In the program guide
that every merchant signs and agrees to states, “IF THE TERMINAL FAILS TO READ
THE MAGNETIC STRIPE OR IF YOU ARE
REQUIRED TO
OBTAIN A VOICE AUTHORIZATION, THEN YOU MUST IMPRINT THE CARD.”
When an account
is approved a “merchant metal plate: is mailed out. Not only should you have an imprint of the
card, but the merchant info from the “plate” should also be included. Now is a good time to pull this back out and
be sure you have an imprinter and imprinter slips. If you need help with this
let me know. Let me know if you want a
full copy of the guide.
I
would like to add about the new cards will be issued soon to consumers called
EMV cards with an embedded chip, also referred to as smart cards. These cards are reported nearly impossible to
counterfeit because the chip stores unique info that is constantly changing as
the card is used. Cards in use today use
a magnetic strip that can be easily replicated and counterfeited. Merchants will need to have the proper
equipment to accept these new cards no later than October 2015.
I
urge you to take the time to review the following:
IF THE TERMINAL
FAILS TO READ THE MAGNETIC STRIPE OR IF YOU ARE
REQUIRED TO
OBTAIN A VOICE AUTHORIZATION, THEN YOU MUST IMPRINT THE CARD. IN ADDITION, THE
SALES DRAFT MUST HAVE THE CARD HOLDER’S SIGNATURE. FAILURE TO FOLLOW THESE
PROCEDURES WILL PREVENT YOU FROM DEFENDING A TRANSACTION IN THE EVENT THAT IT
IS CHARGED BACK UNDER A CLAIM THAT THE RIGHTFUL CARDHOLDER DID NOT AUTHORIZE
THE PURCHASE. ENTERING IN INFORMATION INTO A TERMINAL MANUALLY WILL NOT PREVENT
THIS TYPE OF CHARGEBACK.
Why we are at, I wanted to share the portion
addressing businesses that do not accept a card in person.
Mail/Telephone/Internet (Ecommerce) Orders and Other Card
Not Present Sales.
You may only engage in mail/telephone/Internet orders
provided they do not exceed the percentage of your total payment Card volume
reflected on your application. Failure to adhere to this requirement may result
in cancellation of your Agreement. Merchants conducting Internet transactions
using MasterCard or Visa Cards must have special codes (an “Electronic Commerce
Indicator”) added to their authorization and settlement records. Discover
Network does not use an Electronic Commerce Indicator. Failure to register as a
merchant conducting Internet transaction can result in fines imposed by the
Associations. Mail/Telephone/Internet and other Card Not Present transactions
have a sub statically higher risk of Chargeback. Since you will not have an
imprinted or magnetically swiped transaction and you will not have the
Cardholder’s signature on the Sales Draft as you would in a face-to-face
transaction, you will assume all risk associated with accepting a
mail/telephone/Internet or other Card Not Present transaction. The following
procedures, while they will not eliminate Chargebacks, are useful in reducing
them and should be followed by you:
• Obtain the expiration date of Card.
• On the Sales Draft, clearly print the Cardholder’s account
number; effective and expiration dates; date of transaction; description of the
goods and services; amount of the transaction (including shipping, handling,
insurance, etc.); Cardholder’s name, billing address and shipping address;
authorization code; and merchant’s name and address (city and state required).
• For mail orders, write “MO”; for telephone orders, write
“TO” on the Cardholder’s signature line.
• If feasible, obtain and keep a copy of the Cardholder’s
signature on file on a form authorizing you to submit telephone and mail order
transactions.
• You should utilize the Address Verification Service for
all Card Not Present Transactions (see note below). Address Verification is
specifically required for all
Discover Network Card Not Present Transactions, and if you
do not receive a positive match through AVS, you may not process the Discover
Network Card
Not Present Transaction. If you do not have AVS, contact us
immediately.
• You should obtain the 3-digit Card Validation Code number
and include it with each authorization request. Discover Network Association
Rules specifically require that you submit the Card Validation Code with the
authorization request for all Discover Network Card Not Present Transactions.
• For telephone orders, it is recommended that written
verification of the sale be requested from the Cardholder (sent by mail or
fax).
• You may not submit a transaction for processing until
after the merchandise has been shipped or the service has been provided to the
customer. (The Associations will permit the immediate billing of merchandise
manufactured to the customer’s specifications [i.e., special / custom orders]
provided the Cardholder has been advised of the billing details.)
• You should provide a copy of the Sales Draft to the Cardholder
at the time of delivery. You must also obtain proof of delivery of the goods or
services to the address designated by the Cardholder (i.e., by getting a signature
of the Cardholder or person designated by the Cardholder through the delivery
carrier). If the Card holder visits one of your locations to receive the goods
or services purchased, obtain an imprint of the card and the Cardholder’s
signature.
• Notify the Cardholder of delivery time frames and special
handling and/or cancellation policies. Merchandise shipping dates must be
within seven (7) days of the date authorization was obtained. If, after the
order has been taken, additional delays will be incurred (e.g., out of stock),
notify the Cardholder and reauthorize the transaction.
• You may not require a Cardholder to complete a postcard or
other document that displays the Cardholder’s account number in clear view when
mailed.
• If you accept orders via the Internet, your web site must
include the following information in a prominent manner:
– Complete description of the goods or services offered;
– Merchandise return and refund policy;
– Customer service contact, including email address and/or
telephone number;
– Transaction currency (U.S. dollars, unless permission is
otherwise received from Servicers);
– Any applicable export or legal restrictions;
– Delivery policy;
– Consumer data privacy policy;
– A description of the transaction security used on your
website; and
– The sale or disclosure of databases containing Cardholder
account numbers, personal information, or other Card transaction information to
third parties is prohibited.
• You may not accept Card Account Numbers through Electronic
Mail over the Internet.
NOTE: Address
Verification Service (“AVS”) does not guarantee against Chargebacks, but used
properly, it assists you in reducing the risk of fraud by confirming whether
certain elements of the billing address provided by your customer match the billing
address maintained by the Issuer. AVS also may help you avoid incurring additional
interchange expenses. AVS is a separate process from obtaining an Authorization
and will provide a separate response. A transaction may not match addresses when
submitted for AVS and still receive an Authorization. It is your responsibility
to monitor the AVS responses and use the information provided to avoid
high-risk transactions.
3.2.1. Discover Network Protocol for Internet Transactions. Each Internet
Discover Network Card transaction accepted by you and
submitted to us shall comply with Discover Network standards, including,
without limitation, Discover Network standards governing the formatting,
transmission and encryption of data, referred to as the “designated protocol.”
You shall accept only those Internet Discover Network
Card transactions that are encrypted in accordance with the
designated protocol. As of the date of these Operating Procedures, the
designated protocol for the encryption of data is Secure Socket Layer (SSL). We
may, at our discretion, withhold Settlement until security standards can be
verified. However, the designated protocol, including any specifications with
respect to data encryption, may change at any time upon thirty (30) days
advance written notice. You shall not accept any Internet Discover Network Card
transaction unless the transaction is sent by means of a browser which supports
the designated protocol.
