If you’re running an e-commerce business and are a subscription-based merchant, you have to store your customer’s payment credentials in order to make one-click or recurring payments possible.
While storing payment credentials makes transactions faster and much easier, it’s a process susceptible to abuse. That’s why both Visa and MasterCard want to make their clients aware of the fact that their card information is being stored by the merchant. As a merchant, you must comply with their rules in order to keep your business running. This also includes following the MasterCard rules as well as Visa merchant rules.
Terminology and Frequently Asked Questions
Before we cover the basics of the Visa merchant agreement and MasterCard merchant rules, it’s a good idea to cover quick FAQ’s:
Q: What is Stored Credential?
A: Stored Credentials are a piece(s) of information kept and stored by the merchant. It streamlines future purchases made by the cardholder. The important thing to remember is that a credential is not considered stored when a single transaction is in question. Credentials are only stored for purposes of subscription services and recurring payments.
Q: What types of transactions fall under these mandates?
A: The types of transactions covered by this mandate are as follows:
- Recurring payments
- One-click shopping
- Merchant-initiated payments (unscheduled)
- Installment payments
Bear in mind; there are some variations for each type of transaction. However, many of these rules are pertinent across the board.
Q: What is a Recurring Payment?
A: A recurring payment is a transaction that is processed at regular intervals. In simpler words, your client can opt to pay recurring payments for subscriptions, meaning they will be charged a fixed amount every week/month if their subscription is active.
Q: What is One-click shopping?
A: Any transaction initiated by the customer, using stored authentication information is considered “one-click” shopping. The customer allows the merchant to store billings address, card information or other data required to authenticate a transaction to expedite subsequent purchases.
Q: How Complex is the Process of Complying With the New Mandate?
A: The whole process is surprisingly simple and straightforward. As a merchant, all you must do is to obtain consent from your client, most often by asking them to check a simple box on the payment processing page. Visa card rules can be a nuisance sometimes, but these are an exception.
New Rules – The Basics
Prior to storing payment credentials for future use, the merchant or its agent (the processor or digital wallet operator) must establish an agreement with the cardholder, clearly pointing out that their credentials are being stored locally. As a merchant, if you allow storing of your client’s credentials, you can count on the following benefits:
- Higher authorization approval rates
- Greater visibility of transaction risk levels
- Fewer chargebacks and fewer customer complaints
Transactions Covered by the New Mandate for Subscription Transactions
To be compliant with the new rules for subscription-based services, every merchant must follow a set of specific guidelines, at different points during the process of selling a service or product.
The requirements are as follows:
- Before processing the first transaction in a situation where payments are recurring, the merchant is required to ask for consent. The cardholder, in this situation, is giving consent to having their payment information and credentials stored for future transactions.
- The merchant must separate all the requirements enforced by this mandate from their own Terms and Conditions. The client must be aware of the new rules of the purchase agreement, and in some cases, the merchant is required to provide the agreement record if requested
- When credit card information is being stored for future use, but no simultaneous purchase is being made, the merchant can process an Account Verification Request, which is a $0 transaction. This is done to ensure the card is legitimate and active. If the AVR gets declined, the credentials mustn’t be stored.
Conditions for Stored Credential Transactions
As we’ve mentioned, every merchant must get consent and establish an agreement with the cardholder before storing their credentials. The mentioned agreement should contain the following:
- A comprehensive explanation of how the stored information will be used
- A shortened form of the stored information (usually the last four digits of your CC)
- The methods that will be used for informing the cardholder about changes to the agreement: email, text, etc.
- Expiration date (if relevant)
Before the first transaction gets processed, the merchant must get the cardholder’s consent. The agreement is then kept by the merchant for as long as it’s in effect. Upon request, this agreement is provided to the issuing bank. The agreement must contain the following:
- The currency used in the transaction must be defined
- Policies (refunds and cancellations)
- The transaction amount (including fees, taxes, and charges)
- The merchant’s location
- Concession for surcharges
Repercussions for Refusing to Comply as a Merchant
Even though the major card issuers haven’t disclosed whether you as a merchant are susceptible to penalties in case of failure to comply, there are some potential consequences you might want to focus on. They are as follows:
- Significantly slower transaction processes
- An increased number of declined payments
- More chargebacks
While the repercussions for refusing to comply with the new rules are vaguely defined, the best course of action for merchants is to embrace the benefits they enable. As a merchant, you’ll get a much higher level of trust from your clients, more authorized transactions, and most importantly – more sales with fewer chargebacks.
If you’re contemplating whether to comply with the new mandate, the simplest answer is – do it. It doesn’t take much to integrate the new rules, and on top of that – most of the parameters in the new mandate are beneficial both for merchants and their clients.
This new mandate allows you to lower the number of chargebacks, significantly increase transactions, and decrease the number of declined payments. Considering this information, any inconvenience from compliance pales in comparison to the new revenue streams created by recurring payments.
That said, recurring payments can present new chargeback threats. We all know someone who cancelled their gym membership only to discover the gym kept billing them. Increased ease of revenue never comes without its problems.