Initiatives of the Payments Industry
Electronic Payments Industry Information
This section is provided by Global Payments Inc. as an informational tool to help you stay informed on pertinent industry information, Visa® and MasterCard® compliance requirements and other information about the electronic payments industry.
Card Associations and Card Branding
- Discover® for Merchants
- Discover® Branding
- Discover New Issuer Identification Numbers (IINs)
- Discover Network Acceptance
- MasterCard® International – US Homepage
- MasterCard® Branding
- Acceptance Mark Specifications
- Rules Are Located on Homepage
- MasterCard US & Interregional Interchange Rates
- Visa® USA Homepage
- Visa® Branding
- Visa International Operating Regulations
- Visa U.S.A. Interchange Reimbursement Fees
Securing Cardholder Account Information
Payment Card Industry Security Standards Council (PCI SSC)
The PCI SSC is the membership organization responsible for three important security standards related to safeguarding payment transaction data.
- PCI DSS - Payment Card Industry Data Security Standard
- PA DSS - Payment Application Data Security Standard
- PCI PTS - Point of Sale PIN Transaction Security Standard
All parties involved in payment card acceptance must safeguard payment transaction data and comply with the applicable standard(s). If a system with payment card information is hacked or stolen, then the compromised party must take steps to report the data security breach and work with forensics investigators, law enforcement, merchant acquiring stall and others to report findings. The best defense is to implement data security operating policies, limit stored payment card data and safeguard data that is necessary.
The card associations developed the PCI DSS to help strengthen data security at the merchant level and combat credit card data compromises. Merchants with point-of-sale (POS) systems and computers with an internet connection are at significant risk for having sensitive data - such as customer credit card data - stolen. This kind of theft from security breaches at merchant locations - both large and small - has cost merchants millions of dollars in fines, restitution and reputation. All merchants with internal systems that store, process or transmit cardholder data must comply with Payment Card Industry (PCI) Security Standards.
PCI DSS Program for Level 4 Merchants
To demonstrate our level of commitment, Global Payments is creating a new Merchant Protection Program with a Qualified Payment Application Security Company to help Level 4 Merchants with their PCI DSS compliance validation. Merchants will receive additional information shortly.
EMV U.S. Migration
The card schemes have all implemented mandates to ignite the movement of EMV technology in the U.S. to help reduce credit card fraud and move towards the next level of technology.
Card Schemes Mandates
American Express will work alongside other industry participants to drive interoperability across the U.S. and other countries and support chip-based technology for chip and PIN, chip and Signature, contactless and mobile transactions. The company's key policy requirements and dates are:
- Processors must be able to support American Express EMV chip-based contact, contactless and mobile transactions.
- A merchant is eligible to receive relief from PCI Data Security Standard (DSS) reporting requirements if the merchants' point-of-sale (POS) acceptance locations, where 75% of its transactions occur, are enabled to process American Express EMV chip-based contact and contactless transactions.
- Effective October 2015, American Express instituted a Fraud Liability Shift (FLS) policy that transferred liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology. U.S. fuel merchants will have an additional two years.
- Effective October 2017, the FLS takes effect for transactions generated from automated fuel dispensers.
For more information, visit American Express' website.
Discover announced it is implementing a US EMV mandate.
- Acquirers/processors and direct-connect merchants in the U.S., Canada and Mexico must have the ability to accept contact and contactless EMV transactions. Discover's approach to EMV is both universal and choice-centric, meaning it will not restrict any channel, verification process or transaction type.
- Discover will support:
- All card authentication channels - including online and offline
- All cardholder verification methods - including both chip & PIN or chip & Signature transactions
- All commerce channels - including contact and contactless (which includes mobile)
- Discover has granted PCI Audit Waivers for the annual PCI DSS audits for a merchant that processes 75% of both contact and contactless transactions.
- Discover has instituted a fraud liability shift for all POS terminals excluding Automated Fuel Dispenser (AFD) merchants. This liability shift benefits the issuer or merchant that leverages the highest level of available payments security.
- Effective October 2017: AFD merchants are eligible for the liability shift.
For more information, visit Discover's website.
MasterCard announce their U.S. EMV Roadmap which included all card authentication channels, all cardholder verification methods and all commerce channels.
- In October 2012: MasterCard began offering relief from Payment Card Industry (PCI) compliance validation requirements for Level 1 and 2 Merchants if 75 percent or more of the merchant transactions are captured at hybrid EMV terminals.[SR1]
- MasterCard mandates that all Acquirers and Sub-processors be enabled to process EMV transactions.
- Effective as of October 2015: Potential Account Data Compromise Relief may be reduced up to 100% of the Operations Reimbursement and Fraud Recovery exposures in the event of account data compromises, if at least 75 percent of the merchant transactions are captured at hybrid EMV terminals.
- Effective as of October 2015: MasterCard has instituted a fraud liability shift for all POS terminals excluding Automated Fuel Dispenser (AFD) merchants. This liability shift benefits the issuer or merchant that leverages the highest level of available payments security.
- Effective October 2017: AFD merchants are eligible for the liability shift.
For more information, visit MasterCard's website.
Visa announced their Accelerate U.S. EMV Chip Migration Strategy.
- Visa's Technology Innovation Program (TIP) allows eligible merchants to avoid annual PCI DSS compliance validation for any year in which at least 75 percent of the merchant's Visa transactions originate from dual-interface EMV chip-enabled terminals.
- Visa requires all VisaNet processors and sub-processors to support EMV transactions.
- Effective October 2015: Visa has implemented a liability shift for domestic and cross-border counterfeit transactions. This liability shift assigns liability to the party that has not made the investment in EMV chip cards (issuers) or terminals (merchant acquirers), except for AFT and ATM merchants.
- Effective October 2017: Visa will extend the liability shift for AFD and ATM merchants.
For more information, visit Visa's website.
Global Payments is striving to meet the industry mandates and assist our clients throughout their migration process.
- See more at: https://www.globalpaymentsinc.com/us/accept-payments/in-person/emv-card-acceptance
Merchant Class Action Litigation Settlement
In November 2012, the federal district court overseeing In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation (MDL 1720), the merchant class action interchange litigation against MasterCard, Visa and other defendants, preliminarily approved a class settlement agreement that resolves antitrust claims involving MasterCard and Visa's interchange and merchant acceptance rules in the U.S. and its territories.
MasterCard and Visa Changes
Following the class action litigation settlement, U.S. merchants are now allowed surcharge MasterCard and Visa Credit card transactions (not debit or pre-paid card transactions) at the "brand level" (i.e. MasterCard or Visa) or at the "product level," but not both, subject to the following requirements:
- First, a U.S. merchant's surcharges on MasterCard and Visa Credit card transactions cannot exceed certain levels.
- Second, for U.S. merchants that accept credit or charge cards of other payment network brands (i.e. American Express, Discover), surcharging practices are subject to a competitive "level playing field" limitation that depends on whether those payment network brands impose surcharge restrictions on credit cards and the merchants' costs of accepting those credit cards.
- Third, a U.S. merchant that chooses to surcharge (MasterCard and Visa) Credit card transactions must satisfy notification and disclosure requirements to both the payment card network [MasterCard and Visa (beginning December 20, 2012)] and the merchant's acquirer at least 30 days prior to surcharging, which must identify whether the merchant intends to impose surcharges at the brand or product level.
Fourth, a U.S. merchant who surcharges must provide clear disclosure to the merchant's customers (1) at the point of store entry or in an online environment on the first page that references credit card brands, that the merchant imposes a surcharge that is not greater than its applicable merchant discount rate for MasterCard and Visa Credit card transactions; (2) at the point of interaction or sale with the customer, of the merchant's surcharging practices (including the amount of any surcharges that the merchant imposes and a statement that the surcharge is being imposed by the merchant), in a manner that does not disparage the brand, network, issuing bank or the payment card product being used; and (3) of the dollar amount of the surcharge on the transaction receipt provided by the merchant to its customers.
- Use the following links for MasterCard and Visa Surcharging notification procedures:
- MasterCard: http://www.mastercard.us/merchants/index.html
- Visa: https://usa.visa.com/Forms/merchant-surcharge-notification-form.html
- Acquirer: To notify Global Payments Direct Inc. or your affiliated Acquirer that you would like to surcharge, complete this form electronically and and email it to your Global Payments representative or fax it to 443.394.2185.
- MasterCard: https://www.mastercard.us/en-us/merchants/get-support/merchant-surcharge-rules.html
- Visa: Visa: https://usa.visa.com/content/dam/VCOM/download/merchants/surcharging-faq-by-merchants.pdf
Merchant's Obligations - Federal and State Laws
Merchants must continue to respect a cardholder's decision to pay with MasterCard and Visa. The settlement does not impact merchants' existing obligation to accept for payment properly presented MasterCard and Visa cards, including rewards cards. In addition, the rule changes that MasterCard and Visa are implementing under the settlement do not affect any obligation of a U.S. merchant to comply with all applicable state or federal laws, including state laws regarding surcharging of credit or debit card transactions and federal and state laws regarding deceptive or misleading disclosures.
11 states or territories prohibit surcharging:
- New York
- Puerto Rico
- Global Payments Inc. Card Acceptance Guide
- Limited Acceptance Merchants For a definition on limited card acceptance, please refer to the Global Payments Card Acceptance Guide link above.
The information contained herein is for informational purposes only and Global Payments Inc. does not warrant the accuracy or completeness of the information. Although we believe the information to be reliable, we cannot guarantee that it will not be subsequently amended as a result of intervening factors such as rules changes from the card associations. The information contained herein is subject to change without notice and Global Payments Inc. does not undertake any responsibility to update this information after the date hereof. Global Payments Inc. does not endorse any external sites linked herein.