BB&T Merchant Services Reference Kit with a host of products and services that ... Branch Banking...

I M P O RTA N TI N F O R M AT I O N

E N C L O S E D

BB&T Merchant ServicesReference Kit

Welcome to BB&T Merchant Services

Thank you for choosing BB&T as your Merchant Services provider. BB&T has been

providing payment processing solutions to businesses like yours for more than

35 years and has been consistently ranked as one of the top small-business-friendly

banks in the nation. We look forward to servicing your credit card acceptance

needs with a host of products and services that will help your business increase

sales and customer loyalty.

As a BB&T Merchant Services client, you can be confident that BB&T will

provide you with resources and tools to help you grow your business

more effectively. This Reference Kit has been designed to help you

get star ted as well as to identify potential fraud, reduce chargebacks,

ensure compliance, and provide tips for easier processing. These

valuable tips and strategies were developed to help make accepting cards simple

and safe. We hope you find it useful.

If you have questions regarding your account, please contact the Merchant Client

Support Center at 1-877-MRCHBBT (672-4228) or [email protected].

Our hours of operation are 8:30 a.m. - 9 p.m., Monday through Friday.

Again, thank you for choosing BB&T.

The information in this packet includes summaries of certain requirements imposed as of May 2011 by BB&T, the Card Associations and applicable law relating to merchant acceptance and processing of credit and debit card transactions. This packet is not meant to be a detailed description or a complete listing of all these requirements or of your obligations. We urge you to read your merchant agreement with us, the rules and regulations of the Card Associations and applicable law in order to understand fully all of your obligations as a merchant accepting card transactions and, if appropriate, consult with your own legal advisor. We also note that these requirements may change over time, and that you will be responsible for complying with any such changes as they come into effect.

BB&T Merchant Services are subject to business type and credit approval and are provided by Branch Banking and Trust Company, Member FDIC.

BB&T Merchant Ser v ices – We l c o m e

BB&T Merchant Services Reference Guide

TABLE OF CONTENTS

Getting Started Client Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1

Clients Using Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2

Clients Using Software or Payment Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3

Clients Using DialPay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3

Daily Processing Card Acceptance Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.1

Card Processing Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.3

Key-Entered Transactions/Obtaining Manual Imprints . . . . . . . . . . . . . . . . . . . . . . . . 2.4

Understanding Interchange/Minimizing Processing Costs . . . . . . . . . . . . . . . . . . . . . . 2.8

Your Merchant Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.12

Maintaining Your Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.15

If Your Terminal Breaks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.15

Loss Prevention Card Identification Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1

Code 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5

Fraud Prevention Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.6

CVV2/CVC2 Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.7

Address Verification Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.8

Understanding and Avoiding Chargebacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.13

Data Security/Compliance Payment Card Industry Data Security Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1

If You Have a Security Breach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4

Merchant Website Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5

Customize Your Solution BB&T Merchant Connection Web Based Reporting . . . . . . . . . . . . . . . . . . . . . . . . . 5.1

Check Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2

Gift Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4

Other Card Types (AMEX, PCARD, WEX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5

BB&T Bankcards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.6

Glossary/Resources Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1

Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4

BB&T Merchant Ser v ices – Ta b l e o f C o n t e n t s

CLIENT SUPPORTRC BB erchantsupport an t co

echnical an ter inal support is a aila le hours a ay ays a eekenu Options

• If you are experiencing terminal or printer malfunction or terminal error messages, or if you need assistance with terminal operation, Press 1 to access the technical help desk. Please choose the technical help desk that supports your terminal.

- For TSYS Acquiring Solutions (formerly Vital), Press 1. - For lobal, Press 2. - For Paymentech Press 3. - For NDC, Press 4. - For FDR, Press 5. - If you do not know your technical support provider, Press 0 for BB&T Client Support.

• For supplies, Press 2.• For retrieval requests or for inquiries about a chargeback you recently received, Press 3.• For questions regarding the BB&T PCI-DSS Certification Program, Press 4.

- If you are experiencing issues with logging in to the Trustwave web portal, need assistance using the Trustwave web portal, or have general questions about your PCI compliance status, Press 1 to be connected with Trustwave Technical Support. - For questions about PCI Fees, statement questions, or general questions about the BB&T PCI-DSS Certification program, Press 2.

• For support with Check Services, ift Cards, or Virtual Terminal applications, Press 5. - For BB&T payment gateway, powered by Authorize.net, Press 1. - For BB&T Virtual point of sale, powered by lobal Payments, Press 2. - For ift Card Services, Press 3. - For T-Tech Check Services, Press 4. - For lobal Payments Check Services, Press 5. - To speak with a Client Support Representative regarding your account, Press 0.

• To speak with a BB&T Client Support representative regarding your BB&T Merchant Services account, Press 0. ur office hours are :30 a.m. – p.m. ET, Monday through Friday.

elp esk ticker ncloseNeed terminal or transaction assistance Service and support for your credit card and check authorization equipment is just a phone call away

Affix the Help Desk sticker included in your welcome package in a secure, non-public location close by the credit card terminal or computer used for payment processing. Call the toll-free number on the sticker and reference the account information whenever you need credit card related assistance.

.BB erchant er ices – G e t t i n g S t a r t e d

Merchant ID #: BBT

Terminal ID #: V1234567

General Inquiries:

TSYS Technical Support - Help Desk:

Supplies:

Voice Authorizations:

800-552-8227

800-300-3328

800-291-4840

877-672-4228

CLIENTS USING TERMINALS

Clients urchasing er inals

Now that you have received your terminal, it’s time to start processing transactions. In most cases, your terminal is ready to process transactions straight out of the box. Please take a few minutes to ensure that all of the necessary devices (terminal, PIN Pad, or check readers), power units, and cords have been included in your package. If anything appears to be missing or if the terminal is not the one you expected to receive, contact the Merchant Client Support Center at - 77- 72-422 .

Clients ith isting er inals

By the time you are reviewing this kit, you may already be processing with BB&T if so, Welcome However, if you have not received your terminal programming to start processing transactions with BB&T, you may call - - 34-2 25 to obtain your new download. The download process should only take a few minutes.

erchant er inal raining

To help you get started processing transactions successfully, BB&T Merchant Services is pleased to offer multiple training options at no charge. Terminal training includes instructions on how to:

• Properly install your credit card terminal

• Process sales and refunds

• Settle batches

• Run reports

• And much more

Based on account set-up instructions and the type of terminal you are using, you may have indicated that you prefer to complete the training process by viewing online training videos. You can access the online training site by visiting:

BBT.com/merchanttraining

Enter your 5-digit merchant account number to access the online training video. You can view this video as many times as you like. Additional resource documents are also available online.

Instead of online training, you may have requested training via telephone. If so, one of our associates will soon contact you to schedule or perform the training and answer any questions you may have. If you prefer not to wait, you may call the Training Help Desk at - - 34-2 25 to schedule training at a time convenient for you and your sales associates.

If you did not initially request training but would now like to receive training, please call the BB&T Merchant Client Support Center at - 77- 72-422 and we will be glad to schedule training for you.

.2BB erchant er ices – G e t t i n g S t a r t e d

C G R R Y O W R OR Y G W Y

By the time you are reviewing this you may already be processing with BB&T if so, Welcome In order to begin processing through your new merchant account, you or your software provider may need specific information from BB&T to configure your software correctly. Depending on your specific software, we may provide a form to you via email containing the basic information necessary. However, certain software providers require special parameter forms to be completed prior to configuration and/or installation of your software. If your software provider requires information from you that we have not supplied, please contact the Merchant Client Support Center at - 77- 72-422 . We will be happy to assist you by supplying the specific information requested by your software provider.

Note: If you purchased software through BB&T, your installation or activation disk will provide instructions for getting started. Training may be available for software purchased through BB&T; contact the Merchant Client Support Center for more information.

If you signed up for the BB&T Virtual Terminal or Payment ateway solution, you will receive a welcome email that includes account set-up and training information. If you chose to process using the BB&T Virtual Terminal, you can access the online training site by visiting:

BBT.com/merchanttraining

Enter your merchant account number to access the online training video. This training video covers topics such as installing hardware devices, configuring computer settings, logging in to the virtual terminal, and processing common transactions. You can view this video as many times as you like. Additional resource documents are also available online.

For all BB&T Virtual Terminal and Payment ateway solutions, you can also schedule a training session with a training specialist by calling - 77- 72-422 , option 0. If you have ordered equipment, please wait until you have received your equipment to schedule your training. ur training specialist will help you set up the devices.

Certain settings in your so t are ill a ect your transaction costs your a ility to pre ent rau an charge acks an your co pliance ith Car ssociation rules t is your responsi ility to ensure the settings esta lishe in your so t are are the ost appropriate or processing your transactions n a ition co pliance ith ata ecurity tan ar s esta lishe y the Car ssociations is critical urther etails on these topics are pro i e throughout this Re erence it

C G YDialPay is a processing option that allows authorization and capture of transactions via a touch-tone telephone instead of a credit card terminal. This option should only be used by merchants who have an infrequent need to process transactions. If your account was set up to process transactions in this manner, a booklet entitled DialPay Authorization with Capture Operating Guide has been included in the welcome package you may have already received. The DialPay guide contains all of the information you need to process your transactions.

ll ial ay erchants shoul e processing transactions using the ress Verification er ice as escri e on page or Car resent transactions anual i prints as e plaine on page shoul e o taine or Car ot resent transactions ial ay erchants shoul a here hene er possi le to the rau re ention Gui elines on page

.3 BB erchant er ices – G e t t i n g S t a r t e d

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

CARD ACCEPTANCE POLICIESDollar Minimums and MaximumsYour business may set a minimum transaction amount to accept a credit card, as long as the minimum transaction amount does not exceed $10 (or any higher amount established by the Federal Reserve Board by regulation) and does not differentiate between issuers or between card networks. Your business may impose a maximum on credit card transactions if you are a federal agency or institution of higher education. Your business may not impose a minimum or maximum on a debit or prepaid card.

No SurchargingAlways treat card transactions like any other transaction; that is, do not impose any surcharge on a transaction. You may, however, offer a discount for cash transactions, provided that the offer is clearly disclosed to customers and the cash price is presented as a discount from the standard price charged for all other forms of payment.

TaxesInclude required taxes in the total transaction amount. Do not collect taxes separately in cash. This policy reflects the needs of the many Visa, MasterCard, and Discover Network cardhold-ers who must have written records of the taxes they pay for goods and services.

Split SalesPrepare one sales receipt per transaction, using the full transaction amount. Merchants are not allowed to split the cost of a single transaction on a single cardholder account between two or more sales receipts in order to avoid authorization limits.

Laundering Deposit transactions only for your own business. Depositing transactions for a business thatdoes not have a valid merchant agreement is called laundering or factoring. Laundering is not allowed; it is a form of fraud associated with high chargeback rates and the potential for forcing merchants out of business.

No Cash RefundsComplete a credit receipt for merchandise returns or adjustments. Do not provide cash refunds for returned merchandise originally purchased with a card. Visa and Discover Network does not permit cash refunds for any credit or debit card transaction. By issuing credits, you protect your customers from individuals who might fraudulently make a purchase on their account and then return the merchandise for cash.

Delivery of Goods and ServicesDeliver the merchandise or services to the cardholder at the time of the transaction. Cardholders expect immediate delivery of goods and services unless other delivery arrangements have been made. For card-not-present transactions, cardholders should be informed of delivery method and tentative delivery date.

2.1BB&T Merchant Ser v ices – D a i l y P r o c e s s i n g

sking or entificationAlthough payment network rules do not preclude merchants from asking for cardholder ID, merchants cannot make an ID a condition of acceptance. Therefore, merchants cannot refuse to complete a purchase transaction because a cardholder refuses to provide ID. The pay-ment networks do not allow merchants to ask for ID as part of their regular card acceptance procedures. Laws in several states also make it illegal for merchants to write a cardholder’s personal information, such as an address or phone number, on a sales receipt. You may ask for ID if the card is not signed; you must have the cardholder sign it and check the signature against two other pieces of identification, including one government issued ID.

Zero-Percent AuthorizationsMerchants should not estimate transaction amounts. For restaurant merchants, in particular, this means debit or credit card transactions should be authorized only for the known amount of the check. Do not add on an estimated tip.

Cardholders today can check their account balances almost instantly via the Internet or ATMs. An authorization that includes an estimated tip can reduce their available cash or credit balance by an unrecognizable amount.

Say, for example, a cardholder’s restaurant bill is $100, but the staff adds on a 20 percent tip – that is, $20 – for authorization purposes. If the cardholder only adds on a $15 tip, or leaves the tip in cash, the authorization “hold” on the larger amount may make it appear he or she was overcharged. And that, in turn, can mean angry phone calls from unhappy customers – and the potential for reduced business.

To ensure zero-percent tip authorization for all transactions, restaurant merchants should:

nstruct sta to authori e only or the check a ount Your staff training and review materials should emphasize the importance of authorizing only for the known amount of the check, excluding any estimated tip.

nsure your authori ation syste is set up or ero percent authori ation

For further information on zero-percent tip authorization, contact the Merchant Client Support Center.

No Transactions on Merchant’s Own CardMerchants should not use your own card, or one to which you have access, to process a transaction for the purpose of obtaining credit for your own benefit.

2.2 BB&T Merchant Ser v ices – D a i l y P r o c e s s i n g


CARD PROCESSING PROCEDURES

Doing It Right at the Point of Sale

Whether sales associates are experienced or new to the job, they will accept cards correctly the first time and every time if they follow a few basic procedures. The illustration below provides an overview of the card acceptance steps that should be followed at the point of sale.

Illustration of Card Acceptance

It Pays to Swipe the Stripe

n the back of every card, you’ll find a magnetic stripe. It contains the cardholder name, card account number, and expiration date, as well as special security information designed to help detect counterfeit cards. When the stripe is swiped through the terminal, this information is electronically read and relayed to the Issuer, who then uses it as crucial input for the authorization decision.

Swipe the card to request the transaction authorization. Hold the card throughout the transaction.

Swipe the card to request the transaction authorization. Hold the card throughout the transaction.

While the transaction is being processed, check the card’s features and security elements to make sure the card is valid and has not been altered in any way.

Obtain authorization and get the cardholder signature on the transaction receipt.

Compare the name, number, and signature on the card to those on the transaction receipt.

1

2

3

4

See page 3.4 for information on Code 0 calls.

If you suspect fraud, make a

Code 10 call*.

Verifying the Account Number

Most P S terminals allow merchants to verify that the account number embossed on the front of the card is the same as the account number encoded on the card’s magnetic stripe. How you check the numbers depends on your POS terminal. In some cases, the magnetic stripe number is displayed on the terminal. In others, the terminal may be programmed to check the numbers electronically. In such instances, you will be prompted to enter the last four digits of the embossed account number, which will then be matched against the last four digits of the account number on the magnetic stripe.

If the account number is printed on the receipt, only the last four digits will be used in many cases. If the numbers don’t match, you will receive a “No Match” message. In such instances, you should make a Code 10 call.*

KEY-ENTERED TRANSACTIONS

If a Card Won’t Read When Swiped

In some instances, when you swipe a card the terminal will not be able to read the magnetic stripe or perform an authorization. When this occurs, it usually means one of three things:

• The terminal’s magnetic-stripe reader is not working properly.

• The card is not being swiped through the reader correctly.

• The magnetic stripe on the card has been damaged or demagnetized. Damage to the card may happen accidentally, but it may also be a sign that the card is counterfeit or has been altered.

If a card won’t read when swiped, you should:

• Check the terminal to make sure that it is working properly and that you are swiping the card correctly.

• If the terminal is , take a look at the card’s security features to make sure the card is not counterfeit or has not been altered in any way.

• For key-entered or voice-authorized transactions, make an imprint of the front of the card. The imprint proves the card was present at the point of sale and protects your business from potential chargebacks if the transaction turns out to be fraudulent. The imprint can be made either on the sales receipt generated by the terminal or on a separate manual sales receipt form signed by the customer.


IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

All POS terminals and systems are required to provide account number truncation on electronically printed transaction receipts. This means that only the last four digits of an account number should be printed on the customer’s copy of the receipt, and the expiration date should not appear at all. All POS terminals and systems must now comply with these requirements.

he erchant copy o the receipt ay e re uire to re ect no ore than the last our or fi e digits of the cardholder account number depending upon state or local legislation enacted in the jurisdiction of Merchant’s location. It is Merchant’s responsibility to determine requirements of and comply with local and/or state legislation as applicable. If the full card number does appear on the Merchant’s copy, please make sure the correct receipt, the cardholder copy, is provided to the customer. If the full card number does not appear on the Merchant copy, we suggest you print out a batch detail report before closing out in order to have a record of the full card number. Retain in a secure location.

See page 3.4 for information on Code 0 calls.


ey-entered transactions are fully acceptable, but they are associated with higher fraud and higher

chargeback rates. ey entered transactions may increase your processing costs because of the

increased risks.

MER

CH

AN

TT

IP

Find Causes and Look for Solutions

If a large percentage of your transactions are key entered, you should investigate the situation and try to find out why. The following chart summarizes the most common reasons for high key-entry rates and provides possible solutions.

KEY-ENTRY CAUSE SOLUTION

Damaged Magnetic-Stripe Readers Check magnetic-stripe readers regularly to make sure they are working.

Dirty Magnetic-Stripe Readers Clean magnetic-stripe reader heads several times a year to ensure continued good use.

Magnetic-Stripe Reader Obstructions Remove obstructions near the magnetic-stripe reader. Electric cords or other equipment could prevent a card from being swiped straight through the reader in one easy movement.

Spilled Food or Drink Remove any food or beverages near the magnetic stripe reader. Falling crumbs or an unexpected spill could soil or damage the machines.

Anti-Theft Devices that eep magnetic anti-theft deactivation devices away from any counter Damage Magnetic Stripes area where customers might place their cards. These devices can erase a card’s magnetic stripe.

Improper Card Swiping • Swipe the card once in one direction, using a quick, smooth motion. • Never swipe a card back and forth. • Never swipe a card at an angle this may cause a faulty reading.

Special Guidelines Regarding Unembossed CardsUnembossed CardsVisa, MasterCard, and Discover Network both offer unembossed cards to accommodate a changing payment environment. Some cards now have laser-engraved or thermal printing of the account number, presenting a smooth appearance to the face of the cards. Traditionally, these cards were issued outside the United States; however, the cards are now offered for products such as prepaid and gift cards. Below we have provided a list of frequently asked questions regarding unembossed cards.

How do you identify an unembossed card?MasterCard has branded it’s card offering as “MasterCard Electronic” and the logo on the card reflects this terminology. Visa, and Discover Network cards will indicate “electronic use only” on the face of the card. Card numbers on both cards are smooth in contrast to raised numbers on the cards we are familiar with today.

Who can accept unembossed cards?Unembossed cards work just like any other card at the point-of-sale. Any merchant utilizing an electronic payments terminal, which is capable of reading the magnetic stripe, can accept the card.


Directions for Processing Credit Cards Using Manual Imprint

1

2

9

3 4

8

5 6

7

1

2

10

3 4

8

5

7

Imprint of credit card number will show here.

Imprint of plate showing merchant number, name, and state will show here. If imprint of merchant plate is unavailable, write in the mer-chant name and place of business. (Merchant account number is not required).

Enter description of sale, ex. gift cards, merchandise, etc.

Enter the amount of each sale.

Enter the date of each sale.

Enter the authorization number from Visa or MC.

Enter reference number on the receipt from the terminal.

Enter amount of total transaction.

If cardholders sign the terminal receipt, they are not required to sign manual imprint receipt. Attach the merchant copy to the terminal copy for the merchant’s file.

If manual imprint receipt is used to issue a credit, the merchant has to sign to authorize the credit.

1

2

8

3

4

9

105

6

7

If the magnetic-stripe read fails, what can the merchant do?Visa and Discover Network recommend that the merchant request another form of payment. Because the card is not capable of being imprinted, the merchant would have to hand-write the card number on the sales draft and/or key-enter the transaction. Visa and Discover Network advise that merchants who accept an unembossed card without a swipe do so at their own risk, and could be subject to a “Missing Imprint” chargeback should the issuer dispute the transaction. MasterCard’s requirements indicate their MasterCard Electronic card cannot be processed if the swipe cannot be completed. N hand-keyed transactions or hand-written sales drafts are allowed. The cardholder must be physically present in order to complete a transaction. If the card is valid only in a country different from where the merchant establishment is located, the card may not be accepted.

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

A manual imprint must NOT consist of an impression taken from the card using pencil, crayon or other writing instrument.


Partial Authorizations, Authorization Reversals, and Balance Responses

MasterCard and Discover Network require that most merchants, depending on merchant category code (MCC), support the processing of partial authorizations, real-time full authorization reversals, and balance response transactions.

• Partial authorizations When a customer’s transaction amount exceeds the balance available on their debit, prepaid or gift card, instead of declining the transaction, a partial authorization for the amount available to the customer will be returned. This will allow the customer to pay for the remaining amount with another form of payment. This is called a split-tender transaction.

• Real-time full authorization reversals An authorization reversal is a real-time transaction initiated when the customer decides that they do not want to proceed with the transac-tion, or if the merchant cannot complete the transaction for any reason. Authorization reversals free up the customer’s available balance on their debit, prepaid or gift card.

• Balance response transactions For prepaid and gift cards, once the card has been used, the remaining account balance will be transmitted along with the authorization response. The remaining balance must be printed on the customer receipt, displayed on the Web page or point-of-sale terminal, or both.

If you are currently processing through third party software or through a payment gateway, we recommend you reach out to your technical software contact to see if there is anything you need to do to comply. If you are using a credit card terminal to process payments, any full download, partial download, or terminal update will enable the partial authorization func-tionality. Regardless of the processing method, BB&T recommends that you train your staff to look at the receipt to verify that no additional balance is due for purchases.

Note: Certain transaction types such as batch uploads, mail order/telephone order (MOTO), and recurring payment transactions are exempt from these requirements.

Authorization

The authorization process allows the card issuer to approve or decline a transaction. In most cases, authorizations are processed electronically in a matter of moments. However, to protect against fraud, the card issuer may request additional information about the transaction. If properly done, authorizing a transaction is quick and easy and protects merchants against fraud and chargebacks.

Authorization should be seen as an indication that account funds are available at the time of authorization and a card has not been reported as lost or stolen. It is not proof that the true cardholder or a valid card is involved in a transaction. It is highly recommended and in your benefit to settle all authorized transactions daily or within 24 hours of the time of the authorization. Settling in this manner may prevent chargebacks and will prevent additional interchange fees.

MER

CH

AN

TT

IP


UNDERSTANDING INTERCHANGE/MINIMIZING PROCESSING COSTS

Q: What is interchange?

A: Interchange is the fee that merchant-acquiring institutions must pay card-issuing institutions to help offset card issuers’ processing costs and cost of funds. Revenue from interchange fees permits issuers to offer consumers value-added card products at lower prices. This helps increase card availability and usage, which benefits merchants through incremental sales and displacement of other more expensive forms of payment. Interchange rates are set and governed by Visa, MasterCard, and Discover Network, and are the same for all card-issuing and merchant-acquiring institutions. Such control helps maintain the integrity of the most widely used, complex electronic payment system in the world.

hat are non- alified transactions

A: Visa, MasterCard, and Discover Network establish interchange fees for transactions based on the data submitted and the risk associated with the particular transaction. Your merchant account and the agreed-upon rates and fees are based on an interchange level that is established according to your processing method and business type. A non-qualified transaction is a transaction that does not qualify at the expected level because it does not meet Visa, MasterCard, and Discover Network requirements for that level. Your account will be billed the difference in cost between the expected interchange rate and the interchange level at which the transaction actually qualified plus a surcharge.

For example: The interchange level established for an account may require that the card be present and swiped as part of the transaction. The interchange rate is lower because more magnetic stripe content data is submitted and since the card is present, there is lower associated risk. If the card is not present or swiped, the transaction will not meet the requirements for the established interchange level, will be considered non-qualified, and will cost more to process.

hy is a s rcharge assessed on non- alified transactions

A: Merchant-acquiring institutions assess a surcharge to cover the additional handling costs associated with non-qualified transactions, such as increased processing and operational expenses.

hat can do to red ce the n er of non- alified transactions have and minimize my transaction costs?

A: To minimize processing costs and ensure that your transactions are clearing at the best possible interchange rate, you should observe the best practices referenced below as indicated for your processing method and business type. For additional advice on reducing transaction processing costs, please contact our Merchant Client Support Center for assistance.

Retail / Face-to-Face Merchants:

• Card-swipe all of your transactions.

• Electronically authorize all transactions.

• btain one authorization per transaction.

• Voice authorized or “forced” transactions will not be eligible for the qualified rate.

• Settlement amount must equal the authorized amount for signature debit (non-PIN) transactions.

• All transactions must be settled within 24 hours of the authorization.

• Indicate the card is present (by transaction type or at appropriate prompt) and perform Address Verification

Services (AVS) on key-entered transactions a full AVS match must be received on the cardholder’s billing zip

code to qualify for the best non-qualified rate.

• For MasterCard transactions: The settlement amount for each transaction must be within 25 of the authorized

amount for Beauty Salon transactions and within 0 of the authorized amount for all other transactions.

• For Discover Network transactions: The settlement amount for each transaction must be within 20 of the

authorized amount for Beauty/Barber Shops and Taxicabs/Limousines and within 0 of the authorized amount

for all other transactions.

Restaurant Merchants:



• btain one authorization per transaction.

• Voice authorized or “forced” transactions will not be eligible for the qualified rate.

• All transactions must be settled within 24 hours of the authorization.

• Indicate the card is present (by transaction type or at appropriate prompt) and perform Address Verification

Services (AVS) on key-entered transactions a full AVS match must be received on the cardholder’s billing zip

code to qualify for the best non-qualified rate.

Hotel Merchants:



• Settlement amount must equal the authorized amount.

• Settle your terminal daily.

• Include a Room or Folio number on all transactions.

• Include the Check-in and Check-out date on all transactions.

• Indicator for Ancillary charges and No-show charge is required.


Card Not Present - Mail/Phone Order Merchants:


• Perform Address Verification Services (AVS) on all transactions.

• Purchase Identifier (Invoice number and/or customer order number) must be included on all transactions.

• The customer service phone number is required in settlement record.

• The purchase date is the shipment date and must be within seven days after the authorization

date or one day prior to the authorization date.

• Transactions must be settled within two days of the purchase date.

• Settlement amount must equal the authorized amount.

• Transaction must be properly identified as Mail/Phone rder with the appropriate M T indicator.

• Bill Payment transactions must be properly identified with a Market Specific Indicator of “B”, ACI of “Y” and

processing code of “50” and a M T indicator of “0 ” for one payment, “02” for recurring payment and

“03” for installment payment. The first or initial transaction must be properly identified as Mail/Phone rder

subsequent transactions must be properly identified as Recurring.

• Transaction identification is usually handled automatically by a merchant’s transaction-processing system

however, you should check with your software provider to confirm that your system is properly set up.

Card Not Present - Internet/Electronic Commerce Merchants:


• Perform Address Verification Services (AVS) on all transactions.

• Purchase Identifier (Invoice number and/or customer order number) must be included on all transactions.


IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

ON ALL TRANSACTIONS:

Make sure your credit card equipment is functioning properly. Do not bypass any terminal or so t are pro pts or specific ata oing so ill a ect your transaction costs your a ility to prevent fraud and chargebacks, and your compliance with Payment Network rules. If you are a merchant using third-party software, ensure the settings established in your software are the most appropriate for the processing nature of your business.

Business-to-Business Transactions

In order to ensure that transactions conducted with Business, Corporate or Purchasing Cards clear at the best possible interchange rate, you should observe the best practices referenced above as applicable to your processing method and business type. In addition, provide the enhanced data below:

For Business and Corporate Cards:

• Submit the Tax Included Indicator and Sales Tax Amount (amount must be between 0. and 22

of the transaction amount for Visa and and 30 of the transaction amount for MasterCard).

For Purchasing Card transactions only:

To meet Level II Enhanced Data requirements:

• Submit the Tax Included Indicator and Sales Tax Amount (amount must be between 0. and 22

of the transaction amount for Visa and and 30 of the transaction amount for MasterCard).

– Customer Code (as provided by cardholder) is required at Fuel Merchants.

To meet Level III Enhanced Data requirements:

• Submit Summary Data (minimum required data shown below):

– Discount amount - Last two digits are implied decimal places. Must not be all zeros if a discount

amount exists. Must be all zeros if discount amount does not exist.

– Freight/shipping amount - Last two digits are implied decimal places. Must not be all zeros if a

freight/shipping amount exists. Must be all zeros if freight/ shipping amount does not exist.

– Duty amount - Last two digits are implied decimal places. Must not be all zeros if a duty amount

exists. Must be all zeros if duty amount does not exist.

• and, submit Line Item Detail (minimum required data shown below):

– Item descriptor - Must not be all spaces or all zeros.

– Item quantity - Last four digits are implied decimal places. Must not be all spaces or all zeros.

– Item unit of measure - Must not be all spaces or all zeros.

– Item commodity code - Must not be all spaces or all zeros.

– Item product code - Must not be all spaces or all zeros.

– Item unit cost - Last four digits are implied decimal places. Must not be all spaces or all zeros.

– Discount per Line Item - Last two digits are implied decimal places. Must not be all zeros if a

discount exists. Must be all zeros if discount does not exist.

– Line Item total - Last two digits are implied decimal places. Must not be all spaces or all zeros.



2

3

4

5

6

1

78

9 10 11 12 13 14 15 16 17 18

19 20 22 23 24 25 26 2721

28 29 30 31

3332

35

37

34

36

38

39

1

Address of BB&T Merchant Services

2

Processing Month

The date your statement was produced

(MM-YY). An internal tracking number for

BB&T Merchant Services is also included.

3

Processor Use Only

4

Merchant Number

This number is assigned to your company

for identification purposes. It is exclusive to

your company. If you call with statement

inquiries, please be prepared to provide

your merchant number.

5

Routing Number

This number identifies your bank.

6

Deposit Account Number

This number identifies your

account at your bank.

7

Your Statement Mailing Address

8

Amount

This is the amount that is due to BB&T

Merchant Services this month. This amount

is deducted from or added to your checking

account. It includes the difference between

fees owed and fees actually paid.

9

PL

Plan Code that identifies the type of card

used. See the list of Plan Codes at the bottom

of the statement.

10

# Sales

Total number of sales and cash advances for

this statement period.

11

$ Sales

Total dollar amount of sales and cash advances

for this statement period.

12

# Credits

Total number of credits for this statement period.

13

$ Credits

Total dollar amount of credits for this

statement period.

14

Net Sales


less total dollar amount of credits.

15

Avg Tkt

Dollar amount of the average sales transaction.

16

Disc P/I

Discount charged per item for transactions.

17

Disc %

Discount percentage rate assessed

for transactions.

18

Discount Due

Discount due to BB&T Merchant Services. This

is calculated as either your net or gross sales

multiplied by the discount rate plus the discount

per item multiplied by the total number of sales.

Transaction DetailThis section displays a breakdown of each trans-action made during the statement period. The transactions are separated into three categories: deposits, adjustments, and chargebacks.

19

Day

Day of the month that your batch was processed.

20

Ref Number

Reference number assigned to the batch for

tracking purposes.

21

*(Transaction Code)

Code that identifies the type of transaction

processed. See the list of Transaction Codes

at the bottom of the statement.

22

PL

Transaction plan type. See the list of Plan

Codes at the bottom of the statement.

23

# Sales

Total number of sales and cash advances

for this batch.

24

$ Sales

Total dollar amount of sales and cash

advances for this batch.

25

$ Credits

Total dollar amount of credits for this batch.

26

Discount Paid

Total discount previously paid to BB&T

Merchant Services. This amount will only

display if you participate in a daily discount

program with BB&T Merchant Services.


Use this information to become familiar with your merchant statement.

How To Read Your Merchant Statement

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

Merchant should review monthly statement and report questions, disputes, or missing transactions within 90 days of receipt of statement. Please refer to Section 1.5(k) of your BB&T Merchant Agreement for additional information. It is important to review your monthly statement for important messages from BB&T regarding your merchant statement.

27

Net Deposit


less total dollar amount of credits and paid

discount. Deposit, Adjustment and Chargeback

totals will appear under each respective section.

Fee TotalsThis section displays the fees that will be charged to the merchant.

28

Number

Total number of items billed.

29

Amount

Total dollar amount used to calculate the amount

billed. (This may not be used for all items.)

30

Description

Description of the item billed.

31

Total

Total dollar amount to be billed.

32

Total Fees Due

Total dollar amount of fees to be paid by

the merchant.

Note: Fees will be deducted on the 15th day (or next business day) of the month following the statement processing date.

Statement TotalsThis section contains discount information and the amount credited or debited from the account. The following fields may appear if applicable.

33

Minimum Discount

Minimum amount of discount that will be

charged. This figure will be used if the discount

amount is less than the minimum stated in your

merchant contract.

34

Discount Due

Total dollar amount of discount due from the

merchant as calculated throughout the month.

35

Discount Paid

Total dollar figure of discount that has been

paid during the month by the merchant if

participating in a daily program.

36

Net Discount Due

Discount due less the discount paid.

37

Fees Due

Total fees due from the merchant.

38

Amount Deducted

Total dollar amount credited or debited

from the account.

Statement Message

39

Statement Message

Important information from BB&T

Merchant Services.

Plan Codes and Transaction CodesList of Plan Codes and Transaction Codes are printed along the bottom border of the statement.


How To Read Your Merchant Statement (continued)

MAINTAINING YOUR ACCOUNT

When to Contact Us

From time to time, your business may experience changes. Some changes may require updates to your merchant relationship, including the following:

• DDA Account Number or “ perating Account”

- If the DDA is held at a financial institution other than BB&T, the bank will require a voided check drawn on the new DDA to be submitted with the written request for verification purposes.

• wnership or ownership structure

• Federal tax identification number

• Type or kind of business

• Processing method

• When you employ a third party provider(s), begin operating a website, or add payment acceptance to an existing account

• Company DBA name or Legal Name

• Address, or telephone/facsimile number

• When you enter into an agreement with a third party offering a cash advance loan pro-gram, in which you pledge future credit card receivables as collateral

• When you begin a gift card program

To request account changes, please call the BB&T Merchant Client Support Center at 1-877-672-4228 or send written correspondence to the following address:

BB&T Merchant ServicesP.O. Box 200Wilson, North Carolina 27894

Internal Revenue Service (IRS) Merchant Transaction Reporting RequirementsIn 200 , Congress passed the Housing and Economic Recovery Act (the “Act”), which added new merchant transaction reporting requirements to the Internal Revenue Service Code. As part of the Act, a new section (Section 050W) was added to the IRS Code that requires all payment settlement entities (PSEs) such as BB&T to report gross amounts of payment card transactions for each of their merchant clients to the IRS every calendar year beginning anuary , 20 . In early 20 2, BB&T will be required to file the information with the IRS that reports the total annual dollar amount of payment card transactions for each of our merchants. BB&T will also be required to provide a corresponding merchant payee statement (Form 0 - ) to each of our merchants by the end of anuary 20 2 (and each year thereafter).

In order to comply with these requirements, PSEs including BB&T must have the correct taxpayer identification number (TIN) and IRS filing name for each merchant payee. Starting in 20 2, PSEs including BB&T will be required to withhold 2 of payment card transactions (known as “federal backup withholding”) for merchant payees who have not provided their legal name and federal TIN, or whose TIN and/or legal name as provided by the payee does not match what is on file with the IRS and is not corrected upon notification from the IRS. As required by law, all monies withheld will be remitted to the IRS. Accordingly, it is very

important that you provide us with the correct legal name and TIN you use when filing your tax return for the business that includes the payment transactions processed through BB&T. You must also notify us immediately of any changes to legal name and TIN due to

changes in business ownership or structure.


IF YOUR TERMINAL BREAKSIf your terminal becomes inoperable, please follow the steps below:• Call the Client Support Center at - 77- 72-422 .• Choose option .• Choose the appropriate technical help desk from the menu.

As a reminder, if you own a terminal that has been deemed obsolete by its manufacturer or is no longer capable of compliance with card association requirements and it becomes inoper-able, you will have to purchase a new terminal in order to continue processing.

Equipment damaged as a result of abuse, power failure, physical damage, fire, or water may not be eligible for replacement or may be subject to additional fees.


CARD IDENTIFICATION FEATURES AND SECURITY ELEMENTS

If you are ever suspicious about a card or transaction, call your authorization center and request a Code 10 authorization.

Every card contains a set of unique design features and security elements developed by each card manufacturer to help merchants verify a card’s legitimacy. By knowing what to look for on each card, your sales associates can avoid inadvertently accepting a counterfeit card or processing a fraudulent transaction. Train your sales staff to take a few seconds to look at the card’s basic features and security elements after they have swiped the card and are waiting for authorization. Checking card features and security elements helps to ensure that the card is valid and has not been altered in any way.

Holding onto the CardSales staff should be instructed to keep payment cards in their possession during transaction processing. Holding onto the card allows time to check card features and security elements and to compare the cardholder signature on the card with the signature on the transaction receipt.

Visa Features You may have already noticed that Visa is changing its card design. We have included both the old and new card designs in this guide.

3.1BB&T Merchant Ser v ices – L o s s P r e v e n t i o n

The four-digit number printed below the embossed account number must match the first four digits of the account number.

Check the “Good Thru” or “Valid thru” date. Make sure the date of the transaction is no later than the date on the card. If the transaction date is after the “Good Thru” date, the card has expired. In such instances, an authorization request can be called in to your authorization center, or you can ask the customer for a Visa card that is currently valid. Always request authorization on an expired card. If the Issuer approves the transaction, proceed with the sale. Never accept a transaction that has been declined.

Visa e it entifierTo clearly distinguish Visa Debit cards, all consumer Debit cards must show the word “Debit” above the hologram.

All Visa account numbers start with 4. The embossing should be clear and uniform in size and spacing and extend into the hologram. The account number embossed on the card must match the account number printed on the sales draft or displayed on the terminal (if equipment allows).

A three-dimensional dove hologram should reflect light and seem to change as you rotate the card.

Visa cards have a stylized “V” security character embossed to the right of the expiration date.

Back of Visa CardsAll Visa Cards must be signed in order to be valid. The signature on the sales draft should match the signature on the back of the card. If the card is not signed, ask the cardholder to provide a valid government ID (e.g., driver’s license). Then have the customer sign the card. Check to be sure the signatures match.

The magnetic stripe should appear smooth and straight, with no signs of tampering.

The signature panel should have a repetitive pattern of the word “Visa” printed in color at an angle. A full or partial account number, plus a three-digit Card Verification Value 2 (CVV2), is indent-printed on the signature panel.

Visa Features

Front of Card

Check the account number for evenness and clarity. Look closely at the account number. On valid cards, the numbers will be even and straight; on altered cards, they may have fuzzy edges, or you may be able to see “ghost images” of the original numbers.

Compare numbers. The printed four-digit number must match the first four digits of the account number above it. Both should begin with a “4.” If the numbers are not identical or the printed number is missing, the card is not valid and should not be accepted.

Check the “Good Thru” or “Valid thru” date. Make sure the date of the transaction is no later than the date on the card. If the transaction date is after the “Good Thru” date, the card has expired. In such instances, an authorization request can be called in to your authorization center, or you can ask the customer for a Visa card that is currently valid.

Back of Card

Check the hologram. When the card is tilted, a ring should appear around the sun and the word “VISA” should appear in the center. If not, the card may be counterfeit.

Look at the signature panel. The signature panel will look like this or have a custom design.

Check for the Card Verification Value (CVV2). It is a three-digit code that appears either on the signature panel or on a white box to the right of the signature panel. Portions of the account number may also be present on the signature panel. CVV2 is used primarily in card-not-present transactions to verify that the customer is in possession of a valid Visa card at the time of the sale.

Check for signs of tampering. Any attempt to erase the signature will cause the word “VOID” to appear.


MasterCard FeaturesAll MasterCard account numbers start with 5. The embossing should be clear and uniform in size and spacing and extend into the hologram. The 16-digit account number embossed on the card must be exactly the same as the account number printed on the sales draft, or displayed on your terminal (if equipment allows).

A three-dimensional hologram with interlocking globes should reflect light and seem to move as you rotate the card. The word “MasterCard” is printed repeatedly in the background of the hologram. The letters “MC” are micro-engraved around the two rings.

Back of MasterCard

The back of the card must be signed.

The magnetic stripe should appear smooth and straight, with no signs of tampering.

The word “MasterCard” is printed repeatedly in multicolors at an angle on a tamper-evident signature panel. You may see only the last four digits of the account number, plus the three-digit CVC2 indent- printed on some newer cards. Some cards may contain the full 16-digit account number, followed by the three- digit CVC2, indent-printed on the signature panel.

Updates for MasterCard

Front of Card

A three-dimensional hologram with interlocking globes should reflect light and seem to move as you rotate the card. Card issuers have the option of placing the hologram on the card back.

To clearly distinguish Debit cards, all new and re-issued consumer Debit cards must display the Debit hologram.

Back of Card Card issuers have the option of placing a holographic magnetic stripe on the card back, replacing the Globe hologram or the Debit hologram.

The word “MasterCard” is printed repeatedly in multicolors at an angle on a tamper-evident signature panel. The last four digits of the account number are indent-printed on the signature panel. The three-digit CVC2 must be printed in a white rectangle to the right of the signature panel.

The MasterCard Alternative Design ption will allow issuers greater flexibility. You may see vertical cards, unembossed cards and smaller size cards.

The pre-printed Bank Identification Number (BIN) must match the first four digits of the embossed account number.

The valid date lists the last day on which the card is valid. Some cards may have an effective date as well.

MasterCard cards have a stylized “MC” security character embossed to the right of the valid dates.

MasterCard Debit HologramTo clearly distinguish MasterCard Debit cards, all new and re-issued consumer Debit cards must display the Debit hologram.

3.3 BB&T Merchant Ser v ices – L o s s P r e v e n t i o n

DiscoverThe words “DISCOVER” will appear under an ultraviolet light.

All Discover account numbers start with 6.The embossing should be uniform in size and spacing, and extend into the hologram.

“Valid Thru” indicates the last month in which the card is valid.

A Business Name may be embossed below the account name.

An embossed Security Character appears as a stylized “D.”

Law Enforcement Phone Line

1-800-347-3083

and appear to move.

The magnetic stripe should appear smooth, with no signs of tampering.

The words “DISCOVER” appear on the signature panel,

and an underprint reading “VOID.”

The last four digits of the account

number appear on the signature panel

in reverse indent printing.

The three-digit

Data (CID) appears to the right of the

signature panel.

Merchant Code 10 Authorization

1-800-347-1111 for suspicious transactions

The Discover AcceptanceMark appears on both sides of the card.

American ExpressThe letters “AMEX” and a phosphorescence in the Centurion portrait are visible under an ultraviolet light.

Pre-printed (non-embossed)

(CID) should always appear above the account number.

Do not accept a Card after the expiration date.

Only the person whose name is embossed on an American Express Card is entitled to use it.

All American Express account numbers start with 3. Embossing should be clear and uniform in size and

spacing. The number on the front and back of the Card, plus the one printed on the sales receipt

should all match.

With this statement on the Card, American Express reserves the right to

“pick up” the Card at any time.

Some Cards have a hologram of the

American Express image embedded into

the magnetic stripe.

The signature on the back of the Card should

match the customer’s signature on the receipt.

The signature panel is tamper-evident.

Merchant Code 10 Authorization

1-800-528-1212 if you are suspicious of a card transaction


CODE 10 CALLSCode 10 calls allow merchants to alert card issuers to suspicious activity and take appropriate action when instructed to do so. You should make a Code 10 call to your voice authorization center whenever you are suspicious about a card, cardholder, or a transaction. The term “Code 10” is used so the call can be made at any time during a transaction without arousing a customer’s suspicions.

To make a Code 10 call:Keep the card in your possession during the call.

Call your voice authorization center, at 1-800-291-4840

Enter your erchant dentification er

Press # , then 8, then enter card number.

Enter the expiration date.

Enter the amount of the transaction.

You will be transferred to a special operator who will ask you a series of questions that can be answered with a simple yes or no.

• When connected to the special operator, answer all questions calmly and in a normal tone of voice. Your answers will be used to determine whether the card is valid.

• Follow all operator instructions.

• If the operator tells you to pick up the card, do so only if recovery is possible by reasonable and peaceful means.

MER

CH

AN

TT

IP

Emphasize to your sales staff that they can make Code 10 calls even after a cardholder leaves the store. A Code 10 alert at this time may help stop fraudulent card use at another location, or perhaps during a future transaction at your store.


FRAUD PREVENTION GUIDELINES FOR CARD-NOT-PRESENT TRANSACTIONSA range of fraud-prevention policies, guidelines, and services have been developed for card-not-present merchants. Using these tools will help protect your business from fraud-related chargebacks and losses. Mail Order/Telephone Order (MO/TO) and Internet merchants should strongly consider developing in-house fraud control policies and providing appropriate training for employees.

The following sections outline basic fraud-prevention guidelines and best

practices for card-not-present merchants.

Authorize All Card-Not-Present Transactions

Authorization is required on all card-not-present transactions. Card-not-present transactions are considered as zero-floor-limit sales. Authorization should occur before any merchandise is shipped or services performed. An authorization number serves as approval that the card is valid and funds are available. It is not proof that the cardholder was engaged in the transaction.

Ask for Card Expiration Date

Card-not-present merchants should always ask customers for their card expiration, or “Good Thru,” date and include it in their authorization requests.

Including the date helps to verify that the card and transaction are legitimate. A MO/TO or Internet order containing an invalid or missing expiration date may indicate counterfeit or other unauthorized use.

Ask for CVV2/CVC2

The Card Verification Value (CVV2 - Visa), Card Validation Code (CVC2-MasterCard), and Card Identification (CID - Discover) is a three- or four-digit security number printed on the front or back of cards to help validate that a customer is in possession of a legitimate card at the time of an order.

Studies show that merchants who include CVV2/CVC2/CID validation in their authorization procedures for card-not-present transactions can reduce their fraud-related chargebacks.


CVV2/CVC2 PROCESSINGTo ensure proper CVV2/CVC2/CID processing for card-not-present transactions, merchants should:

• Ask card-not-present customers for the last three numbers in the signature panel on the back of their cards.

• If the customer provides a CVV2/CVC2/CID, submit this information with other transac-tion data (card expiration date and account number) for electronic authorization. You should also include one of the following CVV2/CVC2/CID presence indicators, even if you are not including a CVV2/CVC2/CID in your authorization request:

T T T E

0 CVV2/CVC2/CID is not included in authorization request.

1 CVV2/CVC2/CID is included in authorization request.

2 Cardholder has stated that CVV2/CVC2/CID is illegible.

9 Cardholder has stated that CVV2/CVC2/CID is not on the card.

• Evaluate the CVV2/CVC2/CID result code you receive with the transaction authoriza-tion, and take appropriate action based on all transaction characteristics.

2 E T E E E E T

M - Match Complete the transaction, taking into account all other

transaction characteristics and verification data.

N - No Match View a “No Match” response as a sign of potential fraud, which

should be taken into account along with the authorization response

and any other verification data. You may also want to resubmit the

CVV2/CVC2/CID to ensure a key-entry error did not occur.

P - CVV2* Resubmit the authorization request.

S - CVV2** Follow up with the customer to verify that the correct card

location has been checked for CVV2/CVC2/CID.

U*** Evaluate all available information and decide whether to proceed

with the transaction or to investigate further.

* request not processed ** should be on the card, but the cardholder has reported that it isn’t. *** card issuer does not support CVV2/CVC2/CID



ADDRESS VERIFICATION SERVICETo use the Address Verification Service (AVS), simply ask card-not-present customers for their billing address as it appears on their monthly statement. This information is then submitted with other transaction data for electronic authorization. Address verification and authorization occur simultaneously — in a matter of seconds — and you will receive an AVS response code with the authorization.

You should evaluate the AVS response code and take appropriate action, based on all transaction characteristics and any other verification information received with the authorization (expiration date, CVV2/CVC2/CID, etc.). An authorization response always takes precedence over AVS. Do not accept any transaction that has been declined, regardless of the AVS response.

E E T T E

X – Exact Match Address and nine-digit zip code match.

Y – Match Both street address and five-digit zip code match. Complete the

transaction you can be relatively confident it is legitimate.

A – Partial Match Street address matches, but zip code doesn’t. View as a sign of potential

fraud. Depending on the transaction amount, you may decide to

complete the transaction or investigate further to ensure it is valid.

Z – Partial Match Zip code matches but the street address doesn’t. View as a sign of

potential fraud. Depending on the transaction amount, you may decide

to complete the transaction or investigate further to ensure it is valid.

N – No Match Street address and zip code don’t match. View as a sign of potential

fraud and take further steps to validate the transaction.

U – Unavailable The Issuer’s system is not available, or the Issuer does not support AVS.

The address cannot be verified at present. You must decide whether to

accept or refuse the transaction, or investigate further.

R – Retry The Issuer’s system is not available; try again later. The Issuer’s system

may not be working. You should resubmit your AVS request later.

U – Issuer does not support AVS Evaluate all available information and decide whether to proceed with

the transaction or to investigate further.

Z – Partial Match Unless you sent only a zip code AVS request and it matched, you may

want to follow up before shipping merchandise.

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

If you complete a transaction for which you received an authorization approval and an AVS response of “U” (unavailable), and the transaction is later charged back to you as fraudulent, BB&T Merchant Services may represent the item. U.S. Issuers must support AVS or lose their right to fraud chargebacks for card-not-present transactions.

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

For a zip code only request and P.O. Box address, Issuers may respond with either a “Y” (Exact Match), or a “Z” (Partial match-zip Code Matches).


Suspicious Transactions

Card-not-present merchants should develop in-house policies and procedures for handling irregular or suspicious transactions and provide appropriate training for their sales associates.Being able to recognize suspicious orders may be particularly important for merchants in-volved in telephone sales, and employees should be given clear instructions on the steps to take to verify these transactions.

Your sales employees should be on the lookout for any of the following signs of suspicious customer behavior :

• Hesitation: Beware of customers who hesitate or seem uncertain when giving you personal information, such as a zip code or the spelling of a street or family name. This is often a sign that the person is using a false identity.

• Rush orders: Urgent requests for quick or overnight delivery—the customer who “needs it yesterday” should be another red flag for possible fraud. While often perfectly valid, rush orders are one of the common characteristics of “hit and run” fraud schemes aimed at obtaining merchandise for quick resale.

• Random orders: Watch out also for customers who don’t seem to care if a particular item is out of stock —“You don’t have it in red? What colors do you have?”— or who order haphazardly—“I’ll take one of everything!” Again, orders of this kind may be in-tended for resale rather than personal use.

• Suspicious shipping address: Scrutinize and flag any order with a ship to address that is different from the billing address on the cardholder’s account.

– Requests to ship merchandise to post office boxes or an office address are often associated with fraud.

– Keep lists of zip codes where high fraud rates are common and verify any order that has a ship-to address in these areas.

– If your business does not typically service foreign customers, use caution when shipping to addresses outside the United States, particularly if you are dealing with a new customer or a very large order.

– Requests to wire funds to pay shipping costs are often associated with fraud.

– Requests to provide cash back for any credit card transaction are often associated with fraud.

In examining what appears to be an unusual order, keep in mind that if the sale sounds too good to be true, it probably is.

Merchants should NEVER provide cash back to a cardholder when processing a credit card transaction, as this is prohibited by the credit card associations. Also, please be aware of a growing problem impacting merchants across the country. Merchants have received tele-phone and fax orders, often originating in foreign countries, attempting to purchase goods and services. The cardholder requests that the merchant wire back to them a part of the credit transaction for various reasons, i.e. shipping charges by a carrier of their choice, or for other arrangements they prefer to make rather than follow the normal merchant busi-ness practices. These orders often include fraudulent Visa, MasterCard, and Discover Net-work numbers for payment, which have led to high volumes of chargebacks and significant merchant losses. These fraudulent schemes particularly target businesses that do not usually handle mail or telephone transactions. Please use caution with any orders received from unusual sources. You must know for certain that you are dealing with the authorized user of the card that is being offered. Never provide cash back to the cardholder under any circum-stances.



rau che es an Best ractices or entification an re ention

One common fraud scheme involves criminals exploiting merchants’ weak online login cre-dentials to access merchants’ virtual terminals or gateway to conduct fraudulent transactions. Criminals use phishing and other social engineering fraud schemes to target merchants with weak authentication and to obtain access to the virtual terminal or gateway accounts of a merchant’s acquirer or service provider. Once the merchants’ login credentials and/or pass-words to these accounts were obtained, the criminals sent fraudulent credit transactions to debit cards set up by the criminals or their associates.

Email Phishing Scams Indicators and Best Practices

• Look closely at the sender’s email address – the “from” line in these fraudulent emails usually very closely resembles a legitimate address. Close inspection may reveal unusual characters or structure that may help confirm that the email is fraudulent.

• Check email images and graphics – often images and graphics in these fraudulent emails are out of place or incorrect. This results when a fraudulent message attempts to refer-ence an image from a legitimate entity’s website.

• Pay attention to message format and context – message length, grammar, word choice and sentence structure play a part in the success of a phishing email. You should be aware that emails arriving with errors or in different languages should be validated prior to responding.

• Pay attention to message tone – if an email demands your attention or a certain ac-tion and indicates that there will be consequences if response is not made, you should contact BB&T Merchant Client Support or the specific service provider to validate the information before responding. Harsh tactics may be a sign that the request is fraudulent.

• Consider whether the message seems out of character – if you have never received a request of a similar nature from BB&T or one of our service providers, the email may be fraudulent.

• Be wary of embedded hyperlinks – hyperlinks in emails from unfamiliar sources should not be utilized. To determine if the link is valid, a new browser should be opened and the address provided should by typed in as opposed to being copied and pasted in. In many instances, when typed in, the address will prove invalid

Fraud Indicators:

• Customer uses multiple cards that have the same first six digits in the card number.

• Customer asks to pay for a single order with multiple cards, also known as a split trans-action.

• Customer asks to pay for a single order with multiple transactions of a certain amount.

• You receive orders from a phone call through the hearing impaired line or from a com-pany with a generic email address, such as Yahoo!, Gmail, or Hotmail, especially if you do not have a website or advertise that you accept orders via email.

• Customer requests that you run a transaction to wire funds to pay for shipping or “in-surance” fees through services such as Western Union or MoneyGram.

• Customer requests you ship their purchases to an address outside of the United States.

• Customer needs the order to be completed urgently and wants immediate notification of the transaction being processed and product being shipped.

Additional Resources:

• Visa’s website: www.usa.visa.com/merchants, choose “Risk Management.”

• MasterCard’s website: www.mastercard.com/us/merchant, choose “Stay Secure” and then “Protecting Your Business.” See section under “Fraud Prevention.”

• Discover’s website: www.discovernetwork.com, scroll over “Fraud & Security” and choose “Fraud.”

Immediately report suspected fraudulent credit schemes to the BB&T Merchant Client Sup-port Center at - 77-MRCHBBT ( 72-422 ). ur knowledgeable consultants are available to assist you from :30 a.m. to p.m. ET, Monday through Friday.

3. 2BB&T Merchant Ser v ices – L o s s P r e v e n t i o n

UNDERSTANDING AND AVOIDING CHARGEBACKSA chargeback is a transaction that an Issuer returns to BB&T Merchant Services — and most often, to the merchant as a financial liability. In essence, it reverses a sales transaction, as follows:

• The card issuer subtracts the transaction dollar amount from the cardholder’s credit card account. The cardholder receives a credit and is no longer financially responsible for the dollar amount of the transaction.

• The card issuer debits BB&T Merchant Services for the dollar amount of the transaction.

• BB&T Merchant Services may deduct the transaction dollar amount from the merchant’s account. The merchant may lose the dollar amount of the transaction.

For merchants, chargebacks can be costly. You can lose both the dollar amount of the transaction being charged back and the related merchandise. You also incur your own internal costs for processing the chargeback.

Why Chargebacks Occur

The most common reasons for chargebacks include:

• Customer disputes

• Fraud

• Processing errors

• Authorization issues

• Nonfulfillment of copy requests (only if fraud or illegible)

Although you cannot avoid the occurrence of chargebacks completely, you can take steps to reduce or prevent them. Many chargebacks result from easily avoidable mistakes, so the more you know about proper transaction-processing procedures, the less likely you will be to inadvertently do or fail to do something that might result in a chargeback.

Of course, chargebacks are not always the result of something merchants did or did not do. Errors are also made by merchant banks, card issuers, and cardholders.

Avoiding Chargebacks

Most chargebacks can be attributed to improper transaction-processing procedures and can be prevented with appropriate training and attention to detail. The following best practices will help you minimize chargebacks.

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

Your erchant account is e ite the sa e ay the charge ack notification is aile


Chargeback Remedies

Even when you do receive a chargeback, you may be able to resolve it without losing the sale. Simply provide BB&T Merchant Services with additional information about the transaction or the actions you have taken related to it. For example, you might receive a chargeback because the cardholder is claiming that credit has not been given for returned merchandise. You may be able to resolve the issue by providing proof that you submitted the credit on a specific date. Send this information to BB&T Merchant Services in a timely manner.

The key in this and similar situations is always to send BB&T Merchant Services as much information as possible to help remedy the chargeback. With appropriate information, BB&T may be able to resubmit, or “re-present,” the item to the card issuer for payment.

Timeliness is also essential when attempting to remedy a chargeback. Each step in the chargeback cycle has a defined time limit during which action can be taken. If you do not respond during the time specified on the request which may vary depending on Card Association rules— BB&T will not be able to remedy the chargeback. Although many chargebacks are resolved so that the merchant does not lose the sale, some cannot be remedied. In such cases, accepting the chargeback may save you the time and expense of needlessly contesting it.

Point of Sale

• Declined Authorization. Do not complete a transaction if the authorization request was declined. Do not repeat the authorization request after receiving a decline; ask for another form of payment.

• Transaction Amount. Do not estimate transaction amounts. For example, restaurant merchants should authorize transactions only for the known amount on the check; they should not add on a tip.

• Referrals. If you receive a “Call” message in response to an authorization request, do not accept the transaction until you have called the authorization center. In such instances, be prepared to answer questions. The operator may ask to speak with the cardholder. If the transaction is approved, write the authorization code on the sales receipt. If declined, ask the cardholder for another form of payment.

• Expired Card. Do not accept a card after its “Good Thru” or “Valid Thru” date unless you obtain an authorization approval for the transaction.

• Card Imprint for Key-Entered Card-Present Transactions. If you must key-enter a transaction to complete a card-present sale, make an imprint of the front of the card on the sales receipt, using a manual imprinter. Even if the transaction is authorized and the cardholder signs the receipt, the transaction may be charged back to you if the receipt does not have an imprint of the embossed account number and expiration date.

• Cardholder Signature. The cardholder’s signature is required for all card-present transactions. Failure to obtain the cardholder’s signature could result in a chargeback if the cardholder later denies authorizing or participating in the transaction. When checking the signature, always compare the first letter and spelling of the surname on the sales receipt with the signature on the card. If they are not the same, ask for additional identification or make a Code 0 call.


• Digitized Cardholder Signature. Some cards have a digitized cardholder signature on the front of the card, in addition to the hand-written signature on the signature panel on the back. However, checking the digitized signature is not sufficient for completing a transaction. Sales staff must always compare the customer’s signature on the sales receipt with the hand-written signature in the signature panel.

• Fraudulent Card-Present Transaction. If the cardholder is present and has the account number but not the card, do not accept the transaction. Even with an authorization approval, the transaction can be charged back to you if it turns out to be fraudulent.

• Legibility. Ensure that the transaction information on the sales receipt is complete, accurate, and legible before completing the sale. An illegible receipt, or a receipt that produces an illegible copy, may be returned because it cannot be processed properly. The growing use of electronic scanning devices for the electronic transmission of copies of sales receipts makes it imperative that the item being scanned be very legible.

Avoid Illegible Transaction ReceiptsEnsuring legibility of transaction receipts is key to minimizing copy requests and chargebacks. When responding to a copy request, you will usually photocopy or scan the transaction receipt before mailing or electronically sending it to BB&T Merchant Services. If the receipt is not legible to begin with, the copy that the bank receives and then sends to the card issuer may not be useful in resolving the cardholder’s question. If this occurs, the transaction may be returned to you as a chargeback for an illegible copy. At this point, unless you can improve the readability of the transaction receipt, you may end up taking a loss on the transaction.

The following best practices are recommended to help avoid illegible transaction receipts.

• Change point-of-sale printer cartridge routinely.

Faded, barely visible ink on transaction receipts is the top cause of illegible receipt copies. Check readability on all printers daily, and make sure the printing is clear and dark on every sales draft.

• Change point o sale printer paper hen the colore streak first appears

The colored streak down the center or the edges of printer paper indicates the end of the paper roll. It also diminishes the legibility of transaction information.

• Keep the white copy of the transaction receipt.

If your transaction receipts include a white original and a colored copy, always give customers the colored copy of the receipt. Since colored paper does not photocopy as clearly as white paper, it often results in illegible copies.

• Handle carbon-backed, silver-backed, or carbonless paper carefully.

Silver-backed paper appears black when copied. Any pressure on carbon backed or carbonless paper during handling and storage causes black blotches, making copies illegible.


Sales-Receipt Processing

• One Entry for Each Transaction. Ensure that transactions are entered into point-of-sale terminals only once and are deposited only once. You may get a chargeback for duplicate transactions if you:

– Enter the same transaction into a terminal more than once

– Process the same transaction with more than one merchant bank

• Voiding Incorrect or Duplicate Sales Receipts. Ensure that incorrect or duplicate sales receipts are voided and that transactions are processed only once.

• Close your Batches as quickly as possible, preferably within 24 hours of the transaction date; do not hold on to them.

• Process credit transactions as quickly as possible.

• Ship Merchandise Before Processing Transaction. For card-not-present transactions, do not process the transactions until you have shipped the related merchandise. If customers see a transaction on their monthly card statement before they receive the merchandise, they may contact their Issuer to dispute the billing. Similarly, if delivery is delayed on a card-present transaction, do not deposit the sales receipt until the merchandise has been shipped.

• Requests for Cancellation of Recurring Transactions. If a customer requests cancella-tion of a transaction that is billed periodically (monthly, quarterly, or annually), cancel the transaction immediately or as specified by the customer. As a service to the customer, advise the customer in writing that the service, subscription, or membership has been cancelled and state the effective date of the cancellation.

• Disclosing Refund, Return, or Service Cancellation Policies. If your business has policies regarding merchandise returns, refunds, or service cancellations, these policies must be disclosed to the cardholder at the time of the transaction. Your policies should be pre-printed on your sales receipts, if not, write or stamp your refund or return policy information on the sales receipt near the customer signature line before the customer signs (be sure the information is clearly legible on all copies of the sales receipt). Failure to disclose your refund and return policies at the time of a transaction could result in a dispute if the customer returns the merchandise.

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

For questions regarding chargebacks or sales receipt requests, please call 1-877-672-4228, option 3.


PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)Requirements for Protecting Transaction Data

Combating fraud is the shared responsibility of all parties involved in payment card transactions.Visa, MasterCard and Discover Network are reaching out to merchants, acquirers and other partners to minimize risk and share requirements for safeguarding transaction data. Below are the 12 requirements included in the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS can be viewed in its entirety at www.mastercard.com/us/sdp,www.visa.com/cisp, http://discovernetwork.com/fraudsecurity/disc.html/, www.pcisecuritystandards.org or https://trustwave.com/level4pci/. Compliance with the PCI DSS helps preserve the integrity of the payments system and maintains consumer confidence. BB&T Merchant Services mandates our merchants validate their PCI DSS compliance through a ualified Security Assessor. Information regarding the BB&T PCI DSS compliance program is sent directly to the merchant following account opening.

Any merchant or service provider that stores, processes, or transmits cardholder information must comply with these standards. All eligible merchants and service providers, regardless of size (or in the case of service providers, whether they support issuing or merchant activity) must comply with the 12 basic requirements outlined below.

nstall an aintain a fire all configuration to protect ata Firewalls are computer software devices that control traffic in the company’s network. This includes unauthorized access from the Internet, as well as access to sensitive areas from the company’s internal network.

oi en or supplie e aults or syste pass or s Hackers attempt to identify these passwords and settings, and use them to compromise systems. You should always change these defaults before installing a system on the network.

rotect store transaction ata Keep transaction storage to a minimum and never store sensitive authentication data after authorization. Take precautions to make stored transaction data unreadable through encryption or some other secure and robust approach.

ncrypt transaction ata hen trans erre o er net orks Sensitive information should always be encrypted during transmission over wireless networks or the Internet, as it is often easy to divert or intercept data while in transit. Never send encrypted transaction information via email.

tili e anti irus so t are or progra s Install these mechanisms on all systems that can be affected by viruses and ensure that these systems are current, running, and capable of generating audit logs.

e elop an aintain secure syste s an applications As a participating merchant or service provider, you must ensure that all components have the latest vendor security and software patches to protect against external hackers and viruses. Develop standard system development processes and secure coding techniques.

4.1BB erchant er ices – D a t a S e c u r i t y / C o m p l i a n c e

Restrict access to ata Limit access to resources and cardholder information to employees who need access to the information to do their jobs and limit access only to what is needed. Establish a mechanism for systems with multiple users that restrict access based on an individual’s need to know.

ssign a uni ue userna e an pass or to each person ith co puter access to transaction ata This allows for all actions taken on the system to be identified and tracked. Take necessary precautions to protect user identification and immediately revoke access by terminated users.

Restrict physical access to transaction ata Use appropriate facility entry controls and monitor access. Develop procedures to help personnel easily distinguish between employees and others. Destroy media containing transaction information when it is no longer needed.

rack an onitor access to net ork resources an transaction ata Logging mechanisms and tracking user activity is critical to uncovering unauthorized and illegal activity.

Regularly test security syste s an processes New vulnerabilities are continually being discovered. Consistent testing ensures security maintenance.

aintain an in or ation security policy A strong security policy sets the security tone for the entire company.

4.2 BB erchant er ices – D a t a S e c u r i t y / C o m p l i a n c e

ata ecurity re uently ske uestions s

Below are answers to frequently asked questions about how to best store, secure and share cardholder information to protect against many forms of fraud. We encourage you to share this information with your partners in the merchant community.

. here do find the pay ent ind stry re ire ents for acco nt data sec rity

A. The Payment Card Industry Data Security (PCI DSS) is available on any of the following websites:

Visa www.visa.com/cisp,

MasterCard www.mastercard.com/us/sdp,

Discover Network http://discovernetwork.com/fraudsecurity/disc.html,

PCI Security Standards Council www.pcisecuritystandards.org or

Trustwave https://www.trustwave.com/level4pci/.

This standard was developed jointly by MasterCard, Visa and Discover Network and has been endorsed by other payment brands.

. hat transaction infor ation can e stored and hat cannot

A. nce the authorization process is complete, only specific information should be retained.Merchants and third-party agents may securely store the cardholder name, account number, expiration date but should destroy all other transaction information after the Authorization Request Response message is received. This includes discretionary card read data, CVC2/CVV2 data, PIN data, and address verification service (AVS) data. Failure to adhere to this standard will result in significant fines and termination of your account.

. here can transaction infor ation e stored

A. As stated in the PCI DSS, all systems and media containing transaction data must be protected in a secure environment to which access is controlled and limited to selected personnel. Merchants must establish procedures that control all means of access and use a password system to maximize the security of their transaction and cardholder information. REMEMBER: IF Y U D N’T NEED IT, D N’T ST RE IT.

. o data storage re ire ents apply to third-party agents

A. Yes. The PCI DSS applies to anyone who stores, processes or transmits payment data, including members, merchants and third parties. Third-party agents include Web hosting companies, payment gateways, terminal drivers, software providers and processors. The merchant must inform its bankcard acquirer of its third-party agents – terminal and software vendors, anyone providing transaction processing, sorting or other services – and ensure that these agents adhere to all applicable data security standards.


. oes the apply to all erchants or only to online erchants

A. . PCI DSS is mandatory for all merchants, third party agents, and service providers.

. ho sho ld assess and reg late sec rity in erchant syste s and net or s

A. BB&T merchant clients are required to take the necessary steps to validate PCI DSS compliance by completing the annual PCI DSS Self Assessment uestionnaire (SA ) and scan if applicable to their processing environment through a ualified Security Assessor ( SA).

All PCI compliance validation requirements are listed on the following websites:

www.mastercard.com/us/sdp, www.visa.com/cisp,

http://discovernetwork.com/fraudsecurity/disc.html, www.pcisecuritystandards.org.

Visa, MasterCard and Discover Network are reaching out to merchants, acquirers and their partners to share and publicize these requirements and best practices, and thereby help protect transaction and cardholder information. These policies help to safeguard the entire payments industry and maintain consumer confidence.


YO V C R Y BR C

If you experience a suspected or confirmed security breach, you should:

e iately contain an li it the e posure

To prevent any further loss of data, conduct a thorough investigation of the suspected or confirmed loss or theft of account information within 24 hours of the compromise.

– Do not access or alter compromised systems. Do not log on to the machine or change passwords.

– Do not turn off the compromised machine. Instead, isolate compromised systems from the network by unplugging their cables.

– Preserve logs and electronic evidence.

– Log all actions taken.

– If using a wireless network, change the service set identifier (SSID) or network name on the access point (AP) and on other machines that may be using this connection (with the exception of any systems believed to be compromised).

– Be on HIGH alert and monitor all payment systems.

lert all necessary parties Be sure to contact

– Your internal information security group, incident response team and legal department

– Your merchant bank: BB&T Merchant Services at 1-877-672-4228.

Contact must be made immediately and no later than 24 hours after discovery of a suspected breach. BB&T will follow up with you to discuss the compromise and review the action required to demonstrate the ability to prevent future loss or theft of transaction information.

Provide all compromised accounts to your BB&T Merchant Services within 10 business days. All potentially compromised accounts must be provided and transmitted as instructed by your merchant bank and card associations. The card associations will distribute the compromised account numbers to Issuers and ensure the confidentiality of entity and nonpublic information.

Within three business days of the reported compromise, provide an Incident Report document to BB&T Merchant Services.


Best ractices or o ile ay ent cceptance erchants

nsure the secure use o o ile pay ent acceptance solutions

Only use o ile pay ent acceptance solutions as originally inten e y an ac uiring ank an solution pro i er

To prevent unintended consequences from the misuse of a mobile acceptance solution, ensure that the solution is used in a manner consistent with the guidance provided by an acquiring bank and solution provider. This includes ensuring that any software downloaded onto the consumer mobile device comes from a trusted source.

PANs required after authorization must be truncated or tokenized.

i it the e posure o account ata that ay e use to co it rau

i it access to the o ile pay ent acceptance solution

Ensure that only authorized users (i.e., designated employees) have physical / logical access to the payment functionality of the solution.

Merchants must have a valid agreement with the acquirer. Merchants may not process Visa transactions on behalf of other merchants.

e iately report the loss or the t o a consu er o ile e ice an or har are accessory

Contact the acquiring bank immediately to report the loss or theft of a consumer mobile device and/or hardware accessory to help ensure the prompt implementation of any necessary actions.

re ent so t are attacks on consu er o ile e ices

nstall so t are only ro truste sources

Merchants should not circumvent any security measures on the consumer mobile device. To avoid introducing a new attack vector onto a consumer mobile device, install only trusted software that is necessary to support business operations and to facilitate payment.

rotect the consu er o ile e ice ro al are

Establish sufficient security controls to protect a consumer mobile device from malware and other software threats. For example, install and regularly update the latest anti-malware software (if available).


RC W B R R

Note: Merchants must notify BB&T Merchant Services prior to establishing

a website and accepting payment transactions online.

The Card Associations require that you include certain content or features on your website.These elements are intended to promote ease of use for online shoppers and reduce cardholder disputes and potential chargebacks.

Co plete escription o goo s an ser ices Remember you have a global market, which increases opportunities for unintended misunderstandings or miscommunications. For example, if you sell electrical goods, be sure to state voltage requirements, which vary around the world.

Custo er ser ice contact in or ation inclu ing e ail a ress or phone nu er nline communication may not always be the most time-efficient or user-friendly for some customers. Including a customer service telephone number as well as email address promotes customer satisfaction.

Return re un an cancellation policy This policy must be clearly posted. Websites must also include a “click to accept,” or other acknowledgement button allowing thecardholder to accept the refund policy. Purchase terms and conditions must be displayed to the cardholder during the order process, either on the same screen as the checkout screen indicating the total transaction amount or within the sequence of web pages accessed by the cardholder before the final checkout. If you are not following these requirements, we suggest you work with your website developer or shopping cart provider to ensure compliance as soon as possible. Following these rules will help provide your business with chargeback protection, as well as keep you in compliance with Visa perating Regulations. To learn more about additional tools and best practices for building a secure Internet business, view the Visa E-Commerce Merchant’s uide to Risk Management by visiting: http://usa.visa.com/download/merchants/visa_risk_management_guide_ecommerce.pdf

ee isclosure or Car ot resent erchants on page

eli ery policy Merchants set their own policies about delivery of goods; that is, if they have any geographic or other restrictions on where or under what circumstances they provide delivery. Any restrictions on delivery must be clearly stated on the website.

Country o origin You must disclose the permanent address of your establishment on the website.

port restrictions i kno n


Merchants cannot convert transaction amounts into a different currency. Equivalent amounts in other currencies may be shown, but they must be clearly labeled as being listed for information only.

MER

CH

AN

TT

IP

Best ractices or the WeSuggested best practices for merchant websites include:

ri acy state ents

n or ation on hen cre it car s are charge You should not bill the customer until merchandise has been shipped.

Or er ulfill ent in or ation State timeframes for order processing and send an email confirmation and order summary within one business day of the original order. Provide up-to-date stock information if an item is back-ordered.

Custo er ser ice ti e ra es Ideally, customer service emails or phone calls should be answered within two business days.

state ent on e site regar ing security controls use to protect custo ers

se o rau onitoring tools such as elocity li its a ress locking V CCV filters his ser ice is usually pro i e y your pay ent gate ay pro i er

state ent encouraging car hol ers to retain a copy o the transaction


BB&T MERCHANT CONNECTION® WEB BASED REPORTING Through BB&T Merchant Connection, you have immediate access to everything you need to know about your account 24 hours a day.

Online Convenience

All you need is a computer with the minimum operating requirements* and access to the Web. No special skills are needed. No more waiting for your monthly merchant statement to arrive in the mail. The information is at your fingertips for instant access.

*Minimum operating system requirements are: Internet Explorer 6.0 sp2 or higher; Adobe Reader version 8.0 or higher; Adobe Flash Player version 9 or higher; Pop-up windows should be allowed to pop-up and not be forced into a new window/tab or blocked from view. If a pop-up blocker is enabled on your browser, the pop-up blocker needs to allow pop-up windows for www.mreports.com.

Start Using the Speed of the Internet Right Away

Take a moment to look over the features on the following pages, then log on to see how these powerful advantages can save you time and help you more efficiently run your business.

• Perform sales volume comparisons and analyze potential merchant fraud.

• Monitor batches for high risk transaction activity.

• Report features include flexible date ranges, long-term storage, data files and chain re-ports.

• Download report data for import into your accounting software.

Information Security

• All information is communicated through the web using SSL-encryption, the web standard.

• Access requires use of a bank issued user ID and password.

Common Report Features

• Change the start and end dates for reports to view information by day, or rolled up by week, month, or any other date range.

• Up to 30 months of historical data.

• For businesses with multiple locations, use summary reports to see information for the business as a whole, as well as detailed reports for each individual location.

• Click on underlined dollar amounts to see more information, or click on underlined column headings to list information in alpha or numeric order.

For more information: BBT.com/merchantservices

Everything You Need To Know 24 Hours A Day, 7 Days A Week

5.1BB&T Merchant Ser v ices – C u s t o m i z e Yo u r S o l u t i o n

CHECK SERVICESWith options available through BB&T Merchant Services, you can remove almost all of the uncertainties when accepting a paper check:

• With Electronic Check, you convert paper checks into electronic funds transfers at the point of sale, and funds are moved electronically from consumer’s account to your account through the Automated Clearing House (ACH) network.

• With Check Verification, you take advantage of a verification system at the point of sale to identify potential check fraud and habitual bad check writers before you accept a check. Or you can choose to have us guarantee payment.

These services allow you to reduce losses due to check fraud and non-sufficient funds, shorten the time required for checks to clear, and please your customers by continuing to offer the option of paying by check.

Electronic Check Conversion Options

You may choose from two options in the conversion process:

• Conversion Only – Paper checks are converted at the point of sale with account verification. A third-party processor will determine the probability that the check will be paid. The risk of loss remains with you.

• Conversion With Guarantee – A guarantor ensures that you receive payment for the check.

Check Verification

If you prefer a more traditional approach to accepting payment by check, our Check Verification service allows you to reduce the acceptance of NSFs while continuing to deposit checks at your bank. The process is transparent to your customers.

Check Verification Options

You can choose from two options in the verification process:

• Verification Only – Checks are verified at the point of sale against national databases to identify habitual bad check writers or the potential for check fraud.

• Verification With Guarantee – BB&T guarantees that you will be reimbursed in full for most returned checks. Payroll checks, third-party checks, and money orders are among the few items not eligible for the program.

5.2 BB&T Merchant Ser v ices – C u s t o m i z e Yo u r S o l u t i o n

5.3BB&T Merchant Ser v ices – C u s t o m i z e Yo u r S o l u t i o n

you accept, while contributing to a smooth sales transaction at the point of sale. Other

• Reduced exposure to fraud

• Smoother and faster checkout for customers

For details, talk with your BB&T Merchant Sales Consultant, or call 1-877-MRCHBBT (672-4228).


5.4 BB&T Merchant Ser v ices – C u s t o m i z e Yo u r S o l u t i o n

GIFT CARDS

Whether you’re a small merchant or a large chain, you know you can take advantage of the

ever introduced, with more than 115 billion cards issued and growth above 20 percent annually.

These pre-paid cards carry your business’ name. They allow your customers to determine the value they want to store on the card and the ability to pay by credit card, check or cash. Card buyers are making a commitment to purchase from you before they select the products or services you offer.

You may also use the card to provide extra convenience to your frequent buyers or recognize and reward preferred customers. The gift card program can be used for special sales and promotions and is a great tool to attract new customers.

Greater brand awareness. Increased sales. Improved customer loyalty. Your store-branded

You keep the full cash value of stored value card sales in your store. Customers tend to be less price sensitive, which means the cards actually generate additional sales.

Stored value cards also represent a great promotional tool for you. The cards are an ever-present reminder of your business. They bring customers back frequently so that you become their shopping destination.

Ease of Use

purchase and use. Activation, sales, and balance inquiries all occur in real time between your

and a response is transmitted back to your terminal where paper receipts – including the card balance – can be generated for you and your customer.

Look to BB&T to provide a full range of support in implementing your stored value card program. Turnkey marketing and promotional materials, such as counter displays, posters, and table tents, are available.

You can choose the program that matches your size and needs, or we’ll customize a program just for you – all on an accelerated schedule that usually can have your program ready to roll out in just a few days. And you’ll get ongoing support that is readily accessible through our help desk and Client Support Center.

For details, talk with your BB&T Merchant Sales Consultant, or call 1-877-MRCHBBT (672-4228).


5.5BB&T Merchant Ser v ices – C u s t o m i z i n g Yo u r S o l u t i o n

OTHER CARD TYPES

BB&T can customize your program to accept any and all major credit card payment options, including VISA, MasterCard, American Express, Discover Network, Wright Express, and

healthcare spending cards. Accepting other card types can increase your customers’ spending with you but understanding these different card types can be challenging. Almost everyone is familiar with Visa, MasterCard, American Express, and Discover, but what about other card types? Would accepting them increase your sales, customer loyalty, or bottom line?

American Express Cardsgrown in popularity over the last several years. As demand for acceptance of American Express cards grow, if you are not already, you may decide to accept these card types. BB&T Merchant Services can provide pricing and documentation to get you started.

Wright Express and Voyager Fleet Cards – Fleet Cards are generally used by companies

is used, the card will prompt for additional information in order to accept the transaction.

as well. Fleet cards can be accepted by both fuel and nonfuel merchants that have clients

stores, auto repair shops, car washes, and auto part stores.

Commercial Cardsreporting and additional prompts, are used by companies that prefer to use cards over checks for their low dollar purchases. By accepting MasterCard and VISA you will automatically be able to accept these cards; however, you may not be passing the additional data requested by

may receive requests to process commercial cards.

– EBT is a card program that allows recipients

account to pay for products received. EBT is currently being used in many States to issue

retailers where government subsidized purchasing is allowed.

Debit Cards – Although accepting VISA and MasterCard allows you to accept debit cards, you may choose to accept PIN-based debit, where the customer enters their PIN at the point of sale. This eliminates the customer’s signature and may reduce your cost.

HealthCare Spending Cards ecnarusni sa ralupop ylgnisaercni emoceb evah sdrac esehT –

(HSAs) and Flexible Spending Accounts (FSAs) are generally accepted at medical practices, pharmacies, and hospitals. (Special software may be required to meet IRS requirements.)

No matter how your customers choose to pay, we’ll help make the process a positive experience.

For details on accepting any of these card types call 1-877-MRCHBBT (672-4228).


5.6 BB&T Merchant Ser v ices – C u s t o m i z i n g Yo u r S o l u t i o n

BankCard Services

BB&T offers the versatile Visa Business Credit Card to business clients requiring a credit line less than $100,000 to meet their everyday business purchasing needs and Visa Commercial OneCard solutions to business clients requiring a credit line greater than $100,000 to meet their purchasing, corporate or fuel and business vehicle needs.

no annual or per-card fee, 24/7 online account access and maintenance, as well as customized reports and individualized account statements. In addition, the Visa Liability Waiver Program and proactive fraud monitoring are included features.

The BB&T Visa Platinum Credit Card gives you convenient credit on a personal level for everyday items or special purchases. Accepted at over 32 million merchant locations worldwide, the BB&T Platinum Card comes with zero liability for unauthorized use and easy online account management with Credit Card Connection. And a low introductory rate, 25-day grace period and optional BB&T Rewards Program add to the superior value that the BB&T Platinum Card offers.

For complete details on BB&T ’s Consumer and Commercial Credit Cards,

BB&T credit cards are subject to business type and credit approval and issued by Branch Banking and Trust Company, Member FDIC.

ddress erification ervice ( )A service that a mail/telephone order merchant can perform to verify that the street number and zip code that the cardholder provides the Merchant matches the address on file with the card- issuing bank. AVS is designed to reduce fraud.

cco nt erThe payment card number (credit or debit) that identifies the issuer and the particular cardholder account.

c irerA financial institution that initiates and maintains contractual agreements with merchants for the purpose of accepting and processing credit and debit card transactions (also: Card Acquirer, Financial Institution, Merchant Bank).

thenticationThe process of verifying identity of a subject or process.

thori ationThe process of validating with the card issuing institution that funds are available on the card at the time the authorization request is submitted by the merchant.

thori ation odeA numerical code designated by the issuer, given at the time the transaction is approved by the card issuer. If the transaction is declined, the issuer will respond with a “decline” response. The code is always included on the electronically printed sales receipt. If a manual sales draft needs to be created by the merchant, the original approval code must be included on this draft.

Batch rocessingThe authorization of transactions offline when immediate approval is not required. Transactions are collected in a batch and sent as one transmission for authoriza-tion and/or settlement. Batch processing is generally used with mail/telephone order transactions.

ard- ot- resentA type of card transaction in which the card is not present at the point of sale for the magnetic stripe to be read. These are considered higher risk transactions.

ard- alidation odeThe three-digit value printed on the signature panel of a payment card used to verify card-not-present transactions. On a MasterCard payment card this is called CVC2. On a Visa payment card this is called CVV2.

ardholderThe customer to whom a card has been issued or the individual authorized to use the card.

6.1BB&T Merchant Ser v ices – G l o s s a r y / R e s o u r c e s

ardholder ataAll personally identifiable data about the cardholder and relationship to the Member (i.e., account number, expiration date, data provided by the Member, other electronic data gathered by the merchant/agent, and so on). This term also accounts for other personal insights gathered about the cardholder (i.e., addresses, telephone numbers, and so on).

harge acA bankcard transaction disputed by a cardholder. The dispute is sent from the cardholder’s issuing bank to the merchant’s bank for review.

hec aranteeA service that guarantees check payment to a mer-chant up to a specified amount. However, merchants are required to perform correct authorization procedures.

hec erificationA service that provides merchants with some secu-rity against bad checks. The person writing the check is matched against a national negative file database to flag outstanding or bad checks on record from other members of this service.

o pro iseAn intrusion into a computer system where unauthorized disclosure, modification, or destruction of cardholder data may have occurred.

ons erIndividual purchasing goods and /or services.

BDoing Business As. Compliance validation levels are based on the transaction volume of a DBA or chain of stores (not of a corporation that owns several chains).

ial- p Ter inalAn authorized terminal that uses a telephone line to communicate with the authorization center.

isco nt ateThe fee charged by the merchant financial institution to the merchant for services rendered in connection with processing card sales transactions.

EBTElectronic Benefits Transfer - The automation of government benefits through electronic authoriza-tion, data capture and settlement processes. Plastic cards with magnetic stripes are used, eliminating paper benefits and coupon distribution.

EElectronic Cash Register - A cash register that also emulates a point-of-sale terminal for processing credit card transactions.

Glossary/Resources

EElectronic Draft Capture – The use of a point-of-sale device to authorize and settle credit card transac-tions.

EFTElectronic Funds Transfer – An electronic system that automatically moves funds, e.g., an ATM withdrawal or pay-by-phone transaction.

Fire allHardware and/or software that protect the resources of one network from users from other networks. Typically, an enterprise with an intranet that allows its workers access to the wider Internet must have a firewall to prevent outsiders from accessing its own private data resources.

Force-postThe process by which a voice-authorized transac-tion is key-entered to be settled electronically with a batch of transactions. Also know as a post-auth.

ate ayManages the electronic connection between consumers and their financial institutions and transmits data.

ift ardA reusable, stored-value card that enables merchants to have an electronic alternative to paper gift certificates.

ostThe main hardware on which software is resident.

printerA device used to imprint embossed card information onto a sales draft for payment card transactions. An imprinter is used if the card is present and the POS device cannot read the contents of the magnetic stripe.

nfor ation ec rityProtection of information for confidentiality, integrity and availability.

nterchange FeeA fee that acquiring banks must pay issuing banks to offset the issuer’s cost of funds and processing expenses.

addressAn IP address is a numeric code that uniquely identifies a particular computer on the Internet.

agnetic tripeA panel located on the back of a payment card containing magnetically encoded cardholder account information.

6.2 BB&T Merchant Ser v ices – G l o s s a r y / R e s o u r c e s

agnetic tripe ata (Trac ata)Data encoded in the magnetic stripe used for authorization during a card present transaction. Entities may not retain full magnetic stripe data subsequent to transaction authorization. Specifically, subsequent to authorization, service codes, discretionary data/CVV, CVC and MasterCard/Visa reserved values must be purged however, account number, expiration date, and name may be extracted and retained.

agnetic tripe eaderA point-of-sale device that reads the encoded information from the magnetic stripe when the card is passed through the reader. Readers may read Track Two, which contains the cardholder account number and expiration date, or both Track Two and Track

ne, which contains the cardholder name.

et orA network is two or more computers connected to each other so they can share resources.

f ine e itDebit transaction that occurs when a Visa/Master-Card check card is authorized through the credit card system and the amount is debited from the cardholder’s checking (DDA) account.

f ine TransactionA transaction that is authorized through a voice authorization and later keyed into a POS terminal prior to settlement.

ass ordA string of characters that serve as an authenticator of the user.

Personal Identification Number – A numeric code used as verification to complete a transaction via a payment card. The number is entered in to a keypad and is encrypted to travel along with the authorization.

Point of Sale – The location in which a payment card transaction occurs, usually by way of a device such as a credit card terminal or cash register.

Ter inalA terminal at the point of sale, connected via telecommunication lines to a central computer. Authorization, recording, and transmission of electronic transactions are performed through the terminal.

rivate a el ardA card issued by a merchant that can only be used in the issuing merchant’s business. An example would be a department store credit card.

eason odeA two-digit code identifying the reason a chargeback was initiated.

e-a thori ation (re-a th add a th)To request an additional amount to be authorized on an existing transaction. Used in the lodging industry when the original authorization is not sufficient to cover the charges.

ec rring TransactionA transaction charged to a cardholder’s account (with prior permission) on a periodic basis for recur-ring goods and services, i.e., health club memberships.

ef ndA refund occurs when the merchant rebates all, or a portion, of an original transaction amount to the cardholder. Refunds are made to the same card that was used for the original transaction.

etail TransactionA face-to-face transaction in which the cardholder presents a card to the merchant to pay for goods or services.

eversalWhen an acquirer successfully represents a charge-back to the issuer, the chargeback is reversed and the funds are returned to the merchant.

ensitive ardholder ataData whose unauthorized disclosure may be used in fraudulent transactions. It includes, the account number, magnetic stripe data, CVC2/CVV2 and expiration date.

ettle entThe process in which a merchant transmits batches of transactions to the acquirer. In interchange, it is the process by which acquirers and issuers exchange financial data resulting from sales transactions, cash advances, merchandise credits, etc.

6.3BB&T Merchant Ser v ices – G l o s s a r y / R e s o u r c e s

plit ialThe capability of a card terminal to dial different telephone numbers to obtain an authorization or settlement of different card types.

An established industry standard that encrypts the channel between a web browser and Web server to ensure the privacy and reliability of data transmitted over this channel.

T&E asCards that are developed for and used primarily in travel-related services.

Trac neTrack ne information, stored on the magnetic stripe on the back of a card, has the cardholder’s name in addition to the account number and expiration date stored in it.

Trac T oTrack Two information, stored on the magnetic stripe on the back of a card, has the account number and expiration date.

Transaction ataData related to an electronic payment.

Tr ncationThe practice of removing a data segment. Commonly, when account numbers are truncated, the first 2 digits are deleted, leaving only the last 4 digits.

Value Added Reseller - A third party that certifies its software to be used on a processor’s system.

oice thori ationTransactions authorized by a voice operator. Voice-approved transactions must be “forced” into a terminal batch for settlement.

Resources

BB&T e siteBBT.com

BB&T erchant ervices e siteBBT.com/merchantservices

BB&T lient pport- 77- 72-422 , Monday – Friday, :30 a.m. – p.m. ET

[email protected]

BB&T pport- 77- 72-422 , ption 4, Monday – Friday, :30 a.m. – p.m. ET

[email protected]

Fax 252-2 3- 2 7

isahttp://usa.visa.com/merchants/index.html

Visit this site for information on:

• Visa policies and procedures• Visa marketing materials, stickers, tip trays, check presenters, etc.

isa F lfill ent- 00-VISA-3 ( - 00- 47-23 )

aster ardwww.mastercard.com/us/merchant

Visit this site for information on:

• MasterCard acceptance policies• Services provided by MasterCard• MasterCard marketing materials such as stickers, tip trays,

check presenters, etc.

aster ard F lfill ent- 00- 22-7747

iscover et orhttp://www.discovernetwork.com/clientsupport/signage.html

Visit this site for Discover Network marketing materials

http://www.discovernetwork.com/getstarted/merchant/merchant.html

Visit this site for Discover Network policies and procedures

ata ec rity elated iteswww.visa.com/cisp www.mastercard.com/us/sdphttp://discovernetwork.com/fraudsecurity/disc.htmlwww.pcisecuritystandards.orghttps://www.trustwave.com/level4pci/

.4 BB&T Merchant Ser v ices – G l o s s a r y / R e s o u r c e s

BBT.com 1-1-13_A

C0036450000

BB&T Merchant Services Reference Kit with a host of products and services that ... Branch Banking...

Documents

Transcript of BB&T Merchant Services Reference Kit with a host of products and services that ... Branch Banking...