Paya is a merchant service provider dedicated to facilitating the passage of your sales tickets back to the thousands of institutions that issue MasterCard® (including Diners Club®) and Visa® Cards carried by your customers, as well as to the independent card issuers of American Express®, Discover®, and JCB®.
Here we have summarized a few basics to get you started and help you with a few best practices and tips on how to make the most out of your relationship with Paya and to protect yourself against chargebacks and fraud.
The following rules are requirements strictly enforced by Visa and MasterCard:
- Merchants can choose the category of Visa or MasterCard cards they will accept.
- Accept all Visa and MasterCard cards, including consumer credit and debit, and commercial cards.
- Accept Visa and MasterCard consumer credit and commercial cards only (those merchants choosing this option must accept all Visa and MasterCard credit and commercial products including Visa business check cards).
- Accept Visa and MasterCard consumer debit only (those merchants choosing this option must accept all Visa consumer debit card products).
- You cannot establish any special conditions for accepting a card.
- You cannot establish procedures that discourage, favor or discriminate against the use of any particular card.
- You cannot require the cardholder to supply any personal information (i.e., home or business phone number; home or business address; or driver's license number) unless instructed by the authorization center. The exception to this is for a mail/telephone order or delivery-required transaction, and zip code for a card-present key-entered transaction in order to obtain Address Verification (AVS).
- Any tax required to be collected must be included in the total transaction amount and not collected in cash.
- You cannot submit a transaction or sale that has been previously charged back.
- You must deliver at least one (1) copy of the sales slip or credit slip to the cardholder.
Effective Expiration Dates
At the point of sale, the card should be carefully examined for the effective (valid from if present) and expiration (valid to) dates which are located on the face of the card. The sale date must fall on or between these dates.
Check the back of the card and ensure that the signature panel has not been disfigured or tampered with in any fashion (an altered signature panel may appear discolored, glued, painted, or show erasure marks on the surface). The signature on the back of the card must be signed in the same format as the signature panel on the card; (i.e., Harry E. Jones should not be signed by H.E. Jones). Any card having two signatures on the back panel is invalid.
Visa: If the signature panel on the card is blank, in addition to requesting an authorization, a merchant must complete the following:
Review positive identification bearing the cardholder's signature (such as an unexpired passport or driver's license) to validate the cardholder's identity.
Indicate the positive identification, including any serial number and expiration date, on the transaction receipt.
Require the cardholder to sign the signature panel of the card prior to completing the transaction.
MasterCard: If the card is not signed and the cardholder refuses to sign the card, do not accept it for a transaction. If the cardholder is willing to sign the card in your presence, request two pieces of valid and current identification (i.e., driver's license, another bank card, etc.).
Deposits of Principals
Owners, partners, or officers of your business establishment are prohibited from depositing sales transacted on their own personal bankcards, other than transactions for valid purchases of goods or services (i.e., cash advances are prohibited).
Prepare one sales receipt per transaction using the full transaction amount. Merchants may not split the cost of a single transaction between two or more sales receipts, using a single cardholder account in order to avoid authorization limits.
Deposit transactions only for your own business. Depositing transactions for a business that does not have a valid merchant agreement is called money laundering or factoring. Money laundering is a form of fraud associated with high chargeback rates and the potential for forcing merchants out of business.
Authorize only for the known amount, not the transaction plus an estimated tip. An authorization that includes an estimated tip can reduce a cardholder's available funds or credit by an unrecognizable or unexpected amount.
Completion of Sales/Imprint Slips
The following information must be contained on the sales slip:
- The clear imprint of the card* including the cardholder's account number and expiration date
- Cardholder's signature
- Date of the transaction
- Amount of the transaction
- Description of the goods and/or services involved in the transaction (if there are too many items, combine them into one description (i.e., "clothing" instead of "one pair of pants, one shirt"). Do not carry information onto a second sales slip
- A valid authorization code
- Merchant's DBA Name and location (city and state are required)
Note: Whenever the term "imprint" is used, it refers to the process of using a manual imprinting machine to make an impression of the card on a sales slip. It does not include the printout from a roll printer attached to an electronic device. If you use an electronic device (i.e., authorization/draft capture terminal, cash register, etc.) and swipe the card to read and capture the card information through the magnetic stripe, you do not have to imprint the card.
However, if you are unable to swipe the card due to a defective magnetic stripe or your terminal is down, you must imprint the card to prove that the card was present at the time of the transaction. In addition, the sales slip must have the cardholder's signature. Failure to follow these procedures may result in a chargeback. Entering information into a terminal manually will not prevent this type of chargeback.
A copy of the completed sales slip must be given to the cardholder at the time of the transaction.
Mail, Phone, and Internet Orders
You may only engage in mail/telephone/internet orders provided they do not exceed the percentage of your total bankcard volume you indicate on your application. Failure to adhere to this requirement may result in the cancellation of your agreement.
Since you will not have an imprinted or magnetically swiped transaction and you will not have the cardholder's signature on the sales slip as you would in a face-to-face transaction, you will assume all risks associated with accepting a mail/telephone/Internet order transaction. With this in mind, we recommend the following:
- On the sales slip, clearly print the cardholder's account number, effective and expiration dates, date of transaction, description of the goods and services, amount of the transaction (including shipping, handling, insurance, etc.), cardholder's name, billing address, and shipping address, authorization code, and merchant's name and address (city and state required).
- For mail orders, write "MO" and for telephone orders write "TO" on the cardholder's signature line.
- For your protection, it is best to have the cardholder's signature on file or to utilize address verification* to provide an indication as to whether the purchaser is indeed the cardholder, as you are responsible for the identification of the cardholder and the validity of the card user.
- For telephone orders, it is recommended that written verification of the sale be requested from the cardholder (sent by mail or fax).
- You may not submit a transaction for processing until after the merchandise has been shipped or the service has been provided to the customer. Visa will permit the immediate billing of merchandise manufactured to the customer's specifications (i.e., special/custom orders) provided the cardholder has been advised of the billing details.
- Notify the cardholder of delivery time frames, special handling, or a cancellation policy. Merchandise shipping dates must be sent within seven 7 days of the date the authorization was obtained. If this is after the order has been taken, additional delays will be incurred (i.e., out of stock). You must notify the cardholder and reauthorize the transaction.
- You may not require a cardholder to complete a postcard or other document that displays the cardholder's account number in clear view when mailed.
- If you accept orders via the Internet, your website must include all of the following information in a prominent manner:
- A complete description of the goods or services offered
- Returned merchandise and refund policy
- Customer service contact, including email address and/or telephone number
- Transaction currency (U.S. dollars, unless permission is otherwise received from services)
- Any applicable export or legal restrictions
- Delivery policy
- Cardholder information must be secured using SSL
*Address Verification is not a guarantee against chargebacks; it is designed to assist you in reducing the risk of fraud and may help you avoid incurring additional interchange expenses.
Authorization and Capture
All transactions must be authorized in one format or another (i.e., by the terminal, VRU, or voice). Failure to authorize a sales transaction may result in a chargeback and/or the termination of your agreement.
An authorization only indicates the availability of the cardholder's credit at the time the authorization is requested. It does not warrant that the person presenting the card is the rightful cardholder, nor is it an unconditional promise or guarantee that you will not be subject to a chargeback or debit.
For cards other than MasterCard and Visa (AMEX, Discover, JCB, etc.) or for check acceptance, you must follow the procedures for authorization and acceptance for each.
You may not attempt to obtain multiple authorizations for a single transaction. If a sale is declined, do not take alternative measures with the same card to obtain approval of the sale from other authoritative sources. Instead, request another form of payment. If you accept and process a transaction that was declined or attempt multiple transactions and/or multiple authorizations, you are subject to chargeback(s) and cancellation of your agreement.
Inoperable electronic authorization: Should your electronic means of authorization become inoperable, please call the appropriate voice authorization "1-800" number and follow the instructions.
"Call" or "Hold or Call" responses: Should you receive one of these responses, you may call the appropriate voice authorization "1-800" number or ask for another form of payment. A "Hold or Call" requires that you should physically hold the card and call voice authorization and await further instructions.
On occasion, the authorization center will ask you to obtain identification from the cardholder before issuing an approval code. If you are instructed to do so, clearly write the appropriate identification source and number in the space provided on the sales slip unless otherwise prohibited by law.
If the appearance of the card being presented or the behavior of the person presenting the card is suspicious in nature, you must immediately call the voice authorization center (see p.1 for contact information). Enter your Merchant ID (MID) and the zip code and press the '#' for more options, then enter option 8 for the suspicious card and follow the automated prompts. Answer any questions and follow the given instructions.
Chargebacks and Retrievals
Chargeback process/disputes: A cardholder or the card-issuing bank has the right to question/dispute a transaction. In many cases, before a chargeback is initiated, the card-issuing bank requests a copy of the sales or slip through a "media request" or "retrieval". Once a media request or retrieval is received, we will respond by sending a copy of the transaction, if available.
Chargebacks reversals/collections: If your documentation supports a reversal of the chargeback to the card issuer and is received within the Visa and MasterCard reversal time frames, we will reverse the item back to the card issuer and your account will be credited. It is important to note that the reversal is contingent upon the acceptance by the card issuer and/or the cardholder. The item may be presented a second time and your account will be debited accordingly. A reversal is not a guarantee that the chargeback has been resolved in your favor.
If the chargeback is presented by the card issuer a second time, it may not be reversible and you may be debited. If you feel strongly that it is an invalid chargeback, you may request to have Visa or MasterCard review and arbitrate the item to determine the validity. Both Visa and MasterCard have a $250 filing fee and a $250 review fee; both fees may be non-refundable and may be debited to your account. In addition, if the decision is ruled in favor of the cardholder and/or card issuing bank, an additional penalty may be assessed and debited to your account.
If your dispute and documentation support your case but are received after the Visa and MasterCard time frames, our only alternative is to attempt a "good faith" collection with the card-issuing bank. This process can take from 30 to 180 days, and the transactions must meet the card issuer's collection criteria (i.e., above a set dollar amount, usually $50; within a specified time limit, etc.) and the card issuer may assess a collection fee (i.e., $25 to $100). A "good faith" collection is not a guarantee that any funds will be collected on your behalf. You will be credited when and if the card issuer accepts the collection and makes payment (less any fees charged by the card issuer).
Due to the short time frames and the supporting documentation necessary to successfully (and permanently) reverse a chargeback in your favor, we strongly recommend the following:
- Avoid chargebacks by adhering to the guidelines and procedures outlined in this section.
- If you do receive a chargeback, investigate, and if you dispute the chargeback, send in the appropriate documentation within the required time frame.
- Whenever possible, contact the cardholder directly to resolve the inquiry/dispute.
Payment Card Industry (PCI) Compliance
The Payment Card Industry Data Security Standard (PCI-DSS) is a mandatory global standard established by the major card associations to ensure the protection of cardholder data. Based on 12 guidelines, PCI-DSS requires merchants to make their physical and virtual environments secure to ensure the protection of cardholder data. As a merchant accepting credit cards as a form of payment, you are required by the card associations to adhere to PCI-DSS. PCI-DSS encompasses the security programs from Visa and MasterCard, Cardholder Information Security Program (CISP), and Site Data Protection (SOP), respectively.
PCI-DSS sets technology requirements such as the use of data encryption, end-user access control, and activity monitoring and logging. It also includes procedural mandates, such as the need to implement formal and documented security policies and vulnerability-management programs. They were developed to ensure that cardholder data is protected throughout the transaction process. Compliance with the standard applies to all types of merchants, retail, MO/TO, and the Internet. All merchants need to follow best practices for the storage and destruction of all paper or electronic records containing account numbers or cardholder data.
Online Reporting Business Management Tool
What are My Virtual Reports?
My Virtual Reports is a secure, web-hosted online reporting system that lets you take control of your transaction reporting. Merchants can access their account information 24 hours a day/7 days a week. It's easy to use, and best of all, it's free! Take advantage of this service today.
To view the demo, go to: www.SagePayments.com/Demo
What information is available in My Virtual Reports?
My Virtual Reports is a great tool for viewing your deposits, transactional data, batch details, monthly statements, chargebacks, and more. There is a variety of reporting options that allow you to drill down for further detail with a click on the magnifying glass. Reports may be emailed or exported to Excel, Word, HTML, or XML and additionally customized to meet your needs. Some of the most popular reports include:
Daily Batch Summary
- Review the transactions in a particular batch
- Review current and past monthly statements
- Search for specific transactions by date, card number, authorization number, or amount
Returns and Credits Search
- Review returns and credits
12 Month Chargeback History
- Review chargebacks to your account
How can I access Virtual Reports?
Follow the steps below to access our Online Reporting System:
1. Go to: www.myvirtualreports.com
2. Click the Merchant icon
3. Enter your 16 digit Merchant ID (MID) number in the Merchant field
4. Enter your username and password in the appropriate fields
5. Enter the security code at the bottom of the screen
6. Click the Enter Virtual Reports icon
7. Click the menu bar to make a selection
First-time users need to register by clicking the Merchant login screen and entering their Merchant ID number and bank account number.