Sep
24
2014
September 24th, 2014 by Elma Jane

The CVV Number (Card Verification Value) on your credit card or debit card is a 3 digit number on VISA, MasterCard and Discover branded credit and debit cards. On your American Express branded credit or debit card it is a 4 digit numeric code.

The codes have different names:

American Express – CID or unique card code.

Debit Card – CSC or card security code.

Discover  – card identification number (CID)

Master Card – card validation code (CVC2)

Visa  – card verification value (CVV2) 

CVV numbers are NOT your card’s secret PIN (Personal Identification Number).

You should never enter your PIN number when asked to provide your CVV. (PIN numbers allow you to use your credit or debit card at an ATM or when making an in-person purchase with your debit card or a cash advance with any credit card.)

Types of security codes:

CVC1 or CVV1, is encoded on track-2 of the magnetic stripe  of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.

The most cited, is CVV2 or CVC2. This code is often sought by merchants for card not present transactions occurring by mail or fax or over the telephone or Internet. In some countries in Western Europe, card issuers require a merchant to obtain the code when the cardholder is not present in person.

Contactless card and chip cards may supply their own codes generated electronically, such as iCVV or Dynamic CVV.

Code Location:

The card security code is typically the last three or four digits printed, not embossed like the card number, on the signature strip on the back of the card. On American Express cards, the card security code is the four digits printed (not embossed) on the front towards the right. The card security code is not encoded on the magnetic stripe but is printed flat.

American Express cards have a four-digit code printed on the front side of the card above the number.

MasterCard, Visa, Diners Club,  Discover, and JCB credit and debit cards have a three-digit card security code. The code is the final group of numbers printed on the back signature panel of the card.

New North American MasterCard and Visa cards feature the code in a separate panel to the right of the signature strip. This has been done to prevent overwriting of the numbers by signing the card.

Benefits when it comes to security:

As a security measure, merchants who require the CVV2 for card not present payment card transactions are required by the card issuer not to store the CVV2 once the individual transaction is authorized and completed. This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful. Virtual Terminals and payment gateways do not store the CVV2 code, therefore employees and customer service representatives with access to these web-based payment interfaces who otherwise have access to complete card numbers, expiration dates, and other information still lack the CVV2 code.

The Payment Card Industry Data Security Standard (PCI DSS) also prohibits the storage of CSC (and other sensitive authorization data) post transaction authorization. This applies globally to anyone who stores, processes or transmits card holder data. Since the CSC is not contained on the magnetic stripe of the card, it is not typically included in the transaction when the card is used face to face at a merchant. However, some merchants in North America require the code. For American Express cards, this has been an invariable practice (for card not present transactions) in European Union (EU) states like Ireland and the United Kingdom since the start of 2005. This provides a level of protection to the bank/cardholder, in that a fraudulent merchant or employee cannot simply capture the magnetic stripe details of a card and use them later for card not present  purchases over the phone, mail order or Internet. To do this, a merchant or its employee would also have to note the CVV2 visually and record it, which is more likely to arouse the cardholder’s suspicion.

Supplying the CSC code in a transaction is intended to verify that the customer has the card in their possession. Knowledge of the code proves that the customer has seen the card, or has seen a record made by somebody who saw the card.

 

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Point of Sale, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
16
2014
September 16th, 2014 by Elma Jane

Card-not-present merchants are battling increasingly frequent friendly fraud. That type of fraud..The I don’t recognize or I didn’t do it dispute. This occurs when a cardholder makes a purchase, receives the goods or services and initiates a chargeback on the order claiming he or she did not authorize the transaction.

This problem can potentially cripple merchants because of the legitimate nature of the transactions, making it difficult to prove the cardholder is being dishonest. The issuer typically sides with the cardholder, leaving merchants with the cost of goods or services rendered as well as chargeback fees and the time and resources wasted on fighting the chargeback.

Visa recently changed the rules and expanded the scope of what is considered compelling evidence for disputing and representing chargeback for this reason code. The changes included allowing additional types of evidence, added chargeback reason codes and a requirement that issuers attempt to contact the cardholder when a merchant provides compelling evidence.

The changes give acquirers and merchants additional opportunities to resolve disputes. They also mean that cardholders have a better chance to resolve a dispute with the information provided by the merchant. Finally, they provide issuers with clarity on when a dispute should go to pre-arbitration as opposed to arbitration.

Visa has also made other changes to ease the burden on merchants, including allowing merchants to provide compelling evidence to support the position that the charge was not fraudulent, and requiring issuers to a pre-arbitration notice before proceeding to arbitration, which reduces the risk to the merchant when representing fraud reason codes.

The new “Compelling Evidence” rule change does not remedy chargebacks but brings important changes for both issuers and merchants. Merchants can provide information in an attempt to prove the cardholder received goods or services, or participated in or benefited from the transaction. Issuers must initiate pre-arbitration before filing for arbitration. That gives merchants an opportunity to accept liability before incurring arbitration costs, and Visa will be using information from compelling evidence disputes to revise policies and improve the chargeback process

Visa made those changes to reduce the required documentation and streamline the dispute resolution process. While the changes benefit merchants, acquirers and issuers, merchants in particular will benefit with the retrieval request elimination, a simplified dispute resolution process, and reduced time, resources and costs related to the back-office and fraud management. The flexibility in the new rules and the elimination of chargebacks from cards that were electronically read and followed correct acceptance procedures will simplify the process and reduce costs.

Sometimes, an efficient process for total chargeback management requires expertise or in-depth intelligence that may not be available in-house. The rules surrounding chargeback dispute resolution are numerous and ever-changing, and many merchants simply do not have the staffing to keep up in a cost-effective and efficient way. Chargebacks are a way of life for CNP merchants; however, by working with a respected third-party vendor, they can maximize their options without breaking the bank.

Reason Code 83 (Fraud Card-Not-Present) occurs when an issuer receives a complaint from the cardholder related to a CNP transaction. The cardholder claims he or she did not authorize the transaction or that the order was charged to a fictitious account number without approval.

The newest changes to Reason Code 83, a chargeback management protocol, offer merchants a streamlined approach to fighting chargebacks and will ultimately reduce back-office handling and fraud management costs. Independent sales organizations and sales agents who understand chargeback reason codes and their effect on chargeback rates can teach merchants how to prevent chargebacks before they become an issue and successfully represent those that they can’t prevent.

Posted in Best Practices for Merchants, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sep
16
2014
September 16th, 2014 by Elma Jane

When plastic cards become digital tokens, they become virtual. So how do you say that the Card is Present or Not Present.  The legendary regulatory difference that the cards industry has relied on to differentiate between interchange fees for Card Present and Card Not Present transactions.

Apple secured Card Present preferential rates for transactions acquired by iTunes on the basis that the card’s legitimacy is verified with the issuer at the time of registration and the token minimizes probability of fraud. If an API call to the issuing bank is sufficient to say that the Card is Present, who is to say that the same logic can’t apply to online merchants who also verify the authenticity of Cards on File when they tokenize them? How can one arbitrarily say that the transaction processed with token from an online merchant is Card Not Present, but the one processed with Apple Pay is Card Present even though both might have made the same API call to the bank to verify the card’s validity?

In the Apple case, a physical picture of the card is taken and used to verify that the person registering the card has it. It is not that hard for an online merchant to verify that the Card on File converted as a token does belong to the person performing an online transaction.

As we move towards chip and pin the card present merchants will spend substantial money upgrading their hardware and POS systems. That expense will be offset by that savings in losses due to fraud. MOTO and e-commerce transactions ( card NOT present ) will always have a higher cost because the nature of processing is NON face to face transactions. Of course the fraud and losses are higher when the card is manually entered or given to someone over the phone……Face to face will always have the lowest cost per transaction because it is usually the final step in the sale. Restaurants are low risk because you had the transaction AFTER you eat. If there is a dispute it happens before the merchant even sees the credit card.

In the long run, as cards become digital and virtual through tokens, we are all going to wonder if card is present or not present. May be some will say. Card is a ghost.

Posted in Best Practices for Merchants, Credit card Processing, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Dec
12
2013
December 12th, 2013 by Elma Jane

The Consumer Financial Protection Bureau is reviewing whether credit card rewards program are misleading to credit card users.

Results of the review may be new. Strict rules about the transparency of rewards programs, including details about cash back offers, mileage awards and how these rewards must be redeemed.

In an email to Bloomberg News, CFPB Director Richard Cordray said, we will be reviewing whether rewards disclosures are being made in a clear and transparent manner, and we will consider whether additional protections are needed.

Credit card issuers like American Express, Bank of America, Chase, Citi and Discover rely on rewards programs to attract new customers as well as increasing the use of their cards by existing cardholders. Rewards are the No. 1 reason why customers select the card, and there’s almost a battle to provide the highest rewards.

What we’ve learned over time is, our best customers value rewards. Their spend behaviour changes based on rewards,  said Edward Gilligan, the President of American Express.

The CFPB’s restrictions could put a damper on each company’s ability to draw in new cardholders.

While there are no apparently abuse issues with rewards programs at this time, the CFPB is taking the initiative to catch a problem before it happens.

Keep an eye out for notices from your credit card issuer about changes in your rewards program. Changes, or at least clarifications, could come as a result of this examination.

 

Posted in Gift & Loyalty Card Processing, Visa MasterCard American Express Tagged with: , , , , , , , , , , ,

Oct
01
2013
October 1st, 2013 by Elma Jane

A payment card transaction involves some or all the following participants:

Acquirers or Payment Processors that market card acceptance services to merchants, obtain transaction authorization, and clear and settle card transactions for the merchant.

Consumers or Cardholders that use payment cards to purchase goods and services. Issuers that market and issue payment cards to consumers and set the terms and conditions for their use; Merchants that accept payment cards for the purchase of goods and services; Network Operator that oversees the system and coordinates the transmission of information and the transfer of funds between issuers and acquirers.

Since the network operators revenue depends on the value of transactions that flow through its network, it tries to ensure the widest possible acceptance among consumers and merchants. In order to increase use and acceptance, the networks use marketing techniques to gain brand recognition, create products that encourage consumer usage and merchant acceptance, and set fees and impose rules on system participants including:

Interchange Fees  they are set by the network but are generally paid by acquirers to issuers and are usually reflected in the merchant service fee paid by merchants to acquirers. Interchange fees can be calculated either as a flat fee per transaction, as a percentage of the transaction value, or a combination of both.

Membership Requirements MasterCard and Visa require issuers and acquirers to be regulated financial institutions or be sponsored by a regulated financial institution. Interac also requires issuers to be regulated financial institutions.

Network Switch Fees these fees are charged to acquirers and/or issuers, and are set and collected by the network. They can be calculated either as a flat fee per transaction or as a percentage of the transaction value.

Merchant Acceptance Rule Includes:

No Discrimination Rules which prohibit merchants from encouraging consumers to consider (or steering consumers toward) lower cost payment instruments.

No Surcharge Rules which prevent merchants from charging consumers a fee for the use of a credit card rather than some other credit card or method of payment;

Honour-All-Cards Rules which require merchants that accept any of the networks credit cards to accept all of that networks credit cards (core, high spend and premium high spend in the case of MasterCard), regardless of the applicable interchange fee. The networks have also expanded this rule to include debit cards (i.e. if a merchant accepts one debitcard, they must accept all of that networks debit cards).

With four-party card networks, such as Visa and MasterCard, the card networks seek to maximize the transactions following through them by attacting more card issuers. The networks do this by offering the prospect of interchange income to issuers, thus creating an incentive to increase interchange as much as the market (i.e. the parties paying the interchange fees) will bear.

The ability to use credit cards and debit cards to purchase goods and services rests largely on a behind-the-scenes architecture of procedures, rules and technology that govern how funds and information are transferred between people and institutions in the process of settling accounts, i.e., of ensuring that merchants that sell goods and services get paid by the people who purchase them.

Posted in Best Practices for Merchants, Credit card Processing, Electronic Payments Tagged with: , , , , , , , , , , , , , , , ,