As your payments partner, we are committed to keeping you up-to-date with industry changes and card brand developments. There are 12 updates and reminders included here. Please scroll to ensure you act upon all which are relevant to you and your payments processing.
Visa: Enhanced decline codes
To help you and your staff understand the correct actions to take when you receive a decline response, Visa will move all existing decline codes you’ll see into four categories:
- Category 1 - Issuer will never approve
- Category 2 - Issuer cannot approve at this time
- Category 3 - Issuer cannot approve with these details
- Category 4 - Generic response code
When it comes to manipulating date on a declined transaction to reattempt to authorisation, Visa will update their rules to allow more flexibility. The new rules will allow 15 attempts in a 30-day period, except for Category 1 declines - which should never be retried.
Fees could be incurred in the future where proper declined authorisation procedures are not followed.
Action required:
Nothing yet. Elavon is working with Visa to determine the correct coding values and will provide additional details about the codes, the prompts and the fees prior to their implementation.
...................
Mastercard: In-app Payments
To strengthen the integrity and security of remote commerce transactions - such as via a mobile phone, key fob or any other token - to support the European Payment Systems Directive 2 (PSD2), Mastercard is introducing a new cryptogram to be used in Secure Element and Mastercard Cloud-based Payments (MCBP) token transactions from July 2020.
To support this, Mastercard will introduce a new sub-element within the Digital Payment Data field (DE 104) in which to provide the DSRP cryptogram.
Traditionally, this was in the DE 48 (Additional Data—Private Use) field of the authorisation message. It will now move permanently to DE 104 (Digital Payment Data), sub-element 001 (Digital Payment Cryptogram).
The AAV value will continue to be populated in DE 48.
In addition DE 104 will also include a Remote Commerce Acceptor Identifier, such as the merchant business website URL or reverse domain, to perform the dynamic linking validation.
Action required:
You will need to re-certify your payments solution to implement these changes. Contact your Elavon representative or your Service Provider to arrange this.
...................
Visa: Changes to free trials and promotions
If you offer free trials or introductory promotions as part of an ongoing subscription service, then acceptance, disclosure and dispute policies have been updated.
- You must be providing cardholders with clearer information to reduce the number of transactions that result in disputes.
- You must notify the cardholder seven days ahead of the expiration of their trial/promotional period with a link or other simple mechanism to cancel the subscription, either online or via SMS/text message.
- The notification/reminder should be electronic (i.e. via email or SMS/text), but may be via another method of communication if the cardholder agrees in advance.
If your trial/promotional period is less than seven days, the initial confirmation to the cardholder should include all the details that would have been required in the reminder (i.e., date of trial/promotion period expiration, link or other simple mechanism to cancel subscription).
- In all cases, the consumer must be able to cancel their subscription online - without needing to contact you another way.
Pending by April 2021
Additionally, the wording 'trial', 'trial period' or 'free trial' is to be included in the Merchant Name field of the clearing record for the first transaction at the end of a trial period. It is not required for subsequent transactions. This descriptor will then appear on cardholder statements, online banking, mobile apps and SMS/text alerts, to identify the nature of the transaction.
Action required:
If you offer free trials, you will need to re-certify your solution in order to implement the new descriptor in the appropriate transactions. Contact your Elavon representative or service provider to arrange this prior to the April 2021 deadline.
As we’ve communicated before, you should also review your joining processes immediately. Visa has issued information to help you understand the changes.
...................
Visa, Mastercard and American Express: Signature optionality
As the Covid-19 situation continues to evolve, public health officials have advised it’s imperative we do our best to reduce physical interactions with people or potentially contaminated surfaces. As well as regularly cleaning your card machines and terminals, elimination of signature collection could be an effective way to reduce interactions with POS terminal, payment receipt and pen or stylus.
If you decide not to collect the cardholder’s signature, you may suppress signature prompting on the electronic signature capture devices or receipts.
A copy of a signed receipt is not required to initiate a second presentment upon receiving a fraud-related chargeback.
Action required:
If your terminal currently prints receipts with a signature line, you may simply complete the transaction without asking for a signature.
...................
Mastercard: Automated Fuel Dispenser (AFD) chargeback protection
Mastercard has revised its standards relating to the use of CAT level indicator values and fraud-related chargeback liability for transactions at PIN-capable chip-enabled AFD terminals.
Fuel Customers should ensure their AFDs are PIN-capable, chip-enabled, using MCC 5542 (Fuel Dispenser, Automated), and have dual capability to function as either CAT 1 or CAT 2:
- Always uses CAT 1 functionality when a chip card is used, or when a contactless transaction occurs for an amount exceeding the applicable contactless CVM limit (a high-value contactless transaction); and
- Only uses CAT 2 functionality when a magnetic stripe card is used, or a contactless transaction occurs for an amount equal to or less than the applicable contactless CVM limit.
For Maestro transactions, an AFD terminal must only use CAT 1 functionality. PIN bypass is not an option for Maestro transactions.
...................
American Express – Pre-authorisations for grocery and retail customers
To expand the use of their card products, American Express is changing its pre-authorisation rules to include online Grocery and Retail merchants.
From October 2020, a pre-authorisation obtained by a card-not-present grocery or retail merchant will be valid if the Authorisation Request is within a +/-15% range of the final submitted amount.
Before initiating an Authorisation Request, you must inform the cardholder of the estimated amount for which pre-authorisation will be requested and obtain the cardholder’s consent.
Pre-authorisations on American Express cards are valid for up to seven days from the date of the Authorisation.
...................
American Express – Merchant-Initiated Transactions (MITs)
An MIT is a transaction initiated by the merchant through use of Credentials-on-File without direct participation from the cardholder.
Recurring Billing is a payment method whereby the cardholder authorises the merchant to bill the card account on a periodic basis for a product or service agreed in writing beforehand. Payments may be for a variable or a fixed amount.
American Express has announced its adoption of MITs and Credential-on-File and Elavon’s host systems are being configured to accommodate their use.
From the end of August 2020, if you accept American Express you’ll be able to avail of these services to allow your customers to make purchases without resubmitting their card details, and help you align with industry standards for Tokenisation.
...................
All card brands: EMV terminal requirements to avoid growing declines
After 20 years of industry-wide investment and proliferation of increased security, including contactless payments, card issuers are now declining unsecure face-to-face transactions (those performed by mag-stripe or keyed, where Chip & PIN would have been expected).
While general exceptions exist for transport, parking and toll-related merchants, all other card-present (face-to-face) environments are expected to have contactless-enabled terminals in place.
We are seeing an approximate 20% rate of declines for keyed transactions whilst the rate of declines for magnetic stripe is approximately 60%. These decline rates are expected to increase throughout the remainder of 2020.
Action required:
If you’re using third-party solutions, you should check with your service provider to ensure you are properly certified to reduce the risk of fraud and subsequent declines.
If you have not yet deployed Chip & PIN or contactless technologies, you should plan to do so as soon as possible to avoid declines and minimise fraud risk.
Please see below some additional recommendations to optimise your approval rates on face to face transactions.
Problem |
Recommended Actions
|
Chip reading device dirty |
Ensure your POS terminals are regularly cleaned.
|
Device faulty or incorrectly configured for a particular card scheme’s chip cards |
If you believe your terminals are not able to process chip transactions for one or more card schemes, you should contact your service provider as soon as possible.
|
You complete a Magstripe/Swipe Transaction or key in the transaction instead of inserting for PIN or tapping for contactless |
You should ensure point-of-sale staff are appropriately trained to insert card for PIN (or contactless tap) whenever a chip card is presented.
|
Fraudulent Behaviour
|
You should contact Elavon customer support if you believe you are subject to fraudulent activity.
|
...................
All card brands: Contactless single-tap requirement
Changes to contactless transactions, made in September 2019 as a result of the Payment Service Directive 2 (PSD2), require card issuers to trigger PIN verification when an amount or transaction count limit is reached. This can happen at any time, during any contactless transaction.
It is important to ensure that the cardholder can enter their PIN without having to present their card to the device a second time, whether by a second tap or by inserting the card into the reader.
The table below shows the deadlines by country of terminal location.
|
Terminals Deployed After |
All Terminals
|
Andorra |
|
31 Mar 2021
|
Belgium |
|
31 Mar 2021
|
France |
31 Mar 2021 |
31 Dec 2023
|
Denmark |
|
31 Dec 2021
|
Estonia |
|
31 Dec 2021
|
Iceland |
|
31 Dec 2021
|
Latvia |
|
31 Dec 2021
|
Lithuania |
|
31 Dec 2021
|
Luxembourg |
|
31 Mar 2021
|
Monaco |
31 Mar 2021 |
31 Dec 2023
|
Netherlands |
31 Mar 2020 |
31 Mar 2021
|
Norway |
|
31 Dec 2021
|
Portugal |
|
31 Mar 2021
|
San Marino |
30 Sep 2020 |
31 Dec 2023
|
Spain |
|
31 Mar 2021
|
Sweden |
|
31 Dec 2021
|
Action required
You must re-certify your POS solution in order to comply with this requirement. Contact your Elavon representative or your Service Provider to arrange this.
...................
Visa: Mandatory Online Authorisation
A floor limit is the transaction amount above which you are required to obtain online authorisation (where your device seeks direct approval from the Card Issuer before proceeding with the transaction).
Zero floor limits (where your floor limit is set to a zero amount) are intended to result in all transactions being authorised in real-time, which leads to reduced disputes and better consumer management.
Since the inception of PSD2, which included mandates in Europe tied to strong customer authentication (SCA), it is increasingly critical for card issuers to be aware of transaction counts so they do not exceed the thresholds without obtaining SCA.
Visa expanded zero floor limits to all European countries, giving exemptions to the transport/transit and parking/toll sectors, where you are still permitted to employ a €20 floor limit (or local equivalent).
Action required:
You must ensure your solutions seek online approval from the Issuer in all instances in order to avoid unnecessary disputes.
If you’re using a third-party solution contact you vendor to validate timeframes and any code or process changes that apply to your point-of-sale environments.
...................
All card brands: AMLD5 affecting anonymous prepaid cards
The EU Commission has issued new legislation aimed at vulnerabilities related to the use of anonymous prepaid products within the European Economic Area. Read more.
...................
All card brands: Everyday BIN table management
Maintaining updated BIN range tables is vital for authorisation routing and fraud detection, Elavon recommends this is completed at least once every month. Read more.