How Recurly is Supporting Visa's Stored Credential Framework
Subscription commerce continues to expand rapidly across different industries, and card networks naturally want to stay ahead of market trends to provide the best experience. As a result, card networks like Visa and Mastercard periodically update their rules and regulations and release new requirements.
One of the announcements came from Visa in August 2017 regarding stored payment information. In order to maintain customer satisfaction in the digital payments processing world, Visa laid out a plan in its Stored Credential Framework where it requires all merchants and acquirers to include additional data values in their authorization requests to the gateway. These changes will essentially help issuing banks “identify initial storage and subsequent usage of payment credentials” for transactions. The mandate went into effect on April 30th, 2018.
How has Recurly responded?
Recurly has worked closely with Visa and all of our supported gateways to ensure compliance on behalf of our customers. As soon as Visa released the news in their Merchant Business News Digest in August 2017, Recurly began reaching out to our gateway partners to get ahead of the work required to fulfill the mandates.
Recurly’s efforts have also involved extensively testing and monitoring the changes to ensure a smooth rollout of the new transaction data values for each gateway. There is no action needed from our customers.
Benefits of this change to businesses
After merchants and acquirers implement these changes, they should expect to see an improvement in authorization approval rates, especially for recurring transactions such as subscription renewals. This improvement is due to the additional information regarding transactions that Visa is requiring. The additional data values merchants are being asked to submit are different across gateways and for various transaction scenarios.
What this information does is enable Visa to identify, for example, whether the transaction was initiated by the customer or merchant and if the customer is new or returning. Visa then routes this information to the issuing banks as part of the payment processing cycle.
Consumers benefit from this visibility into transaction types as it enables issuing banks to be more robust with their evaluation of transactions and the various risk factors. In the long term, these enhancements will help businesses realize an increase in revenue and provide a better overall user experience during the initial check-out and the subscription renewal process.
For more details, please refer to this guide, from Visa.
How can merchants facilitate the discovery process in order to comply with the new requirements?
Merchants and acquirers will need to pass specific data values in their authorization request to the gateway. While this may sound fairly straightforward, in reality there are several different data values that have to be applied to many different transaction scenarios. Additionally, each gateway has its own unique data values and requirements for each transaction scenario, such as initial-recurring, recurring, and one-time transactions.
To facilitate the discovery process on the actual change needed for each gateway, be sure to ask questions such as:
- Which data values need to be present to indicate:
- A subscription sign-up that is using new credit card information? Stored credit card information?
- If the new credit card information will be saved for future use on either one-time purchases or subscription renewals?
- How are card verification transactions handled by the new data values?
- How and when should the CVV or AVS information be passed or ignored in the authorization request?
Here is an example of how Braintree handles some of these scenarios using its transaction_source parameter.
“It has been great partnering with Recurly. They are able to keep pace with scheme changes, which helps keep our joint merchants up to date with current standards,” commented Robin Gandhi, SVP, U.S. Acquiring and Partnerships, Adyen.
Who do the new requirements impact, and what are the consequences of non-compliance?
Any business that offers subscriptions as part of their business model are required to comply with Visa’s new requirements. The impacts of non-compliance include:
- Penalties in the form of increased fees for non-compliance
- No improvement in authorization approval rates
- Potential for increased customer complaints due to a poor cardholder experience
- Increase in transaction declines
Mastercard and Discover have followed suit and are releasing their own requirements for transactions using stored payment credentials. Starting on June 12, 2018, all subscription businesses that are processing Mastercard payments will be required to submit specific transaction data values in their authorization request to the gateway. Discover has not released a compliance deadline yet.
Just as to how we responded to Visa’s Stored Credential Framework, Recurly will continue to work with the card networks and all of our supported gateways to gather various technical requirements and implement the changes, providing a seamless experience for our customers.
As rules and regulations set forth by card networks change from time to time, it can become a daunting and extremely time-consuming effort to comply with ever-changing mandates. This is why finding the right subscription management platform that invests the resources needed to be in compliance with these manadates can let you stay focused on building the best products and services for your subscribers.