GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

Out with plastic, in with devices: A new era in payments dawns

Patti Murphy

News

Industry Update

New Briefs

Views

Rehearse, review your emergency plan

Dale S. Laszig
DSL Direct LLC

2018 crystal ball: Let's have a toast

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
What makes an MLS valuable?

Steven Feldshuh
Merchants' Choice Payment Solutions East

Time to change force-post rules

Ken Musante
Eureka Payments LLC

Moving merchants: Great support or biting the hand that feeds?

Adam Atlas
Attorney at Law

Company Profile

Chetu Inc.

New Products

Seamless integrations, actionable insights

CallScore
CallRail

Inspiration

Why lie?

Departments

Letter from the editors

Readers Speak

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

January 22, 2018  •  Issue 18:01:02

previous next

Time to change force-post rules

By Ken Musante

The thought of force posts takes me back to my issuing-bank days. Paper warning bulletins were sent weekly to all merchants. If merchants wanted to accept transactions above a specific dollar amount (called the "floor" amount), they had to either electronically authorize or manually check the warning bulletin to ensure the cards being used were not listed; otherwise they would be subject to chargebacks.

Today with electronic authorizations, the floor limit for nearly all merchants is zero, and every transaction is electronically authorized. So I thought it appropriate that Visa is set to change this practice. In the Dec. 14, 2017, issue of Visa Business News, Visa outlines its requirements to minimize merchant access to force-post functionality in an article titled "Acquirer Requirements to Control the Use of Force-Post Transactions."

Most merchants never need to force post an authorization with a sale. Force posts allow merchants to manually enter a previously obtained authorization and then force route the transaction through clearing and settlement. At the time the authorization is posted or forced with the sale, it is not validated. This means that whatever code is entered is accepted, and funds are debited to the issuer and credited to the acquirer. The system forces the original authorization and capture, and that information is submitted into interchange, regardless of whether it was authorized. Later, if that transaction is disputed, and if the authorization is not valid, the issuer may initiate a chargeback, and the merchant will not have recourse.

Fraudsters can exploit force posts

Through the years, as merchants have migrated to electronic authorizations and shortened delivery time, the need to force post transactions has radically diminished, yet acquirers still set up all merchants with that functionality. Most merchants do not even realize what a force post is, and fraudsters have leveraged that fact. Specifically, they have used the force-post process to perpetrate fraud through the following schemes:

Visa moves to limit vulnerability

Consequently, Visa decided to enforce a rule change to further limit the exploitation of this vulnerability. Effective Jan. 26, 2019, acquirers must grant force-post functionality as an exception and only if warranted by a given merchant's practices. All existing merchants not specifically approved to process force-post transactions must be systematically restricted from doing so. While the details have not yet been worked through, I suspect this will necessitate a full or partial reprogramming of terminals and an update from POS providers and gateways.

I do not foresee processors updating their systems, because some merchants will still require this service, so it cannot be systematically turned down at the processor. Some merchants legitimately need to obtain an authorization prior to the sale so that they can later pair or "force" the authorization and sale.

Think about a mail order merchant who is obtaining a custom part on behalf of a cardholder. Before the merchant hunts down and buys the custom part, he or she wants to ensure the cardholder has the funds available to buy. In that instance, the merchant would be wise to authorize the transaction and, upon shipping the part, pair the authorization and sale.

Going forward, acquirers will need to specifically review and approve merchants to have force-post capabilities. Additionally, they must document the merchant's need and monitor force-post activity to ensure it is not being abused.

I suspect this subset of merchants will be required to acknowledge some additional liabilities in order to have this capability turned on. And all of us will have to again reprogram or update our base of merchants. I encourage you to review Visa's "Acquirer Requirements to Control the Use of Force-Post Transactions" directly. If you do not have the document, which was not distributed publicly, ask your acquirer for a copy.

Ken Musante is President of Eureka Payments LLC. Contact him by phone at 707-476-0573 or by email at kenm@eurekapayments.com. For more information, visit www.eurekapayments.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems