UPCOMING SCHEME CHANGES MERCHANTS/PARTNERS/ISO COPY Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 1
Rights of use: COMPLYING WITH ALL APPLICABLE COPYRIGHT LAWS IS THE RESPONSABILITY OF THE USER. WITHOUT LIMITING THE RIGHTS UNDER COPYRIGHT, NO PART OF THIS DOCUMENT MAY BE REPRODUCED, STORED IN INTO A RETRIEVAL SYSTEM, OR TRANSMITTED IN ANY FORM OR BY ANY MEANS (ELECTRONIC, MECHANICAL, PHOTOCOPYING, RECORDING, OR OTHERWISE), OR FOR ANY PURPOSE, WITHOUT THE EXPRESS WRITTEN PERMISSION OF PAYVISION. PAYVISION MAY HAVE PATENTS, PATENT APPLICATIONS, TRADEMARKS, COPYRIGHTS, OR OTHER INTELLECTUAL PROPERTY RIGHTS COVERING SUBJECT MATTER IN THIS DOCUMENT. EXCEPT AS EXPRESSLY PROVIDED IN ANY WRITTEN LICENSE AGREEMENT FROM PAYVISION THE FURNISHING OF THIS DOCUMENT DOES NOT GIVE YOU ANY LICENSE TO THESE PATENTS, TRADEMARKS, COPYRIGHTS, OR OTHER INTELLECTUAL PROPERTY. DISCLAIMER This document does not in any way replace the documents from Schemes. In case of any doubt, user should always refer to scheme documents. This document is prepared by Payvision based on information and previous experience with scheme changes and is therefore based on how Payvision understands and handles scheme changes. By continuing to read this document, User accepts and understands that the information contained represents Payvision s guidelines based on scheme guidelines. Payvision shall not be liable for any misinterpretation of the Scheme s rules. Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 2
TABLE OF CONTENTS 1. Introduction... 4 1.1. Target audience... 4 1.2. Purpose of the guide... 4 1.3. Contact information... 4 2. Flagging of MasterPass Transactions in Europe Mandate Reminder... 5 3. Maestro Contactless Transactions at POS Terminals Clarification... 6 4. Introduction in Europe of Maestro Low Risk Merchant Program for e-commerce Transactions... 7 5. Revised Standards for Transaction Information Documents and Formsets... 9 6. Revised Standards Co-Badged Cards and Cardholder Choice... 10 7. Introduction of new 2 series MasterCard BIN range-reminder... 12 Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 3
1. INTRODUCTION 1.1. Target audience This document has been created for Payvision merchants/resellers/isos regardless of the acquiring bank used by the user. The document is meant to provide notice and information regarding scheme changes as announced by the Schemes. 1.2. Purpose of the guide The purpose of this document is to inform merchants/resellers/isos of any upcoming scheme changes that might have an impact on the users. The document will also remind users of general scheme compliance changes, rules and mandates. This document does not replace official scheme documentation, member letters and scheme bulletins. The document contains summary level interpretation of such changes based on the understanding of Payvision. 1.3. Contact information Should you wish to obtain further clarification regarding the details of the document, please contact the Operations Department: Tel: +31 (0) 20 794 23 30 Fax: +31 (0) 20 794 23 32 Email: schemecompliance@payvision.com Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 4
2. FLAGGING OF MASTERPASS TRANSACTIONS IN EUROPE MANDATE REMINDER What is changing? MasterCard is reminding customers of the requirements for the Wallet Identifier (WID) and usage for this field. Current situation. The new data values were introduced to identify MasterPass transactions both for issuers and acquirers. Europe region acquirers processing e-commerce transactions are reminded that they are required to ensure technical support for the data elements. What does the change mean? As an acquirer, Payvision must ensure that all MasterPass Transactions from all merchants reach the MasterPass network. To achieve this it is necessary to ensure that all our Service Providers (such as PSPs) support the WID. The Wallet Identifier (WID) is a three digit value created and populated by the MasterPass wallet which Merchants and acquirers are required to pass only (not create) from the MasterPass Checkout XML. Acquirers are not only required to support the data but are also responsible for the WID to be correctly passed through and must therefore ensure that they are monitoring that the data is passed through for every MasterPass transaction and partners have updated their interface accordingly. How will this affect you? This change affects you if you accept MasterPass transactions. You will be required to ensure that WID is passed along in both authorization and clearing. A follow up email will be sent in the coming weeks indicating the fields to be used to pass on the WID. Effective date. Already effective Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 5
3. MAESTRO CONTACTLESS TRANSACTIONS AT POS TERMINALS CLARIFICATION What is changing? MasterCard is clarifying the standards to be applied to Maestro Contactless transactions at POS terminals where merchants may want to accept transaction above CVM limit without CVM. Current situation MasterCard previously announced that Maestro Contactless acceptance will be accommodated in specific acceptance segments where Maestro contact transactions without CVM had already been allowed up to certain thresholds. What does the change mean? Merchants in Tollways (MCC 4784) and Parking Lots and Garages (MCC 7523) may configure their terminals to perform Maestro contactless transactions exceeding the applicable CVM limit without CVM. The Acquirer/Merchant is liable for a fraudulent Maestro contactless transaction that exceeds the CVM Limit and is completed without CVM. How will this affect you? If you are a Tollway or Parking Garage merchant, you can perform Maestro Contactless transactions without CVM. However, Payvision will pass on any liability related to fraudulent Maestro transactions to you should the same be passed on to Payvision by MasterCard. Effective date. Immediately Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 6
4. INTRODUCTION IN EUROPE OF MAESTRO LOW RISK MERCHANT PROGRAM FOR E-COMMERCE TRANSACTIONS What is changing? MasterCard introduces a new European program to enable Maestro e-commerce transactions to be conducted using a risk-based approach to customer authentication for pre-identified categories of low-risk transactions. The purpose of the new Maestro Low Risk Merchant Program for e commerce transactions is: To reduce fraud in online payments To encourage merchants to implement SecureCode To promote a risk-based approach to SecureCode authentication To promote an enhanced checkout experience for Maestro cardholders Current situation The European Banking Authority (EBA) has produced a set of guidelines that addresses the security of Internet transactions, including strong authentication requirements for Internet payments. The EBA Guidelines allow also for merchants to undertake a risk based approach to authentication. In particular, the EBA Guidelines allow alternative authentication measures for low-risk payments to balance security with consumer convenience during the online transaction authentication process What does the change mean? The Maestro Low Risk Merchant Program will enable low-risk, high volume e-commerce merchants to conduct Maestro e-commerce transactions using a risk-based approach to SecureCode authentication, as long as this is effective in maintaining fraud at a level within the 10 basis points program threshold. The new program allows approved e-commerce merchants to use alternative authentication measures for pre-identified categories of Maestro low-risk transactions on the condition the Maestro issuer BIN (account range) is enrolled in the program. The definition of low-risk transaction is a responsibility of the approved merchant. How will this affect you? Approved e-commerce merchants may accept Maestro transactions without having to attempt strong SecureCode authentication in every instance. However, approved merchants must obtain SecureCode strong authentication from the Maestro issuer on registration of card payment data with merchant account and on high-risk transactions. The definition of high risk is the responsibility of the approved merchant. For the Maestro issuer BINs not enrolled in the program, approved merchants must attempt SecureCode strong authentication on all Maestro e-commerce transactions irrespective of low-risk or high-risk definition. The new program is designed for e-commerce merchants that store consumers payment details on file so that they recognize the consumer when that person returns and makes a subsequent payment. Merchants participation in the program is optional. You MUST submit a request to Payvision should you wish to participate into the program. Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 7
Eligibility Requirements Merchant participation in the Maestro Low-Risk Merchant Program is subject to an eligibility check process to verify that the e-commerce merchant fulfils the following program requirements: Acquired volume exceeding 100,000 EUR per month for the last 12 months Fraud rates of less than or equal to 10 basis points for the 2 consecutive quarters preceding the application. Merchant support of SecureCode to enable strong authentication performed by the issuer Agree to a Global Risk Management Program Review as part of the Maestro Low-Risk Merchant Program process. Merchants will undergo the Global Risk Management Program Review on sign up. The objective of the review is to validate the merchant eligibility requirements and make sure that the merchant has solid risk management processes. There will be a service fee for the Global Risk Management Program Review. For approved e-commerce merchants to meet the program criteria; cardholders must be able to: Register on the e-commerce merchant s website Create an account with log-in credentials Add the Maestro card number for use in e-commerce transactions If all the above eligibility requirements are met, then the Merchant will receive a MasterCard-assigned ID and a Static AAV. Payvision is required to uniquely identify approved merchants within the transaction message through the MasterCard-assigned ID. Please contact your designated Account/Relationship Manager or schemecompliance@payvision.com for more information. Effective date. Immediately after registration with MasterCard through Payvision. Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 8
5. REVISED STANDARDS FOR TRANSACTION INFORMATION DOCUMENTS AND FORMSETS What is changing? Effective immediately, MasterCard is streamlining its Standards related to transaction information documents (TIDs). Upon completion of a transaction, a merchant, cash disbursement agent, and PINbased in-branch terminal must produce a TID (also called a transaction receipt) compliant with MasterCard Standards and with applicable law. Current situation MasterCard will start enforcing standards indicated below. What does the change mean? A copy of the transaction receipt must be produced to the cardholder automatically, unless the cardholder declines to receive one. How will this affect you? You must always produce a receipt to the cardholder following the standards listed below: Standard Wording for Formsets A formset is a Transaction receipt produced by a manual imprinter. The following wording, in English, the local language, or both (or words to similar effect) should appear on the Cardholder copy of a formset: IMPORTANT retain this copy for your records. In addition, the following wording (or words to similar effect) should appear on each copy of a formset for the specified Transaction type. Effective date. Immediately Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 9
6. REVISED STANDARDS CO-BADGED CARDS AND CARDHOLDER CHOICE What is changing? MasterCard is announcing revised standards in connection with the requirements contained in recent released EU Regulation which relate to offering cardholder choice when a card is co-badged. Current situation These requirements follow the European industry requirements approved by the European Payments Council (EPC) on 26 February 2016 (cf. EPC050-16 bulletin). What does the change mean? EU Regulation permits the co-badging of cards with more than one payment scheme and also requires that, while a merchant may pre-select a payment application, a means for the cardholder to override the merchant s pre-selection must be provided. How will this affect you? You MUST be compliant with these regulations as indicated below. Prohibited Practices: Discrimination- EU ONLY Neither a Customer nor a Digital Activity Customer, Merchant, Payment Facilitator or Service Provider may directly or indirectly, prevent the use of MasterCard, Maestro, or Cirrus as a brand for Intracountry Transactions in the EU or for Intra-EU Transactions. Chip Environment By way of example but not limitation, the following requirements apply in the chip environment: If a MasterCard, Maestro, or Cirrus Payment Application is supported by both the Card and the Terminal, its use must not be blocked or impaired by technical or other means, such as software in the Terminal. When supported, the MasterCard or Maestro Payment Application must be shown clearly. If the Merchant has pre-selected a payment application, the fact of pre-selection must be shown clearly on the Terminal, along with the means for the Cardholder to override the preselection, until the Cardholder has chosen to either accept or override the pre-selection. The means to override the pre-selection must always be offered via the Terminal, which must face the Cardholder, and not only verbally by the Merchant. The difference between overriding the pre-selection and cancelling the Transaction must be shown clearly to the Cardholder via the Terminal, for example a change application key separate from the cancel key. If a MasterCard or Maestro Payment Application is supported by both the Card and the Terminal, the Cardholder must be given the opportunity to complete the Transaction with Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 10
such Payment Application, unless the Terminal has no screen and/or PIN pad. In that case, the priority order defined in the Terminal, if any, may be used. The payment application selected by the Cardholder on the Terminal must not be overridden by technical or other means, such as software in the Terminal. The Cardholder s chosen payment application must not be converted to a different payment application from that chosen by the Cardholder. Electronic Commerce Environment By way of example but not limitation, the following requirements apply for Transactions completed in an electronic commerce environment: The Merchant must clearly display on its website each available acceptance brand individually, so that the Cardholder may select MasterCard or Maestro independently of any other brand that may co-reside with MasterCard or Maestro. If the Merchant has pre-selected an acceptance brand, the means for the Cardholder to override the Merchant s pre-selection must be presented in a clear and non-discriminatory manner. The Cardholder s chosen acceptance brand must be respected and must not be converted to a different acceptance brand from that chosen by the Cardholder. Digital Environment By way of example but not limitation, the following requirements apply for Transactions completed in a digital environment, such as in-app Transactions and Transactions completed through a digital wallet, including MasterPass: A Merchant, Digital Wallet Operator and Digital Activity Customer must allow the Cardholder to set a default payment application and to choose the payment application to be used for an individual purchase. If a particular payment application is set as the default, the means to change the default must be presented clearly to the Cardholder. A user interface payment application selection method that is not already defined in the Corporation s specifications must be approved by the Corporation in writing before it is implemented. The Cardholder s chosen payment application must be respected and must not be converted to a different payment application from that chosen by the Cardholder. Effective date. 9 June 2016 Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 11
7. INTRODUCTION OF NEW 2 SERIES MASTERCARD BIN RANGE-REMINDER What is changing? To help ensure that MasterCard and its traditional and non-traditional customers are best positioned to enable the next generation of payments, MasterCard is expanding the BIN range by introducing a new range of 2 series BINs, to be processed in the same way as the 510000 559999 series BINs are today. Both BIN series must be processed as MasterCard and treated in the same manner. BIN range series is the first six numeric values at the start of a card number. Current situation MasterCard cards start with 5 and Maestro cards start with 6. What does the change mean? MasterCard will allow issuers to issue cards starting with 2. MasterCard rules will be applied to the new 2 series BINs as applied to existing MasterCard BINs Members must recognise, process, and route transactions on PANs in the 222100 272099 BIN range the same as the existing MasterCard BINs. The 2 Series BINs will be used for both tokenisation as well as real card numbers Card verification method (CVM) of both Signature and PIN must be supported for the 2 series BINs The 2 series BIN will be constructed in the Acquirer Reference Number as done to existing BINs The new 2 series BIN range will have the same impact as the existing MasterCard BIN range for the following items: Products Rules Pricing and interchange Settlement and reconciliation Reporting Chargebacks Both card-present and card-not-present channels must be updated to process the new 2 series BINs as MasterCard BINs Terminal configuration and software updates may be required to process 2 series BINs Ecommerce transactions may require updates to the web interfaces to process 2 series BINs Shopping carts must recognize the card numbers in the 2 series BIN range as MasterCard How will this affect you? Payvision has completed the necessary system updates to ensure correct processing of the new 2 series BIN. You are advised to make necessary changes on your end to ensure that you can support the new BIN series and can accept MasterCard cards starting with 2. You are also mandated to carry testing to ensure that your systems can correctly process 2 series BIN. Testing PANs have already been distributed. To make testing arrangements, please contact Technical Support: TechnicalSupport@payvision.com Effective date. October 2016 June 2017- Field testing of the cards with a 2 series BIN from each region will begin. July 2017- Issuance of cards containing a 2 series BIN to cardholders will begin. Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 12