How to decrease transaction decline rate in recurring billing?

How to reduce the number of credit card transaction declines in recurring billing environment?

There are many common reasons behind soft declines and hard declines. Many payment declines result from the fact that either expiration date or credit card number specified during the initial transaction submission is invalid. Respective transaction decline codes (“invalid expiration date” or “invalid credit card number”) are generated by the host payment system. In case of “invalid card number” the specific reason behind the decline must be verified with the cardholder. “Invalid expiration date” response means that either the card really expired, or the expiration date specified during transaction submission and the expiration date on the card are not the same.

In some cases usage of recurring indicator might increase approval rates.

What is a ‘recurring’ indicator?

A recurring indicator is a special ‘flag’, which marks the transaction as a recurring one.

If a processed transaction is a recurring one, it should be marked with a recurring indicator. If a recurring transaction is marked with the indicator, most issuers might still approve it even if card\account expiration date is in the past.

In other words, if during some billing period the ‘invalid expiration date’ response is received by the submitter, but it is recorded that recurring payments from the card were successfully coming through during previous recurrence periods (there is a previous processing history), the transaction, bearing the ‘recurring’ indicator, might still be processed.

What is an account updater? How can credit card account updater improve approval rates?

Account updater is a service offered by issuing banks through acquirers, which allows to get updated information on a particular card of the issuer. The information can include updated holder name (if there’s been a name change), updated expiration date, updated account number (if account number has been changed due to fraud, or because card has been lost\stolen).

Account updater is a handy tool in recurring billing environment, where usage of the most up-to-date payment information can eliminate potential declines caused by invalid card numbers, or expired credit cards.

Offline Processing: Store-and-forward

The purpose of this article is to describe the store-and-forward mechanism implemented in payment gateway software in the cases when transaction processing becomes impossible due to temporary loss of connectivity with the processing “back end” (for instance, a bank) or due to some other errors.

As we explained in one of the previous articles, issues with transaction processing might be caused by one of the two conceptually different reasons: timeouts and errors. While the previous article focused on timeout handling, this one focuses on offline transaction processing, which is made possible by implementation of store-and-forward technique.

The essence of store-and-forward approach

Originally, when modems were introduced and connection was not always stable, the so-called offline transaction processing concept was developed. Usually, offline transaction processing is implemented at the level of a payment terminal (as it is a standalone device, independent from the host application). Sometimes, this solution is referred to as store-and-forward. On the basic conceptual level, the terminal stores transactions and, once connection is reestablished, it sends them to the host application for processing. The transaction is not actually submitted for processing immediately, but rather a “fake approval” is generated for the sale to be able to complete. The actual transaction information is then stored and processed once the connectivity is available. The underlying assumption, supported by the general experience, is that the card is going to be processed, and money will be available for the given transaction at a later time.

The advantage of store-and-forward mechanism is that transactions which did not go through at the time of initial attempt can still be processed later, and, in most cases, get approved.

The disadvantage of store-and-forward mechanism is that, sometimes, once the system is operational and the previously stored transaction is reattempted, it gets declined.

The systems which support offline transaction processing have to store credit card numbers for some time. Consequently, operators of such systems need to take care of PCI-compliance and respective cardholder data storage-related issues {link}. As a result, systems which do use offline processing need to implement encryption of track data or other approaches in order to minimize PCI consequences.

Offline transaction processing is most suitable for e-commerce businesses, where a customer does not get purchased product immediately after the purchase, leaving some time for transaction re-processing. The approach is also applicable for service providers (such as newspaper subscription, dating web-site subscription) because, in theory, a service can be terminated (canceled) the next day after a customer ordered it. On the other hand, retail businesses may find it difficult to use offline processing, because once a customer gets the purchased product, it is problematic to track this customer if some transaction processing issues arise after the purchase is made. That is why retail businesses usually utilize the approach only on small amounts (usually, under $50).

There are two common scenarios for offline processing implementation. In retail businesses it is usually implemented at the level of payment terminals, while, in general, the approach can be utilized at payment gateway level as well. Some processors also offer offline processing at the level of their own payment systems. Regardless of the level of its implementation, the general store-and-forward mechanism used for offline transaction processing remains conceptually the same.

Conclusions

Offline transaction processing is a relevant solution for e-commerce businesses, experiencing communication problems with the host payment processing application.

3D Secure Program

The purpose of this post is to familiarize online merchants and other merchant services industry players with 3D Secure program.

In e-commerce transactions, where the card is not physically involved, card fraud is more likely than in retail transactions. Therefore, special fraud protection measures are required, and 3D Secure is one of such.

In essence, 3D Secure is a special XML-based protocol, intended to provide additional security level for online credit and debit card transactions. 3D Secure program is implemented by Visa (as Verified by Visa), MasterCard (as Secure Code) and Amex (as Secure Key) for additional protection of cardholder data. In order to use 3D Secure service for a given card, the card-issuing bank must be enrolled in 3D Secure program.

If the card issuing bank participates (is enrolled in) the 3D Secure program, the cardholder can enroll the card and associate a special password with it. When an online purchase is made with the card, and the web-site supports 3D Secure, then additional authentication process happens, involving additional authentication factor.

The process is as follows. A customer makes an online purchase. When the time comes to pay for the purchase, the customer is redirected to the additional authentication page, where he or she enters his or her password associated with the card. As a result of the authentication a special value is generated, which is then passed to the gateway for the processing of the transaction. This value serves as the additional authentication factor (similarly to two-factor authentication described in our article on google authenticator).

If the password is invalid, the payment is not processed.

The unique value generated for 3D Secure-based authentication, associated with the card, is called Universal Cardholder Authentication Field. Visa and MasterCard implementations of the 3D Secure protocol use different methods to generate it: Visa uses Cardholder Authentication Verification Value, while MasterCard uses Accountholder Authentication Value.

A merchant who wants to enroll in 3D Secure program has to integrate with the MPI-provider and be able to transfer respective values to the payment gateway. When a merchant receives a payment request, a special Merchant Plug In (MPI) component checks if the card is enrolled in 3D Secure program. If the card is enrolled in 3D Secure, the component executes the redirect and the value is sent to the payment gateway for authentication.

The advantage of 3D Secure program for a cardholder is that if a card is stolen it is more difficult to use it for unauthorized online purchases. The advantage of the program for a merchant is that rejection of transactions which did not get through 3D Secure authentication process, potentially, reduces the number of chargebacks issued after unauthorized transactions.

Conclusion

Merchants, handling mostly online transactions and operating with international cards, are advised to enroll in 3D Secure program in order to protect themselves from potential online credit and debit card fraud.