Avoid Merchant Account Fees - Know The New Visa Rules!

Visa is introducing new rules for fraud prevention, data transparency, and decline rates in CNP payments. While some changes took effect in 2020, most became effective in April 2021, and some will continue to hit effective dates through 2023. 

The rules are intended to reduce fraudulent payment activity as well as help merchants understand the transaction process better. But they will also have a major effect on your payment processes as well as your merchant account rates.

How Visa’s new rules for authorization responses will affect your merchant account rates.

Often, when a transaction authorization is declined, the associate will attempt to process the transaction again to see if it goes through. This can result in extra fees for the business owner. 

Visa’s new rules define when merchants are allowed to retry a transaction. They also define how many times they are allowed to reattempt the transaction within a specific time period. And they disclose the fees associated with the additional authorization reattempts.

Authorization reattempt parameters for each category:

For all categories, merchant fees for reattempts go into effect beginning April 1, 2021. (See category breakdown below)

For category 1, any attempt to retry a declined transaction will result in additional fees for the merchant.

For each of the remaining categories, merchants are allowed up to 15 retries within 30 days without extra fees. Any attempt beyond 15 will result in additional fees. The one major exception is Decline code 14 (Cat 3) Invalid Account Number. Visa does not permit merchants to reattempt authorization for decline code 14. If you do, it will result in a non-compliance fee.

Beginning April 1, 2021, Visa will charge $0.10 per transaction for domestic transactions reattempts beyond 15. Beginning October 1, 2021, Visa will charge $0.15 for international transactions beyond the initial 15 tries. 

The new Visa rules will focus on three areas of the card payment transaction process:

• Decline Code Management
• Authorization Consistency
• Cardholder Fraud Management

Merchants who offer memberships and subscriptions will need to pay close attention to these new rules. The very nature of recurring transactions means there are commonly more authorization attempts. Recurring billing relies on card-on-file data. But this data often changes with time. Cards can be lost or stolen, or they simply expire. Customers often forget to update their card-on-file data, resulting in automatic declines. 

Today, we’re going to summarize the new rules in each category for merchants to help make them easier to understand. We will also cover strategies merchants can use to avoid new Payment Processing fees associated with the new rules and how we can help.

New Visa rules for authorization responses/declines - broken down.

1. Decline Code Management

There is a clear lack of consistency in decline reason code application. This unfortunately has fueled authorization denial rates over the years. There are over 5000 card issuers in the U.S. As you can imagine, without a universal code list, there are a lot of discrepancies between companies and the codes they commonly use. In addition, many issuers tend to default all declines to the most common category, whether it applies or not. 

 In order to create more clarity in the payment process for merchants, decline codes will now fall into one of 4 categories. This allows card issuers to provide accurate reasons, so there is less confusion for merchants when a transaction is declined. 

These are the four decline code categories:

Category 1 - Issuer will not approve

Category 2 - Issuer cannot approve at this time

Category 3 - Data quality issues

Category 4- Generic response codes

Within each category exists several sub reasons for the decline. This is to further clarify the specific reason the card issuer is declining the authorization. For example, if you run a stolen card, you will receive a category 1 decline with a sub decline code of 43 - stolen card. We will list the decline codes that fall in each category below.

Let's break down the specifics of each decline code category.

Category 1- Issuer will never approve the transaction

This category is for transactions that the card issuer will never approve. This category indicates that the card has been blocked for use, or possibly never existed. 

Beginning October 1, 2021, merchants will be charged a non-compliance assessment for any attempt to reauthorize any category 1 decline.

Category 1 decline codes include:

03 Invalid Merchant

04 Pickup Card

07 Pickup card (special condition)

12 Invalid Transaction

15 No such issuer

41 Pickup card (lost card)

43 Pickup card (stolen card)

57 Transaction not permitted to cardholder

62 Restricted card

78 No Account

93 Transaction cannot be completed

R0 Stop payment order

R1 Revocation of authorization order

R3 Revocation of all authorization

Category 2 - Issuer cannot approve at this time

Declines that fall into this category are ones that normally could be approved, but there is an issue at the moment. These types of declines are of a temporary nature. Because the information is correct, but circumstances are there that could change or improve. It means the issuer could approve the authorization if reattempted at a later time. This can be anything from a system issue to insufficient funds availability. 

Visa will allow up to 15 reattempts per card within a 30-day period. Any attempt to reauthorize the transaction beyond 15 results in additional fees. 

Category 2  Decline codes include:

19 Re-enter transaction

51 Insufficient funds

59 Suspected fraud

61 Exceeds withdrawal amount limits

65 Exceeds withdrawal frequency

75 Allowed number of PIN entry tries exceeded

86 ATM malfunction

91 Issuer or switch is inoperative

96 System malfunction

N4 Cash request exceeds issuer limit

N3 Cash service not available

Category 3 - Data Quality Issues

Declines will fall into this category when the card issuer cannot approve the transaction based on the data submitted. In other works, one piece of the transaction data is either incorrect or invalid. This can happen when the CVV code is entered incorrectly or the expiration date is incorrect or expired.

Merchants are allowed to reattempt the transaction up to 15 times within a 30-day period for most Category 3 declines. However, merchants are not permitted to reattempt decline code 14- Invalid account number.

Category 3 decline codes include:

14 Invalid account number

54 Expired card

55 Incorrect PIN

82 Negative online CAM, dCVV, iCVV, or CVV results

N7 Decline for CVV2 failure [Visa]

In the Europe region: 1A (Additional customer authentication required)

In the Europe region: 70 (PIN data required)

Category 4 - Generic decline codes

This category is for authorization declines where no other code applies. While the majority of decline responses fall into one of the other categories, there will be some that won’t apply. Most of the time, it will be due to the decline being for technical reasons. Or the reason may simply not apply to merchants or acquirers.

For this reason, they have reserved a category to place declines that don't fit in any other category.

Issuers may use Category 4 codes for special circumstances, however they must only do so if necessary. To curb use, Visa has put a limit on category 4 code use for issuers. Category 4 codes can only account for 10 percent of their total declines.

2. Authorization Data Quality/Consistency

It has become common practice by some merchants to amend data fields in an attempt to get approval after the initial decline. However, Visa knows that manipulating data fields such as MCC, merchant country, and AVS only serve to waste resources and time for everyone.

To combat this practice, Visa will charge a Non-Compliance Fee for every reauthorization attempt with altered data fields. Even if the data change is the result of accidentally mis-keyed data or a fraud attempt, merchants will be charged the fee. Unfortunately this is a case where everyone will pay for the bad acts of the few. 

3. Cardholder Fraud Management

First party fraud, also called friendly fraud, is becoming a significant problem for merchants. This type of fraud occurs when a customer uses the chargeback filing process to recover the costs of a legitimate purchase.

The cardholder dispute system, created by card issuers, is meant to protect customers against fraud and unscrupulous merchants. 

However, abuse of the system is becoming all too common among normally good customers. And it costs both merchants and card issuers a lot of money.

In fact, recent fraud statistics are staggering:

• Fraud costs merchants $3.13 for every $1 lost to fraud. 
• ⅓ of respondents admitted to committing friendly fraud in 2020 (for legit purchases).
• And 81% stated they submitted a chargeback simply because it was more convenient.

This is a problem that must be addressed both locally and through consumer education.

New Visa rules, effective April 18, 2020, mandate that merchants put specific controls in place to assist in the fight against fraud. 

• CNP merchants are required to validate cardholder approval.
• Merchants are required to set base-level per day card use/purchase controls for card-on-file customers.
• Controls that match the merchant’s fraud/disputes rates are recommended.
• Set limits for card use must not exceed a maximum of 25 transactions per day.
• Following a fraud dispute, merchants are required to suspend provision of goods/services to the customer until the dispute is resolved.
• Merchant must reauthenticate the cardholder prior to resuming card transactions.
• Merchants with high chargeback ratios must provide contact information within transaction details. CNP merchants with high disputes who fail to provide this information will be subject to non-compliance penalties.

What does this mean for merchants, and what can we do to help?

MonerePay, together with our banking partner, works diligently to ensure accurate card holder data and maximize transaction approvals. In addition, we work tirelessly to create and provide tools to help merchants combat fraud.

However, merchants might be surprised to learn that most declines are not due to fraud control. In fact, most declines are attributed to insufficient credit, invalid data submission, or card status. 

There are several ways your Merchant Service Provider can support you in meeting the new Visa rules. Contact your merchant account provider to make sure your services are set up properly to reduce reattempts and/or inaccurate data. 

Here are some of the ways merchants can put our expertise as well as our powerful analytics capabilities to work for you:

We can help you create a balanced authorization retry strategy. We will review your current practices and create accurate decline code mapping. Then we compare incremental revenue against repeated declines. A balanced strategy will include validating compliance with Visa submission rules to avoid fees and assessments.

And we will want to make sure you employ preventative measures, such as fraud mitigation software, to reduce your attack exposure.

Account Updater is an automated service that automatically updates a customer's “card-on-file” when there is a new expiration date or the bank issues a new account number. This will help reduce declines for expired cards, as well as the following reattempts for recurring billing.

Our experienced, ETA-Certified advisors can also review your MCC (merchant category code) for accuracy. Some MCCs have higher risk ratings. There are also occasional MCC status changes that could apply to your business. Making sure your MCC is the most accurate can help maximize transaction authorization rates. 

You can also program your system to not produce a retry action based on specific decline response. For instance, in the case of a Category 1 or code 43 declines, where reauthorization attempts are prohibited. 

Merchants, issuers, and processors must work closely together to develop strategies to reduce decline rates. Only by working together will we be able to address challenges in data transparency along with risk analysis.

If you're interested in customized merchant services that leverage innovative financial technology, MonerePay is for you. Your dedicated account advisor will craft a customized merchant account solution specifically for your needs.

Call us today, it's time you see how MonerePay powers business.