It seems as if everywhere you look, you see new cyber-security practices being implemented. For example, Visa recently introduced new requirements for businesses that store cardholder payment information for use in future transactions, such as recurring payments and installments. These requirements restrict card use for anything other than a specific authorized use.
How it works
The first time the information is used in a “future use” transaction, Visa passes back a new Transaction ID element (Visa’s term) on authorization requests. The business must retain this ID and send it with subsequent transactions in the “future use stream” for this card/Transaction ID. But only for this specific card and Transaction ID.
That’s not all
Visa also requires that the merchant obtain and store explicit cardholder consent as to the use of the card for the “future use” scenario in question (for example, an auto-charge subscription). If the customer later uses the same card for a different “future use” transaction---even another auto-charge subscription---a separate Transaction ID is issued, and separate cardholder consent must be obtained.
Penalties for non-compliance have not yet been announced but are assumed to be forthcoming.
Supported by Advantage
AdvantageCS now supports these Visa requirements, thanks to the assistance of a client partner. In applicable payment situations, the consent language is shown along with a checkbox for indicating the customer’s consent. If the consent checkbox is not marked, the system will not allow the rep to complete the order.
Advantage is introducing the consent framework within Cider, as well as in the UI. The only difference is that in Cider, you can configure it so that the consent text appears for the customer.
When cardholder consent is obtained, Advantage stores it on the database until consent is explicitly removed. In addition, the required Visa Transaction ID is obtained and used by Advantage Card Vault for future payments involving the card.
Both MasterCard and Discover have announced similar requirements, with some slight differences from the Visa mandate. AdvantageCS is continuing to monitor communications in the marketplace, and is assessing the changes that would be needed to satisfy MasterCard and Discover processing.