Card brands introduce ongoing technical and business enhancements that may affect the way you accept card payments. As a merchant, you are required to follow the procedures set by them. These enhancements may require you to review your operating procedures, and modify them as necessary by the required implementation date. Below is a list of current compliant releases. Visa Purchase Return Authorization Mandate Compliance Notification Visa is introducing a new purchase return authorization mandate that will affect all merchants that process customer returns. Currently, Moneris authorizes merchant returns on behalf of Visa and the card issuer. Effective 28-Aug-2018, Moneris will send return authorizations to Visa and the card issuer for all such transactions. You are not required to take any action for these changes to take effect. The new return authorization messages will enable issuers to update cardholders’ online banking statements in real time. This new flow of information on returns is intended to enhance cardholder confidence in the payments system, as the information they receive on purchase returns will better align with what they see on purchases. For merchants, real-time issuer account validation may offer a number of key benefits: Improved customer experience and satisfaction Fewer customer service inquiries due to a lack of real-time information regarding returns Help reduce or minimize related chargebacks related to the timing of posted return transactions As a part of this change, merchants may receive decline messages for return authorizations. The possibility of declined returns is expected to be minimal. If a return is declined, merchants may choose to offer the refund credit to another Visa account or offer the credit in an alternate form such as cash, in-store credit or prepaid card. In doing so, merchants should ensure that evidence of the declined return is retained in case of a future dispute. December 2018 – UnionPay BIN Changes Effective December 31, 2018, UnionPay International (‘UnionPay’) is introducing a new series of Bank Identification Numbers (BINs) that begin with ‘81’ (e.g., 810000-817199), as well as expanding all BINs to eight digits (‘8-digit BINs’). To avoid any disruption to your business, you will need to apply the following updates to your systems. If you are using a Moneris® standalone payment solution, you are required to: Activate UnionPay 81 series BIN changes on your POS device(s) by reinitializing your terminal. In the event that you do not re-initialize your device by December 31, 2018, the terminal will prompt you to do so. If you are using a Moneris® integrated or ecommerce payment solution, you are required to: Contact your integration partner, web developer and/or internal IT department to test your payment application and confirm the POS is certified by the December 31, 2018 deadline. Moneris has made UnionPay 81 series and 8-digit BINs available in the production environment for POS testing. As per UnionPay card acceptance policies: All point-of-sale terminals must support the UnionPay 81 series BIN standards. Both card present and card-not-present POS environments (including hard-coded ecommerce sites) must be equipped to recognize and process 81 series BINs, following the same logic and handling as transactions made with Primary Account Numbers (PAN) in the ‘62’ series today. Back office reporting systems must be able to recognize 8-digit BINs in all occurrences where the 6-digit BINs used by card brands today are reported. UnionPay will be monitoring BIN acceptance rates and may impose non-compliance assessment fees to businesses that are unable to accept 81 series and 8-digit BIN cards by the December 31, 2018 deadline. For businesses using a standalone payment solution, please contact the Moneris Support Center at 1-866-319-7450 with your questions. If you are using an integrated payment solution, please contact your POS integration partner for assistance with re-initializing your payment processing application(s). April and October 2018 – Visa and Mastercard Payment Security Changes (UPDATED March 2019) On April 12, 2018, Visa® and Mastercard® implemented policy changes to improve card security and further reduce fraudulent transactions and chargebacks in Canada. This will impact the way merchants accept card present (CP) and card not present (CNP) payments for domestic and international transactions. Fallback (Visa and Mastercard) Visa and Mastercard are enacting a ‘no fallback’ policy for CP transactions, which means that merchants will need to request an alternate method of payment if a customer’s Chip & PIN transaction fails, as the card will not ‘fallback’ to the magnetic swipe. These changes took effect April 12, 2018 for domestic transactions on both card brands, and October 12, 2018 for international transactions using Mastercard. CVV2 (Visa only) Visa introduced a requirement on October 14, 2018 requiring telephone order and e-commerce merchants to capture CVV2 at checkout and include it in the authorization request. This rule does not apply to (updated March 2019): A transaction that uses a stored credential A transaction initiated with a payment token A transaction in which a paper order form is used A transaction involving a recurring or installment payment (second and all subsequent transactions) A transaction conducted through a digital wallet such as Visa Checkout A transaction originating from an indirect sales channel A delayed charge transaction A transaction involving an incremental authorization request A MO/TO transaction where the CVV2 is captured manually and provided in written format A transaction that received a decline response and is resubmitted for authorization, as specified in the Visa Rules (ID#: 0006007) Merchants using the Moneris Gateway are required to make changes to enable CVV2 information capture at payment checkout. Affected services include: Moneris API Batch submissions Hosted Pay Page Hosted Vault Virtual Terminal Merchant Resource Centre Hosted Tokenization Moneris has activated Card Validation Digits (CVD) and Address Verification Services (AVS) for all Gateway Merchants effective May 15, 2018 at no additional fees or costs. For details on required changes, please see: www.moneris.com/VisaCVD. Stored Credential Transaction Framework (Visa and Mastercard) Visa and Mastercard are updating their security policies for CNP transactions, beginning with the introduction of the Stored Credential Transaction Framework on October 12, 2018, which outlines the requirements for initial storage and subsequent use of payment credentials. For more information on the respective changes announced by Visa and Mastercard, please visit: Visa: Moneris.com/VisaSecurity Mastercard: Moneris.com/MCSecurity April 2018 - Visa Claims Resolution Effective April 13 2018, Visa will be implementing the Visa Claims Resolution (VCR) initiative to reduce the number of chargeback disputes and improve the overall efficiency of the dispute resolution process. Information on upcoming changes related to the VCR initiative has been provided below. Reduced Resolution Timeframes Chargebacks can typically take anywhere from 46 to 100 days to resolve, depending on their complexity. Visa is streamlining their chargebacks dispute process by eliminating any extra touch points and exchanges of information between parties. Reducing the time and resources it takes to resolve disputes will benefit merchants, issuers and cardholders alike. Merchants will now be asked to respond to chargeback disputes within seven calendar days from the date of notice. Changes to Chargeback Reason Codes The current list of 22 Visa chargeback reason codes will be replaced with new values and grouped into four new categories of disputes: Authorization, Fraud, Processing Errors and Consumer Disputes. For a full list of the new Visa chargeback reason codes and their corresponding dispute categories, please visit the Moneris chargebacks page. Changes to Direct Deposit Account (DDA) Descriptors Effective May 9 2017, the following changes will be made to Demand Deposit Account (DDA) descriptors for chargebacks across all card types. Fee Type Old Description New Description Chargebacks CAD/USD CTnnnn88888888 Where CT = Card Type (VI,MC,DI), nnnn = Card Brand Reason Code 88888888 = storeID if available, else use merchant number CAD/USD nnnnnnX88888888 Where nnnnnn = Card Brand Reason Code X = Card Type (V, M, D, U, A, J) 88888888 = Merchant number April 2017 - Visa, Mastercard and Discover update for manual key-entry transactions Effective April 21, 2017, Visa®, Mastercard®, and Discover® are revising processing standards for manual key-entry transactions to help minimize fraudulent activity at the point-of-sale (POS). Visa Businesses using EMV-enabled terminals may support manual key-entry transactions at their discretion, but are no longer required to accept Visa cards if the chip or magnetic stripe cannot be read by the POS device. Businesses using a magnetic stripe only device, are required to continue supporting manual key-entry procedures for Visa card transactions. Mastercard / Discover Businesses may support manual key-entry transactions at their discretion, but are not required to accept Mastercard or Discover cards if the magnetic stripe of a magnetic stripe only card or both the chip and magnetic stripe of a chip card cannot be read by an EMV-enabled POS device. While your business may have the option to manually key-enter transactions, if a chargeback is issued you will no longer be protected under Mastercard reason code 4837: No Cardholder Authorizations or Discover reason code UA01: Fraud – Card Present Transaction. This means that a manual imprint of the payment card coupled with the cardholder’s signature, will no longer provide proof of card presence required for fraud-related disputes. October 2015 - Visa Rule Changes Moneris Solutions Corporation (“Moneris”) would like to inform you of recent changes announced by Visa Inc. (“Visa”) which may impact your business processes.