Home » Banking

Category: Banking

WRF Blog Update

New Dispute Process for Visa Merchants – April 2018

Back in March, we mentioned that a change to the Visa dispute process was on the horizon. That change has finally taken effect. As of April 13, 2018, Visa moved to a new dispute process called Visa Claims Resolution (VCR). This change was designed to simplify the dispute process and deviates from the existing process in some key areas.

There are five key changes.

  1. The time frame for merchants to respond is shortened from 45 days to 30 days.
  2. Certain invalid chargebacks will be automatically rejected before processing.
  3. All cases will be routed through one of two workflows, Allocations or Collaborations.
  4. The previous 22 reason codes are consolidated into four basic dispute categories.
  5. Merchants will only be allowed to challenge fraud and authorization disputes if they have clear and definitive evidence or “compelling evidence.”

You can read more in-depth about these changes by reviewing Visa’s publication, Dispute Management Guidelines for Visa Merchants.

If you have any questions on how to process your disputes, please contact us.


Seriously, What Are My Odds of a Data Breach?

Unfortunately, your chances of experiencing a data breach are growing each year. In fact, the trends and shifts in awareness pertaining to data security are frightening to watch unfold. I read a recent study that polled adults in the US, UK and Australia that asked if the number of criminals trying to steal personal information is increasing. Not surprisingly, the survey indicated that 85% of respondents felt that it was.

We recently discussed why having a “Security First” mindset and approach is important, and as we look at what is happening with breaches, the importance is highlighted even more.

According to the ITRC (Identity Theft Resource Center), cyberattacks and breaches have grown both in frequency and in the amount of losses sustained. Here are some of the statistics as noted in their 2017 Executive Summary.

  • Breaches again hit a new record in 2017, with 1,579 breaches tracked, up 44.7 percent from 1,091 in 2016, as businesses and government entities move toward timely reporting
  • The number of records exposed rose to about 179 million, compared with 37 million in 2016
  • Businesses saw 870 breaches (55% of the total)
  • Medical/healthcare organizations were affected by 374 breaches (23.7 percent of total breaches)
  • Banking/Credit/Financial saw 134 breaches (8.5%)

For a more detailed breakdown, you can see the year-over-year data breach numbers by sector and category.

Another key statistic from the report indicates that 59.3% of breaches were from hacking. Hacking includes methods such as phishing, malware and skimming.

With the number of breaches increasing and hacking being the number one method, it is clear that one area of your defense strategy needs to focus on identifying and mitigating the damage as quickly as possible.

Part of our “Security First” approach is to help arm all of our customers with additional ways to keep their customer or patient data safe. Our goal this year is to educate our customers about data breach risks and how they can start down the path to be “Security First.” An important component of that process will be encouraging them to take advantage of the security and monitoring tools in our Advanced Security Package.

If you’d like more information about other issues we see becoming more prevalent in the market, feel free to contact us or read about the dangers of ecommerce malware.

Are You Aware the VISA Dispute Process is Changing?

Visa: Dispute Resolution Update

Chargebacks are part of a decades-old process that hasn’t changed much since its inception in the mid-70’s. While adequate for its time, the existing system is not flexible enough to handle the volume and complexity of the contemporary payments industry.

As of April 15, 2018, Visa is attempting to streamline and speed up the overall dispute process. Visa’s new process is called VISA Claims Resolution (VCR). Many of these changes will happen behind the scenes. However, there are a few items that may impact you as a business owner.

Currently, the average dispute takes around 46 days to complete while more contentious disputes take over 100 days. The new process is expected to conclude disputes in under 31 days. This will be done by reducing timelines, touch points and processes from both the card issuing and merchant sides of the industry. The notices that are sent to you will continue to have the deadline date clearly posted, so please respond promptly.

Visa will be consolidating 22 dispute reason codes down to just four categories. The information provided to you in each of these four categories will be just as robust as before, although it may require you to take different actions depending on the category of the dispute. The information provided to you will help you understand the reason for the dispute and how to respond. Pay special attention to the required documentation.

Another benefit to the business owner is that Visa will be blocking invalid disputes from entering the dispute system if they don’t meet new data requirements from the issuing side.

As always, it’s important to pay attention to dispute notices that you receive. Provide all the required documentation noted on your dispute notice for that dispute reason. With the new shortened time-frames, reply no later than the deadline posted on your notice.

If you would like to read more detailed information you can find it here: Visa Claims Resolution (VCR)

URGENT, You Do NOT Need to Read This!

We Already Have You Covered

You may have heard about a global issue in which Google researchers found unfixable vulnerabilities in commonly used encryption protocols. You may have also heard that, as a result, the PCI Council has delisted the vulnerable encryption protocols from being used for credit card processing. However, you may not understand what this means.

The encryption protocols of SSL and TLS have been in use for a long time. They essentially ‘scramble’ data during communications so that if the data is intercepted by an unauthorized individual, it cannot be read. In this manner, encryption is used for email, credit card data transmissions, ecommerce or any other sensitive data that needs to be protected. Specifically, the vulnerabilities apply to all versions of SSL and early versions of TLS, which is the more updated protocol.

What Do These Vulnerable Encryption Protocols Mean For My Business?

Nothing! Wind River is way ahead of the rest of the industry and so are you*. An article explaining TLS notes that 40% of merchants could be impacted, and when the merchant’s processor “flips the switch,” the merchant wouldn’t be able to process SSL or TLS 1.0. Their credit card processing would stop working for these transactions!

We have worked hard to communicate this critical change to our customers that were impacted well ahead of the looming deadline and taken the action needed to assure them their credit card processing would continue uninterrupted.

No need to send “Thank You” cards or gifts. It’s all in a day’s work here at Wind River and part of the After the Handshake Promise.

*We do have six customers we are still working with to overcome this obstacle. If you are one of these six, (you know who you are!) please read the PCI Council Specifics below and we will continue to work with you.

PCI Council Specifics

The PCI Council says that if you are involved in credit card processing, all entities must be off of all versions of SSL and TLS 1.0 by June 30, 2018 for PCI compliance. After this date, only TLS 1.1 or 1.2 should be used. Note that not all implementations of TLS 1.1 are immune from the vulnerability, so TLS 1.2 should be used if possible.

The PCI Council has provided guidance. Note that the June 30, 2018 deadline from the PCI Council is the end of a two-year extension that they originally provided due to the challenges of this global technology issue.

No Signature Required! What?

Late last year MasterCard, American Express, and Discover Card announced that in April of 2018 they would be eliminating the requirement for merchants to collect signatures for all purchases at the point of sale. They all pointed out that with their secure networks combined with new digital payment methods that include chip, tokenization, biometrics and other fraud capabilities have advanced so that signatures are no longer necessary to fight fraud. Visa followed suit early this year but specified that signatures will no longer be required when a Visa EMV card was being used at the point of sale.

What does that mean for you? MasterCard has pointed out that it expects this will speed up the checkout process and enhance the customer experience. However, it will take some time for the various point of sale systems and software to eliminate the signature line on the receipt. In the meantime, MasterCard has also suggested if a merchant is more comfortable obtaining a signature they still can. A signature will be optional, but starting April 2018 it will no longer be a requirement.

Stay tuned for more details as we are awaiting specific instructions from the card brands that we will share with you.

Holiday Season Reminders: Prevent Fraudulent Transactions and Chargebacks

With the holiday shopping season upon us, it’s a good time to review some good practices in helping prevent your business from incurring losses from fraudulent transactions and chargebacks.

Face-to-Face Transactions
If the card presented for payment is not a chip card, always swipe the card. In the event of a Chargeback, this provides proof the card was present at the time of the transaction.

• If presented with a chip card and you have an EMV terminal, have your customer insert the card into the terminal and leave it there until the transaction is complete.  (If you have not yet upgraded to an EMV Terminal, please contact your Relationship Manager at 800-704-7253.)

• Obtain an authorization number for the full amount of the transaction.

• If an authorization is declined, do not accept it, attempt to split it into smaller amounts, attempt to obtain authorization at a later time, or try to force it through. Any of these attempts may leave your business vulnerable to a chargeback loss. Instead, ask the customer for another payment method.

• Have your refund policy printed on the receipt directly above or below the cardholder signature line in letters ¼” high.

Internet or Phone Transactions (Card Not Present)

• Obtain an authorization number for the full amount of the transaction.

• If an authorization is declined, do not accept it, attempt to split it into smaller amounts, attempt to obtain authorization at a later time, or try to force it through. Any of these attempts may leave your business vulnerable to a chargeback loss. Instead, ask the customer for another payment method.

• Verify the cardholder’s address via Address Verification Service (AVS). The best AVS response is ”Y” for Yes or “Match”. This means the cardholder has given you the same address as the billing address for the card. If you are still uncertain about the transaction (e.g., large transaction, first time customer, splitting sale amount between cards, etc), you can call the issuing bank or the Voice Authorization Center.

• Ask the customer for the CVV/CVC Code on the back of their card (front for Amex). This is a 3 or 4-digit number that is now commonly used to help verify that the customer possesses the physical card. Most terminals prompt you for this information and will return a negative response if the number provided is not correct.

• Ship the merchandise to the AVS address and obtain signed proof of delivery or other method available from your shipper.

• Charge the cardholder’s account at the time the merchandise is shipped.

• Have your checkout page designed such that a customer must acknowledge your cancellation or refund policy. Be able to produce the acknowledgement in the event of a chargeback resulting from a refund dispute. Have a clear and concise refund policy.

NOTE: If a card is not present at the time of sale, a merchant cannot verify that the legitimate cardholder authorized the sale. The steps noted above may help minimize disputes and fraud, but they cannot guarantee avoidance of chargebacks. Card not present transactions are inherently more risky than those in which the card is present.

I hope this is a good reminder and something you might wish to review with your staff.  If we can help or you have a concern you can always call Client Care at 800-704-7253 or email us at info@WindRiverFinancial.com.  Here is my contact information as well.

Wishing you a very Happy Holiday season.



Trick or Treat?

Children are anxiously awaiting the chance to celebrate Halloween by knocking on doors and exclaiming, “Trick or Treat!” For these children, it’s all treats. Unfortunately for far too many businesses, many customers of ours, there is a real game of “Trick or Treat” going on, and it is all tricks.

We have heard from several customers over that last couple weeks, that have told us they received a phone call from imposters representing that they are from their current merchant services provider or an “Industry Watchdog.” These dogs are saying they have noticed something wrong with their merchant services account and to simply fill out some paperwork to correct the problem, usually focusing on correcting a problem that will lower their rates. In the multiple cases that our customers have brought to us, this paperwork is actually an application, to not only switch their account over to them, but to lock them in to a long-term contract. Even worse, last week one of the “reps” on the phone tried to attempt to reprogram their terminal over the phone, over to that new processor!

There are no industry watchdogs in the merchant services industry. Although with these tricky tactics, there definitely should be!

Please enjoy this Halloween season. Treats for all the kids dressed as ghosts, goblins, heck, even the scary killer clowns, but please don’t fall for the tricks of the adults dressed up as industry watchdogs! Contact us if you receive one of these tricky phone calls or if you have any questions at all. We are here to help, who knows, maybe if you excitedly exclaim “Trick or Treat” we will send you out some candy treats!

Happy Halloween!

Is it really ……. just that easy?

#WRFProudPartner winner!

Our Proud Partner program was just rolled out new this summer, but Lynn Aspinwall of Sonic Foundry isn’t new to Wind River. Her experience and trust in Wind River made it an easy connection when she became the Exalted Ruler for the Madison Elks Lodge #410. Lynn, thank you for sharing your “Happy Moment” story and taking the initiative of passing along our story to other Elks Clubs around the state.

Did you know the Madison Elks Lodge #410 is located on the beautiful shores of Lake Monona, within walking distance of the Capitol Square, Monona Terrace, several hotels and also includes a private pier for boats. The Lodge features a full service bar, restaurant, and banquet facilities for up to 250 people. And by the way, for your own personal “happy moment” I hear they have one of the best Old Fashioned’s in town that pairs very nicely with the Fish Fry that can rival any supper club! However, you must be a member of the Elks, a guest of an Elk or sponsored by a member to share in the fun. Learn more about joining this private club that has been in Madison since 1898.

We want to thank those who participated in sharing their great stories, “happy moments”, compliments and referrals since the introduction of our #WRFProudPartner program. As the winner for this quarter, Lynn will be selecting something from our choice of great thank you prizes (see below).

We appreciate and look forward to hearing and sharing more #WRFProudPartner “happy moments”, compliments, stories and/or referrals from you. Just pass them along to any staff member at Wind River or to Matt Tomlinson our “Director of Happy Moments” mtomlinson@WindRiverFinancial.com or call him 608-441-7362.

You will automatically be entered in our next quarterly drawing and could win your choice of:
1. Badger tickets
2. Packer Tickets
3. Kalahari 1 night stay + additional gift card
4. Wollersheim Winery special event + gift card
5. Vortex optics
6. Electronics (Apple watch/iPad/GoPro)
7. Kessler’s, AC Zuckerman or Goodman’s Bling

Yes, and it really is…. just that easy!


Do You Know Who’s On the Other End of That Line?

A certain type of scam has resurfaced recently – one that has been around for a long time in different iterations. We’ve blogged about this before, but perhaps it’s time for a reminder. What I refer to is a “fake authorization scam” and it works like this.

The fraud suspect is attempting to purchase a big ticket item or conduct a credit card cash advance in a financial institution. The card is declined and they have an excuse such as “it must be a transaction amount limit” or “a daily limit.”  They pretend to call the number on the back of their credit card or they have you call it. However, unbeknownst to you, the phone number has been changed on the back of this counterfeit card, and it rings to the cell phone of an accomplice of theirs.

Their accomplice is skilled at sounding like they work for the credit card issuer. They use common terms and professional sounding language. They indicate a reason that the transaction was declined, but that funds are available and they will walk you through a manual authorization.

They have you press certain keys on your credit card terminal and, unbeknownst to you once again, they have taken your terminal offline or into training mode. In this mode, any number entered as an approval code will appear as an approval even though the terminal is not communicating with the card issuer to obtain authorization.

The happy “customer” then goes on their way never to be heard from again. Then you receive a chargeback from the credit card issuer for “no valid authorization.” You call your credit card processor and insist that you spoke with the card issuer and they gave you an authorization code that approved on your terminal. Your credit card processor can only see that the card issuer has reported that the authorization code was not valid. Unless a valid code is provided, you’re going to lose the chargeback as the real cardholder wants their money back from this fraudulent transaction on their account.

You thought you were going to have a big sale and instead you’re sitting with a loss. The chargeback process does not seem fair. You did your best to “do it right” and you still got scammed. There are many frustrating things about this type of scam.

There are a few things you can do to help protect your business from this. First, never (and I mean NEVER), accept a customer’s cell phone if they say they’ve contacted their card issuer. Joint with this, do not call the number on the back of their card since it may have been modified. The phone number on the back of a card is for the cardholder only.

In the very rare event that a cardholder needs to contact their card issuer to get special permission to run a larger transaction, they can do so on their own while you, as the merchant, run the transaction the way it was intended. That is to insert (if it’s a chip card) or swipe the magnetic strip and get an approval.

If the card declines, it’s a sign that something is wrong. Are there other signs present that this customer may not be who they pertain to be? Was the sale too easy? Are they “buying” rather than “shopping?” Is the merchandise something they can easily resell on ebay?

We recommend asking for another form of payment at this point. If, at your discretion, you choose to attempt to run the card again, you’re increasing the chances of not getting paid for the transaction. We do not want this to happen which is why we recommend stopping at a first decline and asking for that second form of payment.

Better safe than sorry…

A Guy Walks Into a Bar…

I know, it sounds like a setup to a classic joke, or a hit single from country artist Tyler Farr but it really is how my story begins.

I walked into a bar last week with Bill, a longtime customer of Wind River Financial. Beautiful night, so we opted to belly up to the outdoor bar. He ordered a beer and me my standard, a vodka diet 7 (unfortunately I am allergic to beer!) We started talking about kids, sports, life, all the important stuff and then progressed into business. I was curious to hear how Bill’s industry was changing and what new challenges he and his team were facing.

Great conversation, but then Bill turned it back on me. “How is your business going? What are you toughest challenges?” he asked. I paused, pondered, took a drink of my 2nd (or maybe 3rd) vodka diet 7, and replied, “Things are really great. Our retention rate is 94% and the industry average is between 60-70%. So the customers we do have, really appreciate our great service and proactive approach.” He nodded, took a drink (now a Brandy Old Fashioned) and said, “I agree, that makes sense to me. Amy and her team are great and that is why we have been with you so long”.

I continued, “But our toughest challenge is starting conversations with potential new customers. Our industry has bombarded businesses with annoying telemarketers who try to commoditize our services by promising the lowest rates, and then lock ‘em in to multiyear contracts and creep up their rates over time. Many businesses tell me that they receive 5-10 of these phone calls a week.”

As I reach for the chicken nachos that were just delivered, Bill asks, “So what are you doing about it?” I began explaining our new WRF Customer Referral Program, and talked about how we want customers like our best customers and the best way we believe to do that is to get a warm introduction from a trusted source.

He agreed and as we quickly devoured the nachos, he thought long and hard about businesses referrals. He thought about his vendors, his customers and other business acquaintances. As I hastily grabbed the last jalapeno off the platter, he said to me, “You know Mike, most of my referrals would be personal referrals not business referrals.”

A guy walked into a bar hoping to find out more about a customer’s business and came out with 11 referrals, 1 business and 10 personal acquaintances. Maybe even more importantly, a guy realized that our referral program shouldn’t be solely focused on business contacts, but personal contacts as well.

Thanks Bill for being our customer and thank you for the referrals. We know that you are only going to refer an individual or business to someone that you trust. Thanks for trusting Wind River Financial!

If you have a business or personal referral that you think would appreciate the Wind River Service Promise, please let us know. Or if you want to meet a guy for an Old Fashioned, we are up for that too, but hurry the outdoor bars will be closed for the season soon.