Development Considerations for New Mastercard Fees

Effective October 14, 2019, Mastercard is introducing two new fees as part of its Transaction Processing Excellence (TPE) program, which will apply to merchants if their processing activities trigger the fees, described below. As you develop payment solutions, please keep the following information in mind to ensure the processes you build are compliant with payment network processing rules. Here are some for tips on minimizing the activities that trigger the fees.

Excessive Authorization Attempts (EAA) Fee

Mastercard is introducing this fee for merchants who submit excessive authorization attempts. Mastercard defines an excessive authorization attempt as each authorization (i) after 20 previously declined authorizations (ii) made on the same card, (iii) for the same merchant account, and (iv) within a 24-hour period.

A common example of an excessive authorization attempt is when an ecommerce site is attacked by a fraudster, who may uses a bot to make purchase attempts repeatedly to test if a credit card number or related data of the card is valid.

Effective October 14, 2019, for each excessive authorization attempt as defined above, a fee of US$0.10 will be applied.
Nominal Amount Authorization (NAA) Fee

Mastercard is introducing this fee to deter merchants from validating a card’s status by authorizing a nominal amount and subsequently reversing the authorization. Mastercard defines nominal amount as equal to or less than CAD$1.00 (or an equivalent single unit of currency, if the transaction currency is not CAD).

Effective October 14, 2019, for each nominal amount authorization (as defined above) received for a card-not-present transaction that the merchant subsequently reverses, a fee of US$0.045 will be applied.

Helpful Tactics to Consider

The strategies below can be implemented during development to help prevent the fee-triggering processing activities from happening, reducing the risk of incurring the fees.

As a reminder, application testing should always happen in the QA environment. Certain scenarios, particularly where multiple tests are performed on the same card, could trigger these fees if done in the Production environment.

Fee	Solution	Strategy
EAA	API	Some options to prevent card testing in your application include: CAPTCHA (not a Moneris service) Fraud Tools (AVS, CVD, 3D-Secure) Add Moneris Kount Velocity monitoring detection and prevention NOTE: There is no single solution to fraud. However, adding the above controls can help reduce fraudulent transactions attempts and risk of triggering the EAA fee.
EAA	Moneris Checkout	The Moneris Checkout solution uses server-to-server communication that makes hijacking the transaction process more difficult for a fraudster, and thus may offer some protection against this violation. Setting maximum and minimum limits within Moneris Checkout can also deter card testing bots.
NAA*	API / Hosted Tokenization	Follow the correct cardholder verification process and use card verification for any account status checks. For more information and instructions on how to perform a card verification, refer to this page.
NAA*	Hosted Vault	For help on how to enable a Hosted Vault configuration (card verification happens automatically when registering a card through Hosted Vault), refer to pg. 262 of: English MRC User Guide French MRC User Guide To implement this solution, use the Hosted Solutions spec.

For more information about the two fees, go to Moneris.com/PCNOfeeupdates.

If you have any questions, please contact onlinepayments@moneris.com or 1-866-562-4354.

Comment