Merchant Network Updates Spring 2020info.vantiv.com/rs/048-BUR-972/images/Spring 2020 NUNL.pdfcan be...

Worldpay from FIS strives to ensure that the summaries and information contained within this newsletter are as accurate as possible. This information should not be

considered legal and may vary based upon your individual business needs. The information contained within this newsletter is not a substitute for Network rules,

regulations, or applicable laws.

1

Merchant Network Updates

Spring 2020

We are committed to working closely with you to achieve your business goals. As a part of this commitment, we

carefully monitor network changes and summarize them for your convenience. This communication serves as a

summary of information from American Express, Discover® POINT OF SALE Network, Mastercard® Worldwide and

Visa® U.S.A. outlining changes to operating rules and regulations, interchange rates, compliance of network

mandates, and other industry updates that may impact your business.

Except where otherwise noted, the changes described in the articles will be effective July 17, 2020 central

processing date of July 18, 2020. Please contact your Relationship Manager with any questions you may have

regarding any of the information contained in this network updates newsletter.

ALL BRANDS

[UPDATE] Return Authorization Requirements, All Brands CP/CNP/eComm

The Program: To ensure better visibility to the cardholder that their refund is in process, and to reduce refund-

related customer service burdens on merchants, acquirers, and issuers, the brands have communicated the

following refund authorization support and effective dates.

Implementing Return Authorization Support Updates

Visa / Mastercard / Discover

Worldpay from FIS enabled the code to send return transactions to Visa, Mastercard, and Discover for

authorization for all merchants on Monday, March 16, 2020. Based on volume of declines we observed, we

made the decision to turn the code off on our core platform at 5 p.m. ET on March 16, 2020.

We will communicate a new implementation date once it has been determined.

• Merchants should include the expiration date in return authorization messages for all card types to prevent issuer decline

• The expiration date should also be included when processing return transactions through Virtual Terminal within iQ.

• Refund transactions may be processed onto a different account (same brand) if the original account is no longer available or valid (expired, lost/stolen, discarded prepaid card) or the authorization request for the refund is declined by the issuer.

Visa

• Merchants are reminded that response code ‘85’ is a valid approval response and to support this value accordingly.

• Transactions that originated as Quasi Cash or Account Funding cannot submit credit refunds.

Mastercard

• Chargebacks associated with no authorization for returns has been delayed until further notice.

2

[UPDATE] Return Authorization Requirements, All Brands (cont.) CP/CNP/eComm

Reminder – Network Fees

With the change to authorize return transactions, additional network fees will start to be assessed to returns:

• Discover: Authorization fee of $0.0025 will apply to credit/refund authorization requests.

• MasterCard: The NABU fee ($0.0195) will not apply to return transactions submitted for authorization.

• Visa: Integrity fees ($0.10) assessed to returns without a valid authorization - TBD (1st half of calendar year 2021).

Important Dates by Brand

Brand Mandated Effective

Dates Exclusions

Proc Code

Required Chargebacks Fees

Visa

October 19, 2019

• U.S.

• Canada

• LAC

July 2020

• AP

• CEMEA

July 2020

• Europe (exception 2022 for the UK and Republic of Ireland)

Airlines (MCCs 3000–3350 and 4511)

20 July 18, 2020

TBD (sometime during 1st

half of 2021)

Mastercard July 17, 2020*

*mandated for Acquirers optional for merchants

Airlines (MCCs 3000–3350 and 4511)

20

Chargebacks for

returns date has

been delayed.

New date TBD

Discover July 17, 2020 Airlines (MCCs 3000–3350 and 4511)

20 July 17, 2020

3

[REMINDER] Subscription Merchants Offering Free Trials or Introductory

Promotions CNP/eComm

The Change: Visa and Mastercard have published new rules for subscription merchants that offer free trials or introductory promotions in response to complaints from regulators, issuers and cardholders regarding deceptive practices. Some of these deceptive practices may include complex terms and conditions of the sale and/or unclear directions on how cardholders can cancel the sale. Mastercard

Mastercard has published new rules that focus on high risk negative option billing merchants. Negative option billing refers to a business practice where a merchant provides a free trial or sample of goods or services, requires a credit card upon sign-up and then bills the customer in the future unless they proactively cancel with the merchant. Mastercard’s new rules are applicable to all negative option merchants selling physical merchandise, with a focus on nutraceuticals.

Visa

Visa’s focus is on any business model that provides free trials or introductory promotions. Although these

merchants offer free trials or introductory promotions, they may not be a negative option merchant.

Revised Payment Network Rules

Mastercard and Visa have published new rules and criteria regarding these merchant types as outlined by brand in the table below:

Subscription Merchants

Requirements Mastercard (April 2019)

Visa (April 2020)

MCC Specific to MCC 5968 (Direct Marketing- Continuity/Subscription Merchant)

Not MCC specific

Merchant Business Model Merchants who collect payment card information at the time of signing up customers for full subscriptions through free trial offer or introductory promotions AND sell physical goods

Merchants who collect payment card information at the time of signing up customers for full subscriptions through free trial offer or introductory promotions (includes physical and digital goods)

Transaction Type CNP (eCommerce and MOTO) CNP (eCommerce and MOTO)

Recurring Payments Recurring payments, same acquirer: Transaction must be processed under the same merchant ID and merchant name that was used for the initial payment transaction

Recurring transactions: Identify the first transaction as Recurring, even if it’s not the “full” amount

Registration Merchants must be registered by the acquirer through the Merchant Registration Program

Unique Descriptors

Need to add “trial, free trial, or trial period” to the end of the merchant name so that it is within the transaction and displayed on the cardholder statement. Merchants do not have to add the enhanced descriptor to the merchant name field as long as the merchant uses transaction-specific details (for example, universal resource locator [URL] or order number) to help the cardholder identify that their trial period, discounted introductory offer or

4



Visa (April 2020)

promotional period has ended, and that the regular price now applies for the subscription. Visa will be delaying the requirement to support the Enhanced Descriptor until April 2021 globally

Transaction Compliance Monitoring (By Worldpay)

Ensure only one MID per merchant is assigned to prevent Load balancing

• Use of MCC(s)

• Recurring Indicator

• Statement descriptor

• Monitoring for excessive disputes & fraud reporting

Merchant Compliance Monitoring (By Network)

TBA

Mystery Shopping:

• Appropriate disclosures

• Notifications

• Cancellation process

Chargeback Liability

Merchants may be liable for chargebacks if the cardholder was not properly notified of future billing. Existing dispute conditions for cancelled recurring transactions will continue to apply.

Trial Period • The trial period must begin on the date the product is received by the cardholder

• At the time of enrollment, merchants must require the cardholder to enter an ongoing subscription service for recurring payments.

•

• Merchants must send an electronic copy (email or text) of the terms and conditions of the subscription service to the cardholder even if no amount is due:

•

• Start date of subscription

• Details of goods/services

• Ongoing transaction amount and billing frequency/date

• Link or other simple mechanism to enable the cardholder to easily cancel any subsequent transactions online

eCommerce merchants • Card acceptor name must include the website URL where the cardholder requested the product.

•

• Merchant’s website must display a customer service phone number on the website maintenance page for periods in which the website Is offline (e.g., software updates, scheduled maintenance, or technical difficulties)

MoTo merchants Customer service phone number must contain a number that is valid for the cardholder to contact the merchant and must be accessible by all consumers worldwide

Cancellation Procedures • Must provide a direct link to an online cancellation procedure for recurring payment transactions on

• Online cancellation to apply regardless of how the cardholder originally signed up (e.g. door-to-door sales, pop-up store in a

5



Visa (April 2020)

the website where the cardholder made the initial purchase.

• Merchant must send written confirmation to the cardholder when the cardholder’s trial period and/or high-risk negative option billing plan has been canceled

shopping mall, SMS/text from a TV ad). Should be like “unsubscribing” from an email distribution list.

• Note: This rule is already in effect for recurring subscriptions in the Europe region

After trial period ends but prior to any additional payments are made by the cardholder, the merchant must perform the following:

• Provide the cardholder with the payment transaction amount, payment transaction date, merchant name as it will appear on the cardholder’s statement, and instructions for cancelling the subscription at the cardholder’s choice

• Request and obtain the cardholder’s consent for the payment amount before submitting an authorization request. Consent can be obtained via e-mail, telephone or text.

Merchants must provide electronic notification at least 7 days before initiating a new transaction if:

• A trial period, introductory offer or promotional period has ended

• The nature of the agreement has changed e.g. transaction amount or frequency

Note: This rule is already in effect for recurring subscriptions in the Europe region

Receipts • Merchant must send a receipt to the cardholder by e-mail or another electronic method (e.g., text message) each time the merchant attempts to authorize the transaction.

•

• The receipt sent the cardholder must also contain instruction on how the cardholder can cancel the subscription service or recurring billing

•

• If a merchant creates a receipt for authorization transaction attempt that was declined, the reason for the decline must be included

Merchants must disclose the following on transaction receipts upon establishment of the agreement:

• Length of trial period, introductory off or promotional period, including clear disclosure that the cardholder will be charged unless the cardholder takes steps to cancel any subsequent transactions

• Transaction amount and date for the initial transaction (even if no amount is due) and for subsequent recurring transactions

• Link or other simple mechanism to enable the cardholder to easily cancel any subsequent transactions online via SMS/text message

• As a result of these new rules FIS will not board new high-risk negative option billing merchants.

• Any subscription merchants impacted by these changes should work with their relationship manager to confirm their compliance of these requirements.

• FIS continues to work with both Visa and Mastercard to ensure our subscription merchants comply with required criteria as defined by brand.

6

EMV

[NEW] American Express Announces Sunset Dates for EMV POS Terminal

Specifications CP

The Change: American Express has announced the following requirements and sunset dates for EMV POS

terminal specs:

Expresspay Version

No New Level 2 certification after

No New Level 3 Certification After

All terminals replaced with current Expresspay

version by

3.0 Effective Immediately December 31, 2020 or on devices with expired L2

July 31, 2024

3.1 February 10, 2020 August 10, 2023 August 10, 2027

Reminders:

• Level 2 is a component-based certification that focuses on the software interactions between the Card and terminal using the EMV Kernel

• Level 3 certification interfaces with the payment application and specifications

Certification and Important Dates

Merchants, Vendors and Third-Party Processors will need to manage existing, and certify new POS devices with

Expresspay per the following requirements:

Requirement Date

No new devices will be L3 certified utilizing Expresspay 3.0 kernel after the expiry of L2 kernel Immediate

No devices will be L3 certified utilizing Expresspay 3.0 After December 31, 2020

All existing devices utilizing Expresspay 3.0 must be replaced with a valid and current Expresspay version By July 31, 2024

No devices will be L2 certified utilizing Expresspay 3.1 After February 10, 2020

No new devices will be L3 certified utilizing Expresspay 3.1 After August 10, 2023

All existing devices utilizing Expresspay 3.1 must be replaced with Expresspay 4.0.2 or newer By August 10, 2027

Merchants and Third-Party Processors that are utilizing Expresspay 4.0.2 and are no longer supporting

Expresspay magstripe mode are no longer required to certify for Expresspay magstripe mode.

7

[REMINDER] EMV Fraud Liability Shift Update for JCB and Union Pay CP

The Change: This fraud liability shift update applies to transactions acquired in the U.S. and processed via

Discover Network and PULSE, where a contact chip payment device is utilized and a counterfeit card using

JCB or UnionPay BIN ranges was used to conduct the transaction.

JCB Announces New Effective Date for EMV Fraud Liability Shift

The effective date for the JCB EMV fraud liability shift for counterfeit card transactions in the U.S. using a

contact chip payment device, except at Automated Fuel Dispensers, is now April 17, 2020.

October 2020

Transactions will fall under the EMV fraud liability shift when a JCB or UnionPay contact chip payment device is

utilized and a counterfeit card using the JCB or UnionPay BIN ranges was used to conduct the transaction at an

Automated Fuel Dispenser in the U.S.

[REMINDER] EMV Automated Fuel Dispenser (AFD) Liability Shift Update CP

The Program: As of October 2020, the Brands’ EMV liability shift for U.S. acquired AFD transactions1 under

Merchant Category Code 5542 – Automated Fuel Dispensers will take effect.

Worldpay is aware of the following PIN Debit networks that have also announced an October 2020 EMV AFD

liability shift date:

Accel Interlink Maestro NYCE Shazam AFFN Jeanie MoneyPass PULSE Star

1 In late 2016 and early 2017, the brands delayed the U.S. domestic AFD liability shift from October 2017 to October 2020.

The Impact: For properly formatted and identified fallback transactions, fraud liability will remain with the issuer

except for Visa lost/stolen transactions. For Visa, merchants may be liable for fallback transactions in lost-or-

stolen cases. Visa advises that, where possible, magnetic stripe transactions on AFD terminals be directed to

pay inside. Also, issuers may decline fallback transactions at a higher rate than chip read transactions.

AFD Merchants should be working toward EMV capability in order to meet the October 2020 deadline.

AFD Merchants are asked to contact their Relationship Manager to confirm timelines for EMV

certification.

8

[REMINDER] Expiring Certificate Authority Public (CAP) Keys CP

The Program: The EMV standard uses Public Key technology to perform certain functions related to offline

authentication, some aspects of online transactions and offline PIN encryption. Each of the card brands publish

sets of these keys for use with their EMV applications.

On an annual basis, EMVCo reviews the keys and makes recommendations on the expected life span (on a

rolling 10-year projection window) of the different key lengths. Once EMVCo determines a key length is

beginning to approach a point where it may become vulnerable, they will set the key’s expiration date.

The Change: The following are the active CAP key lengths and their expiration or projected lifespan dates:

• UnionPay has announced the expiration date for their 1152-bit key is 12/31/2021

• 1408-bit keys have an expiry date of 12/31/2024

• 1984-bit keys have an anticipated expiry date of 12/31/2029

The Impact: Once a key expires, it must be removed from the terminal within six months.

− Merchants and their solutions providers are advised to begin the process of removing of these keys

− Merchants are also reminded that because expiration dates can change, they should not be stored on terminals.

− Per UnionPay rules, merchants must not remove the 1152-bit key for UnionPay until the expiration as outlined above

[REMINDER] Mastercard Clarifies Assignments for Cardholder Activated Terminal

CAT) Indicators for EMV Transactions at Automated Fuel Dispensers CP

The Program: Mastercard is providing clarification on cardholder activated terminal (CAT) level indicator

assignments for EMV automated fuel dispenser (AFD) transactions.

The Impact: Mastercard is clarifying that when PIN entry is requested and the PIN entry bypass function is used

by the cardholder, the AFD terminal should set the CAT level indicator of the transaction as ‘1’, indicating

CAT Level 1, and the PIN entry bypass should be appropriately indicated in the EMV data.

For AFD transactions in U.S. region, the CAT level indicator must be set as follows:

• CAT Level 1, if PIN is entered

• CAT Level 1, if PIN entry is supported by the AFD but the cardholder decided to bypass PIN entry

• CAT Level 1, if PIN entry is supported by the AFD but the card does not support PIN CVM, or has PIN CVM with a lower priority compared to No CVM

• CAT Level 2, if PIN entry is not supported by the AFD

The Timing: Immediately

9

[REMINDER] Mastercard Revises Standards for Chargeback Liability for Certain

Automated Fuel Dispenser (AFD) Transactions CP

The Change: Mastercard is revising their standards for the use of the cardholder activated terminal, CAT 1, level

indicator and fraud-related chargeback liability for transactions that occur at PIN-capable chip-enabled AFD

terminals where PIN is a valid CVM option.

The Impact:

1. An issuer may no longer initiate an AFD transaction chargeback using message reason code 4837 “No

Cardholder Authorization” when:

• The card was reported to the issuer as lost, stolen, or never received issue (NRI); and

• The transaction took place at an EMV contactless and/or contact chip enabled AFD terminal and was

identified with the CAT 2 indicator.

As of the effective date, an acquirer will be able to second present such a chargeback as invalid, if received.

2. An issuer may use message reason code 4871 “Chip Liability Shift - Lost/Stolen/Never Received Issue (NRI)

Fraud” to charge back an AFD transaction when:

• The cardholder’s EMV chip card or contactless-enabled card or mobile payment device supports PIN; and

• The AFD terminal does not have PIN capability.

3. The protection against chargebacks under message reason code 4808 “Authorization-related Chargeback,”

as afforded to U.S. region AFD merchants for transactions authorized for USD 1 and completed for an

amount up to USD 150 (for Mastercard corporate cards) or USD 100 (for all other Mastercard cards), is

extended to include transactions identified with the CAT 1 indicator.

The Timing: October 16, 2020

[REMINDER] Mastercard Revised Standards – Update of a Mobile Payment Device

for Transit Access Transactions CP

The Change: Mastercard is revising its standards involving the use of CDCVM functionality for contactless

transactions occurring through the tap of a mobile payment device (such as a mobile phone containing a wallet or

a connected wearable device) at a transit point of entry or access.

The Impact: Mastercard will permit cardholders the option to suppress CDCVM functionality for both cardholder

authentication and cardholder consent for transit access transactions. This exception to the CDCVM functionality

requirement applies only to contactless transactions conducted for transit access (turnstile or entry gate).

These types of contactless transactions must be identified with one of the following MCCs:

• MCC 4111 (Transportation—Suburban and Local Commuter Passenger, including Ferries)

• MCC 4112 (Passenger Railways)

• MCC 4131 (Bus Lines)

The Timing: Effective Immediately.

10

[REMINDER] Contactless Terminal Requirements: All Brands, All Regions CP

The Change: To increase the acceptance of contactless transactions and support more secure transactions, the

card brands have published contactless terminal requirements. Contactless terminals must support EMV

grade contactless technology as outlined by region and effective date.

The Impact: Merchants should work with their hardware vendors to ensure that EMV contactless devices are

properly configured as outlined by the brands.

MASTERCARD

EMV Contactless Support Requirements:

• Merchants using a contactless-enabled terminal that supports contact EMV transactions must also

support EMV mode contactless transactions.

Removal of MSD Contactless:

• Prior to October 18, 2019, a newly deployed contactless-enabled terminal may support Magnetic Stripe

Mode contactless payment functionality. Mastercard announced support for contactless MSD is optional.

• On and after October 18, 2019, all newly deployed point of sale (POS) terminals that support contactless

acceptance must only support EMV mode contactless transactions. Mag-stripe mode contactless must

not be supported.

• Effective April 1, 2023, all POS terminals that support contactless acceptance must only support EMV mode

contactless transactions. Mag-stripe mode contactless must be removed or disabled

Compliance monitoring:

• Worldpay has received reports of issuer declines from Mastercard due to invalid CVC3 data from MSD

contactless transactions. Impacted merchants will be notified through their relationship manager.

o Mastercard has identified merchants where declines are a result of the terminal only being able to support

MSD contactless

▪ To address the issue, merchants that have terminals that can only support MSD contactless

may either:

➢ Work with their relationship manager to certify EMV grade contactless for their terminals or;

➢ Consider disabling contactless acceptance on the terminals until EMV contactless certification

can occur in an effort to prevent non-compliance assessments

11

VISA (U.S. Region Reminders)

EMV Contactless Support Requirements:

• Merchants currently processing MSD contactless transactions must disable the MSD contactless technology and only process EMV grade contactless transactions.

• Merchants unable to support EMV contactless may be subject to a compliance violation

• Merchants currently working towards EMV contactless do not have to disable their existing contactless capabilities until after their EMV contactless certification is completed, however, it is recommended that customers work closely with their Implementations Consultant and Relationship Manager to ensure certification timelines are met.

Removal of MSD Contactless:

• For merchants that implement contactless EMV BEFORE APRIL 13, 2019 legacy MSD magnetic-stripe data

(MSD) contactless technology must be disabled by October 19, 2019.

• For merchants that certify contactless EMV ON or AFTER April 13, 2019 the terminal must not support the legacy magnetic-stripe data (MSD) contactless functionality

United States / Canada

Brand Effective Date Terminal Type and Requirement

Mastercard October 2016 Newly deployed terminals must support EMV contactless functionality

Discover August 23, 2018 Terminals that are being upgraded must also support EMV mode contactless.

Amex April 10, 2020 All new and replaced contactless enabled POS systems must support EMV contactless only

Amex April 9, 2021 All existing contactless enabled POS systems must support contactless EMV mode only

Visa April 13, 2019 (U.S.)

Newly deployed POS terminals or terminals being upgraded must disable

MSD contactless.

Discover October 18, 2019

All newly deployed point-of-sale (POS) terminals that support contactless

acceptance must only support EMV mode contactless transactions.

Magstripe mode contactless must not be supported.

Mastercard October 18, 2019

All newly deployed POS terminals that support contactless acceptance must only support EMV mode. Magstripe mode contactless must not be supported.

Visa October 18, 2019 (U.S.) All POS terminals in the ecosystem must only support EMV mode contactless (remove MSD)

Visa October 19, 2019 (Canada)

All POS terminals in the ecosystem, remove MSD

Transactions submitted to Visa in this manner will be declined. Automated Fuel Dispenser (AFD) transactions with a contactless MSD card or mobile device transactions with MSD will continue to be permitted.

Mastercard January 1, 2020 (Canada) Support of contactless mag-stripe mode at terminals will be optional

Visa January 2021 (U.S.) MSD Contactless will no longer be supported. Transactions will decline.

Mastercard October 1, 2022 (Canada) Any new contactless-enabled terminal must only support EMV mode contactless.

Mastercard April 1, 2023 All contactless-enabled terminals must only support EMV mode contactless transactions

12

Asia Pacific

Brand Effective Date Terminal Type

Visa January 1, 2018 All POS terminals in the ecosystem, remove MSD

Discover August 23, 2018 Terminals that are being upgraded must also support EMV contactless

Amex December 31, 2018 All POS terminals in the ecosystem must support EMV Contactless

Mastercard October 12, 2018 All newly deployed POS and CAT terminals (Excludes Mobile POS

(MPOS)) must support EMV Contactless

Discover October 18, 2019 All newly deployed point-of-sale (POS) terminals that support contactless

acceptance must only support EMV mode contactless transactions. Mag-

stripe mode contactless must not be supported.

Mastercard October 18, 2019 All newly deployed MPOS terminals must also support EMV contactless

Mastercard July 1, 2020 Any new contactless-enabled terminal submitted for M-TIP testing must

only support EMV mode contactless transactions

Mastercard April 1, 2023 All POS and CAT terminals. All contactless-enabled terminals must only

support EMV mode contactless transactions.

Latin Caribbean and Caribbean Region

Brand Effective Date Terminal Type

Discover August 23, 2018 Terminals that are being upgraded must also support EMV contactless

Amex

December 31, 2018 All POS terminals in the ecosystem must also support EMV contactless

Discover October 18, 2019 All newly deployed point-of-sale (POS) terminals that support contactless

acceptance must only support EMV mode contactless transactions. Mag-

stripe mode contactless must not be supported.

Mastercard October 18, 2019 All newly deployed MPOS terminals must also support EMV contactless

Visa October 19, 2019 All POS terminals in the ecosystem must only support EMV contactless

(remove MSD)

Mastercard July 1, 2020 Any new contactless-enabled terminal must only support EMV mode

contactless transactions

Mastercard October 20, 2020 All contactless-enabled terminals must only support EMV mode

contactless transactions

Visa April 1, 2025 All mobile devices, AFDs, ECRs and ATMs in the ecosystem must only

support EMV contactless

13

[NEW] Mastercard Revises Standard for Electric Vehicle Charging Transaction

Processing Procedures CP

The Program: Mastercard will begin support of the merchant category code (MCC) of 5552 for Electric Vehicle

Charging (EVC) transactions.

The Change: Merchants must ensure they use the appropriate cardholder-activated terminal (CAT 1, 2 or 6) level

indicator to identify each EVC transaction.

A merchant whose primary business is operating an automobile parking lot or garage may identify EVC

transactions occurring at the merchant's parking lot or garage location with MCC 7523 (Automobile Parking Lots

and Garages).

The Impact: The following processing procedures will apply to EVC transactions occurring on or after October

16, 2020:

Obtaining Authorization Before Charging Begins

• The merchant must inform the cardholder of any estimated amount for which authorization will be requested (for example, on a screen display or sticker at the terminal)

• The merchant must obtain the cardholder’s consent to the amount before initiating the authorization request

• The merchant’s initial authorization request message must be identified as a preauthorization

• If the transaction is finalized for an amount that:

• Exceeds the authorized amount, then the merchant must send an additional authorization request for the unauthorized amount; or

• Is less than the authorized amount, then within 24 hours of finalization, the merchant must either send a partial reversal for the excess authorized amount or submit the transaction clearing record. If the transaction is cancelled by the cardholder, the merchant must send a full reversal within 24 hours of cancellation

Obtaining Authorization After Charging is Completed

If the authorization is initiated after charging is completed, then the authorization request must be identified as a

final authorization

The Timing: July 17, 2020 - New MCC 5552 becomes available

October 16, 2020 - Revised standards becomes effective for transactions occurring on or after

this date

Mastercard

®

14

[NEW] Mastercard Revises Standard for Purchase with Cash Back Transactions for the

U.S. Region CP

The Program: Mastercard is revising its Standards regarding purchase with cash back transactions at the point-

of-sale in a card-present, face-to-face transaction environment in the U.S. Region.

The Change: Merchants may now choose to offer a cash back transaction with or without an accompanying

purchase up to the maximum amount of $200.


[NEW] Mastercard Announces Accountholder Authentication Value (AAV)

Validity Period by Merchant Category Code (MCC) CNP/eComm

The Program: AAVs can be validated during authorization either by the issuer or by Mastercard’s On-behalf

Service. AAVs generated using Secure Payment Application version 1 (SPA1) do not have an expiration date. For

AAVs being generated using SPA2 and validated by Mastercard’s On-behalf Service a validity date will be

assigned by merchant category code (MCC).

The Change: Mastercard is announcing a validity period for accountholder authentication values (AAVs)

generated by the Mastercard authentication network as part of the Mastercard Identity Check Program. The

validity period will be based on the merchant category code.

The Impact: The following MCCs will have a 90-day validity period to allow merchants to plan for certain

authentication and authorization scenarios where authorization may occur much later than the original

authentication.

• 4111 = Transportation - Suburban and Local Commuter Passenger, including Ferries

• 4112 = Passenger Railways

• 4121 = Limousines and Taxicabs

• 4722 = Travel Agencies and Tour Operators

• 4789 = Transportation Services - not elsewhere classified

• 5732 = Electronic Sales

• 5735 = Record Shops

• 7011 = Lodging - Hotels, Motels, Resorts - not elsewhere classified

• 1500, 3000 – 3301 = Airlines

All other MCCs will have a 10-day validity period.

Any AAV used in authorization that is not within the validity period will receive a response of invalid result.


15

[NEW/UPDATE] Mastercard Introduces New Fraud Program and Updates

Chargeback Compliance Program CP/CNP/eComm

UPDATE

The Fraud and Chargeback programs slated to be deployed on May 1, 2020 for April processing have

been updated as outlined below:

Excessive Fraud Merchant Program (EFM)

• Effective April 1, 2020 – Program assessments will be suspended for 6 months

• Mastercard will continue to identify merchants with excessive fraud in the ecommerce space and request acquirers use the information to work with their merchants to manage excessive fraud

• Beginning in November 2020, for violations occurring in October 2020, Mastercard will begin assessments on acquirers for merchants identified in this program.

Worldpay from FIS will continue to report merchants that breach the EFM program thresholds during

the extended timeline in order for merchants to assess and mitigate fraud related activity before the

new assessment date noted above.

Excessive Chargeback Merchant Program (ECM)

• Effective April 1, 2020 – Excessive Chargeback Merchant Identifications for airlines, cruise lines, passenger railways and travel agents will be delayed for 4 months.

• Mastercard requests that acquirers continue to monitor other delayed-delivery merchants, such as event ticketing companies, gyms, car rental companies, hotels, etc., that might have been impacted by COVID-19 related events.

Worldpay from FIS will work with Mastercard and merchants outside of the industries noted above with regards to adverse impacts due to COVID-19 related disruptions. These will be case by case reviews by Mastercard.

Excessive Fraud Merchant program (EFM)

Mastercard will deploy the new Excessive Fraud Merchant program (EFM) with the goal of reducing fraud for eCommerce transactions by monitoring fraud chargebacks under reason code 4837 (no cardholder authorization) and 4863 (cardholder does not recognize potential fraud).

Mastercard will monitor transactions at the MID level where transaction volumes exceed 1,000 or more in a single month. Merchants will fall under the program and will begin to incur assessments if all three of the criteria listed below are met:

Number of Transactions

Fraud Chargeback Amount

Fraud chargeback bps

3DS utilization

1,000 or more $50,000 50bps or more Less than 10% in non-regulated* markets and the U.S. Less than 50% in regulated** markets including the EU

Note that 3DS utilization includes more than Fully Authenticated transactions. Mastercard also considers Stand in Risk Based Authentication, Data Only Authentication, and Acquirer Exemption Approved as 3DS for the purpose of the mandate.

*The term non-regulated refers to countries without a legal or regulatory requirement for Strong Customer Authentication (SCA). **The term regulated refers to those countries with a legal or regulatory requirement for SCA.

16

Excessive Chargeback program (ECP)

Mastercard will also introduce the updated Excessive Chargeback program (ECP) with the goal of reducing excessive chargeback activity through monitoring merchants’ chargeback activity.

Like the EFM, Mastercard will monitor chargebacks at the MID level. There are two levels of assessment under the program: Excessive Chargeback Merchant and High Excessive Chargeback Merchant.

Current Program Number of chargebacks Basis points

Chargeback Monitored Merchant (CMM)

100 or above 100 or above

Excessive Chargeback Merchant (ECM)

100 or above 150 or above for any two-month period

Effective November 1, 2020 Number of chargebacks Basis points

Excessive Chargeback Merchant (ECM)

100 to 299 150 to 299

High Excessive Chargeback Merchant (HECM)

300 or above 300 or above

Merchants who fall under either category (ECM or HECM) will incur assessments (fines), with higher

assessments for the Higher Excessive Chargeback Merchant program.

Exemptions

There are a few exemptions to the EFM program:

• Ascension and Tristan Da Cunha, Germany, India, Liechtenstein, St Helena, and Switzerland are excluded from the Excessive Fraud Merchant (EFM) program

• The EFM will become effective October 1, 2020 for Canada

Mastercard will also monitor merchants on a monthly basis for each program, with assessments increasing each month of excessive fraud/ excessive chargebacks. These assessments will reset after a merchant’s fraud/chargebacks fall below the threshold for a period of three consecutive months.

[NEW] Mastercard Introduces New Data Element to Support Digital Secure

Remote Payment (DSRP) Cryptogram eComm

The Program: Mastercard is introducing a new data element to support the Digital Secure Remote Payment

(DSRP) cryptogram.

The Change: Mastercard is announcing the mandatory use of a new field for Digital Remote Commerce (DSRP)

transactions initiated with a token cryptogram in order to provide additional digital data-related information to

issuers. The new field will allow for both the UCAF value and the cryptogram to be present in DSRP transactions.

The Impact: Merchants will need to support the following new field and sub-element so that the cryptogram and

AAV may be sent for in-app transactions:

• Digital Payment Data

o Digital Payment Cryptogram

17

[REMINDER] Mastercard DSRP Fraud Liability Shift Program Update eComm

The Program: In April of 2019 Mastercard had announced that the removal of the fraud liability shift program for

DSRP transactions originating on certified device wallets would be effective with the April 2020 release as outlined

below:

Mastercard is assigning liability for fraudulent Digital Secure Remote Payment (DSRP) transactions

originating from device wallets to merchants, unless the merchant enables Mastercard SecureCode or Mastercard

Identity Check. Issuers will be able to submit chargeback requests for all fraudulent DSRP transactions, including

those originating from device wallets.

The Change: In order to minimize the impact to customers, Mastercard is delaying the previously communicated

change and continuing with the current liability shift program until a new program is introduced.

A new date will be communicated to customers once it has been confirmed.

[REMINDER] Mastercard Transaction Integrity Classifications (TIC) CP/CNP/eComm

The Program: Mastercard has introduced the Transaction Integrity Classification to provide a mechanism to

evaluate the safety and security of a transaction. The intent of the Transaction Integrity Classification (TIC)

indicator is to assess both the validity of the card and the cardholder.

UPDATE: Mastercard has recently announced the following updates to the TIC requirements:

• The TIC will be provided by Mastercard for point-of-sale purchase and purchase with cash back transactions as part of the authorization response message for Mastercard credit and Debit cards.

• The TIC value must be provided in the clearing/settlement record in order to avoid interchange downgrades and transaction rejects.

• All customers that send an EMD file or Batch Authorization file will be required to support receipt of the TIC indicator value in the authorization response message and to return this same value in the clearing/settlement record.

o NEW: Worldpay advocated for our merchant customers and Mastercard has agreed to extend the date for transaction downgrades from April 2020 to October 2020.

▪ As a result of this change, Mastercard transactions will not be downgraded to standard interchange rates (financial impact) if the TIC value does not match between the authorization response and settlement message, until October 2020.

18

[REMINDER] Mastercard Transaction Integrity Classifications (TIC) (cont.) CP/CNP/eComm

• NEW July 2020: Mastercard is introducing a new clearing edit to verify that a valid TIC value is present in settlement. Transactions that do not include a TIC value in settlement may reject.

o As an interim solution for our EMD and Batch Authorization customers, Worldpay will fill in a default TIC value in settlement if the actual value is not provided.

▪ Merchants are mandated to support receipt and submission of the TIC by October 2020, as Worldpay will no longer default the value.

• NEW October 2020: Mastercard will begin validating the TIC value in settlement matches the TIC value provided in authorization response. It is imperative that the authorization response TIC value is provided by the merchant in the settlement file in order to avoid interchange downgrades

Valid values for the TIC are outlined in the chart below.

Valid Values for the Transaction Integrity Class

Card and Cardholder Present EMV/Token in a Secure, Trusted Environment A1

Card and Cardholder Present EMV/Chip Equivalent B1

Card and Cardholder Present Mag Stripe C1

Card and Cardholder Present Key Entered E1

Card and Cardholder Present Unclassified U0

Card and/or Cardholder Not Present Digital Transactions A2

Card and/or Cardholder Not Present Authenticated Checkout B2

Card and/or Cardholder Not Present Transaction Validation C2

Card and/or Cardholder Not Present Enhanced Data D2

Card and/or Cardholder Not Present Generic Messaging E2

Card and/or Cardholder Not Present Unclassified U0

Reminders

• Customers should work with their RMs or Account Managers to open a project in order to test and certify all updates made to support the Mastercard TIC by October 2020.

• Transaction specifications have been updated to support the TIC indicator in both authorization response and settlement messages between customers and Worldpay.

• HDC customers will not be required to send the TIC value as Worldpay will handle submitting the TIC in the settlement message.

19

[NEW] Mastercard Revises Standards for Transaction Amount Differs Chargebacks

(Cardholder Receipts for Gratuities) CP/CNP

The Change: Mastercard will be revising chargeback rules to allow an issuer to process a chargeback without

including the cardholder copy of the receipt, when the cardholder is disputing the gratuity amount and the

transaction is performed at select merchant locations.

The Impact: The chargeback must not be for the total transaction amount - it must be a partial transaction amount

equal to the difference between the correct and incorrect gratuity amounts. Mastercard will require the issuer to

include the cardholder’s copy of the receipt, that includes the gratuity amount, in the pre-arbitration case filing.

The following list provides the MCCs that will be impacted by this change:

• MCCs 3501 through 3999 – Lodging - Hotels, Motels, Resorts

• MCC 4121 - Limousines and Taxicabs

• MCC 4411 - Cruise Lines

• MCC 5811 - Caterers

• MCC 5812 - Eating Places, Restaurants

• MCC 5813- Bars, Cocktail Lounges, Discotheques, Nightclubs, and Taverns - Drinking Places (Alcoholic

Beverages)

• MCC 5814 - Fast Food Restaurants

• MCC 7011 – Lodging - Hotels, Motels, Resorts - not elsewhere classified

• MCC 7230 - Barber and Beauty Shops

• MCC 7297 - Massage Parlors

• MCC 7298 - Health and Beauty Spas

• MCC 7299 - Other Services -not elsewhere classified

• MCC 7992 - Golf Courses, Public

• MCC 7997 – Clubs - Country Clubs, Membership (Athletic, Recreation, Sports), Private Golf Course

[REMINDER] Mastercard Eliminates Second Chargebacks CP/CNP/eComm

The Change: Issuers will no longer send second chargebacks if they are not accepting a representment; instead,

they will send a pre-arbitration. Issuers may also file for direct arbitration under limited circumstances.

The Impact: Merchants will have the opportunity to accept or decline an issuer’s pre-arbitration. If a merchant

declines the pre-arb, the issuer may file for arbitration with Mastercard. Mastercard can assess fees between

$500 and $1,000 to the losing party.

An issuer may file for arbitration without a pre-arb on chargeback reason codes 4808-Authorization Declined or

Not Obtained, 4870-Chip Liability Shift, and 4871-Chip Liability Shift on lost/stolen/never received cards.

The Timing: The changes are effective on disputes initiated on or after July 18, 2020. Disputes initiated prior to

that date will follow the existing flow.

20

[NEW] Mastercard Revises Pre-Arbitration Fees CP/CNP/eComm

The Program: As previously announced, MasterCard is eliminating second chargebacks in July 2020 and will

allow issuers to send pre-arbitrations instead. A pre-arbitration may occur after a merchant represents a first

chargeback.

The Change: Along with this change, MasterCard is revising an existing pre-arbitration fee. The fee will be

assessed to the merchant who receives the pre-arbitration as outlined below.

The Impact:

Scenario 1

The merchant receives a pre-arbitration and decides to accept it.

• Effective July 1, 2020: This will create a debit for the disputed amount along with a $5.00 fee.

• Effective January 1, 2021: This will create a debit for the disputed amount along with the $15.00 fee.

Scenario 2

The merchant receives a pre-arbitration and declines it or fails to respond.

The fee will be assessed to the issuer instead of the merchant; however, if the issuer escalates the dispute to

arbitration and wins, the fee ($5.00 eff. 7/1/2020 and then $15.00 eff. 1/1/2021) will be included in arbitration fees

passed to the merchant.

[REMINDER] Mastercard Fallback Transactions on Chip-Capable Devices

Reminders CP/CNP/eComm

The Program: Mastercard closely monitors the data elements submitted by merchants on chip card transactions

to ensure a more secure processing environment.

The Impact: When POS transactions are performed with chip cards on chip-capable terminals but are sent as

technical fallback to magnetic stripe transactions, they are flagged and reported by Mastercard as non-compliant.

To reduce the number of transactions identified as non-compliant and to prevent associated fees for non-

compliance, merchants should review and adhere to the reminders below.

Reminders:

• Merchants that are properly set up for chip acceptance should check to make sure their chip readers are not damaged or dirty.

• If a merchant’s terminal entry capability code is set to ‘05’ for chip, it must contain the proper chip software.

• If the merchant is not processing chip transactions, the terminal entry capability code must be set to ‘2’ for magnetic swipe and the POS entry mode should be set to ’90’.

• Merchants should remind cardholders to leave their card in the reader until the machine instructs them to remove it.

21

[NEW] Visa Implements Higher Authorization Limits for Automated Fuel

Dispenser (AFD) Transactions by U.S. Fuel Merchants CP

The Change: Visa will increase the authorization limits for U.S. acquired AFD $1.00 status check authorization

transactions.

The Impact: The increased U.S. AFD Authorization Limits are:

• $125.00 USD for non-Fleet cards

• $350.00 for Fleet cards

The new authorization limits only apply to transactions that are both:

• Chip-on-chip

• Partial authorization participating

NOTES: Authorization limits will remain at $100.00 USD for non-Fleet cards and $150.00 USD for Fleet card

transactions that do not meet both of the specified criteria.

Issuers will continue to be liable for transactions up to these limits. Issuers may initiate a dispute for No

Authorization-Reason Code 11.3 for the difference of any final transaction amounts that exceed these

limits.

The Timing: October 17, 2020

Visa

22

[NEW] Bank Identification Numbers (BINs) Updated for Visa Fleet

Products CP/CNP/ecomm

The Change: In the U.S. Region the list of Bank Identification Numbers (BINs) has been updated to properly

identify Visa Fleet products.

The Impact: Merchants and acquirers in the U.S. will need to update BIN tables in order to identify Visa Fleet

products as outlined below.

Visa Fleet cards must be issued from the following BIN ranges:

• 448460 • 448462–448468 • 448470–448485 • 448487–448498 • 448500–448514 • 448516 • 448518–448523 • 448525–448544 • 448546–448547 • 448549–448556 • 448558–448559 • 448561–448565 • 448567–448577 • 448579–448586 • 448588–448589 • 448591 • 448593–448597

• 448599–448611 • 448613–448614 • 448617–448619 • 448621 • 448623–448625 • 448627–448674 • 448676–448680 • 448682–448686 • 448688–448699 • 461400–461421 • 461423–461425 • 461430–461459 • 461461–461468 • 461472–461480 • 461482–461499 • 480701–480899

Fleet product merchants that fall within fleet merchant category codes (MCCs) need to update their point of sale with

the BINs listed above to enable the recognition of fleet-enabled products, which may have cardholder prompting

instructions or service restrictions. There is no change to the fleet merchant requirement to support fleet

functionality, including enhanced data.

Merchants that fall within the fleet MCCs include:

• MCC 4468—Marinas, Marine Service, and Supplies

• MCC 4582—Airports, Flying Fields, and Airport Terminals

• MCC 5013—Motor Vehicle Supplies and New Parts

• MCC 5172—Petroleum and Petroleum Products

• MCC 5499—Miscellaneous Food Stores—Convenience

Stores and Specialty Markets

• MCC 5511—Car and Truck Dealers (New and Used) Sales,

Service, Repairs, Parts, and Leasing

• MCC 5521—Car and Truck Dealers (Used Only) Sales,

Service, Repairs, Parts, and Leasing

• MCC 5532—Automotive Tire Stores

• MCC 5533—Automotive Parts and Accessories Stores

• MCC 5541—Service Stations (With or without Ancillary

Services)

• MCC 5542—Automated Fuel Dispensers

• MCC 5552—Electric Vehicle Charging

• MCC 5599—Miscellaneous Automotive, Aircraft, and

Farm Equipment Dealers (Not Elsewhere

Classified)

• MCC 5983—Fuel Dealers—Fuel Oil, Wood, Coal, and

Liquefied Petroleum

• MCC 7523—Parking Lots, Parking Meters and Garages

• MCC 7531—Automotive Body Repair Shops

• MCC 7534—Tire Retreading and Repair Shops

• MCC 7535—Automotive Paint Shops

• MCC 7538—Automotive Service Shops (Non-Dealer)

• MCC 7542—Car Washes

• MCC 7549—Towing Services

• MCC 7699—Miscellaneous Repair Shops and Related

Services

The Timing: Effective Immediately

23

[NEW] Visa Updates Sunset Dates for Expired PIN Entry Devices CP

The Program: Visa requires that all organizations that accept cardholder PINs use an approved PIN Entry Device

(PED) that has been evaluated and approved by the Payment Card Industry Security Standards Council (PCI SSC)

and is listed on the Approved PIN Transaction Security (PTS) Devices section of the PCI SSC website.

The Change: Expired devices can become vulnerable to attacks, as they may not be able to support security code

updates or patches to address malware. In an effort to reduce these potential attacks, Visa has updated its PIN

Entry Device sunset and replacement mandates for expired POS PIN entry and ATM devices and introduced new

sunset dates for expired Host Security Modules (HSMs).

These modifications will help to establish the framework for advances in cryptographic changes as well as keeping

the payments ecosystem safe.

The Impact: Updating sunset and replacement dates Visa strives to:

• Clarify Visa requirements for replacement of PCI PEDs and HSMs

• Position the payment ecosystem to better defend against modern-day attacks

• Set the foundation for advances in cryptographic changes for PEDs

• Ensure payment participants remain vigilant about PIN security

Device PCI Device

Expiration Date

Revised Sunset

Date

Action Required After

Sunset Date

Devices never lab-evaluated

by Visa or PCI N/A 31 December 2022

• Sunset / retire devices

• Replacement required

Pre-PCI Approved Encrypting

PIN Pad (EPP) Devices N/A 31 December 2022



PCI PED or EPP PED V1.x 30 April 2014 31 December 2022 • Sunset / retire devices


PCI PED or EPP PED V2.x 30 April 2017 31 December 2022 Clear-key injection is

prohibited

31 December 2027 • Sunset / retire devices


PCI PTS Point of Interaction

(POI) V3.X1 30 April 2020 31 December 2030



All versions of PCI HSMs

V1.0—30 April 2019

V2.0—30 April 2022

V3.0—30 April 2026

10 years after the

version’s PCI HSM

security approval

expires

Replacement required

1 PCI security approval for Version 3.x devices expires 30 April 2020.

24

[NEW] Visa Introduces New Decline Response Code Rules and

Integrity Fees CP/CP/eComm

The Program: Acquirers and merchants have been communicating to Visa that it is difficult to understand why

an authorization declined as most issuers respond with 05 (Do Not Honor) response code. Merchants would be

able to make more informed decisions on how to proceed with the transaction if they understood the actual

reason for decline.

The Change: To address numerous issues around decline response code usage, Visa is introducing a set of new rules and fees to ensure that issuers, acquirers and merchants use and act upon decline response codes, appropriately. The new rules and fees announced as part of this effort are designed to:

• Enhance decline code management

• Ensure authorization consistency

• Improve authorization approval rates

• Reduce operational costs

• Reduce Fraud

Worldpay from FIS is evaluating any necessary changes to map response codes.

Visa Grouping of Decline Codes and Rules for Retries

Revised Payment Network Rules

Visa is introducing the following changes:

• Grouping all decline response codes into four categories and changing rules around usage and treatment of the response code in each group by issuers and merchants

• Expansion to allow merchants to resubmit authorization requests that were previously declined in the Canada, LAC, and U.S. Regions

• Changing the resubmission timeframe and frequency of declined auth response

• Introducing resubmission rules to the AP and CEMEA regions

• Managing first party fraud

• New Fees will be introduced for non-compliance

Enhancing Decline Code Management

Many issuers respond to an authorization request with a generic decline response code or with a response code that does not provide enough information to merchants to understand why the issuer declined the authorization. Visa will be redefining decline codes to provide acquirers with additional information that will increase merchant approval rates.

25

Visa created a solution that groups the decline response codes into four categories as follows:

Category Description Response Codes

Retry

Permitted

1

Decline response codes indicating the card is blocked for use or never existed. As such, there are no circumstances in which the issuer will ever grant an approval.

03 - Invalid merchant

04 - Pickup card

07 - Pickup card, special conditions

12 - Invalid transaction 15 - No such issuer 41 - Pickup card lost card

43 - Pickup card stolen card

57 - Transaction not permitted to cardholder

62 - Restricted card 78 - No account

93 - Transaction cannot be completed

R0 - Stop payment order

R1 - Revocation of authorization order

R3 - Revocation of all authorization

No

2

These decline response

codes indicate that the issuer may approve but cannot do so at this time. This could be due to a system issue or a lack of funds. This category

includes temporary decline decisions made by issuers which may change over time. They occur when the issuer is prepared to approve a transaction at some point, is unable to do so at the time, but would welcome an additional authorization attempt in the future.

19 - Re-enter transaction

51 - Insufficient funds

59 - Suspected fraud

61 - Exceeds withdrawal amount limits

65 - Exceeds withdrawal frequency

75 - Allowable PIN-entry tries exceeded

86 - ATM malfunction 91 - Issuer or switch is inoperative

96 - System malfunction

N3 - Cash service no available N4 - Cash request exceeds issuer limit

Yes

3

Decline codes indicating the

Issuer cannot approve based on the details provided. Examples include incorrect Card Verification Value 2 (CVV2) or

expiration date.

14 - Invalid account number

54 - Expired card

55 - Incorrect PIN

N7 - Decline for CVV2 Failure-Visa

82 - Negative Online CAM Cardholder

1A - Additional customer authentication

required

Yes

4

Most decline reason codes

fall into the above categories, but some special codes may be used on an ad-hoc basis. Their usage should remain minimal. This category includes all other decline response codes, many of which are technical in nature or provide little to no value to acquirers or merchants.

All other decline response codes NOT listed

in categories 1-3

05 - Do Not Honor

06 - Error

39 - No Credit Account

52 - No Checking Account

53 - No Savings Account

58 - Transaction not allowed at terminal

77 - Previous message located for a

repeat or reversal, but repeat or

reversal data inconsistent with original message

80 - Visa transaction credit issuer unavailable. Private label invalid date

1A - Additional customer authentication required (outside Europe this is a Category 4)

P2 - Invalid biller information P6 - Unsafe PIN

Z3 - Unable to go online; declined

*Worldpay from FIS is working with Visa to provide the full list of Category 4 decline codes

Yes

26

Decline Transaction Resubmissions

Visa is revising the rules regarding the resubmission of declined transactions. Merchants that receive a decline response may resubmit the transaction for authorization for certain decline response codes, to receive an approval response.

US and Canada Regions

Criteria Current New

Merchant Type Permitted to Perform Retries (Resubmissions)

(April 2020)

• Recurring

• Instalment

• Preauthorized Healthcare

• Unscheduled credential on file

• Transit

• Debt Repayment

All Merchant Types

Number of

Retries (Resubmissions)

(April 2020)

(May 2020-fees)

4 retries within 16 days

(excludes Debt Repayment and Transit)




(Debt Repayment)


(Debt Repayment)

4 reattempts within 14 days (Transit) 4 retries within 14 days (Transit)

Retry Permitted when the Decline Reason Code is:

(April 17, 2021)

(April 18, 2022 fee will apply)

05 (Authorization declined)

51 (Insufficient funds)

61 (Exceeds withdrawal amount limits)

65 (Exceeds withdrawal frequency)

05 (Authorization declined) 19 (Re-enter transaction) 51 (Insufficient funds 59 (Suspected fraud) 61 (Exceeds withdrawal amount limits)

65 (Exceeds withdrawal frequency) 75 (Allowable PIN entry tries exceeded) 86 (ATM malfunction) 91 (Issuer or switch is inoperative)

96 (System malfunction)

N3 (Cash service not available)

N4 (Cash request exceeds issuer limit)

14 Invalid account number)

54 (Expired card)

55 (Incorrect PIN) 82 (Neg. Online CAM, dCVV, iCVV, or CVV results)

N7 (Decline for CVV2 failure [Visa])

Retry NOT Permitted when the Decline Reason Code is: (Excludes Debt Repayment)

(April 17, 2021) (April 18, 2022 fee will apply)

04 (Pickup card)

07 (Pickup card, special conditions)

41 (Pickup card (lost card))

43 (Pickup card (stolen card))

03 (Invalid merchant)

04 (Pickup card)


12 (Invalid transaction)

15 (No such issuer)

41 (Pickup card [lost card])

43 (Pickup card [stolen card]) 57 (Transaction not permitted to cardholder) 62 (Restricted card)

78 (No account) 93 (Transaction cannot be completed)

R0 (Stop payment order)

R1 (Revocation of authorization order) R3 (Revocation of all authorization)

Retry NOT Permitted when the Decline Reason Code is: (Debt Repayment)

04 (Pickup card)

14 (Invalid account number (no such number))



52 (No checking account) 57 (Transaction not permitted to cardholder) 75 (Allowable PIN-entry tries exceeded)

78 (Blocked, first used) 82 (Negative Online CAM, dCVV, iCVV, or CVV results)

No Changes

27

LAC Region


Merchant Type

Permitted to Perform Retries (Resubmissions) (April 2020)

• Recurring

• Instalment

• Preauthorized Healthcare

• Unscheduled credential on file

• Transit

• Debt Repayment

All Merchant Types

Number of

Retries (Resubmissions)

(April 2020)






(Debt Repayment)


(Debt Repayment)

4 reattempts within 14 days

(Transit)


(Transit)

Retry Permitted when the Decline Reason Code is a Category 2:

(April 18, 2020)

(July 1, 2020-fee will apply)


19 (Re-enter transaction) 51 (Insufficient funds

59 (Suspected fraud) 61 (Exceeds withdrawal amount limits)


75 (Allowable PIN entry tries exceeded) 86 (ATM malfunction) 91 (Issuer or switch is inoperative)


N3 (Cash service not available) N4 (Cash request exceeds issuer limit)


19 (Re-enter transaction) 51 (Insufficient funds

59 (Suspected fraud) 61 (Exceeds withdrawal amount limits)


75 (Allowable PIN entry tries exceeded) 86 (ATM malfunction) 91 (Issuer or switch is inoperative)


N3 (Cash service not available) N4 (Cash request exceeds issuer limit)

Retry Permitted

when the Decline Reason Code is a Category 3:

(April 18, 2020) (July 1, 2020 fee will apply)

14 (Invalid account number)

54 (Expired card)

55 (Incorrect PIN)

82 (Neg. Online CAM, dCVV, iCVV, or CVV results)


14 (Invalid account number)

54 (Expired card)

55 (Incorrect PIN)

82 (Neg. Online CAM, dCVV, iCVV, or CVV results)


Note: Merchants receiving more than 10,000 category 3 declines, across all PANs, within a 30-day period, will incur a noncompliance fee.

Retry NOT Permitted when the Decline Reason Code is: (Excludes Debt Repayment)

(April 18, 2020)

(Oct. 1, 2021 fee will apply)

04 (Pickup card)


41 (Pickup card (lost card)) 43 (Pickup card (stolen card))

03 (Invalid merchant)

04 (Pickup card)


12 (Invalid transaction)

15 (No such issuer)

41 (Pickup card [lost card])

43 (Pickup card [stolen card])

57 (Transaction not permitted to cardholder)

62 (Restricted card) 78 (No account)

93 (Transaction cannot be completed)

R0 (Stop payment order)

R1 (Revocation of authorization order)

R3 (Revocation of all authorization)

Retry NOT Permitted when the Decline Reason Code is: (Debt Repayment)

04 (Pickup card)

14 (Invalid account number (no such number))



52 (No checking account)

57 (Transaction not permitted to cardholder) 75 (Allowable PIN-entry tries exceeded) 78 (Blocked, first used) 82 (Negative Online CAM, dCVV, iCVV, or CVV results)

No Changes

28

AP Regions


Merchant Type Recurring

Instalments Preauthorized Healthcare

Unscheduled credential on file

Recurring

Instalments Preauthorized Healthcare

Unscheduled credential on file

Amount of Retries N/A 4 retries within 16 days

Retry Permitted when the Decline Reason Code is:

(April 18, 2020)

N/A

05 (Authorization declined) 51 (Insufficient funds) 61 (Exceeds withdrawal amount limits) 65 (Exceeds withdrawal frequency)

Visa will assess the following fees on a per transaction basis when a merchant exceeds the reattempts threshold and/or reattempts a transaction after receiving a declined response code under Category 1.

U.S.

(Fees effective from April 1, 2022)

Criteria Domestic Fee Cross-border Fee

Issuer will never approve (Category 1) USD 0.10 USD 0.15

Canada

(Fees effective as indicated below)


Issuer will never approve (Category 1) USD 0.10

(effective April 1, 2022)

USD 0.15


Generic response code in excess of the

threshold (Category 4)

USD 0.10


USD 0.15


LAC



Issuer will never approve (Category 1) USD 0.10 USD 0.25

Issuer cannot approve at this time (Category 2) USD 0.10 USD 0.25

Issuer cannot approve with these details (Category 3) USD 0.10 USD 0.25

Generic response codes (Category 4) USD 0.10 USD 0.25

Ensuring Authorization Consistency

In an effort to obtain an approval, some merchants and acquirers are in the practice of modifying data fields upon an issuer decline; attempting to identify a gap in issuer authorization controls and detection systems. This data manipulation is damaging to the Visa system and can impact the issuer’s ability to effectively authorize transactions.

Data Consistency

Visa is introducing a fee that will apply when a merchant / acquirer resubmits an authorization with changed data elements following an issuer decline. Merchants/Acquirers will not be permitted to change any data elements in an authorization reattempt; those elements will include but are not limited to:

- Merchant country - Merchant Category Code

- POS condition code - POS environment field

- POS environment field - POS entry mode - Electronic commerce indicator (ECI)

29

Visa Fees and Effective Dates by Region for Non-Compliance

U.S.

(Fees effective from October 1, 2020)

Transaction Criteria Domestic Fee Cross Border Fee

Data Consistency USD 0.10 USD 0.15

Decline transaction resubmission in

excess of the allowable retry limit USD 0.10 USD 0.15

Canada

(Fees effective from October 1, 2020)

Transaction Criteria Domestic Fee Cross-border Fee


Decline transaction resubmission in

excess of the allowable re-try limit USD 0.10 USD 0.15

LAC


Transaction Criteria Domestic Fee Cross Border Fee


First Party Fraud First party fraud occurs when a cardholder seeks reimbursement for a legitimate purchase, resulting in a potential dispute. To reduce the impact to the ecosystem, effective April 18, 2020, Visa will be updating the rules for first party fraud as follows: Card-Not-Present (CNP) Merchant Requirement to Validate Cardholder Approval

Card not present merchants, who process multiple daily transactions for a cardholder will now be required to monitor the cardholder transactions by implementing daily velocity controls. Merchants can set any limit if it does not exceed 25 transactions per day. Activity over 25 transactions will require additional cardholder authentication. Merchant Withdrawal of Services or Assets Following a Fraud Dispute

When a merchant believes a customer is disputing a legitimate transaction, the merchant will be required to revoke the provision of goods or services if practical. If the fraud is due to the merchant account being taken over, the merchant will be required to re-authenticate the cardholder prior to further transactions.

Contact Information in Transaction Details for High Dispute Merchants:

High Dispute merchants are currently required to include dispute contact details in the merchant location field of the authorization message. Beginning in April 2020, Visa will provide Worldpay with quarterly reporting of CNP merchants with excessive dispute rates that are failing to provide this information. As a result, some merchants may be assessed non-compliance fees.

30

[NEW] Visa Updates Visa Infinite Business Credit and Debit Products CP/CP/eComm

The Change: Visa is introducing changes to increase the maximum spending limit for Visa Infinite Business

credit and debit products.

The Impact: To accommodate the wide range of small businesses in all regions, Visa will increase the maximum

transaction authorization limit for the Visa Infinite Business credit and debit products from $749,999.99 to

$1,499,999.99.

Merchants and/or POS vendors who establish transaction authorization limits may experience declines for this

card type if updates are not made to recognize the increased limit.

[REMINDER] Visa Clarifies Debt Repayment and Stored Credential

Policies CP/CNP/eComm

The Program: In addition to the availability of the new partial payments framework, beginning January 25, 2020

certain parts of Visa’s debt repayment, prepayment, and stored credential policy will be updated as outlined in

the Impact section below.

The Impact:

• Transactions representing repayment of an overdue obligation that has both:

o not been charged-off and transferred from the original owner to a third party and

o does not include interest (expressly or implicitly), are not considered debt.

• Prepayments, representing a full or partial deposit for goods or services to be provided on a future date, have been renamed and defined as Advance Payments.

Disclosure, agreement and cancellation policy requirements have been streamlined for all stored credential

transactions. No new requirements or changes to existing agreements will apply.

31

[REMINDER] Visa Modifies U.S. Account Verification, Network Acquirer

Processing and Authorization Misuse Fees CP/CNP/eComm

The Change: Visa is applying modifications to U.S. Acquirer Account Verification, Network Acquirer Processing

(NAPF), and Authorization Misuse fees.

The Impact: The fees below are being revised as outlined below:

Effective July 1, 2020: The U.S. Acquirer Authorization Misuse Fee will be extended to include:

• Automated Fuel Dispenser (AFD) merchants

Effective July 1, 2020: The U.S. Acquirer Account Verification Fee is being increased:

• Domestic Debit Account Verification Fee is being increase by $0.0005 to $0.030

• Domestic Credit Account Verification Fee is being increased by $0.010 to $0.035

• International Account Verification Fee will increase by $0.045 to $0.070

Effective October 1, 2020: The Network Acquirer Processing Fee (NAPF) will begin to include authorization

reversals for:

• domestic credit authorization reversals

• domestic debit authorization reversals

• international credit authorization reversals

• international debit authorization reversals

[REMINDER] Visa Introduces Deferred Authorization Indicator CP

The Program: When a card present merchant’s system experiences a communication issue and an online

authorization is not able to be obtained, a merchant will hold onto the authorization message and submit it when

the system is back online.

The Change: In an effort to improve authorization approvals, Visa is introducing a new indicator to uniquely

identify transactions that are stored and submitted once their system is back online.

The Impact: Visa will require support of a new authorization indicator (existing field 63.3) to identify deferred (store

and forward) authorizations (value of 5206).

• Deferred authorizations must be obtained within one (1) day of the transaction date*

* Transaction date is the date when the goods/services were provided. Visa understands there will be exceptions (e.g., natural disasters, etc.) where the submission of the deferred authorization may extend beyond one day.

• MCCs 4111 (Local and Suburban Commuter Passenger Transportation including Ferries), 4122 (Passenger

Railways) or 4131 (Bus Lines) must obtain an authorization within four (4) days of the transaction date

The Timing: Visa has revised the effective dates for support of the Deferred Authorization Indicator:

• April 16, 2021 – mandatory for merchants

32

[NEW] Discover Announces Changes to Dispute Requirements for Credit Not

Processed and Authorization Non-Compliance CNP/eComm

The Program: Discover has announced changes to the Dispute requirements for Credit Not Processed (Reason

Code RN2) and Authorization Non-Compliance (Reason Code AT).

The Change: The timeframe for an issuer to initiate a dispute for Reason Code RN2 (Credit Not Processed) will

decrease from 15 to 10 calendar days. Issuers may not initiate a dispute of a credit transaction using Reason

Code RN2 when the issuer provided a declined authorization response to an authorization request for a credit

return.

Additionally, an Issuer may initiate a dispute of a credit transaction for Reason Code AT (Authorization Non-

Compliance) if the acquirer or merchant did not obtain a positive authorization response.

The Impact: Merchants should familiarize themselves with the update and ensure adherence to the revised

requirements.

[UPDATE] Discover Announces Change to Dispute Requirements for Fraud

Card Not Present Transaction Reason Code CNP/eComm

The Program: Discover has announced changes to the Dispute requirements for Fraud Card Not Present

Transaction (Reason Code UA02).

The Change: Issuers will not be required to initiate a Ticket Retrieval Request for Disputes initiated on and after

July 17, 2020 if the issuer determined that the merchant failed to obtain CID or AVS. If the merchant obtained CID

or AVS, the issuer must initiate a Ticket Retrieval before a chargeback.

The Impact: Merchants should ensure they are obtaining the CID and/or AVS at authorization. This will give

merchants the opportunity to resolve the dispute at Ticket Retrieval stage and maybe prevent a chargeback.

Merchant’s documentation should follow best practices by including proof of delivery and other compelling

evidence.

The Timing: Effective for Disputes, including Ticket Retrieval Requests, initiated on or after July 17, 2020.

Discover

®

33

[REMINDER] Discover Publishes Clarification of Timing to Submit Documentation

for Disputes CP/CNP/eComm

The Program: Discover has published clarifications to their Dispute Rules.

The Change: Disputes rules have been clarified to state that merchants have the standard thirty (30) calendar

days, plus an additional grace period of five (5) calendar days, to respond to a ticket retrieval request.

Additionally, clarification is provided to indicate that a merchant has three (3) calendar days after responding to a

Pre-Arbitration Inquiry in order to provide compelling evidence to support the response.

The Impact: Merchants should note the timing to respond and ensure the timeframes are met.

[REMINDER] Discover Disputes System Enhancements CP/CNP/eComm

The Change: Worldpay will enhance its dispute system to bring Discover into alignment with Visa and MasterCard

disputes. For example, Discover disputes will now use the same Status, Owner, and Liability convention as the

other brands.

The Impact: The impact should be minimal because the process flows and financial settlement will remain

unchanged. Merchants can expect to see:

• Real time communication between iQ and Discover which allows for merchant self-service.

• Dispute notices with DM prefix. The versions with MD and BC prefixes will no longer be applicable.

• In the Chargeback Activity file, Discover disputes will move from the Charts section to the DM Activity section.

The Timing: May 4, 2020

[REMINDER] JCB Expands Existing BIN Ranges CP/CNP/eComm

The Change: JCB has announced they are expanding their BIN ranges.

The Impact: Merchants and partners should ensure all point of sale devices are able to identify, accept, and

process the expanded BIN ranges.

New JCB 8-Digit BIN ranges

Start End Issuing Network

30880000 30949999 JCB

30960000 31029999 JCB

31120000 31209999 JCB

31580000 31599999 JCB

33370000 33499999 JCB

The Timing: The new BINs are expected to be in market October 2022.

34

[NEW] American Express Announces Credential on File (COF)

Framework CP/CNP/eComm

The Program: American Express is announcing support of COF framework mandated in Europe (EEA/EU) for

Payment Services Directive Two (PSD2), and limited field support for all other regions.

The Change: American Express is introducing a combination of fields to identify Customer Initiated and

Merchant Initiated transactions and link subsequent COF to the original transaction in support of the Europe

PDS2 requirements (COF framework support is mandated for EEA/EU). Support of POS Data code Field is

required in subsequent transactions for all other regions.

The Impact: American Express will require acquirers and merchants outside of the EEA/EU to only support

the POS Data Code Field in subsequent transactions.

The following American Express fields/values are being introduced to support Credential on File:

• Required in All Regions: Data POS Data Code

o Value A – Credential on File

▪ Position 1 indicates if the POS can support the A (i.e., maximum capability of the POS used),

▪ Position 7 indicates if the A was used in the transaction (i.e., the method used to capture

information from the card).

The Timing: October 2020

The Change: American Express is reassigning MCC 8661, Religious Organizations from “Other” industry to

the “Emerging Markets” industry.

The Impact: American Express Opt Blue Merchants with MCC 8661, Religious Organizations, will realize a

shift in interchange qualification as it is moved from the "Other" industry to the "Emerging Markets" industry.

The Timing: April 17, 2020

American Express

Organizations, MCC 8661 CP/CNP/eComm

[REMINDER] American Express (Opt Blue) Revises Assignment for Religious

35

[REMINDER] American Express Announces Gambling MCCs CP/CNP/eComm

The Change: In order to align with the industry, American Express will permit the use of MCCs 7800

(Government-owned lotteries), 7801 (Licensed Casinos – Online Gambling), and 7802 (licensed Horse/Dog

Racing).

The Impact: These MCCs will be made available to NON-OptBlue merchants only and approval must be given

prior to processing transactions. Failure to obtain the proper approval through American Express may result in

rejected transactions.

©2020 FIS and/or its subsidiaries. All Rights Reserved.

Worldpay (UK) Limited (Company No. 07316500 / FCA No. 530923), Worldpay Limited (Company No. 03424752 / FCA No. 504504), Worldpay AP Limited

(Company No: 05593466 / FCA No: 502597). Registered Office: The Walbrook Building, 25 Walbrook, London EC4N 8AF and authorised by the Financial

Conduct Authority under the Payment Service Regulations 2017 for the provision of payment services. Worldpay (UK) Limited is authorised and regulated

by the Financial Conduct Authority for consumer credit activities. VAT number: 991 2802 07

Worldpay B.V. has its registered office in Amsterdam, the Netherlands (Handelsregister KvK no. 60494344). WPBV holds a licence from and is included in

the register kept by De Nederlandsche Bank, which registration can be consulted through www.dnb.nl.

http://www.dnb.nl/

Merchant Network Updates Spring 2020info.vantiv.com/rs/048-BUR-972/images/Spring 2020 NUNL.pdfcan be...

Documents

Transcript of Merchant Network Updates Spring 2020info.vantiv.com/rs/048-BUR-972/images/Spring 2020 NUNL.pdfcan be...