As of October 1st 2009 Visa has started to charge a fee of $.045 per misused authorization.

Visa defines a misused authorization as:

Authorizations that are not followed by a matching clearing transaction (or in the case of a cancelled or timed out authorization, not properly reversed)

For MOTO and e-commerce merchants who use payment gateways there may be some changes to how they perform Auth and Capture type of transactions, especially if they Authorize the transaction at order time, and later Capture or Complete the transaction when they ship a product. Or more typically, perform a $1.00 authorization first with AVS and CVV2 data, and followed by an authorization for the total amount of purchase.

Many payment gateways may or may have authorization reversals, authorization voids, or other transaction types – you will need to work with your gateway to identify what transaction types need to be performed to “reverse” an authorization for a product that you do not ship. Or if your practice is to re-auth after 10 days, and let the original expire – you will be hit with the fee.

Visa also supports a new transaction type called Account Verification – which is a $0.00 authorization – which they hope merchants will used instead of misused authorizations.

For processors and large merchants with direct connections to Visanet or Payment Gateways – These entities will want to verify that their reversal processing addresses credit reversals in the time-out scenario.

I’m off to Visa PIN Security Compliance Validation Training Session.

Visa is offering a series of one-day Visa Key Management Training sessions as well as a three-day Visa PIN Security Compliance Validation Training session that will provide up-to-date information on the secure management of cryptographic keys used in ATMs, point-of-sale (POS) PIN pads, encrypting PIN pads and hardware security modules. These sessions are for staff involved in the management or operation of devices that accept PINs, and for personnel who need practical knowledge about the elements of Data Encryption Standard (DES) cryptography and the management of secret encryption keys. In addition to the material covered in the one-day Visa Key Management Training session, the three-day Visa PIN Security Compliance Validation Training session offers an in-depth review of the Payment Card Industry (PCI) PIN Security Requirements, providing internal and external assessors with the tools necessary to complete a PCI PIN security compliance review.

Should be fun.

The Merchant Account Blog has a great post and great diagrams on what is called Common Point of Purchase or Point of Compromise (POC), this is one method of how a merchant or processor can be identified as the breach point in a payment card fraud / compromise scenario:

(from Merchant Account Blog )

Visa also has a presentation on this here:

According to CNet and a few Visa Press Releases:

• Visa and U.S. Bank to Launch Visa Mobile Money Transfer Pilot

• Visa and Nokia Working Together to Deliver Payment Applications for Next Generation Mobile Devices

• Visa to Develop Mobile Payment-Related Services for Android Platform

We see a P2P like money transfer service for card and mobile phone holders:

Under a pilot program with U.S. Bank, which is scheduled to begin by the end of the year, Visa will offer mobile money transfers from one Visa cardholder’s account to another. A U.S. Bank Visa cardholder would use a Web browser on their phone to access funds and transfer it directly to the recipient’s account. The recipient could then withdraw the funds from an ATM machine, or use the money to make purchases.

and working will cell phone manufactures Google Android Platform.

The Visa-Android deal calls for Chase Visa cardholders to use their Android phone for not only transferring money, but also to receive real-time email alerts when transactions happen on their Visa account, receive offers from merchants, and view images on Google maps to find the location of those merchants who are offering the specials. The Google-Visa deal is expected to begin sometime by the end of the year.

and we begin to see the merging between the card and a phone as a contact-less payment vehicle at the point-of-sale.

The Nokia 6212 classic includes integrated Near-Field Communications chipsets (NFC) which lets the mobile device behave like a contactless payment card, where consumers simply wave it within a few inches of a special point of sale reader to complete a Visa transaction. Nokia and Visa first demonstrated NFC technology in December 2005 with the launch of the first large scale NFC trial in the United States at the Phillips Arena in Atlanta.