Transaction authorization codes can be found at the bottom of your receipt. If you don’t have the receipt on hand, you can search for specific transactions on your device and reprint the receipt to find the code. Click here to learn how to search for transactions and reprint receipts.
Typically authorization codes expire within 7-10 days. Find your card provider below to learn more.
• Mastercard®: 7 days
• Visa® T&E: 20 days
• Discover®: 10 days
Yes, offline transactions are authorized and will be processed.
After accepting transactions in Store & Forward mode, you will need to batch out accordingly.
For offline Forced Transactions, you will need an approval code during the transaction.
You can prevent authorization codes from expiring by batching out on a regular basis. It is recommended that you do this daily.
A Chargeback occurs when a customer disputes a transaction, product, or service. If the customer believes the transaction was invalid, did not receive the good or service, or did not meet the agreed upon Terms and Conditions, he/she has the right to dispute the transaction. This can result in a bank-initiated refund to the consumer for that credit card sale. After a chargeback occurs, the merchant will receive a notification via email, fax, or standard postal delivery; based on their merchant setup options. After receiving the notification, the merchant will be given a due date to either accept or challenge the chargeback. The merchant will respond to a dispute using our electronic dispute tool, Dispute Manager. Click here for more details on how to dispute a chargeback.
Click here to learn how to access and use Dispute Manager.
A “Chargeback” occurs when a customer disputes a transaction, product, or service. If the customer believes the transaction was invalid, did not receive the good or service, or did not meet the agreed upon Terms and Conditions, he/she has the right to dispute the transaction.
A “Chargeback” occurs when a customer disputes a transaction, product, or service. If the customer believes the transaction was invalid, did not receive the good or service, or did not meet the agreed upon Terms and Conditions, they have the right to dispute a transaction.
After the chargeback occurs, merchants will be sent a chargeback notification via email, fax, or standard postal delivery, based on their merchant setup options. To begin the dispute process, follow the steps as detailed below or in your chargeback notification. You will have 15 calendar days to respond and begin the reversal process.
To begin the dispute process, follow the steps as detailed below:
Step 1: Login to your Business Track account at www.businesstrack.com.
Step 2: Under “Applications,” Select “Dispute Manager,” then click “Cases” at the top of the page. Here you will find the specific information regarding your chargebacks.
Step 3: Press the “Actions” tab, then select a choice from the drop down on which action you’d like to take(i.e. Dispute Chargeback), then select the documentation type you’d like to provide, then click “Continue Action.”
Step 4: At this point, you will now add the documentation type you selected and notes you’d like to include, then click “Submit Action.”
Step 5: Your case has now been successfully submitted. It will be reviewed & resolved by the Chargeback Response Center Team. If you’re unsure of the status of your case, please check Dispute Manager frequently for updates.
*Please note, that both merchants and cardholders always have the right to dispute charges and chargebacks.
When processing transactions, chargebacks are almost inevitable. However, there are steps that a merchant can take to try to prevent them. Here are some quick tips:
*Please note, that both merchants and cardholders have the right to always dispute charges and chargebacks.
Money may be taken out of your account for various reasons related to chargebacks. Typically, the issuing bank will credit the cardholder for the disputed transaction until the dispute is settled. If the merchant then wins the dispute, the initial sale amount will be credited back to the merchant’s account. If the cardholder wins the dispute the case will be closed and the cardholder will keep the funds initially credited to them.
Check out our merchant Dispute Best Practices guide. Here you will find educational guidance as it relates to dispute processing and suggest ways for you to help prevent financial chargebacks and liability.
Registration for PCI Compliance is simple. All you need to do is Click here and fill in the required fields.
PCI stands for Payment Card Industry, but usually means one of the following:
The Payment Card Industry Security Standards Council is an industry body made up of organizations like Visa, Mastercard, American Express and Discover. The Council is how these companies cooperate to agree upon a single, common security standard that Merchants are required to meet.
The actual security standard put together by the Council described in the first definition above. The full name for this standard is the Payment Card Industry Data Security Standard (PCI DSS.) Merchants must meet this set of security requirements, if their business accepts, transmits, or processes customer payment cards, such as credit cards or debit cards.
PCI DSS stands for Payment Card Industry Data Security Standard. This is a technical and broad-ranging set of security requirements created by the Payment Card Industry, laying out what Merchants need to do to protect customer information. The PCI Council requires that Merchants meet this set of security requirements if their business accepts, transmits, or processes customer payment cards, such as credit cards or debit cards. Merchants that do not comply with these requirements can be penalized in a number of ways, up to and including having their card-processing privileges revoked, leaving them unable to accept customer payment cards.
Click here to visit the PCI Council’s website for more information.
PCI DSS applies to ALL organizations or Merchants, regardless of sizes, that accept, transmit, or store any payment card information. In other words, if any customer of that organization ever pays using a credit card or debit card, then the PCI DSS requirements apply.
To satisfy the requirements of PCI, a Merchant must do two things:
1. Comply with the Data Security Standard by meeting all of the requirements laid out in the Data Security Standard.
2. Validate their compliance. This means the Merchant must SHOW (in a manner appropriate to their size and situation) that they are complying with the Data Security Standard. For some Merchants, such as those with a high volume of card transactions, or with a history of security problems, validation involves on-site audits by certified professionals, but for many Merchants, the primary requirements are:
It is important to note that being in Compliance does NOT automatically mean that the Merchant has met their Validation requirement
The Self-Assessment Questionnaire (SAQ) is a form that Merchants may be required to complete every year and submit to their Acquiring Bank. It was created by the PCI Council. Completing a Self-Assessment Questionnaire helps Merchants do two things: Check their Compliance, by finding out for themselves if they are in compliance with the Data Security Standard.
Complete part of their Validation, but giving others, such as their Acquiring Bank, evidence that they are in Compliance with the PCI Data Security Standard.
As of February 2008, there is no longer a single one-size fits all Self-Assessment Questionnaire. Merchants now need to identify which one of five Validation Type categories they fit into, and then complete the appropriate Self-Assessment Questionnaire for their category. For some Merchants, the appropriate Self-Assessment Questionnaire is short and simple, while for other Merchants the appropriate Self-Assessment Questionnaire is long and extremely technical. Note that for all versions of the Self-Assessment Questionnaire, Merchants will only be considered compliant if they pass (or can answer “Not Applicable”) to ALL of the questions in the Questionnaire.
Being “Compliant” means that the Merchant meets all of the requirements laid out in the Payment Card Industry Data Security Standard. The requirements for Compliance are the same for ALL Merchants, large or small. However, smaller Merchants typically avoid many of the Compliance problems that larger organizations face because their systems and networks are usually simpler.
Validation means that a Merchant can demonstrate, via standard documents and/or tests, that they are meeting the PCI DSS requirements. Different Merchant types face different Validation requirements, depending on which of four levels they are assigned to.
No, PCI is not, in itself, a law. The standard was put together by business organizations including Visa, Mastercard, and the other major card companies. Merchants that do not comply with PCI DSS are not necessarily breaking any law, but they are probably violating their Terms of Service or contract with their acquiring bank and the card associations. This means that the Merchant might be penalized or sued, or these companies might refuse to work with the Merchant. This means that the merchant would be unable to process credit or debit cards
While not all businesses will require scans, if one is needed, a vulnerability scan is an automated, non-intrusive process that assesses the Merchant’s network and web applications from the Internet (on the external-facing IPs.) The scan will identify any vulnerabilities or gaps that may allow an unauthorized or malicious user to gain access to the network and potentially compromise cardholder data.
If your business fails to become PCI compliant(1), you could be putting your business at greater risk from the growing threat of payment card data breaches and theft, which may result in substantial penalties (such as fines from banks, regulatory agencies, and card associations), fraud and chargebacks, as well as legal costs and lost customers. If you fail to become PCI DSS compliant or to report your PCI DSS-compliant status with a third-party vendor to First Data, you may also be charged a monthly non-receipt of PCI Validation fee by your Merchant Services provider until such time as you become PCI DSS-compliant or report your PCI DSS-compliant status to First Data.
If your business experiences a data security breach, you could even lose your ability to process credit card payments. Perhaps more importantly, you risk the loss of customers. Research shows that 43% of customers who have been victims of fraud stop doing business with the merchant where the fraud occurred(2.)
1. Achieving PCI DSS compliance does not prevent a data security breach or compromise, or change the allocation of risk under your merchant agreement.
2. Javelin Strategy and research June 2009.
The First Data PCI Rapid Comply® solution is an easy-to-use online tool that can help you achieve and maintain PCI DSS compliance more quickly and easily. It offers:
Step-by-step guidance to complete the annual self-assessment questionnaire (SAQ): Our step-by-step application will direct you to the PCI SAQ that is appropriate for your business (A, B, C, C-vt, or D.) You can complete the SAQ with guided support, ensuring each question is answered accurately.
Fewer questions to answer – in some cases, 85% fewer questions: With “pre-SAQ” questions, we can pre-populate the appropriate SAQ answers – which are often the most difficult-minimizing the number of questions you have to deal with and speeding up the SAQ completion process.1
Comprehensive support that ensures your questions get answered: Have a question? With our built-in help, guides and security expertise, we can answer any PCI questions you may have – online and via chat, email, and phone
With our PCI Rapid Comply® solution, there are no new or additional charges. The Compliance Services Fee charged to you by your Merchant Services provider includes your annual PCI self-assessment questionnaire (SAQ) and quarterly scans, if needed, which are offered in our PCI Rapid Comply® solution.
If you fail to become PCI DSS compliant or to report your PCI DSS-compliant status with a third-party vendor to First Data, you may also be charged a monthly non-receipt of PCI Validation fee by your Merchant Services provider until such time as you become PCI-DSS compliant or report your PCI DSS-compliant status to First Data.
The benefits of using the First Data® PCI Rapid Comply® solution are that it is offered by an integrated with your merchant services provider. The PCI Rapid Comply® solution includes a guided, step-by-step SAQ tool help to complete the annual questionnaire with ease, an integrated scanning tool for merchants that are required to pass quarterly scans, and comprehensive support online and via chat, email, and phone to ensure your questions get answered.
As your Merchant Services provider, we hope you will elect to use our PCI Rapid Comply solution. However, you are free to obtain PCI DSS-compliance services from third-party vendors.
If you are charged an annual compliance service fee pursuant to your merchant processing contract, the PCI Rapid Comply solution is made available to you. If you choose to utilize the services of a third-party PCI compliance services vendor, you will be separately billed by that vendor for those PCI compliance services. Fees that First Data charges appear separately as a line item on your merchant account statement.
The PCI Rapid Comply® solution is an online, automated self-assessment tool offered by First Data to guide our merchants through the PCI DSS compliance validation assessment process. It offers the support of a live help desk, provides information on potential vulnerabilities along with innovative security enhancements that may further protect our merchants’ processing environments.
Level 3 and 4 PCI merchants are not required to validate self-assessment compliance through a QSA; therefore, First Data is not required to be a QSA in order to offer this feature of the PCI Rapid Comply solution to its merchants. However, the PCI Rapid Comply solution was developed in conjunction with a QSA to make the self-assessment validation process much simpler for merchants to complete. In addition, an Approved Scanning Vendor (ASV) is used to support quarterly network scans required for merchant’s processing payments over the internet.
For PCI Level 1 and 2 merchants that require a QSA for their PCI DSS compliance validation a PCI Approved QSA can be found on the PCI SSC’s website.