Payments

The Visa & MasterCard Mandate for Subscription Transactions

Blog Image - Mastercard and Visa Subscription Mandate


Increasingly, e-commerce companies are storing customer's payment credentials – credit card numbers, and other information necessary to authorize a transaction – for subscriptions, automatic billing, one-click shopping, and other automatic or recurring payments.  This year, Visa and MasterCard are rolling out new guidelines for how to handle stored credentials.

Download the eGuide, 4 Reasons to Hire a Chargeback Management CompanyStoring payment information makes things easier and faster for customers, but, any time a card is charged without the cardholder's direct knowledge and approval in the moment, there is potential for abuse and misunderstandings.  The card networks want to make customers more aware of the fact that their card information is being stored and may be charged in the future, without their direct involvement.

When will the Subscription Mandate take effect?

The mandate has already gone into effect for both Visa and MasterCard, with compliance monitoring beginning in October of 2018.
If your e-commerce business keeps customer card information on file, you need to make sure you're ready to get in line with the new requirements.
Fortunately, compliance shouldn't be too difficult, and the end result should result in more authorizations, fewer chargebacks from confused customers, and better outcomes for everyone involved in the process.

What kinds of transactions are covered by the Subscription Mandate?

The specific types of Credential on File transactions covered by the mandate are:
  • Recurring Payments (subscriptions, automatic billing)
  • Installment Payments
  • Unscheduled Merchant-Initiated Payments (products automatically shipped when certain conditions are met, accounts that automatically get topped up when the balance drops below a certain threshold, et cetera)
  • Unscheduled Customer-Initiated Payments (one-click shopping)
While there are some variations in the mandate's requirements for each of these transaction types, many of the new rules are applicable across the board.

 

What are the Subscription Mandate requirements?

There are a few requirements common to all affected transaction types:
  • Before the first transaction in a series of recurring payments is processed, the merchant must ask the cardholder to consent to have their payment credentials stored for future transactions
  • All the requirements outlined by the mandate must be displayed, separate from the merchant's own general purchase terms and conditions, at the time the cardholder enters into a purchase agreement with the merchant. Some local laws or regulations may also require the merchant to provide the cardholder with a record of their consent to the agreement if requested
  • When a card information is being stored for future transactions, but no simultaneous purchase is being made, the merchant should submit an Account Verification Request (a $0.00 transaction) instead. If either an initial payment or the Account Verification request is declined, the payment credentials must not be stored

What are the Subscription Mandate requirements for Stored Credential Transactions?

When storing payment credentials for the first time, the merchant must establish an agreement with the cardholder that contains all of the following:
  • A truncated version of the stored credential (for example, the last four digits of a credit card)
  • The method by which the cardholder will receive notice of any changes to the payment agreement
  • How the stored credential will be used
  • The expiration date of the agreement, if applicable
Before processing the initial transaction, the merchant must obtain the cardholder's express, informed consent to an agreement, which must be retained by the merchant for as long as it remains in effect and must be provided to the issuing bank upon request. The agreement must contain the following:
  • The transaction amount, including all taxes, fees, and other included charges. If the exact amount is unavailable at the time the agreement is made, the agreement must contain an explanation of how the transaction amount will be calculated
  • The type of currency used in the transaction
  • Acknowledgment of any permissible surcharges
  • Cancellation and refund policies
  • The merchant outlet location
Each subsequent transaction made as part of the agreement must be authorized, and if the authorization is declined, the merchant has at least 14 days to resubmit the authorization, if the reason code provided for the decline allows it.
New call-to-actionThe merchant also has to provide their customers with a simple way to cancel the agreement and cannot process further transactions if the cardholder makes use of the cancellation procedure. The merchant is also prohibited from processing additional transactions if the end date of the agreement has passed or if the cardholder requests a change to their method of payment.

 

 

Do I have to comply with the Subscription Mandate?

The major card networks have not yet disclosed whether fines or penalties may be levied on merchants that fail to comply with the mandate. However, non-compliance may result in the following consequences for merchants:
  • A greater number of declined transactions
  • The inability to take advantage of improved authorization rates
  • Non-compliance assessments yet to be determined
For the most part, compliance is currently being encouraged by the benefits merchants will see by following the new requirements – namely, more transaction authorizations and fewer chargebacks.

 

How do I comply with the subscription mandate?

In order to bring their procedures into compliance with the requirements outlined by the new mandate, merchants may need to make changes to their checkout pages, terms and conditions, and any other pages or forms that capture payment information or communicate purchase policies to their customers.
In most cases, all that is required to obtain customer consent for stored credentials is a simple checkbox on the page where payment information is entered.



Making big changes to comply with new rules handed down by the major card networks can be a hassle, but when the outcome is more authorizations and fewer chargebacks, it is well worth the effort.

Is your business equipped for these new mandates?  If not, our new eGuide will help you to understand the policy changes and how to bring your procedures into compliance.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com
Download the Storing Payment Credentials eGuide