The Visa & MasterCard Mandate for Subscription Transactions
Increasingly, e-commerce companies are storing customer's payment credentials – credit card numbers, and other information necessary to authorize a transaction – for subscriptions, automatic billing, one-click shopping, and other automatic or recurring payments. This year, Visa and MasterCard are rolling out new guidelines for how to handle stored credentials.
Storing payment information makes things easier and faster for customers, but, any time a card is charged without the cardholder's direct knowledge and approval in the moment, there is potential for abuse and misunderstandings. The card networks want to make customers more aware of the fact that their card information is being stored and may be charged in the future, without their direct involvement.
When will the Subscription Mandate take effect?
What kinds of transactions are covered by the Subscription Mandate?
- Recurring Payments (subscriptions, automatic billing)
- Installment Payments
- Unscheduled Merchant-Initiated Payments (products automatically shipped when certain conditions are met, accounts that automatically get topped up when the balance drops below a certain threshold, et cetera)
- Unscheduled Customer-Initiated Payments (one-click shopping)
What are the Subscription Mandate requirements?
- Before the first transaction in a series of recurring payments is processed, the merchant must ask the cardholder to consent to have their payment credentials stored for future transactions
- All the requirements outlined by the mandate must be displayed, separate from the merchant's own general purchase terms and conditions, at the time the cardholder enters into a purchase agreement with the merchant. Some local laws or regulations may also require the merchant to provide the cardholder with a record of their consent to the agreement if requested
- When a card information is being stored for future transactions, but no simultaneous purchase is being made, the merchant should submit an Account Verification Request (a $0.00 transaction) instead. If either an initial payment or the Account Verification request is declined, the payment credentials must not be stored
What are the Subscription Mandate requirements for Stored Credential Transactions?
- A truncated version of the stored credential (for example, the last four digits of a credit card)
- The method by which the cardholder will receive notice of any changes to the payment agreement
- How the stored credential will be used
- The expiration date of the agreement, if applicable
- The transaction amount, including all taxes, fees, and other included charges. If the exact amount is unavailable at the time the agreement is made, the agreement must contain an explanation of how the transaction amount will be calculated
- The type of currency used in the transaction
- Acknowledgment of any permissible surcharges
- Cancellation and refund policies
- The merchant outlet location
Do I have to comply with the Subscription Mandate?
- A greater number of declined transactions
- The inability to take advantage of improved authorization rates
- Non-compliance assessments yet to be determined
How do I comply with the subscription mandate?
Making big changes to comply with new rules handed down by the major card networks can be a hassle, but when the outcome is more authorizations and fewer chargebacks, it is well worth the effort.
Is your business equipped for these new mandates? If not, our new eGuide will help you to understand the policy changes and how to bring your procedures into compliance.