Gift card / pre-paid cards and pre-authorization

Gift cards or pre-paid cards holds a fixed amount available for purchase or authorization.  Any time a transaction is authorized the authorized amount will hold the amount available on the card for additional charges.  If the authorized amount is more than the actual charge it may take a few days for the difference to become available again.

Good example video at

Store And Forward and PCI DSS

Store And Forward: process of storing card data at time of payment for authorization at later time.

Associations allow temporary storate of card data included track data II which under normal conditions cannot be stored.

Storing such card data is simply too much risk exposure. If you need to use Store And Forward then keep it to minimum data required to create an authorization: card number and expiration.

Ideally merchants should just not use Store And Forward or outsource the process to a compliant PCI DSS provider.

Are your receipts compliant?

Receipts can be tricky especially if you have a legacy payment application or one built in-house. Check to be sure that your receipt are compliant with laws & regulations.

If your receipts have more card data than just last 4 digits of card nummber ... big NO NO. Expiration date should not appear.

Make sure your receipts comply with Federal and state laws such as the Fair and Accurate Credit Transactions Act (FACTA) (Privacy Rights Clearinghouse - Facts on FACTA) and associations' requirements.

Card numbers / expiration date on receipts: States with Enacted Legislation

Transaction receipt requirements for Card-Present and Card-Not-Present applications can be found on VISA Card Acceptance Guide pages 68-69. Also see Trucation of account number and expiration date on top of page 12.

No surcharge laws !!!

In addition to VISA / MasterCard rules, 10 states have passed laws prohibiting merchants from applying a surcharge for payments by credit card: California, Colorado, Connecticut, Florida, Kansas, Maine, Massachusetts, New York, Oklahoma and Texas.

A discount (price reduction) can always be given for payments by cash.

See Can I charge more for credit card payments

Questions about PCI standards?

2 sites with Q&A and possibility to directly ask your questions:

- PCI Security Standards Council: and enter the portal
Select Submit a Question if needed

- Society of Payment Security Professionals:

Society of Payment Security Professionals Forum

This forum has great series of Q&A related to PCI DSS standards. Lots of very interesting questions + comments from good people with lots of answers.


Basics and doscuments about PCI Data Security Standard (PCI DSS) -


Check basics about Payment Application Data Security Standard (PA-DSS) -

PCI Security Standards Council Quick Links

Straight from the source ...

PCI Data Storage Do’s and Don’ts -

Payment Card Industry Security Standards Overview -

Ten Common Myths of PCI DSS -

Code 10 call

Code 10 call or authorization request is the first step when suspecting fraud while the transaction is being authorized.

CVV2 code is free

CARD VERIFICATION VALUE 2 code (CVV2) is a free fraud control tool. In fact, in most cases, it is the ONLY fraud control tool which does not carry a per use add fee.
Remember that CVV2 CANNOT be stored!
CVV2 code is 3 digit code on back of Visa / MasterCard / Discover cards and 4 digit code on front of American Express cards (

Add fees for AVS

AVS fields are basic fraud control tools and help lower CNP transaction processing fees (see CNP transaction fee and AVS).
But keep in mind that there is an add cost associated with use of AVS => use these fields wisely.
If your transaction amounts are low enough, use of AVS can in fact result in much higher fees.
Estimate add cost associated with use of AVS vs. interchange fee savings with use of AVS.
Refer to your merchant account pricing or contact your merchant service provider to confirm your specific AVS add fee and your fee schedule to define your optimal processing logic.

CNP transaction fees and AVS

Various criteriae affects processing fees for CNP (Card Not Present) transactions.
Key one is AVS (Address Verification Service) Zip code. There was several AVS fields. From a fee standpoint, only Zip code matters. For lower fees a ZIP code must be included in the authorization request. Interestingly, ZIP code must be present but it does not need to match ZIP code on card holder's account.
Refer to your merchant account pricing or contact your merchant service provider to confirm your specific fee schedule.

PCI related webinars - MasterCard

Webinars available at
Just need need quick registration