Confidential and Proprietary Fifth Third Bank | All Rights Reserved Robert Day 1-800-884-0353 Sept 2007 Using Credit Cards in B2B Transactions: Presented by: Robert L. Day Assistant Vice President Commercial Interchange What Every Credit Manager Needs to Know The information presented in this seminar is for information purposes only, and is not intended as legal or financial advice. The information does not amend or alter your obligations under your agreement with Fifth Third Bank, or under the Operating Regulations of any credit card or debit card association.
55
Embed
Confidential and Proprietary Fifth Third Bank | All Rights Reserved Robert Day 1-800-884-0353 Sept 2007 Using Credit Cards in B2B Transactions: Presented.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Confidential and Proprietary Fifth Third Bank | All Rights Reserved
Robert Day 1-800-884-0353 Sept 2007
Using Credit Cards in B2B Transactions:
Presented by:
Robert L. Day
Assistant Vice President
Commercial Interchange
What Every Credit Manager Needs to Know
The information presented in this seminar is for information purposes only, and is not intended as legal or financial advice. The information does not amend or alter your obligations under your agreement with Fifth Third Bank, or under
the Operating Regulations of any credit card or debit card association.
AgendaAgenda• What is Interchange?• Why is everything downgrading?• What are you really paying ????• Statements: From Best to Worst • Convenience Fees• Risk & PCI • Fraud Protection• Choosing a business partner versus a processor
• Transactions originating from a Visa Corporate or Purchasing card do not require AVS. Business Cards do require and AVS attempt for interchange qualification.
• Recurring payment transactions do not require AVS as long as the transaction is not the first payment and the time between payments is less than a year.
No
CPS Card Not Present
Yes
Yes Cleared within two
days?
No
Yes
One authorization per clearing message?
Yes
No
AVS performed?*
Electronically authorized?
No
Yes
EIRF
No
Shipped within 7 days and transaction
includes order number and MOTO/ECI
Indicator?
YesNo
Authorized through Intl. Automated
Referral Service?
Standard
No
Cleared within three
days?
Yes
Consumer card transaction where card/ cardholder are not present
Visa – CNP & E-Commerce Interchange Transaction Date must be within 7 days of the
Authorization Date Transaction Date should equal the Shipment Date Transaction must be settled / cleared to your
Processor within 2 days of the Transaction Date
1 2 3 4 5 6 7 8 9
Ship on Day 7Tran Date = Day 7
As Visa has the stricter requirements of the 2 networks, it is As Visa has the stricter requirements of the 2 networks, it is best to follow the Visa requirements as Best Practicesbest to follow the Visa requirements as Best Practices..
As Visa has the stricter requirements of the 2 networks, it is As Visa has the stricter requirements of the 2 networks, it is best to follow the Visa requirements as Best Practicesbest to follow the Visa requirements as Best Practices..
Auth on Day 1 Settle/Clear transactionto Processor by Day 9
Authorization/Settlement Time FramesAuthorization/Settlement Time Frames
Depending on your Industry and MCC Code, the variance varies from 0-25%
MasterCard MOTO: Tran amount have a 0% Auth/Settlement tolerance and all transactions not matching will go to Standard if not set-up with the MCC codes below.
Visa MOTO: Tran amount may be different than the original auth amount. As long as the auth amount in settlement matches the original auth amount (and all other requirements are met), the transaction should qualify for the optimal rate.
MOTO (Mail Order Telephone Order) MMC Codes 4816,5960,5962,5964,5965,5966,5967,5968,5969,6531
Level II Must include merchant zip code, location, description, Tax ID, and Sales Tax.
Sales Tax amount must be between 0.1% and 22% of the amount of the transaction.
Customer Code is no longer required for Level II on Purchasing Cards at non-fuel locations. Customer Code is required for Purchasing Cards at fuel locations
Level III Available to Purchasing Cards ONLY
Must include merchant zip code, location, description, Tax ID, and Message Identifier/Line Item Detail
NOTE: Level II Data (specifically Sales Tax and Customer Code) is no longer required for Level III on Purchasing Cards at non-fuel locations
Additional Info
Tax Exempt transactions can no longer qualify for Level II rates. They may get Level III on P-Cards if Level III data is provided
GSA and Large Ticket requirements have NOT changed (Sales Tax, Customer Code and Line Item Detail still required)
Large Ticket Requirements: Level II and Level III data required, registration required, $1,000 set-up fee, transactions > $4,105
• Visa Business, Corporate, and Purchasing transactions that are CPS qualified, however do not meet Level 2 data requirements, will no longer receive the Commercial Electronic rates.
• These transactions will be eligible for the new Commercial Card CNP, Commercial Card Retail, or Commercial Card B2B rates.
• Fleet Purchasing card fuel transactions will now be eligible for the new Purchasing Retail rate under certain conditions.
• These changes to the Commercial card interchange fee structure should benefit a number of tax-exempt merchants currently receiving the Commercial Electronic rates.
NOTE – Increases in Electronic, Level II and Level III
• Visa: 15% Purchasing, 16% Corporate, 69% Business• MasterCard: 11% Purchasing, 89% Corporate/Business• Merchant does Level I, but not Level II or III
Case Study Case Study Case Study Case Study
Visa Commercial Card• $10,000,000 sales• 100,000 transactions• $100 average ticketMasterCard Commercial Card• $7,500,000 sales• 75,000 transactions• $100 average ticket
Visa Commercial CardsCorporate/Business Level II – 2.00% + $.10
Purchasing Level III – 1.80% + $.10
MasterCard Commercial CardsCorporate/Business Data Rate III – 1.75%
Purchasing Data Rate III – 1.75%
Visa Fees MC Fees
MC Purchasing $22,688(Data Rate I: 2.65% + $.10)
Visa Purchasing $34,500(Purchasing Retail: 2.20% + $.10)
Visa Corporate $36,800(Corporate Retail: 2.20% + $.10)
• Retain current customers requiring Level III detail
– Fortune 500 companies
– Government
– Universities
• Gain new customers with competitive edge
• Realize interchange savings opportunity
– For MasterCard, Data Rate III (Level III) interchange is 58 basis points lower than Data Rate II (Level II) interchange and up to 90 basis points lower than Data Rate I (Level I) interchange!
• Significant interchange savings opportunity available on Large Ticket commercial card transactions greater than $4,105 (Visa) & $7,272 (MasterCard)
• Some processors do not charge interchange fees as “pass through”, meaning that in addition to paying the surcharge on a downgraded transaction, they mark-up or “pad” the surcharge
• Be on the look out for “hidden” or “padded” fees on your processing statement
This one requires a little work. It does not show the downgrade rate, only the base rate; however, it gives all the information needed to calculate your rate as well as manage your Interchange. While it is not misleading, it could be improved by giving the downgrade rates as long as partial rates are not located in several places. This one is an overall favorite for the novice (98% fall into the novice category). We call this one a “Factual Statement” while it could give more facts, it does give all the necessary information without becoming the dangerous “Lawyer’s Statement”.
The transaction volume is $10.00 the adjustment amount .11 is the surcharge from MC and passed on to the merchant. To calculate your percentage, divide the fee by the transaction volume 0.11 divided by 10.00 This shows the merchant the percentage they are paying for the Data Rate I downgrade .11%
Like the best statement it shows the number and volume of transactions which is crucial in managing your cost as well as your Interchange. What’s very dangerous is, at first glance, it looks like the merchant is only paying 1.95% + a ten cent transaction fee. After further review; the merchant is also paying a sales discount of .002200 as well as a Dues and Assessment fee of .000950 (on second page of statement not shown). Not counting the transaction fee can be a crucial oversight. The effective rate of 2.27% versus 1.95% is very misleading. This one is nicknamed the “Lawyer’s Statement” because they data dump to the point you can’t find the truth buried in the pile of evidence. This one is a favorite for those highly skilled in Interchange
This one is nicknamed the “Political Statement”. It says a lot while saying nothing. It shows a ton of data while leaving out one key element - the downgrade transaction volume. With this missing you have no way to calculate your rate. Yes, it shows the base (contract) rate which is usually a lowball rate. Seeing how it is the only rate disclosed they typically give you a very low rate while making up their losses (and a whole lot more) in the non-disclosed rates on the downgrades (which usually make up the bulk of the merchants transactions).
This statement shows your rate but does not show the Interchange category (QUAL, MID-QUAL and NON-QUAL are not Interchange categories). In other words, you know how much you’re paying; you just don’t know for what.This is especially dangerous because you have no knowledge of how your transactions are qualifying (keeping in mind that Interchange makes up 92% of your cost). You can not improve when you don’t know what’s wrong. We call this the “No Comment Statement” because it tells you nothing.
Charged for a bona fide convenience in the form of an alternative payment channel outside the merchant’s customary payment channels.
— Example: A face-to-face merchant allows customers the convenience of paying by phone or Internet.
Disclosed to the cardholder as a charge for the alternative payment channel convenience.
— The fee must not be disclosed as a processing fee or fee to cover merchant costs associated with card acceptance.
Added only to a non face-to-face transaction.
— Merchants who only operate exclusively in a MO/TO or Internet environment may not assess a convenience fee, as there is not an added convenience to pay through the current payment channel.
General Visa rules as they tend to be the strictest
Added as a flat or fixed amount, regardless of the value of the payment due.
— The fee may not be assessed as a percentage of the transaction amount.
— There are certain exceptions to this rule for specific pilots in specific industries (e.g. tax, government, schools)
Applicable to all forms of payment accepted in the alternative payment channel.
— The fee may not be assessed only to customers paying by debit or credit card through the alternative payment channel, but rather to any kind of payment accepted through that channel.
Disclosed prior to the completion of the transaction and the cardholder is given the opportunity to cancel.
Included as part of the total transaction amount, with the exception of certain industries like utilities and tax pilot
General Visa rules as they tend to be the strictest
— Any merchant processing 6,000,000 Visa or MasterCard transactions per year, or identified by another card brand as Level 1, or compromised in the last year
Merchant Level 2
— Any merchant processing 1 million to 6 million Visa or MC transactions per year
Merchant Level 3
— Any merchant processing 20,000 to 1 million Visa or MC E-Commerce transactions per year
Merchant Level 4
— Any merchant processing less than 20,000 Visa or MC E-Commerce transactions per year, and all other merchants processing up to 1 million Visa transactions per year.
Do not store magnetic-stripe data after transaction authorization
— Merchants must not retain full-track magnetic-stripe data on any of their systems once a transaction has been authorized.
— Per PCI DSS requirements, merchants can retain only cardholder names, account numbers, and expiration dates.
Do not store PIN blocks after transaction authorization
— Merchants should examine all transaction journals and logs to verify that their payment systems do not retain PIN block data – even if it is encrypted – after transaction authorization.
Avoid CVV2 Storage
— When requesting cardholder CVV2 online or in mail order/telephone orders, merchants should not document this information on paper or store it in their databases after transaction authorization.
Guard against SQL injection attacks caused by insecure shopping carts (primarily an E-Commerce phenomenon)
— Test SQL vulnerability using automated tools or manual techniques
— Ensure that all payment applications were developed using secure coding practices that included independent code reviews
— Validate that all merchant payment software includes all applicable up-to-date security patches
Protect against remote access vulnerabilities
— Implement a policy prohibiting group-shared passwords
— Determine from your software vendor how to securely configure your payment application.
Never use vendor-supplied defaults
— Visa encourages merchants to change vendor-supplied defaults – remove or disable features, set specific parameters, etc. – before installing payment application systems in your networks.
1. Check the card security features. • Hologram, matching 4 digits under embossed 4 digits, CVV2 value, etc. • Make sure that the card has not been altered.
2. Swipe the stripe. • Swipe the card through the terminal in one direction only to obtain authorization.
3. Check the authorization response. • Take appropriate action for the specific response:
Approved Ask the customer to sign the sales receipt
Declined Return the card to customer and ask for another Visa card
Call or Call Center
Call your voice authorization center and tell the operator that you have a “Call” or “Call Center” response. Follow the operator instructions.
Note: In most cases, a “Call” or “Call Center” message just means the card Issuer needs some additional information before the transaction can be approved.
Pick Up Keep the card if you can do so peacefully
No Match Swipe the card and re-key the last four digits. If “no match” response appears again, keep the card if you can do so peacefully. Request a Code 10 authorization.
Take these steps to accept Card Not Present payments:
— Obtain an authorization
— Verify the card’s legitimacy:
– Ask the customer for the card expiration date, and include it in you authorization request. An invalid or missing expiration date might indicate that the customer does not have the actual card in hand.
– Use fraud prevention tools such as Address Verification Services (AVS), Card Verification Value 2 (CW2)
— Look for general warning signs of fraud
— If you receive an authorization, but still suspect fraud:
– Ask for additional information during the transaction (e.g., request the financial institution name on the front of the card)
– Contact the cardholder with any questions
– Confirm the order separately by sending a note via the customer’s billing address rather than the “ship to” address.
1. First-time shopper: Criminals are always looking for new victims.
2. Larger-than-normal orders: Because stolen cards or account numbers have a limited life span, crooks need to maximize the size of their purchase.
3. Orders that include several of the same item: Having multiples of the same item increases a criminal’s profit
4. Orders made up a “big-ticket” items: These items have maximum resale value and therefore maximum profit potential.
5. “Rush” or “overnight” shipping: Crooks want these fraudulently obtained items as soon as possible for the quickest possible resale, and aren’t concerned about extra delivery charges.
6. Shipping to an international address: A significant number of fraudulent transactions are shipped to fraudulent cardholders outside of the U.S. Visa AVS can’t validate non-U.S., except in Canada and the United Kingdom.
Keep your eyes open for the following indicators!
When more than one is true during a card-not-present transaction, fraud might be involved.
7. Transactions with similar account numbers: Particularly useful in the account numbers used have been generated using software available on the internet (e.g., CreditMaster)
8. Shipping to a single address, but transactions placed on multiple cards: Could involve an account number generated using special software, or even a batch of stolen cards.
9. Multiple transactions on one card over a very short period of time: Could be an attempt to “run a card” until the account is closed.
10. Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses: Could represent organized activity, rather than one individual at work.
11. In online transactions, multiple cards used from a single IP (Internet Protocol) address: More than one or two cards could definitely indicate a fraud scheme.
12. Orders from Internet addresses that make use of free e-mail services: These e-mail services involve no billing relationships, and often neither an audit trail nor verification that a legitimate cardholder has opened the account.
1. Check the terminal. Be sure your terminal is working properly. If the terminal is okay and the problem appears to be with the magnetic stripe, continue to step 2.
2. Match the account number. Check to see that the embossed account number on the front of the card matches the number indent-printed on the back.
3. Check the expiration date. Look at the “good thru” or “valid thru” date to be sure the card hasn’t expired. If the card has a “valid from” date, be sure the card isn’t being used before it is valid.
4. Make an imprint. Get a manual imprint of the card.
5. Get a signature. Ask the customer to sign the imprinted sales draft.
6. Check the signature. Be sure that the signature on the card matches the one on the sales draft. Do not accept an unsigned card.
If a card cannot be swiped, you must key-enter the card account data into your POS terminal…
When you key-enter a transaction, you run the risk of accepting a counterfeit card because the magnetic stripe information is unavailable.
You can also do a Zip Code check for additional protection.
For Visa, if the Zip Code matches, it will also allow you to qualify for a
lower interchange rate.
Choosing a Choosing a Business PartnerBusiness Partner Versus a ProcessorVersus a Processor
Find a partner that will help you manage the evolving payment landscape and “navigate the networks” for you!
Has expertise in the Business to Business market segment
Promotes Proactive Interchange Program
Shares Industry Best Practices
Supports Level II and Level III Data Transmission
The Evolution of Credit Cards in B2B Transactions Presented by: