines and other possible penalties.

How do I determine the specific requirements that apply to my business?

Compliance requirements vary by method of processing, such as using a stand alone landline, wireless communications or the internet to process. Simply review the table provided, click on the letter next to the description that best describes your business, and you will be taken directly to the applicable requirements.

What is a Self-Assessment Questionnaire?

The Self-Assessment Questionnaire “SAQ” is a validation tool for merchants and service providers who are not required to do on-site assessments for PCI DSS compliance.

What is cardholder data?

Primary Account Number (PAN)
Cardholder Name
Expiration Date
Sensitive Authentication Data
Full magnetic stripe data
Card Validation Code/Value
Personal Identification Number (PIN)

What can never be stored, even if encrypted?

Full magnetic stripe
Card Validation Code/Value
Personal Identification Number (PIN/PIN block)

What are the 12 requirements?

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a policy that addresses information security.

    •  

  • What’s the difference between a QSA and an ASV? A Qualified Security Assessor (QSA) is a firm certified by the PCI Security Standards Council to perform the annual audits required for Level 1 Merchants. An Approved Scanning Vendor (ASV) is certified to perform the quarterly scanning required by all levels. Level 4 Merchants do not require the services of a Qualified Security Assesor.Are there different ways to satisfy requirement 6.6?Possibly, depending on your situation one of the following may satisfy the requirement:
  • Perform a code review of all in-house developed web applications.
  • Run all web application code through automated code analysis tools.
  • Perform a manual penetration test on each web application.
  • Purchase and install an application layer firewall in front of each web server.How do I find my IP Address?Consult your network administrator.How do I know if my IP address is Static or Dynamic?Consult your network administrator. 

    What is the difference between a Static IP and a Dynamic IP address?

    A static IP address is the number assigned to a computer by an Internet service provider to be its permanent address on the Internet. If you have a static IP your IP address remains the same every time you log in. Once you have provided JDS with your IP address your scans will be performed without any action required on your part.

    A dynamic IP address is your IP address for only as long as you are logged in for a session on the Internet. Once you disconnect from the Internet, that dynamic IP address goes back into the IP address pool so it can be assigned to another user. Consequently you will rarely, if ever, have the same IP address twice.

     Who can I contact if I have any questions about PCI?   Call 1-877-689-1691 or email your questions to amspcs@juno.com.  You may also contact us at  http://www.merchantservices-help.com/contact.html  We will answer your quesetions and/or refer you to the proper source as quickly as possible. 

    • What other  links should I refer to for additional information and assistance regarding PCI?

    http://www.merchantservices-help.com/PCIcompliance.html contains more valauble information on PCI Data Security as well as a direct link to the PCI Security Standards Council page.

     

    Who

    • Share/Bookmark

    Posted in Accepting Checks Safely, Credit Card Processing, Data security, Debit Card Processing, Healthcare, Merchant Accounts, eCommerce | 7 Comments »

    Nurit 8000 GPRS–$389.95

    March 10th, 2010

    The Nurit 8000 GPRS wireless credit card terminal is on sale  this week for the never lower price of $389.95 plus s/h.nurit_8000

    This is a like-new refurbished machine with full one year limited warranty. .  Unlike our competitors, you do NOT have to apply for an overpriced merchant account to get this price.

    Merchant Warehouse advertises the same machine at $545.-only if you apply for their merchant account.  Merchant Equipment store asks $650.

    OUR PRICE:  $389.95. And you do not have to apply for a new merchant account.

    Terms:  Continental US customers  only.  All sales final.  Unit comes with one year refurbisher warranty–just call your processor to have it programmed.. Quantities are very limited sale price good while supplies last, no rain checks, first come first served..  SIM card not included.

    To order:  Call 1-877-689-1691 toll free

    Or buy online here:


    • Share/Bookmark

    Posted in Credit Card Processing, Healthcare, Merchant Accounts, Processing Equipment, Tips & Advise, Useful Business Services, eCommerce | No Comments »

    « Older Entries
    Newer Entries »