Add to collection(s) Add to saved
  1. Business
  2. Management

Card Present CID Program

advertisement 
Card Present CID Program
Merchant Implementation Guide
Contents
1 About This Document.......................................................................................................................2
1.1
Purpose.......................................................................................................................................2
1.2
Additional Resources....................................................................................................................2
2 Overview of Card Present CID Program............................................................................................2
2.1
Merchant Eligibility.......................................................................................................................2
2.2
Card Present CID Program Requirements.........................................................................................2
2.2.1
Card Present CID Description...........................................................................................2
2.2.2
Additional Zip Code Authentication Requirements for Swiped Transactions............................3
2.3
Card Present CID Program Enrollment Process.................................................................................3
2.4
Card Present CID Program Implementation......................................................................................3
2.4.1
Technical Requirements Supporting Card Present CID..........................................................3
2.4.2
Technical Requirements Supporting Zip Code Authentication................................................4
2.4.3
Card Present CID Program Operating Requirements............................................................5
©2009 DFS Services LLC
1
1.
About This Document
1.1
Purpose
This document serves as an implementation guide for Merchants seeking to participate in the
Card Present CID Program offered by Discover Network. The Card Present CID Program is designed
to provide Merchants with increased protection against fraud and as an alternative to retaining Card
imprints for keyed Card Sales. This implementation guide is provided for the convenience of
Merchants to summarize program requirements in the Operating Regulations and Technical
Specifications. In the event of a conflict between the terms of this implementation guide and the
Operating Regulations, the Operating Regulations shall govern. Capitalized terms used in this
document are defined in the Operating Regulations.
1.2
Additional Resources
Information about the Card Present CID program is available as follows:
•
Card Present CID Program overview at www.DiscoverNetwork.com
•
Discover Information Security and Compliance (DISC) requirements for Merchants, located at
discovernetwork.com/fraudsecurity/disc.html
•
PCI DSS information is provided at pcisecuritystandards.org/
Contact your Relationship Manager or Account Executive to receive your copy of any of the
documents listed above.
2.
Overview of Card Present CID Program
2.1
Merchant Eligibility
The Card Present CID Program is available to Merchants that meet the following criteria:
•
Offered Card Acceptance by Discover Network and accept Cards in the United States
•
Accepted at least one million (1,000,000) Discover Network Card transactions in the 12 months
prior to enrollment
•
ocumented compliance with the Security Requirements described in the Operating Regulations,
D
including, without limitation, Payment Card Industry Data Security Standard (PCI DSS) and
DISC requirements
Merchants must be approved by Discover Network to participate in the program. The approval
process is described in Section 2.3 below.
2.2
Card Present CID Program Requirements
2.2.1
Card Present CID Program Description
The Card Present CID Program is a Discover Network fraud prevention tool for CardPresent Card Sales. Rather than capturing and retaining Card imprints, eligible Merchants
who participate in the Card Present CID Program may submit CID in the authorization
request for keyed Card Present Card Sales where the POS Device is unable to read the
magnetic stripe on the Card. If CID is submitted in the Authorization Request, and the
2
participating Merchant receives an approved Authorization Response, the Merchant is not
required to obtain or retain a Card imprint for the keyed Card Present Card Sale.
Note: Eligible Merchants must be approved to participate in the Card Present CID
Program and submit CID with the Authorization Request for each keyed Card Present
Card Sale to avoid retaining Card imprints. If a Merchant or POS Device is unable to
submit CID with the Authorization Request for a keyed Card Present Card Sale, the
Merchant must obtain and retain a Card imprint for such a Card Sale even if the
Merchant is approved to participate in the Card Present CID program. In addition,
Merchants that have not been approved for Card Present CID may not submit the CID to
avoid retaining imprints.
2.2.2
Additional Zip Code Authentication Requirements for
Swiped Transactions
Merchants seeking to participate in the Card Present CID program may be required by
Discover Network to implement a Zip code authentication for swiped Card Sales above
a predetermined dollar threshold in order to participate in the Card Present CID program.
To perform a Zip code authentication, the Merchant’s POS Device should prompt for the
Cardholder’s Zip code after the Card is swiped into the POS Device. The Cardholder’s Zip
code should then be submitted with the Authorization Request. Further details regarding
implementation of a Zip code authentication are described in Section 2.4.2 below.
2.3
Enrollment in Card Present CID Program
This section describes enrollment and implementation requirements for Merchants seeking to
participate in Discover Network’s Card Present CID Program. Relationship Managers and Account
Executives will assist Merchants with program application process and are available to
answer questions.
Eligible Merchants may submit an enrollment request to their Relationship Manager or Account
Executive. Discover Network will evaluate such requests and shall determine whether Merchants are
permitted to participate in the Card Present CID program:
As part of the enrollment process, Merchants may be asked to document their compliance with the
Security Requirements identified in the Operating Regulations, including, Payment Card Industry
Data Security Standard (PCI DSS). The Discover Information Security and Compliance (DISC)
program describes the requirements for compliance documentation at
discovernetwork.com/fraudsecurity/disc.html
Relationship Managers or Account Executives will notify Merchants of Discover Network’s
enrollment decisions. As a condition of participation in the program, Discover Network may require
Merchants to implement Zip code authentication as described in Section 2.4.2 below which will be
communicated along with enrollment decisions.
2.4
Card Present CID Program Implementation
2.4.1
Technical Requirements Supporting Card Present CID
Merchants approved by Discover Network to participate in the Card Present CID Program should
update their systems to submit the CID with the Authorization Request for keyed Card Present Card
Sales. CID is submitted using Field #126 of the Authorization Request as described below:
3
•
F or keyed Card Sales, the POS Device should prompt for the entry of CID prior to the
transmission of the Authorization Request.
•
T o submit CID, the POS Device should insert the following information in the
Authorization Request:
– Field #126, position 1 should be set to “1”.
– F ield #126, positions 2–5 should contain the CID. The CID may have a value of up
to 4 digits in length. If the value is less than 4 digits, the CID will be left justified and
space filled.
•
N
ote that for keyed Card Sales, if Field #126, position 1 is set to anything other than
“1”, the Merchant is required to obtain and retain a Card imprint, or the Card Sale
may be subject to dispute.
After an Authorization Request is transmitted by the POS Device, CID should NOT be
stored or retained by the POS Device or any other system operated by the Merchant.
When the Merchant receives an Authorization Response for a keyed Card Sale that
includes CID, in the Authorization Request the following actions should be taken:
•
If the value of the Response Code in Field #38 of the Authorization Response indicates
approval, the Merchant is not required to obtain or retain a Card imprint for the keyed
Card Sale.
•
M
erchants should ignore the value in Field #44, position 2, even if the value in this
field indicates a mismatch
– T he value in Field #44, position 2 will not cause a Card Sale to be subject to Dispute.
– M
erchants should not approve or deny a Card Sale based on the value in Field #44,
position 2.
2.4.2
Technical Requirements Supporting Zip Code Authentication
Merchants utilizing a Zip Code authentication for swiped Card Sales should update their systems to
prompt for and accept the Cardholder’s Zip code with an Authorization Request. Cardholders’ Zip
codes are submitted in Field #63 of the Authorization Request as described below:
•
F or swiped Card Sales in the amount of or that exceed the minimum dollar amount
specified by Discover Network for such Merchant, the POS Device should prompt for
entry of the Cardholder’s Zip code prior to transmission of the Authorization Request.
•
T he POS device should insert the following information into the Authorization Request:
– F ield #63, positions 1–9 should contain either the 5-digit Zip code (left justified with
four positions space filled) or the 9-digit ZIP code.
– Field #63, positions 10–14 (street address) should be space filled
After an Authorization Request is transmitted by the POS Device, the Zip code should NOT
be stored or retained by the POS Device or any other system operated by the Merchant.
When the Merchant receives an Authorization Response for a swiped Card Sale that
includes a Zip code Authentication, the following actions should be taken:
4
•
If the value of the Response Code in Field #38 indicates approval, the Merchant may
continue to process the Card Sale.
•
M
erchants should not ignore the value in Field #44, position 1, even if the value in this
field indicates an AVS mismatch.
•
M
erchants should not approve or deny a Card Sale based on the value in Field #44,
position 1.
Card Present CID Program Operating Requirements
2.4.3
Participating Merchants shall comply with the following requirements in connection with the Card
Present CID Program. Failure to maintain compliance with the program requirements may result in
the Merchant’s termination of participation in the program.
•
V
alidate compliance with Security Requirements indicated in the Operating
Regulations, including DISC program requirements, by either the 12-month anniversary
date of the last compliance validation or upon request from Discover Network,
whichever is earlier.
•
C
onduct, no less than quarterly, employee training on the Card Present CID Program
procedures, including refresher training on identifying valid Discover Network cards. See
Operating Regulations for characteristics of valid Cards.
•
M
aintain compliance with the most current release of Authorization Interface of the
Technical Specifications.
•
E
xceptions to compliance with the Authorization Interface must be approved by
Discover Network before Discover Network will approve participation in the Card
Present CID Program.
In addition, participation in the Card Present CID Program may be terminated by Discover Network,
without limitations, under any of the following conditions:
•
T he Merchant’s fraud rate for keyed, Card Present Card Sales exceeds 1% of total
sales volume.
•
T he Merchant is required as a condition of participation in the Card Present CID
Program to submit Zip code authentification for swiped Card Sales over a specified
dollar amount, but has failed to properly do so.
•
The Merchant has suffered a suspected or known breach of Security Requirements.
•
The Merchant is not in compliance with Card Present CID Program requirements.
Discover Network Relationship Managers or Account Executives will notify participating Merchants
if any of the conditions above exist. In certain cases, Merchants will be provided with a time period
during which the requirements must be met in order to continue participation in the Card Present
CID Program.
5
Related documents
Assignment#4 with solution
Assignment#4 with solution
Form-3.5
Form-3.5
Authorization Request Medical/Surgical Services
Authorization Request Medical/Surgical Services
2015 RFI Memo
2015 RFI Memo
denote algebra
denote algebra
Figure S1 - Springer Static Content Server
Figure S1 - Springer Static Content Server
authorization for emergency medical treatment
authorization for emergency medical treatment
Download
advertisement