This is the third Blog post in our series of posts on Recurring Payments. Previous posts looked at how one can reduce costs with recurring payments and also looked at their limitations. In this post we will look specifically at the Payment Service Providers and the recurring payment solutions they offer. In order to use any of the solutions below to process recurring credit card and debit card transactions you will need an Internet Merchant Account (also known as a Merchant Service Agreement). In order to process direct debits you will need a Direct Debit Originators Identification Number (OIN).

 

 

DataCash

DataCash expose their recurring payment service via their XML interface, so in order to use their service you must be able to send XML transactions to the DataCash Payment Gateway. As a result of this you will have to handle cardholder information on your server when setting up the recurring payment transactions. As we have mentioned previously there are risks involved when handling cardholder information and there is also the requirement for PCI-DSS Compliance. The advantage of this integration method is that you can integrate it directly with an in-house billing system, allowing centralised management from the a single location.   See our introduction to recurring payments Blog post for more details. The three recurring payment services provided by DataCash are outlined here:

Fire and Forget Continuous Authority

The Fire and Forget Continuous Authority (FFCA) Credit and Debit card Service allows you to collect regular recurring payments from any Amex, Visa or MasterCard branded card. The FFCA Direct Debit Service allows you to collect regular recurring payments for any direct debit instructions that you have configured with your DataCash account. The service allows you to schedule the frequency for which to collect the payments: weekly, monthly, quarterly or annually. The service also allows you to define the number of payments to be collected or you can configure it so the regular payments will continue indefinitely. The FFCA Service allows you to configure a recurring payments schedule via one XML request and then DataCash manage all of the subsequent transactions. The service allows you to process recurring payments for credit cards, debit cards and direct debits.

Historic Transactions & Capture Method

The Historic Transactions service from DataCash allows you to make recurring transactions against any Visa, Amex or MasterCard branded Card. When DataCash process the first transaction they also store the cardholders details on their system. They then provide an account reference which is used to perform future recurring payment transactions on this customers card. Capture method allows you to specify the method in which you captured the cardholder details so that the transaction can be processed using the appropriate merchant ID.

Endeavour

Endeavour support recurring payments but their website does not give an details on their recurring payment solution. I have emailed them requesting more information. I will update the Blog post when this information is provided.

 

 

 

Realex Payments

The RealEFT service from Realex Payments allows you to process recurring credit card, debit card and direct debit transactions. More information on these can be found in our previous Blog post introducing recurring payments. Direct Debit Payments are supported for AIB, Bank of Ireland and Ulster Bank. Realex Payments provide three methods for using their RealEFT service:

1. You can integrate the service to your own in-house system using their XML API
2. You can use their RealControl Web Application
3. You can use their Bulk Payments Service

With either of the above methods you will store your customers billing information and card details within the Realex system. A label will be applied to each customer and this will be used in future to raise payments against the customers details. The RealEFT system does not provide a way to schedule future payments, however the overriding advantage for recurring payments is the secure storage of the cardholder information. Realex will store you customers billing information on their own servers so you do not need develop and maintain secure servers and attend to compliance regulations. Their XML API could also be leveraged to integrate with an in-house system to automatically bill your customers at payment interval.

 

 

SagePay

SagePay provide a Recurring Payments Solution through what are called Continuous Authority (CA) transactions. CA is a type of payment transaction where the cardholder grants written permission to a merchant to periodically charge their card. It is typically used for subscription type payments. The SagePay system will allow you to process repeat transactions against an original Internet transaction using a CA Internet Merchant number. SagePay provides support for CA transactions for the following acquirers -

• Allied Irish Bank
• Bank of Scotland
• Barclaycard Merchant Services
• Elavon (Bank of Ireland & Alliance and Leicester Merchant Acquirer)
• HSBC
• Lloyds TSB Cardnet
• Streamline

 
The advantage of CA transactions is you do not need to update the expiry date if the cardholder gets a new card. The initial transaction is processed like a regular online payment transaction and once this is successful then the card will be trusted. As a result, subsequent CA transactions for this card will not require a CVC value or an expiry date. SagePay only support CA for the Visa and MasterCard card schemes so if you are looking for a complete recurring payments solution this is a major limitation. On the positive note Recurring Payments via CA are included as part of the SagePay Go package (€25 per month).

 

 

WorldNet TPS

WorldNet TPS have two recurring payment solutions. NetCollect for collecting recurring payments at irregular intervals and NetSubscribe for collecting fixed amount recurring payments at regular intervals. Both solutions can be used without any integration using the tools provided by WorldNet TPS in their SelfCare application or you can integrate the solutions into your own application using the XML API.

 

NetCollect

The NetCollect service from WorldNet TPS allows you store your customers credit and debit card information securely using their SecureCard system. The system allows you to collect payments from these credit and debit cards on a recurring basis. Using the WorldNet TPS SelfCare system you will enter your customers credit or debit card information. WorldNet TPS will store this information securely and provide you with a SecureCard number that you can use to reference the customer details. Using their Virtual Terminal you can then raise payments using the SecureCard as a reference.

NetSubscriber

The NetSubscriber service from WorldNet TPS provides the same service as the NetCollect package with the addition of the ability to configure subscription payments. Once you have configured your customers details on their SecureCard system you can then configure it for a subscription payment:

 

• Define a schedule for the payment collection (weekly, forthnightly, monthly etc.)
• Define the period (6 months, 12 months, on-going or a fixed number of payments)
• Define the Amount

The NetSubscriber service will then take care of the payment processing based on your configuration.


In our next recurring payments blog post we will look at recurring payment solutions provided by Payment Bureaus.

 

Dave

--

If you liked this article then you should subscribe to our Blog RSS feed.

 

Related Blog Posts:

• Limitations with Recurring Payments and Continuous Authority.
• Reduce Costs and Improve Cash Flow With Recurring Payments.

 

We have got some good feedback and questions relating to last weeks Blog post on recurring payments. This week we will look at recurring payments in more detail in order to answer the questions received.

Is the Card Verification Code (CVC) used for recurring payments?

The first question raised concerned the Card Verification Code (CVC) value and its usage in an online payment transaction. When you make an online purchase with your credit card you are required to enter the CVC value. This value is an important security check when processing an online credit card transaction and provides protection against credit card fraud. Section 3.2.2 of the Payment Cards Industry Data Security Standard (PCI DSS) does not permit the storage of the CVC under any circumstances.

"3.2.2 Do not store the card-verification code or value (three-digit or four-digit number printed on the front or back of a payment card) used to verify card-not-present transactions."

As a result if you are processing a recurring online credit card transaction you will not have access to the CVC value. Processing transactions without the CVC involves a higher risk of fraudulent transactions occurring. Recurring payments tend to be used in a B2B environment where the merchant knows the customer. In this scenario the risk of fraud is relatively low. If you are a B2C merchant and are using recurring payments in a situation where you believe there may be a risk of fraud then best practice is to take the initial payment as a regular transaction using the CVC value before accepting the customer in your systems as a recurring payments client.

How is the card expiry date handled with recurring payments?

The next question we received relates to the expiry date. A valid expiry date is a required value when processing an online transaction but this date, of course is subject to change. When you add a customers card details to your payment providers secure system, an expiry date is recorded. Of course, over time the customer receives a new card, with a new date. Any recurring transaction will fail as a result of the unchanged expiry date. In this case you, as a merchant, would have to contact your customer to record the new expiry date and update the card details.

Some payment providers will have functionality to help you manage this process built into their system. For example they may alert you when a card has expired so you will be able to contact the customer and update the details in advance of processing the next payment.

 

Are there any other options?

The two items discussed above are limitations with recurring payments. The payments industry has a solution that overcomes these restrictions of recurring payments. Continuous Authority (CA) is a transaction type designed specifically for recurring payments. It deals with the two issues outlined above, the CVC and the expiry date are not required when processing the transaction. The transactions can continue to be processed once the card number does not change. The main advantage to the Merchant is they do not have to worry about the expiry date changing. Once the initial transaction is processed successfully then any repeats of this transaction will be trusted so the CVC and the expiry date do not need to be provided.

CA transactions are not supported by all of the acquirers. Continuous Authority only works with Visa and MasterCard credit cards. As a result of this Continuous Authority is not supported by all payment providers.

Earlier this week WorldNet TPS officially launched NetCollect, their recurring payments solution. There are also offerings available from DataCash, Endeavour, Realex and SagePay. In next weeks Blog post we will look at these recurring payment solutions in more detail.

 

Dave

--

If you liked this article then you should subscribe to our Blog RSS feed.

 

Related Blog Posts:

• Reduce Costs and Improve Cash Flow With Recurring Payments.