New regulation is rarely a good thing, but Visa has made some recent changes that could really impact your bottom line in a good way. In the newest wave of changes, Visa is revitalizing how they interpret and process for recurring transactions relating to stored credentials.
What are stored credentials anyway? Visa defines them clearly: “A stored credential is information (including, but not limited to, an account number or payment token) that is stored by a merchant or its agent, a payment facilitator or a staged digital wallet operator to process future transactions.” In the payment processing world, the perfect example of stored credentials is the MobiusPay Card Vault. Customers provide their card and billing details a single time and they are stored on our systems. The merchant never has to store these secure and private details. Through our streamlined platform, merchants are then able to process transactions on that card over and over again without holding the raw billing data. Those are the transactions that Visa is looking at differently for the better.
Customers place a lot of trust in merchants related to stored credentials, and it’s vitally important to respect the cardholder to ensure that your business and merchant account not only survives, but thrives as well. We firmly believe this is a great move by Visa, and we think you will too.
Stored credentials are becoming very popular, especially for online merchants that have clients who purchase frequently (think of mega giants like Amazon) and you also may recognize the use of stored credentials in “Freemium” online games that have micro billings and small charges. There is a wide range of potential applications for these types of transactions, including the adult industry. A video-on-demand platform can charge a monthly membership, and also bill an additional fee for a one-time digital download. Webcam platforms can store the card once, and the member can easily bill their card quickly and on demand for any amount they want (perhaps when their favorite model is online and they might not have both hands available to punch in a credit card number).
Previously, Visa considered these payments to be no different than any other transaction. They were processed basically the same way, risk-assessed the same way, but it’s clear that these types of recurring transactions are different than a one-time charge. The inherent difference in a stored credential purchase is that there is a linked historical pattern related to them. The card processor can easily see that these transactions have been made and their trends. Every subsequent successful charge (in theory) reduces the risk related to subsequent charges.
To accomplish this change in policy, it is required that merchants appropriately categorize or label these transactions as stored credentials and recurring transactions according to the new Visa guidelines. Additionally, there are new requirements when the card information is stored. Most importantly, merchants are required to overtly inform the cardholder that the card number is being stored for convenience and future transactions. Consent is requirement, and usually achieved by using a checkbox on the order form that is not pre-filled. Additionally, merchants must provide disclosure, notification and get consent when the merchant’s terms are updated. It is then required to appropriately label the future transactions with specific codes related to the type of transaction (such as subscription, installment, merchant initiated transaction or a new purchase initiated by the cardholder). These unique transaction type codes are then provided to the gateway during those subsequent transactions.
Stored credentials can be used at the direction of the cardholder or the merchant. Cardholder-initiated transactions (Visa calls these CITs) occur when the customer is actually activating a charge themselves directly. This might be as simple as pushing a button. Alternatively, merchant-initiated transactions (an MIT in Visa lingo) is done autonomously by the merchant, perhaps as an automated monthly rebill by date, or topping up an account balance with funds or tokens. These MITs are based on standing instructions by the cardholder (which is why customer consent and notification of changes in merchant terms is so important). Customers place a lot of trust in merchants related to stored credentials, and it’s vitally important to respect the cardholder to ensure that your business and merchant account not only survives, but thrives as well. We firmly believe this is a great move by Visa, and we think you will too.
Visa is intending to accomplish greater visibility of transaction risks, higher authorization approval rates (more sales for merchants), fewer customer complaints and an overall better cardholder experience. While it might be a bit of a hassle to update the required elements to comply with this move forward, it’s clear that this will benefit merchants in the long term, as well as immediately out of the gate. We are always helping merchants ensure they are compliant and are taking full advantage of processing features to improve sales, it’s just part of the business consulting that is provided to all MobiusPay clients. So even if you don’t quite understand or know what to do next, ask your merchant processor to help.
Jonathan Corona has more than a decade of experience in the electronic payments processing industry. As MobiusPay’s vice president of compliance, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. MobiusPay specializes in high-risk merchant accounts in the U.S., E.U. and Asia. Follow them on Twitter @MobiusPay for the latest updates.
