cards.

CARD. PAYMENTS.

The explanations in this section are based on the general introduction to the transaction model and to the 4 party model . The following information will focus on the peculiarities of the card business.

IDENTIFICATION FOR CARD PAYMENTS

With card payments, the identification process takes place when the information contained in a specific payment card is being read. The PAN is used to assign the subsequently triggered transaction to the card account . The PAN is technical routing information., similar to an IP address or a mailing address. The PAN is then in turn linked to a card account (e.g. in the case of credit cards) or to a classic payment transaction account (e.g. in the case of a debit card for a bank account).

Because of the central importance of the PAN for initiating card payments, it is, at the same time, a crucial starting point for various fraud patterns. The card schemes are attempting to meet the resulting need for protection through a number of measures within the scope of the joint PCI (Payment Card Industry) initiative.

Two means of protecting the card number are the use of modern chip technology and the tokenization of the PAN, which is further described below.

TOKENIZATION IN CARD BUSINESS (IDENTIFICATION)

In terms of digitization of payment transactions, tokenization is one of the key technologies. Ever since eCommerce was established, servers of online merchants and their payment processors have been the target of numerous attacks, with each attack often compromising millions of card data. Having the merchants- i.e. the Payees - implement the PCI standards and the associated (proprietary) tokenization has already resulted in significant cost savings. Modern tokenization approaches include additional interesting features that benefit both Payees and Payers.

BACKGROUND INFORMATION TOKENIZATION (IDENTIFICATION)

In the vending machine business, tokens replace real coins in order to reduce the damage caused by break-ins. The same principle applies to digital card payments. Sensitive payment information such as the card number is replaced by a value code designed for one-time use that may be tied to the transaction. If for instance the transaction with a card token is hacked, the issued card can still be used for future transactions. This avoids extensive card exchange programs as a result of compromised Payee servers. Production and replacement of a single card, including shipping.
cause costs in the mid single-digit euro range. As for each Payee’s infrastructure that has been attacked so far, usually several million card data were captured on a regular basis. These data were marketed in professionally organized networks, mostly via the darknet. In addition to the replacement costs and high fraud losses, the participating PSPs also faced considerable fraud processing costs. Apart from an increased network security and financial risk reduction, tokenization can generate additional benefits. For instance, combining tokenization with other technologies paves the way for automated updates of tokens or offers within payment wallets; by applying these features in current tokenization services they can solve a large variety of transaction and security problems in card payments. Therefore, tokenization is one of the key technologies in the digitization of payment transactions.

More about tokenization.

AUTHENTICATION FOR CARD PAYMENTS

In face-to-face business, authentication for card payments is now generally carried out by checking the payment card itself in connection with entering a PIN (decreasing use of signatures)

In distance selling transactions, a technical check of the authenticity of the payment card via the chip is not possible. In addition to specifying the card number (PAN), the CVV2/CVC2 is also used. However, as static data, both PAN and CVV2/CVC2 are no longer considered sufficient for authentication. Therefore, two-factor authentication is performed in the 3DS2 standard specified by EMV co. 3DS2 serves as the global industry standard for merchants and cardholder banks to authenticate remote payments (e-commerce transactions).

In exceptional cases, transactions can also be authenticated without a PIN in face-to-face business. This applies in particular to low, low-risk transaction amounts.

Contribution of Sam Boboev; Also on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:7245522593745653761/

Contactless Card Limits in Every Country in 2024

Contactless payments are made possible with near-field communication (NFC) technology, and the concept first gained popular usage on Seoul’s transport network in the 1990s. By 2003, Transport for London had introduced the highly successful Oyster card scheme to replace paper tickets on its services; this in turn inspired Barclaycard to offer Britain’s first contactless bank card for customers in 2007.

🌏 Britain Leads the Way in Europe’s Contactless Payment Limits

Despite widespread trust among Scandinavian countries towards their governments and banks, the UK has Europe’s most generous contactless limit – set at £100 ($120.65) per transaction in 2023. According to UK Finance, 9.6 billion card payments were made in 2020 without chip and PIN – up 12% from the previous year. Contactless now accounts for a quarter of all transactions in the country, with smartphone compatibility a major factor in consumer choices.

Within the European Union, payment limits are regulated by the European Banking Authority (EBA), which recommended an increase during the Covid-19 pandemic to €50 ($53) to aid social distancing for merchants. More recently, European lawmakers have launched legal proceedings against Apple for breaching competition law through its NFC technology on its Apple Pay service.

🌏 Canada Boasts Highest Contactless Limit in the West

While most countries adopt a transaction limit to protect customers from fraud, the United States is one of two countries where there are no such restrictions. Instead, merchants can place a discretionary cap on payments, meaning that the practical limit is $10,000 for Visa, Mastercard, Discover, American Express, and JCB – the maximum of a standard credit card. However, apps like Google Pay and Apple Pay support up to $50,000 – meaning customers should exercise caution when purchasing.

Aside from the U.S., our research shows that Canada has the highest contactless transaction limits in North America, with consumers permitted to spend as much as C$250 ($185.80 or £154.09) on a single payment. Major merchants Visa and Mastercard worked with the Canadian government to raise the cap from $C100 ($74 or £62) during the Covid-19 pandemic, giving consumers more choice in how they pay for goods and services.

🌏 Three Middle Eastern Nations Have Contactless Limit Above £100
The research shows that the region has three of the ten highest contactless transaction limits anywhere in the world, giving shoppers more freedom over their purchases. Jordan (JD 150, $211.19 or £175.14) leads the way, boosted by the country’s emerging fintech hub. In late 2021, Mastercard became the first merchant to launch a biometric card, rolling out the technology in collaboration with Jordan Kuwait Bank.

DISPOSITION/AUTHORIZATION OF CARD PAYMENTS

The authorization in the card buisness takes place in real time via the terminal at a retailer and results in a guarantee of payment by the card-issuing institute. In addition to disposition on the card account and guaranteeing the payment, technical aspects are taken into account during the authorization process (e.g. ATM limit, cryptographic card authenticity check).

CARD PAYMENT CLEARING/SETTLEMENT

The international card schemes balance all transactions with cards from a card-issuing institute on a daily basis and transmit the amount for settlement. The card-issuing institute adjusts the daily balance and allocates the individual transactions to the corresponding card accounts. Vice versa, the PSP distributes the sum of the individual transactions to the respective payee.

In addition to the total of individual transactions, fees and claimed transactions are also regulated in this process.

FEE CALCULATION/ MANAGEMENT IN CARD PAYMENTS

On the payer's side, for most products annual fees are charged as fixed costs. These include the card price itself and, if applicable, a price for extra services such as additional insurance. Variable transaction fees include foreign transaction fees, currency conversion fees or fees for cash supplies. In some markets, card issuers generate revenues from hidden charges, e.g. own conversion rates for foreign currencies. However, in recent years there has been increased regulatory intervention in this area.

The payee has to bear the card acceptance fees charged by his acquirer (so-called disagio or ICF++ ). ICF stands for the so-called interchange fee, i.e. the fee that the payee has to pay to the card-issuing institute. In many markets, these have been subject to stricter regulation by the competition supervision authorities over the last two decades. In the particular case of large commercial customers, the interchange fee and the fees charged by the card schemes are disclosed and passed on to the customer by the acquirer. As a result, the fees ultimately charged by the acquirer itself besome visible and therefore more transparent. Smaller dealers are usually served with flat-rate prices (disagio model).

CLAIMS IN CARD PAYMENTS

A dispute in payment transactions is usually generated either by a claim in the associated material transaction or following fraudulent transactions. In most cases, claim handling processes and rights are determined in the terms and conditions between the institute and the payer/payee. In particular the card schemes as intermediaries between the institutes and payer/payee institutions, also define specific framework conditions for claims.

In general, a claim could be placed on several levels within the 4-party-model and could be solved in that framework as well. If the claim originates in the material transaction between payer and payee, it can be resolved at this level. If the payer addresses the claim via his issuing PSP, the card business refers to this as "dispute".

In the context of card payments, a dispute thus refers to a discrepancy or an erroneous transaction that is shown on a cardholder's card statement. This encompasses situations, such as:

Unknown or unauthorized transactions: If a person notices a transaction on their credit card statement that they did not authorize or are unaware of, they can file a dispute in order to contest the transaction and receive a refund.
Duplicate Charges: Occasionally a transaction may accidentally appear twice on the credit card statement. In this case, the cardholder may file a dispute to contest the double charge and obtain a refund for the excess amount.
Quality issues or non-compliance with the terms of the agreement: If a person paid for goods or services with their credit card and is dissatisfied with the quality of the products received or finds that the agreed conditions have not been met, the cardholder may file a dispute in order to obtain a refund or an appropriate solution to the issue in question.

Following national legal standards will not be sufficient to ensure that disputes are processed in a uniform manner throughout the world, card schemes that operate globally therefore maintain elaborate dispute rules and regulations, which issuers and acquirers are contractually committed to comply with. The steps from the first submission of a debit (presentment) through all levels of escalation within the chargeback processing are shown in the charts below by way of example.

CONTACT.

IMPRINT.

DATA PROTECTION.