FAQ

Catalystpay.com is an innovative payment service provider that helps e-commerce businesses, whether small or large, connect with their end customers globally. We offer both merchant and banking accounts tailored to your payment processing needs without the painful application process and integration.

Catalystpay.com is the trading name of Catalystpay Limited, a company incorporated in United Kingdom with company registration number NI664786 and whose registered address is at Office 525, Scottish Provident Building, Donegall Square West, Belfast, BT1 6JH, United Kingdom.

Catalystpay.com provides alternative banking solution, merchant accounts and payment gateway to e-commerce merchants, based on our extensive partner network.

To open a merchant or banking account with Catalystpay.com, you’ll need to fill out a short application form. Once you’ve submitted your application our Sales team will contact you for a follow up discussion within 24 hours. We will help you identify the best payment and/or banking solutions based on your business vertical, geographical locations, and other preferences. We shall support you all the way through the onboarding process (1. Application, 2. Integration, 3. Contracting and 4. MID/IBAN issuing) so that you can really focus on growing your business.

 

For AML reasons we have to adhere to our Know-Your-Customer (KYC) policy and may request you to provide some personal information in order to fulfill the identification and authentication requirements.

You are eligible to apply for Catalystpay.com services, if you have your business registered in any of the European Economic Area Member States and your business is not in the prohibited industries list. Please Contact Us to find out more information about the eligibility of your business.

Due to the nature of our services, Pricing is individual and is defined on a case-by-case basis. Please Contact Us to get a Pricing quote for your business.

Yes, our policies and procedures are designed to protect both your confidentiality and the security of your information, including your non-public personal information. We store and process your personal information using third-party servers located in secure data centers, which are protected by firewalls and have restricted access in compliance with applicable regulations. All data passed between Catalystpay.com applications, our servers, and third parties are SSL encrypted.

The personal information we need from you to apply for our services include your name, phone number, email address. Among other things, we use your personal data to verify your identity, protect you against fraud, and provide you our services. You can find out more information about this in our Privacy Policy.

We are legally obligated under the Anti-Money Laundering and Counter-Terrorism Financing regulations to retain information about you and all your transactions for a period of 5 years.

Chargebacks can be initiated by either the cardholder or the issuing bank.

Examples of situations in which the issuer might initiate a chargeback include:

 

·        The transaction was processed late, beyond the card brand’s allotted settlement time limit

·       The merchant didn’t request authorization before processing the transaction

·       The card was charged twice for a single transaction

Examples of situations in which the cardholder might initiate a chargeback include:

·       The goods or services weren’t delivered

·       A refund wasn’t provided as promised

·       The purchase was made by someone other than the cardholder

 

Not all consumer grievances escalate to a dispute. Disputes are intended to be the final option when all other attempts to solve the issue have been exhausted.

 

Often times, consumer grievances can be resolved if the issuer is able to obtain additional transaction information and clarify it with the cardholder.

An issuer may send a retrieval request to the acquirer. The acquirer will respond with transaction information to clarify any confusion and provide additional insight.

 

Retrieval requests were once a popular process used by all the card brands. However, American Express® and Discover® are the only brands to currently require the use of retrieval requests.

Chargebacks are a much-needed consumer protection mechanism. However, they are often used incorrectly and illegitimately. Fraud is the only legitimate reason for filing a chargeback. This includes criminal activity that resulted in an unauthorized transaction. It also includes merchant fraud — situations where the merchant intentionally misled the cardholder or didn’t fulfill obligations.

 

Chargebacks filed under any other pretense are considered illegitimate. Illegitimate chargebacks are commonly known as friendly fraud. Friendly fraud is most often perpetrated out of convenience, as an accident or misunderstanding, or as an intentional act to get something for free.

 

To obtain a legitimate chargeback, cardholders will often make false claims, such as saying the transaction wasn’t authorized or the merchandise wasn’t received. Issuers are responsible for investigating cardholder claims and declining unwarranted chargeback requests.

 

Card brands grant merchants a right called representment, which provides merchants with the opportunity to prove the validity of the original transaction. If merchants are able to supply the required compelling evidence in the given timeframe, the issuer will review the case and reassess the initial chargeback decision. Successful responses will overturn the chargeback, withdrawing funds from the cardholder’s account once again and returning them to the merchant.

 

The chargeback fee will not be refunded in cases of successful representment, nor will the chargeback-to-transaction ratio be recalculated.

In addition to damaging the chargeback-to-transaction ratio, each transaction dispute has financial drawbacks for the merchant too. The chargeback removes revenue from the merchant’s account and returns the funds to the cardholder. Additionally, the merchant is usually assessed a chargeback fee. Therefore, it is important for merchants to try to prevent chargebacks, the resulting revenue loss, and the associated costs. When chargebacks do happen, merchants should fight back and recover lost revenue. Without effective management techniques, chargebacks can cause irreparable damage to the merchant’s bottom line.

Card brands and acquirers monitor merchant risk with a KPI called chargebacks-to-transactions ratio. Exceeding the chargebacks-to-transactions threshold could be considered a breach of the merchant agreement and could result in the loss of the merchant account.

An acquirer is a bank or a financial institution that is authorized by the Card Associations to serve merchants. It is licensed to provide merchant accounts to qualified businesses, enabling these businesses to process payment card transactions.

 

What Does an Acquirer Do?

 

The acquirer is contracted with a processor through a merchant agreement to perform the following duties:

 

 

Also referred to as:

 

Acquiring bank

Merchant’s bank

Merchant Acquirer

An Issuer is the cardholder’s bank. It issues payment cards to authorized consumers.

As a member of the card associations (Visa®, Mastercard®, etc.), issuing banks are authorized to issue payment cards on the associations’ behalf. Issuing banks act as liaisons so cardholders don’t have to deal with card associations and acquirers directly.

These entities are more accurately referred to as ‘issuers’ rather than ‘issuing bank’, as not all institutions that provide payment cards are banks. For example, American Express is a card association that has elected to issue cards directly to cardholders themselves.

What Does an Issuer Do?

An issuer will perform the following duties:

1. Approve or deny credit card applications
2. Set account terms such as credit limits, annual percentage rate (APR), benefits, and repayment plans
3. Transfer funds to the merchant’s acquiring bank in the event of a payment card purchase
Initiate chargebacks for processing and authorization errors
4. Facilitate cardholder disputes and chargeback requests
5. Review merchants’ chargeback representment cases

Also referred to as:

Issuing bank

Customer’s bank

An acquirer provides a merchant account so a business can accept and process payment card transactions. The merchant account is where the acquirer deposits funds received from issuers.

 

Obtaining a Merchant Account

 

Merchants must apply for a merchant account. The application process can be facilitated by either the acquiring bank or an independent sales organization (ISO) like Catalystpay.com.

 

There are various things that will be taken into consideration as part of the application process:

 

o   The type of products or services the merchant offers

o   The sales method (such as in-person, online, phone order, etc.)

o   The payment method (such as recurring billing, free trial offers, single sale, etc.)

o   Past processing history (or personal credit history if there is a lack of processing history)

o   Perceived risk (usually determined by analyzing chargeback activity)

o   Number of processing applications the merchant has previously submitted

 

Not all merchant accounts are the same, and not all banks provide merchant accounts. Some merchants will need a high-risk merchant account.

 

Merchant accounts come with pre-determined limitations, such as sales volume and transaction volume. As a business grows, more merchant accounts will be needed to accommodate the increase in sales and volume.

 

Maintaining a Merchant Account

 

Merchant accounts are valuable assets and should be treated as such. Merchant accounts can be revoked if terms of the merchant agreement aren’t upheld.

 

The most common reason for losing a merchant account is excessive chargebacks.

Some merchants are considered high-risk because they have the potential to be a financial or regulatory liability for the acquirer. These merchants need a specific type of merchant account.

 

How is Risk Evaluated?

 

Merchants are evaluated before receiving a merchant account to determine how much risk the business poses to the acquirer. Several variables are taken into consideration. The following are some, but not all, of the characteristics that are considered risky:

 

·      The merchant is registered in the MATCH or VMAS List database because previous merchant accounts have been terminated.

·      The business is new and has very little payment processing history.

·     The merchant’s industry is known to have a high rate of chargebacks or is classified with an MCC the card brands have deemed high-risk.

·      The merchant sells products or services using a subscription billing model or free trial offers.

·      The business sells to international customers in certain high-risk countries.

·      The merchant sells custom goods.

·      The merchant has a high average ticket amount.

·      The sales model includes delayed or future delivery of goods.

·      The merchandise the merchant sells poses a reputational risk to the acquirer.

 

High Risk Merchant Accounts

 

High-risk merchants aren’t eligible for traditional merchant accounts. They must contract with a payment processor that offers high-risk merchant accounts.

 

There are both pros and cons of payment processing with a high-risk merchant account.

 

High-risk merchants typically pay more in transaction processing fees and chargeback fees to compensate for the danger they could potentially cause to the payment processor’s bottom line. They are also more likely to have money held in a reserve. However, high-risk merchants are usually allowed a higher chargeback-to-transaction ratio.

A merchant service agreement is a contract between a merchant and acquirer. Service agreements establish merchant accounts and outline the rights and responsibilities of each party.

 

Also known as:

 

Merchant Processing Agreement

Describes merchant’s business type, transaction type, or business name. For example, MCC 0742 is used for any merchant providing veterinary services. Other MCCs are used by a single business, such as 3000 for United Airlines.

 

If a merchant sells multiple items or services, the MCC will describe the item or service that has the highest annual sales volume.

 

MCCs are managed by the card associations and assigned by the acquirer when the merchant account is created.

 

Examples include:

 

4131 – Bus Lines

5072 – Hardware Equipment and Supplies

5139 – Commercial Footwear

8651 – Political Organizations

A billing descriptor describes a payment and helps the cardholder identify the transaction on his or her bank statement. If the cardholder doesn’t easily understand the billing descriptor and recognize the transaction, a chargeback might be initiated.

 

Quick Facts About Billing Descriptors

 

o   For most processors, the default setting for billing descriptors is the merchant’s legal business name. If the business’s legal name is different from the “doing business as” name, the descriptor should be updated to reflect something customers are familiar with.

o   Descriptors can be anywhere from 20-25 letters, however, the length of the descriptor will depend on the issuing bank. Some issuers will truncate the descriptor so the full message won’t be displayed. This can cause confusion. Abbreviations can be used to avoid truncated descriptors and convey a more accurate message.

o   Descriptors might include the word “pending” or another similar phrase until the transaction is settled.

o   Depending on the length of the business’s name, a descriptor could also include the business’s phone number. This helps increase the odds the customer will contact the merchant with issues instead of the bank. The phone number listed should be operational and managed 24/7.

o   Some processors offer dynamic descriptors. A dynamic descriptor will include the standard descriptor, followed by additional, transaction-specific information. For example, a descriptor would be “S&S Auto”. A dynamic descriptor would be “S&S Auto/FordTransmission”.

o   Descriptors are set on a per-MID basis. Each merchant account will have its own descriptor.

The merchant identification number (MID) is a unique identifier assigned to a merchant account. The MID or Merchant ID is used by the various stakeholders to identify the account throughout the course of the transaction processing workflow.

 

When the acquirer approves the merchant account application, the merchant will typically receive a Welcome Letter from Catalystpay.com that lists the MID.

A rolling reserve (RR) is a form of a collateral designed to take care of the merchant and its financial institution as well as to keep away from the possible loss because of chargebacks. The RR functions as a guard for chargebacks. If the organization is facing the dangers such as longer delivery or subscriptions, it means that the higher the rolling reserve which will be figured by the acquiring financial institution. When the RR is used to a certain transaction, the money will be settled in one of the payments within the time interval which stated in the trader’s contract.

 

RR also means substantial protection of the customer and is usually applied at the first steps of the trader’s activity. During this time interval, the acquiring bank retains some percent from the entire transaction amount.

 

Simply put, a certain amount of money, is “secured” by the acquiring bank. The aim of these funds is to cover the possible losses from chargebacks. Banks make the RR on the basis of the transaction amount. This reserve may vary based on the individual business case, but most of the Acquirer have RR default at 10%. These funds will be on hold (to cover any risks) for a certain period of time, usually for 180 days.

When accepting card payments, the merchant settlement period is the length of time between processing the card payment and the funds clearing in your business bank account. This varies from provider to provider with some offering same day merchant settlement to others taking up to seven days.

 

If the credit card merchant settlement process timing is important to you, please Contact Us to consult what’s the best possible solution for your business.

A bank identification number (BIN) is used to uniquely identify each bank or financial institution within the card networks. BINs are used to identify both issuers and acquirers.

 

Since cards can be issued by entities other than a bank such as American Express for instance, issuer identification number (IIN) is often a more accurate term.

 

Merchants most commonly use BINs to identify the bank that issued a given card. They use this information to submit authorization requests and ensure payment settlements are routed to the correct institution. Merchants might also analyze chargeback data by BIN to determine which institutions process the most chargebacks.

A virtual IBAN is a number that does not represent an account in a physical bank but follows the same numbering standard as a traditional bank account. It enables incoming payments to be routed to an alternative account at a physical bank with its own IBAN. Virtual IBANs offer the same facilities as a traditional settlement with a number of additional advantages.

The virtual IBAN is a completely dedicated account linked to a single account holder.

You are eligible to apply for Payment Account, if you have your business registered in any of the European Economic Area Member States and your business is not in the prohibited industries list. Please Contact Us to find out more information about the eligibility of your business.

To apply for Payment Account, please Contact Us. They will navigate and support you through the application and onboarding process.

Yes, we work with fully regulated financial institutions which store all client funds in a segregated trust account in accordance with the Electronic Money Regulations (EMRs) 2011. This means that in the event of insolvency, the client money is protected from other creditors’ claims and can be repaid to our customers.

The following currencies for holding and exchange: GBP & EUR

 

More currencies will be added soon so stay tuned.

Due to the nature of our services, Pricing is individual and is defined on a case-by-case basis. Please Contact Us to get a Pricing quote for your business.

The payment gateway of Catalystpay.com is PCI DSS Level 1 compliant. Please Contact Us to discuss how you can outsource PCI DSS compliance to us by using our payment gateway.

Catalystpay.com Checkout page provides the quickest way for accepting online payments from your website or mobile WebView-based app.

 

Hosted Checkout Page (Copy-And-Pay) gives you all the Catalystpay.com capabilities in a simple and quick integration. The secure prebuilt Hosted Checkout Page is PCI-DSS certified and allows you to customize your page to suit your brand guidelines.

Catalystpay.com supports most of the popular ecommerce platforms such as Shopify, WooCommerce, Magento, PrestaShop, etc. We offer a flexible range of options to integrate with your online sales - from plug-ins and hosted payment pages to APIs for full customization. Visit our Developers page for full integration details or Contact Us to further discuss integration options.

Catalystpay.com allows connecting your Magento ecommerce site to payment card acceptance and hundreds of local payment methods across the globe.

 

Magento Supported Countries (your business must be domiciled here to accept payments):

 

EMEA Region:

 

Andorra, Bulgaria, Belarus, Croatia, Cyprus, Czech Republic, Denmark, Estonia, France, Gibraltar, Greece, Hungary, Ireland, Isle of Man, Iceland, Liechtenstein, Luxembourg, Latvia, Monaco, Malta, Norway, Poland, Romania, Slovenia, San Marino, Slovakia, Sweden.

Visit the Developers page for full integration details or Contact Us to further discuss integration options.

Catalystpay.com allows connecting your WooCommerce ecommerce site to accept local payment methods from more than fifty different countries.

 

Shopify Supported Countries (your business must be domiciled here to accept payments):

 

EMEA Region:

 

Andorra, Bulgaria, Belarus, Croatia, Cyprus, Czech Republic, Denmark, Estonia, France, Gibraltar, Greece, Hungary, Ireland, Isle of Man, Iceland, Liechtenstein, Luxembourg, Latvia, Monaco, Malta, Norway, Poland, Romania, Slovenia, San Marino, Slovakia, Sweden.

 

Visit the Developers page for full integration details or Contact Us to further discuss integration options.

Catalystpay.com allows you to quickly offer preferred payment methods like cards, e-wallets, cash and bank transfers on your Shopify site.

 

Shopify Supported Countries (your business must be domiciled here to accept payments):

 

EMEA Region:

 

Andorra, Bulgaria, Belarus, Croatia, Cyprus, Czech Republic, Denmark, Estonia, France, Gibraltar, Greece, Hungary, Ireland, Isle of Man, Iceland, Liechtenstein, Luxembourg, Latvia, Monaco, Malta, Norway, Poland, Romania, Slovenia, San Marino, Slovakia, Sweden.

 

Visit the Developers page for full integration details or Contact Us to further discuss integration options.

Catalystpay.com currently has a network of 15+ acquiring partners across Europe and other regions. We offer an omnichannel payment processing solutions with a global reach through a single integration. Visit the Developers page for full integration details or Contact Us to further discuss integration options.

A card network (sometimes called a card association or the card brands) is an organization that facilitates payment card transactions. It regulates who, where, and how cards are used. The most popular card networks are Visa®, Mastercard®, American Express®, Discover®, China UnionPay®, and JCB®.

 

Some card associations, such as Visa and Mastercard, partner with its members to perform different tasks throughout the payment lifecycle. For example:

 

o   Issuing banks issue credit or debit cards to qualified consumers. With these cards, consumers can make purchases at authorized merchant outlets.

o   Acquiring banks provide merchant accounts to qualified businesses. When a customer makes a purchase at a merchant, the acquiring bank collects the funds from the issuing bank and deposits them into the merchant account.

 

Other card networks, such as American Express and Discover, have more independence. These networks predominately issue cards directly to cardholders without any assistance from Issuers. Likewise, some transactions are processed by acquirers, but the majority are processed by the network itself.

The term payment card includes credit cards, debit cards, and stored-value cards, as well as payment through any distinctive marks of a payment card (such as a credit card number). A payment card is issued under an agreement that provides standards and mechanisms for settling the transactions between a merchant acquiring bank and the providers who accept the cards as payment. A payment card transaction is the use of a credit or debit card to make payment for a sale of goods or services.

Credit and debit card payments are not the only payment options available out there. As you likely know, other common payment options include:

 

o   Cash in the form of fiat money or coins

o   Bank transfers

o   Checks

o   Money Orders

o   Barter/trade (as a form of compensation)

 

While bank transfers have been used widely in recent years and are still common, the growth and reach of the internet and online payment solutions have made it possible to use other online payment alternatives such as:

 

o   Direct debits

o   Digital wallets

o   Phone and mobile payments

Catalystpay.com supports technically 100+ regional payment methods. However, the payment method acceptance may vary per payment partner. Please Contact Us to consult about the payment methods most relevant for your business.

3D Secure, also known as a payer authentication, is a security protocol that helps to prevent fraud in CNP (card not present) payment card transactions. This additional security was initiated and created by Visa and MasterCard and it’s branded as ‘Verified by Visa’ and ‘MasterCard SecureCode’ respectively.

 

The payer authentication is a three-part process, so there are three parties involved in the process: the issuer (such as Visa or MasterCard), the acquirer, and the interoperability domain (such as payment system).

When you, as a merchant, have 3D Secure enabled on your website and your customer uses the card that is enrolled in the 3D Secure program the process looks as follows:

 

1.     The customer enters their credit or debit card information in the payment form

2.     Catalystpay.com contacts a directory server and gets the message that the card is registered in the program

3.     The customers sees the 3D Secure page when they need to authenticate themselves to the issuing bank by entering the password or a one-time PIN

4.     The result of the 3D Secure authentication goes to Catalystpay.com and then we submit transaction details to the acquiring bank

5.     The transaction is authorized by the acquirer

6.     The customer can see the response about whether the transaction is successful or failed

 

Advantages of 3D Secure

 

One of the advantages of 3D Secure is that it reduces fraud. It also makes shopping/commerce safer online, nourishes brand loyalty, it is easy to use, customer confidence improves on websites and therefore increases spending online.

 

Service Restrictions

 

3D Secure has certain limitations: first, not all cards are currently participating in the program authentication payer scheme and secondly, it does not restrict chargebacks to happen, but reduces the cost of fraudulent chargebacks.

 

Chargeback Liability of 3D Secure

 

As regards to chargeback liability, 3D Secure should be seen as an additional layer of protection provided by the card issuer. In fact, in the case of a fraudulent transaction, it becomes authenticated through 3D Secure, is very likely that liability will shift to the Issuer. In short, retailers are protected against misleading chargebacks since the liability is transferred to the Issuer.

Strong Customer Authentication (SCA) is one of the requirements of Payment Services Directive 2 (PSD2). Its aim is to make online and (contactless) offline payments more secure. It asks merchants to add at least 2 of the following 3 authentication pathways into their online checkout:

o Ask the customer for information they KNOW ( e.g a password )

o Something the customer HAS ( e.g a hardware token )

o Ask the customer to prove who they ARE ( e.g a fingerprint or face ID )

3D Secure 2 (3DS2) is the updated security protocol that was formerly 3D Secure 1 (3DS1). Here’s what you need to know:

 

• It protects customers shopping online with a credit or debit card

• It uses a secure three-way authentication process to confirm the buyer’s identity in line with the SCA requirements of the PSD2.

• It performs as many security checks as possible in the background so the customer gets a smoother shopping experience.

Address Verification Service (AVS) is an identity verification tool used by ecommerce merchants to reduce the risk of unauthorized transactions and the resulting chargebacks. AVS compares the billing address provided by the shopper during checkout to the cardholder’s billing address on file with the issuer.

 

How Does AVS Work?

 

Address Verification Service analyzes the numeric portion of the billing address — the building number and the postal code. The analysis will yield one of several results, which is communicated to the merchant with a code. Codes communicate results such as:

 

o   Neither the street address nor postal code provided during checkout match what is on file with the issuer.

o   The street address provided during checkout matches what is on file with the issuer, but the postal code doesn’t match.

o   The postal code provided during checkout matches what’s on file with the issuer, but the street address doesn’t match.

o   Both postal code and street address provided during checkout match what the issuer has on file.

o   A mismatch result could indicate potential fraud. It is assumed the cardholder would know the correct billing address for the card — whereas a fraudster likely would not.

 

The merchant will determine an appropriate level of risk exposure for the business and establish stipulations regarding AVS outcomes. Then, transactions will be approved or declined based on merchant’s preferences.

 

Things to Consider

 

o   Address Verification Service has limited functionality with cards issued by international banks. It’s mostly used in the US.

o   Pre-paid cards likely don’t have billing information on file.

o   False positive results are possible if the cardholder moves and fails to update account information with the bank.

o   AVS is supported by all card brands. Visa uses results to help assign liability for allocation disputes.

o   If the merchant doesn’t have a positive AVS match, it will be very difficult to fight and win fraud-related chargebacks.

The card security code is a fraud prevention tool for card-not-present transactions.

 

Every debit and credit card has a card security code (sometimes referred to as CVC2, CVV2, CID, etc). This code is a 3 or 4-digit number that is printed on the card.

 

Visa®: Card Verification Value 2 (CVV2) is a three-digit code printed on the back of the card

Mastercard®: Card Validation Code 2 (CVC2) is a three-digit code printed on the back of the card

Discover®: Card Member ID (CMID) is a three-digit code printed on the back of the card

American Express®: Card Identification Number (CID) is a four-digit code printed above the account number on the front of the card

 

How does the Card Security Code help prevent Chargebacks?

 

Merchants are encouraged to ask for this code during the checkout process. It can help prevent unauthorized transactions and the resulting chargebacks.

 

The information provided by the shopper during checkout is sent to the issuer for review. The issuer either confirms or denies the code provided by the shopper matches what is actually printed on the card.

 

A mismatch could indicate the shopper doesn’t have the card in-hand — for example, stolen account information is being used by a fraudster. Card verification data can be used to decline transactions that are likely fraudulent so the merchant can avoid chargebacks.

 

It’s important to note that if a merchant doesn’t request card security codes during checkout, it will be very difficult to fight and win fraud-related chargebacks — especially Visa allocation disputes.

Catalystpay.com support 3DS Version 1 and 2, CVV2 and AVS services amongst many other fraud prevention and security tools. Please Contact Us to consult the risk management strategy relevant for your business.

A card-present transaction happens when the physical card is read with a point-of-sales (POS) terminal. A card-present merchant is often referred to as a brick-and-mortar store.

 

Some examples of card-present transactions include:

 

o   Swiping a card with a magnetic strip

o   Inserting an EMV chip card into a card reading device

o   Utilizing a contactless or near-field communication (NFC) card reader

A card-not-present (CNP) transaction happens when the physical card is not read with a point-of-sales (POS) terminal. Instead, the card details are communicated to the merchant by the cardholder.

 

While CNP transactions are most commonly linked to ecommerce stores, purchases made over the phone and through the mail are also considered card-not-present (mail orders and phone orders are commonly referred to as MOTO).

 

Card-not-present is a more colloquial term used by industry members. The card brands use more formal phrases such as ‘card absent’ and ‘card absent environment’.

Visa® and MasterCard® offer merchants two ways to process payment card transactions. With the dual message system, the merchant sends an authorization request with the first message and requests settlement with the second message.

 

The dual message system is most commonly used for transactions with signature confirmation, both physical signatures for card-present transactions and electronic signatures for card-not-present transactions.

 

The dual message system differs from the single message system which sends both the authorization and settlement requests with a single message.

 

The single message system is most commonly used for transactions with a PIN confirmation, such as card-present and ATM transactions.

Before finalizing a transaction, the merchant should submit an authorization request to the customer’s issuer. The issuer will respond with an authorization code.

 

An authorization code helps the merchant understand how to proceed — if the transaction should be completed or not. Codes usually fall into three categories:

 

o   Approved: The card has not been reported lost or stolen, the account is in good standing, and the account has sufficient funds to cover the transaction.

o   Declined: The card has been reported lost or stolen, the account isn’t in good standing, or there aren’t sufficient funds available to cover the transaction.

o   Technical Error: An issue is interfering with the authorization process such as the account number is invalid, the cardholder entered an incorrect PIN number, or the equipment is malfunctioning.

 

Only transactions with an approved authorization code should be completed. The transaction should be terminated if any of the other codes are returned.

 

NOTE: Merchants don’t need to be physically involved in the authorization process — especially for card-not-present sales. The gateway can automatically submit the request and receive the response. These technology platforms can also be programed to automatically accept or decline a transaction based on the response.

 

What Does the Authorization Process Entail?

 

Authorization is a conversation that happens between the issuer and the acquirer to determine whether the transaction should be approved or declined.

 

It is important to note that an “approved” authorization response simply indicates the account is in good standing, has enough funds or credit available to cover the transaction, and that the card hasn’t been reported lost or stolen. A transaction may be approved by the issuer but still be reported as unauthorized by the cardholder if permission wasn’t granted to make the purchase.

 

Funds don’t move from the cardholder’s account to the merchant’s until the transaction is settled with the acquirer. However, the authorization process can freeze the cardholder’s credit or fund while available so the transaction can be finalized at a later time.

 

Also referred to as:

 

Authorization Response Code

Transaction settlement is the process of moving funds from the cardholder’s account to the merchant’s account following a credit or debit card purchase.

 

The issuer will route funds to the acquirer via the card network. For debit card payments, the funds will be withdrawn directly from the cardholder’s bank account. For credit card payments, the issuer will forward funds to the acquirer and the cardholder will reimburse the issuer at a later date. When the acquirer receives the funds, the amount of the transaction — minus fees — will be deposited into the merchant’s account.

If a cardholder agrees to pay recurring transactions, the merchant is authorized to charge the payment card at predetermined intervals (such as monthly, quarterly, or yearly) for an ongoing basis.

 

Some recurring transactions are classified as negative option billing. This means the customer agrees to automatically receive goods or services and, in exchange, automatically be billed. This process will continue until the customer cancels the agreement. Examples include memberships or subscriptions. These payment plans sometimes include a free trial or introductory offer.

 

Other types of recurring transactions happen with installment billing. Rather than pay the entire purchase amount with a single transaction, the cardholder is able to reimburse the merchant with smaller payments at predetermined intervals. Examples include a mortgage or other loan payment.

 

Also referred to as:

 

Subscription billing

A MOTO (mail order or telephone order) payment is a virtual transaction that works in the same way as if the customers were paying via an online card machine. The MOTO system contacts the bank of the customer to ensure funds are available before authorising the payment.

 

The retailer logs onto a virtual terminal and then keys in the relevant data – this includes the card number and the customer’s name, address and email address. Once the customer’s bank has authorised the payment, the retailer receives confirmation and the customer is automatically emailed a receipt for the MOTO transaction. Like regular card readers, the funds are typically received by the retailer within a few working days.

 

MOTO systems are particularly useful for businesses that take orders over the telephone or by email, such as takeaway food services and online retailers. They can be useful for issuing vouchers over the phone too, for businesses like nail salons or massage therapists.

A pre-authorisation is a temporary hold of a specific amount of the available balance on a credit or debit card that is provided upon booking. The pre-authorisation is not a charge and no funds have been debited from your account. The pre-authorisation is commonly used by travel agencies or retailers to check eligibility of the payment card to make the actual payment transaction.

In general, the Void transaction (also known as Reversal) cancels the transfer of funds from the cardholder to your merchant account before the payment transaction settles. Voids can only be issued if the payment transaction has been made within 24 hours. Void transaction isn’t possible after the transaction settlement.

Also referred to as:

·       Reversal

A refund occurs when you have charged a cardholder, and need to cancel the payment and return the funds to the cardholder. The funds will be returned to whatever payment method (credit card, bank account) that the payer initially used to make the payment. A Refund transaction should be linked to the original sale transaction and can be either full or partial:

 

o   Full refund - 100% of the amount paid is returned to the cardholder.

o   Partial refund - An amount up to the net (the amount the merchant received) will be returned to the cardholder. Multiple partial refunds can be made until the full net has been refunded.

Original Credit Transaction (OCT) is a payment method that enables direct transfers of funds to credit card users.

 

Visa Direct and Mastercard Moneysend services, also referred to as an OCT, enable fast and convenient fund transfers so you can send money directly to beneficiaries’ cards, in more than 200 countries. Such transactions are able to reach over a billion eligible Visa and Mastercard holders.

 

OCT was created to speed up payouts by routing transactions using card numbers. This means that businesses can push real-time payments directly to cardholders so they receive funds right into the bank account that’s linked to their card.

 

Payouts can be sent to credit, debit, and prepaid cards. Take note, however, that this only works for cards that are fast funds enabled.

Chargebacks are a form of consumer protection. Chargebacks ensure cardholders don’t have to pay for credit or debit card transactions that are unauthorized or illegitimate. Rather, the merchant sacrifices revenue — funds are removed from the merchant’s account and returned to the cardholder.

 

Unlike a traditional refund, where the customer and merchant work together to resolve an issue, a chargeback bypasses the merchant entirely. The customer’s bank (issuer) communicates with the merchant’s bank (acquirer) via the card brand.

Also referred to as:

·       Dispute (Mastercard and Visa often use different terms to express the same concept. Mastercard uses the term “chargeback”, but Visa uses “dispute” instead.)

·       Transaction dispute

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around usage of cardholder data to reduce credit card fraud. The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called "control objectives". The six groups are:

 

o   Build and Maintain a Secure Network and Systems

o   Protect Cardholder Data

o   Maintain a Vulnerability Management Program

o   Implement Strong Access Control Measures

o   Regularly Monitor and Test Networks

o   Maintain an Information Security Policy

All companies who are subject to PCI DSS standards must be PCI compliant. However, how they prove and report their compliance is based on how many transactions they process per year and how they process those transactions. The acquirer or payment brands may also choose to manually place an organization into a reporting level at their discretion.

 

At a high level, the merchant levels are as follows:

 

o   Level 1 – Over 6 million transactions annually

o   Level 2 – Between 1 and 6 million transactions annually

o   Level 3 – Between 20,000 and 1 million transactions annually (or any e-commerce merchant)

o   Level 4 – Less than 20,000 transactions annually

 

Validation of compliance is performed annually or quarterly, by a method suited to the volume of transactions handled:

 

o   Self-Assessment Questionnaire (SAQ) — smaller volumes

o   external Qualified Security Assessor (QSA) — moderate volumes; involves an Attestation on Compliance (AOC)

o   firm-specific Internal Security Assessor (ISA) — larger volumes; involves issuing a Report on Compliance (ROC)

If your business accepts or plans to accept credit or debit cards as a form of payment, then PCI DSS compliance applies to you.

To accept payments using cards from any of the card brands, you must be PCI DSS compliant. Doing so entails conforming to the PCI standards applicable to your organization.

 

Credit card data, or cardholder data, comprises the primary account number (PAN) or card number in conjunction with cardholder name, expiration date, or service code. PCI DSS compliance is also required to collect sensitive authentication data. This type of sensitive data includes card validation codes/values, magnetic stripe or card chip data, PINs, PIN blocks, or any other information used to authenticate cardholders or authorize payment card transactions.

 

The PCI SSC (Security Standards Council) established four levels of compliance for merchants and two for service providers. Your organization’s level will determine whether you must undergo a PCI audit by a qualified security assessor (QSA) to establish your compliance or if you may simply complete a self-assessment questionnaire (SAQ).

 

Please Contact Us to discuss what are the options to achieve PCI DSS compliance that are best for your business.

The payment gateway of Catalystpay.com is PCI DSS Level 1 compliant. Please Contact Us to discuss how you can outsource PCI DSS compliance to us by using our payment gateway.

Your payment processing currency is the currency that relates to your customer when they purchase from you. It can be the currency you show on your website or mobile app, and the currency that your customer is charged in. Depending on your account setup, you may be able to process payments in more than one currency.

Settlement currency is the currency in which your merchant account is funded in by the Acquirer and in which your funds will be deposited into your business bank account. Depending on your account setup, you may only be able to settle in your home currency, or you may have the option to settle in multiple currencies. Typically, available settlement currencies are limited to the major currencies in your region.

Catalystpay.com support settlements in 10+ major currencies based on the acceptance of the preferred payment partner. Please Contact Us to consult what processing currencies are relevant for your business.