We have got some good feedback and questions relating to last weeks Blog post on recurring payments. This week we will look at recurring payments in more detail in order to answer the questions received.

Is the Card Verification Code (CVC) used for recurring payments?

The first question raised concerned the Card Verification Code (CVC) value and its usage in an online payment transaction. When you make an online purchase with your credit card you are required to enter the CVC value. This value is an important security check when processing an online credit card transaction and provides protection against credit card fraud. Section 3.2.2 of the Payment Cards Industry Data Security Standard (PCI DSS) does not permit the storage of the CVC under any circumstances.

"3.2.2 Do not store the card-verification code or value (three-digit or four-digit number printed on the front or back of a payment card) used to verify card-not-present transactions."

As a result if you are processing a recurring online credit card transaction you will not have access to the CVC value. Processing transactions without the CVC involves a higher risk of fraudulent transactions occurring. Recurring payments tend to be used in a B2B environment where the merchant knows the customer. In this scenario the risk of fraud is relatively low. If you are a B2C merchant and are using recurring payments in a situation where you believe there may be a risk of fraud then best practice is to take the initial payment as a regular transaction using the CVC value before accepting the customer in your systems as a recurring payments client.

How is the card expiry date handled with recurring payments?

The next question we received relates to the expiry date. A valid expiry date is a required value when processing an online transaction but this date, of course is subject to change. When you add a customers card details to your payment providers secure system, an expiry date is recorded. Of course, over time the customer receives a new card, with a new date. Any recurring transaction will fail as a result of the unchanged expiry date. In this case you, as a merchant, would have to contact your customer to record the new expiry date and update the card details.

Some payment providers will have functionality to help you manage this process built into their system. For example they may alert you when a card has expired so you will be able to contact the customer and update the details in advance of processing the next payment.

 

Are there any other options?

The two items discussed above are limitations with recurring payments. The payments industry has a solution that overcomes these restrictions of recurring payments. Continuous Authority (CA) is a transaction type designed specifically for recurring payments. It deals with the two issues outlined above, the CVC and the expiry date are not required when processing the transaction. The transactions can continue to be processed once the card number does not change. The main advantage to the Merchant is they do not have to worry about the expiry date changing. Once the initial transaction is processed successfully then any repeats of this transaction will be trusted so the CVC and the expiry date do not need to be provided.

CA transactions are not supported by all of the acquirers. Continuous Authority only works with Visa and MasterCard credit cards. As a result of this Continuous Authority is not supported by all payment providers.

Earlier this week WorldNet TPS officially launched NetCollect, their recurring payments solution. There are also offerings available from DataCash, Endeavour, Realex and SagePay. In next weeks Blog post we will look at these recurring payment solutions in more detail.

 

Dave

--

If you liked this article then you should subscribe to our Blog RSS feed.

 

Related Blog Posts:

• Reduce Costs and Improve Cash Flow With Recurring Payments.

 

Recently most of the questions we receive via email and our feedback form relate to Recurring Payments or Subscription payments so I thought the topic deserved a Blog post. As more people are offering services online and Software as a Service (SaaS) has grown, the demand for recurring payment solutions has also grown. There are a number of reasons for this growth, I believe the two main reasons are:

• Online Recurring Payments make it easier for you to get paid - you will get paid quicker than with traditional forms of payment
• Online Recurring Payments tend to be cheaper than traditional forms of payment

 

So what are Recurring Payments?

There are different forms of recurring payments which I will discuss later but the general idea is you will collect the billing information from your client once and then you can bill them on a regular basis. Depending on your choice of recurring payment the billing information you collect from your client could be credit card, debit card or bank account details. For the rest of this article I will refer to this information as the payer details. Recurring Payments are offered by both Payment Bureaus and Payment Service providers, for the rest of this article I will use the term Payment Provider to refer to both of these. The Payment Provider stores the payer details in a secure manner, processes the transaction and manages the submission of the payment file to the bank.

How do Recurring Payments work?

As mentioned earlier there are different forms of recurring payments for credit card, debit card and bank accounts. In the simplest form you will take your clients credit or debit card details over the phone and they will be stored securely by the Payment Provider. The Payment Provider will assign a label or an identifier to the client's card details. In future whenever you want to bill this client you do not need to know their card or bank details you can just refer to them using the unique identifier provided by the Payment Provider. This means you do not need to handle or store the payer details. If the payer details are credit or debit card then the steps involved in processing the transaction are very similar to those in a standard credit card authorisation. After all it is just a credit card transaction that needs to take place but the big difference is the client does not need to enter their cardholder information and you do not need to contact them. This will save time for your clients as you will be automatically debiting their credit card, debit card or bank account and it will also save you time and improve cash flow as you will be controlling when you get paid.

Depending on your Payment Provider they may offer additional services such as payment scheduling, the ability to collect payer details remotely or the ability to collect the payer details via a hosted payments page.

Payment scheduling can be very useful if you billing your clients on a regular basis for a fixed amount of money - once you collect their payer details and add them to the system you can then schedule a payment for a fixed amount to occur automatically on a regular schedule. If you offer a subscription based service, collect yearly membership fess or recurring donations then this setup can save you a lot of time and money.

The ability to collect payer details remotely or via a hosted payments page maybe be important to you depending on the nature of your business. With the basic solution outlined above, you would take the payer details over the telephone and enter them into the Payment Providers system.  This requires you to call your customers to get their card or bank details. If you are running an online service you may want to automate this process so it does not require your input. This is where the ability to integrate the collection of the payer details into your website or web application is important. Depending on your business you may want the client to remain on your site when they are entering their payment information in which case you would opt to collect the payer details on your site and submit them to the Payment Provider. There are costs and risks associated with this method as you will be handling the payer information so you may choose to use a hosted payments page to collect the payment information. In this case your client will be redirected to the secure payment page provided by the Payment Provider to enter their payer information.

How do I Setup Online Recurring Payments?

Payment Bureaus and Payment Service Providers both offer recurring payment solutions. Our comparison table of Payment Service Providers will allow you to see which PSP's offer recurring payment solutions. The recurring payment offerings from the Payment Bureaus are not as complete as the PSPs and they are more expensive BUT they are very easy to setup. The price and ease of setup is similar to regular online payments with a Payments Bureau.

The process for setting up credit or debit card recurring payments with a PSP is similar to setting up regular online payments. If you want to take credit or debit card payments then you need to have a Merchant Service Agreement (also referred to as an Internet Merchant Account) with an acquiring bank. You will need an e-commerce Merchant Service Agreement if you want to collect the card details online or a MOTO (Mail-Order-Telephone-Order) if you want to collect the details over the phone.

The process for setting up direct debit recurring payments with a PSP requires you to get an Originator Number from your Bank. Similar to a Merchant Service Agreement you have two options here:

• Originator Standard - this means you will need to recieve a completed mandate document from your client to set up the account to process recurring direct debits.
• Originator Plus - this is a paperless option whereby you can take bank account details over the phone and via fax.

Using Recurring Payments will give you control over when you receive payment from your clients. This will result in improved cash flow - you will get paid sooner. Depending on how you bill your clients at present it will also save you time and money.
If you have any questions on the topic of recurring payments please post a comment, email me or post on the forum.

 

Dave

--

If you liked this article then you should subscribe to our Blog RSS feed.

 

Related Blog Posts:

• Limitations with Recurring Payments and Continuous Authority
• Irish Payment Provider Profiles and Comparison Table
• Realex Payments launch RealPay package for Irish Merchants
• UK Payments Service Provider to enter Irish Market