Compliance Notices

Card brands introduce ongoing technical and business enhancements that may affect the way you accept card payments. As a merchant, you are required to follow the procedures set by them. These enhancements may require you to review your operating procedures, and modify them as necessary by the required implementation date. Below is a list of current compliant releases.

Compliance Notifications

  • In November of 2014, Mastercard announced a new mandate that required all contactless readers support the Contactless Terminal Specification version 3.0 (MCL 3.0). As part of this, all readers were required to be compliant by January 1, 2019.

    Through ongoing discussions with Mastercard, Moneris worked to get the deadline extended and Mastercard agreed to extend the date to support MCL 3.0 to December 31, 2021.

    Merchants are still required to comply with this mandate and ensure that all POS terminals which support Mastercard contactless are able to support MCL 3.0 by December 31, 2021. If merchants are unable to achieve compliance by this date Mastercard may, at their discretion, impose non-compliance assessments of up to $100,000 USD per violation, which Moneris will pass on per the terms of the merchant agreement.

    If you work with an integrator or an Independent Software Vendor (ISV), please reach out to them to assist in updating your solution. Should you need further clarification or assistance please contact www.moneris.com/support/contact.

    Contactless Terminal Specification version 3.0 mandate details:

    • Comply with MCL 3.0 or EMV CL Book C-2;
    • and for POS Terminals only (including MPOS Terminals), be configured to support On-Device Cardholder Verification and the processing of Contactless Transactions that exceed the applicable Cardholder verification method (CVM) limit amount up to the amount that the same POS Terminal supports on its contact interface.

    If you are unable to achieve compliance by December 31, 2021, Mastercard may, at their discretion impose non-compliance assessments. Below please find a summary of Mastercard’s non-compliance assessment schedule:

    Compliance Category Assessment Type Assessment Description

     

     

     

     

     

     

    A

     

     

     

        Per violation

    Up to USD 25,000 for the first violation

    Up to USD 50,000 for the second violation within 12 months

    Up to USD 75,000 for the third violation within 12 months

    Up to USD 100,000 per violation for the fourth and subsequent violations within 12 months

     

     

    Variable occurrence
    (by device or Transaction)

        Up to USD 2,500 per occurrence for the
        first 30 days 

        Up to USD 5,000 per occurrence for days
        31–60 

        Up to USD 10,000 per occurrence for days
        61–90 

        Up to USD 20,000 per occurrence for
        subsequent violations

  • Between September 10, 2020 and September 16, 2020, all ISVs and integrated merchants will receive the following reminder from Moneris regarding transaction limits for both contact and contactless INTERAC transactions.

    Under INTERAC Debit Regulations, both ISVs and integrated merchants are not permitted to set a per transaction limit on devices. As a result, we have asked them to check and ensure no transaction size limits are set for INTERAC transactions on the POS solutions they either use or provide.

    An altered transaction limit on a POS solution may prevent merchants from taking advantage of any increased limits for contactless transactions INTERAC may set in the future. If the INTERAC transaction limit has been altered, we have requested the ISV reset the limit as soon as possible.

  • Visa, Mastercard, and Discover are introducing a new purchase return authorization mandate that will affect all merchants that process customer returns. Currently, Moneris authorizes merchant returns on behalf of the card issuer.

    • Effective July 17, 2020, Moneris will be required to send Mastercard and Discover return authorization requests to the card issuer for approval. 
    • Effective October 15, 2021, Moneris will be required to send Visa return authorization requests to the card issuer for approval.

    The new return authorization process will enable issuers to update cardholders’ online banking statements in real time. This process will help enhance cardholder confidence in the payments system, as the information they receive on purchase returns will better align with what they see on purchases.

    This will offer a number of key benefits for merchants:

    • Help reduce or minimize related chargebacks
    • Provide real-time issuer account validation
    • Fewer customer service inquiries due to a lack of real-time information

    There is a possibility that merchants may see declined refund transactions due to the following reasons:

    • Expired card
    • Blocked card (due to fraud, breach, etc.)
    • Invalid PIN
    • Invalid card #
    • Original card used for purchase was a prepaid card that has been discarded

    Merchants should closely examine their business processes to ensure that a cardholder can be reached should a refund transaction be declined.

    In the event of a declined refund, merchants have three options to pursue in the following order:

    1. The refund on another card (of the same brand)
    2. Offer the cardholder a store credit/gift card
    3. Offer the cardholder refund in another format (cash, cheque)

    All options are contingent on a declined refund and should be used at the discretion of the merchant based on existing refund policies and risk tolerance for their business. Moneris recommends that merchants avoid refunding to a card (of a different brand) to reduce the risk of fraud.

  • Effective December 31, 2018, UnionPay International (‘UnionPay’) is introducing a new series of Bank Identification Numbers (BINs) that begin with ‘81’ (e.g., 810000-817199), as well as expanding all BINs to eight digits (‘8-digit BINs’). To avoid any disruption to your business, you will need to apply the following updates to your systems.

    If you are using a Moneris® standalone payment solution, you are required to:

    • Activate UnionPay 81 series BIN changes on your POS device(s) by reinitializing your terminal. In the event that you do not re-initialize your device by December 31, 2018, the terminal will prompt you to do so.

    If you are using a Moneris® integrated or ecommerce payment solution, you are required to:

    • Contact your integration partner, web developer and/or internal IT department to test your payment application and confirm the POS is certified by the December 31, 2018 deadline.
    • Moneris has made UnionPay 81 series and 8-digit BINs available in the production environment for POS testing.

    As per UnionPay card acceptance policies:

    • All point-of-sale terminals must support the UnionPay 81 series BIN standards.
    • Both card present and card-not-present POS environments (including hard-coded ecommerce sites) must be equipped to recognize and process 81 series BINs, following the same logic and handling as transactions made with Primary Account Numbers (PAN) in the ‘62’ series today.
    • Back office reporting systems must be able to recognize 8-digit BINs in all occurrences where the 6-digit BINs used by card brands today are reported.

    UnionPay will be monitoring BIN acceptance rates and may impose non-compliance assessment fees to businesses that are unable to accept 81 series and 8-digit BIN cards by the December 31, 2018 deadline.

    For businesses using a standalone payment solution, please contact the Moneris Support Center at 1-866-319-7450 with your questions. If you are using an integrated payment solution, please contact your POS integration partner for assistance with re-initializing your payment processing application(s).

  • (UPDATED March 2019)

    On April 12, 2018, Visa® and Mastercard® implemented policy changes to improve card security and further reduce fraudulent transactions and chargebacks in Canada. This will impact the way merchants accept card present (CP) and card not present (CNP) payments for domestic and international transactions.

    Fallback (Visa and Mastercard)
    Visa and Mastercard are enacting a ‘no fallback’ policy for CP transactions, which means that merchants will need to request an alternate method of payment if a customer’s Chip & PIN transaction fails, as the card will not ‘fallback’ to the magnetic swipe. These changes took effect April 12, 2018 for domestic transactions on both card brands, and October 12, 2018 for international transactions using Mastercard.

    CVV2 (Visa only)
    Visa introduced a requirement on October 14, 2018 requiring telephone order and e-commerce merchants to capture CVV2 at checkout and include it in the authorization request. This rule does not apply to (updated March 2019):

    • A transaction that uses a stored credential
    • A transaction initiated with a payment token
    • A transaction in which a paper order form is used
    • A transaction involving a recurring or installment payment (second and all subsequent transactions)
    • A transaction conducted through a digital wallet such as Visa Checkout
    • A transaction originating from an indirect sales channel
    • A delayed charge transaction
    • A transaction involving an incremental authorization request
    • A MO/TO transaction where the CVV2 is captured manually and provided in written format
    • A transaction that received a decline response and is resubmitted for authorization, as specified in the Visa Rules (ID#: 0006007)

    Merchants using the Moneris Gateway are required to make changes to enable CVV2 information capture at payment checkout. Affected services include:

    • Moneris API
    • Batch submissions
    • Hosted Pay Page
    • Hosted Vault
    • Virtual Terminal
    • Merchant Resource Centre
    • Hosted Tokenization

    Moneris has activated Card Validation Digits (CVD) and Address Verification Services (AVS) for all Gateway Merchants effective May 15, 2018 at no additional fees or costs.

    For details on required changes, please see: www.moneris.com/VisaCVD.

    Stored Credential Transaction Framework (Visa and Mastercard)
    Visa and Mastercard are updating their security policies for CNP transactions, beginning with the introduction of the Stored Credential Transaction Framework on October 12, 2018, which outlines the requirements for initial storage and subsequent use of payment credentials.

    For more information on the respective changes announced by Visa and Mastercard, please visit:

    Visa: Moneris.com/VisaSecurity
    Mastercard: Moneris.com/MCSecurity

  • Effective April 13 2018, Visa will be implementing the Visa Claims Resolution (VCR) initiative to reduce the number of chargeback disputes and improve the overall efficiency of the dispute resolution process. Information on upcoming changes related to the VCR initiative has been provided below.


    Reduced Resolution Timeframes
    Chargebacks can typically take anywhere from 46 to 100 days to resolve, depending on their complexity. Visa is streamlining their chargebacks dispute process by eliminating any extra touch points and exchanges of information between parties. Reducing the time and resources it takes to resolve disputes will benefit merchants, issuers and cardholders alike.

    Merchants will now be asked to respond to chargeback disputes within seven calendar days from the date of notice.


    Changes to Chargeback Reason Codes
    The current list of 22 Visa chargeback reason codes will be replaced with new values and grouped into four new categories of disputes: Authorization, Fraud, Processing Errors and Consumer Disputes. For a full list of the new Visa chargeback reason codes and their corresponding dispute categories, please visit the Moneris chargebacks page.

  • To enable greater customer transparency and control, easier cancellation and clearer dispute rights, Visa has updated rules related to transactions at merchants that offer free trials introductory offers as part of an ongoing subscription service. Upon review of its existing rules, Visa recognizes that this business model can lead to problems for all stakeholders in the payment echo system, including multimillion-dollar operational cost increases due to high call center, customer complaints, increased chargebacks and a negative cardholder experience.

    To address these concerns and help provide clarify for all parties; Visa has updated its acceptance, disclosure and cancellation policies effective April 18, 2020. With these changes, cardholders are provided to clearer information, enabling them to identify, recognize and take on subscription transactions, reducing the number of transactions that result in a dispute.

    Updated Policy for Subscription Merchants Offering Free Trials or Discounted Introductory Promotions FAQ

    Trial Subscription Updates