Gift card / pre-paid cards and pre-authorization
Gift cards or pre-paid cards holds a fixed amount available for purchase or authorization. Any time a transaction is authorized the authorized amount will hold the amount available on the card for additional charges. If the authorized amount is more than the actual charge it may take a few days for the difference to become available again.
Good example video at http://www.giftcards.com/help/videos/FAQ_7.html
Good example video at http://www.giftcards.com/help/videos/FAQ_7.html
Refund credit card charges only by credit card
Refund of a charge completed by credit card can only be done by credit card ... no cash / check or similar.
Store And Forward and PCI DSS
Store And Forward: process of storing card data at time of payment for authorization at later time.
Associations allow temporary storate of card data included track data II which under normal conditions cannot be stored.
Storing such card data is simply too much risk exposure. If you need to use Store And Forward then keep it to minimum data required to create an authorization: card number and expiration.
Ideally merchants should just not use Store And Forward or outsource the process to a compliant PCI DSS provider.
Associations allow temporary storate of card data included track data II which under normal conditions cannot be stored.
Storing such card data is simply too much risk exposure. If you need to use Store And Forward then keep it to minimum data required to create an authorization: card number and expiration.
Ideally merchants should just not use Store And Forward or outsource the process to a compliant PCI DSS provider.
Are your receipts compliant?
Receipts can be tricky especially if you have a legacy payment application or one built in-house. Check to be sure that your receipt are compliant with laws & regulations.
If your receipts have more card data than just last 4 digits of card nummber ... big NO NO. Expiration date should not appear.
Make sure your receipts comply with Federal and state laws such as the Fair and Accurate Credit Transactions Act (FACTA) (Privacy Rights Clearinghouse - Facts on FACTA) and associations' requirements.
Card numbers / expiration date on receipts: States with Enacted Legislation
Transaction receipt requirements for Card-Present and Card-Not-Present applications can be found on VISA Card Acceptance Guide pages 68-69. Also see Trucation of account number and expiration date on top of page 12.
If your receipts have more card data than just last 4 digits of card nummber ... big NO NO. Expiration date should not appear.
Make sure your receipts comply with Federal and state laws such as the Fair and Accurate Credit Transactions Act (FACTA) (Privacy Rights Clearinghouse - Facts on FACTA) and associations' requirements.
Card numbers / expiration date on receipts: States with Enacted Legislation
Transaction receipt requirements for Card-Present and Card-Not-Present applications can be found on VISA Card Acceptance Guide pages 68-69. Also see Trucation of account number and expiration date on top of page 12.
No surcharge laws !!!
In addition to VISA / MasterCard rules, 10 states have passed laws prohibiting merchants from applying a surcharge for payments by credit card: California, Colorado, Connecticut, Florida, Kansas, Maine, Massachusetts, New York, Oklahoma and Texas.
http://usa.visa.com/merchants/operations/no-surcharge.html
A discount (price reduction) can always be given for payments by cash.
See Can I charge more for credit card payments
http://usa.visa.com/merchants/operations/no-surcharge.html
A discount (price reduction) can always be given for payments by cash.
See Can I charge more for credit card payments
Questions about PCI standards?
2 sites with Q&A and possibility to directly ask your questions:
- PCI Security Standards Council:
http://selfservice.talisma.com/display/2/index.aspx?c=58&cpc=MSdA03B2IfY15uvLEKtr40R5a5pV2lnCUb4i1Qj2q2g&cid=81&cat=&catURL=&r=0.141856014728546 and enter the portal
Select Submit a Question if needed
- Society of Payment Security Professionals:
http://forum.paymentsecuritypros.com/index.php
- PCI Security Standards Council:
http://selfservice.talisma.com/display/2/index.aspx?c=58&cpc=MSdA03B2IfY15uvLEKtr40R5a5pV2lnCUb4i1Qj2q2g&cid=81&cat=&catURL=&r=0.141856014728546 and enter the portal
Select Submit a Question if needed
- Society of Payment Security Professionals:
http://forum.paymentsecuritypros.com/index.php
Society of Payment Security Professionals Forum
This forum has great series of Q&A related to PCI DSS standards. Lots of very interesting questions + comments from good people with lots of answers. http://forum.paymentsecuritypros.com/index.php
PCI DSS
Basics and doscuments about PCI Data Security Standard (PCI DSS) - https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
PA-DSS
Check basics about Payment Application Data Security Standard (PA-DSS) - https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml
PCI Security Standards Council Quick Links
Straight from the source ...
PCI Data Storage Do’s and Don’ts - https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf
Payment Card Industry Security Standards Overview - https://www.pcisecuritystandards.org/pdfs/pcissc_overview.pdf
Ten Common Myths of PCI DSS - https://www.pcisecuritystandards.org/pdfs/pciscc_ten_common_myths.pdf
PCI Data Storage Do’s and Don’ts - https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf
Payment Card Industry Security Standards Overview - https://www.pcisecuritystandards.org/pdfs/pcissc_overview.pdf
Ten Common Myths of PCI DSS - https://www.pcisecuritystandards.org/pdfs/pciscc_ten_common_myths.pdf
Code 10 call
Code 10 call or authorization request is the first step when suspecting fraud while the transaction is being authorized.
http://usa.visa.com/merchants/risk_management/code.html
http://usa.visa.com/merchants/risk_management/code.html
CVV2 code is free
CARD VERIFICATION VALUE 2 code (CVV2) is a free fraud control tool. In fact, in most cases, it is the ONLY fraud control tool which does not carry a per use add fee.
Remember that CVV2 CANNOT be stored!
CVV2 code is 3 digit code on back of Visa / MasterCard / Discover cards and 4 digit code on front of American Express cards (http://en.wikipedia.org/wiki/CVV2)
Remember that CVV2 CANNOT be stored!
CVV2 code is 3 digit code on back of Visa / MasterCard / Discover cards and 4 digit code on front of American Express cards (http://en.wikipedia.org/wiki/CVV2)
Add fees for AVS
AVS fields are basic fraud control tools and help lower CNP transaction processing fees (see CNP transaction fee and AVS).
But keep in mind that there is an add cost associated with use of AVS => use these fields wisely.
If your transaction amounts are low enough, use of AVS can in fact result in much higher fees.
Estimate add cost associated with use of AVS vs. interchange fee savings with use of AVS.
Refer to your merchant account pricing or contact your merchant service provider to confirm your specific AVS add fee and your fee schedule to define your optimal processing logic.
But keep in mind that there is an add cost associated with use of AVS => use these fields wisely.
If your transaction amounts are low enough, use of AVS can in fact result in much higher fees.
Estimate add cost associated with use of AVS vs. interchange fee savings with use of AVS.
Refer to your merchant account pricing or contact your merchant service provider to confirm your specific AVS add fee and your fee schedule to define your optimal processing logic.
CNP transaction fees and AVS
Various criteriae affects processing fees for CNP (Card Not Present) transactions.
Key one is AVS (Address Verification Service) Zip code. There was several AVS fields. From a fee standpoint, only Zip code matters. For lower fees a ZIP code must be included in the authorization request. Interestingly, ZIP code must be present but it does not need to match ZIP code on card holder's account.
Refer to your merchant account pricing or contact your merchant service provider to confirm your specific fee schedule.
Key one is AVS (Address Verification Service) Zip code. There was several AVS fields. From a fee standpoint, only Zip code matters. For lower fees a ZIP code must be included in the authorization request. Interestingly, ZIP code must be present but it does not need to match ZIP code on card holder's account.
Refer to your merchant account pricing or contact your merchant service provider to confirm your specific fee schedule.
PCI related webinars - MasterCard
Webinars available at http://www.iian.ibeam.com/events/mast001/24008/
Just need need quick registration
Just need need quick registration
Subscribe to:
Posts (Atom)