Home » Visa

Tag: Visa

WRF Blog Update

New Dispute Process for Visa Merchants – April 2018

Back in March, we mentioned that a change to the Visa dispute process was on the horizon. That change has finally taken effect. As of April 13, 2018, Visa moved to a new dispute process called Visa Claims Resolution (VCR). This change was designed to simplify the dispute process and deviates from the existing process in some key areas.

There are five key changes.

  1. The time frame for merchants to respond is shortened from 45 days to 30 days.
  2. Certain invalid chargebacks will be automatically rejected before processing.
  3. All cases will be routed through one of two workflows, Allocations or Collaborations.
  4. The previous 22 reason codes are consolidated into four basic dispute categories.
  5. Merchants will only be allowed to challenge fraud and authorization disputes if they have clear and definitive evidence or “compelling evidence.”

You can read more in-depth about these changes by reviewing Visa’s publication, Dispute Management Guidelines for Visa Merchants.

If you have any questions on how to process your disputes, please contact us.

WRF Blog Update

Interchange and Network Fee Notification for Payment Processing – April 2018

Effective April 1, 2018, there are a number of new and revised interchange and network fee structures being implemented by VISA, MasterCard and Discover Card. Wind River Financial believes in transparency of all association fees applicable to your merchant processing costs, so we will be passing through these new fees with no mark-ups or changes. There are hundreds of fee structures and not all are applicable to all card types or to all merchants, so detailed below are the few that will affect most merchants’ day to day transaction processing costs. For a full listing of these new fees, you can read the complete April 2018 Interchange Modifications report.

VISA Transaction Integrity Fee (TIF) Addition – In April 2012, VISA introduced a $0.10 fee for each signature debit card that wasn’t eligible to qualify for the Custom Payment Service (CPS) program. The TIF charge will now be extended to U.S. domestic and certain inter-regional Visa credit card purchase transactions that fail CPS qualification. This fee will be charged in addition to the applicable interchange fee. To avoid this fee, make sure you obtain a card swipe for Card Present transactions and include an invoice number along with an AVS attempt for Card Not Present transactions. Please note. The new charge will not apply to credit refund transactions. For further information, please contact your Wind River Financial Relationship Manager.

VISA Interchange Fee Program Increases and Revisions – Effective April 1, 2018, Visa will modify the Fixed Acquirer Network Fee (FANF) rates for certain monthly gross sales volume tiers within Table 2 (i.e. All Card Not Present Volume, Fast Food Restaurants, and Unattended Terminals).

MasterCard Fee Program Increase and Revision – Effective April 1, 2018, MasterCard is revising the Acquirer Brand Volume Fee on consumer and commercial credit volume for transactions that are less than $1,000 USD as well as signature debit transactions.

Discover Card Fee Program Increases, Additions and Revisions – Discover will revise the rates for several international consumer and commercial credit card interchange programs.

As mentioned, you can read more about the interchange and network fee updates in the April 2018 report.

Are You Aware the VISA Dispute Process is Changing?

Visa: Dispute Resolution Update

Chargebacks are part of a decades-old process that hasn’t changed much since its inception in the mid-70’s. While adequate for its time, the existing system is not flexible enough to handle the volume and complexity of the contemporary payments industry.

As of April 15, 2018, Visa is attempting to streamline and speed up the overall dispute process. Visa’s new process is called VISA Claims Resolution (VCR). Many of these changes will happen behind the scenes. However, there are a few items that may impact you as a business owner.

Currently, the average dispute takes around 46 days to complete while more contentious disputes take over 100 days. The new process is expected to conclude disputes in under 31 days. This will be done by reducing timelines, touch points and processes from both the card issuing and merchant sides of the industry. The notices that are sent to you will continue to have the deadline date clearly posted, so please respond promptly.

Visa will be consolidating 22 dispute reason codes down to just four categories. The information provided to you in each of these four categories will be just as robust as before, although it may require you to take different actions depending on the category of the dispute. The information provided to you will help you understand the reason for the dispute and how to respond. Pay special attention to the required documentation.

Another benefit to the business owner is that Visa will be blocking invalid disputes from entering the dispute system if they don’t meet new data requirements from the issuing side.

As always, it’s important to pay attention to dispute notices that you receive. Provide all the required documentation noted on your dispute notice for that dispute reason. With the new shortened time-frames, reply no later than the deadline posted on your notice.

If you would like to read more detailed information you can find it here: Visa Claims Resolution (VCR)

October 2017 Interchange and Network Fee Notification for Payment Processing

There are a number of new and revised fee structures effective October 1, 2017 being implemented by VISA. Wind River Financial believes in transparency of all association fees applicable to your merchant processing costs, so we will be passing through these new fees with no mark-ups or changes.

There are hundreds of fee structures and not all are applicable to all card types or to all merchants, so detailed below are the few that will affect most merchants’ day to day transaction processing costs. For a full listing of these new fees please go to our website in our Merchant Portal and Resource Library, Pricing and look for the title October 2017 Interchange Modifications.

VISA Interchange Fee Program Additions and Revisions – Visa will introduce new interchange programs for Corporate and Purchasing card transactions accepted at fuel businesses as well as revise some existing Commercial Card interchange rates and U.S. Government interchange programs. Click here for details.

April 2016 Interchange and Network Fee Notification for Payment Processing

There are a number of new and revised fee structures effective April 1, 2016 being implemented by VISA, MasterCard, and Discover Card. Wind River Financial believes in transparency of all association fees applicable to your merchant processing costs, so we will be passing through these new fees with no mark-ups or changes. There are hundreds of fee structures and not all are applicable to all card types or to all merchants, so detailed below are the few that will affect most merchants’ day to day transaction processing costs. For a full listing of these new fees please go to our website in our Merchant Portal and Resource Library, Pricing and look for the title April 2016 Interchange Modifications.

VISA New Fee Program Visa will introduce a new BASE II Credit Voucher fee on all credit transactions. Previously there has been a fee for the settlement of a sale, now there will also be a fee for the settlement of a credit refund transaction. For details click here.

MasterCard Fee Program Increase and Revision – MasterCard is revising the pricing structure by adding a new tier for the Acquirer Brand Volume Fee on consumer and commercial credit volume for transactions that are of USD $1000.00 or higher. For details click here.

Discover Card Fee Program Increases – Discover will be making a general change to the rates of the existing Acquirer Data Usage, International Processing Fee and International Service Fee. Click here for details.

NYCE Merchant Location Participation Fee Increase– The NYCE Network will raise their annual Merchant Location Participation Fee from $7.00 to $10.00. This increase will be reflected on our statements for all merchants accepting NYCE PIN debit cards in the past 12 months.

If we can help you further understand these changes please contact us by calling Client Care 800 704-7253 or by clicking here.

New Visa Mandate for Merchants Using POS Providers

Visa recently issued a new mandate related to merchants that use service providers to install and maintain point-of-sale (POS) systems and software within the merchant environment.  Examples of merchants that often use these types of POS providers include food and beverage establishments, lodging, pharmacies, or other industries that benefit from specialized computer integrated POS systems.

A recent trend has indicated that hackers target POS providers.  Because POS providers often maintain remote access to the POS systems within their business customer merchant locations, hackers are using this remote access to install malicious software at the merchant locations.  The software ultimately steals credit card data from the merchant locations.

Related to this trend, Visa is initiating the following mandate:

As of January 31, 2017, merchants must use POS providers that are Qualified Integrator & Reseller (QIR) certified.

The QIR Certification Program is designed to help POS providers better understand data security responsibilities and practices within the payments system.  If your business experiences a credit card related data breach as the result of using a POS provider that is not QIR certified after January 2017, it’s possible that Visa will levy additional fines to your business.

To confirm if your provider is QIR certified, please reference the official list here. Note that because this is a new program, that most POS providers are not yet certified. We expect the list from Visa to expand throughout the year.

If this Visa mandate applies to your business, we recommend that you contact your POS provider to inquire as to when they intend to obtain the Qualified Integrator & Reseller Certification in order to beat the January 2017 deadline.  This blog can also be forwarded to them for information.

Note: This mandate is applicable only to merchants that use specialized computer integrated POS systems and software installed and serviced by a third party.  It is not applicable to merchants that use only telephone or IP connected table top terminals, virtual terminals, wireless terminals, mobile payment acceptance, or cell phone or tablet dongles obtained from Wind River Financial.

October 2015 Interchange and Network Fee Notification for Payment Processing

Effective October 1, 2015, there are a number of new and enhanced fee structures that are being implemented by VISA, MasterCard, Discover Card, and other network providers. Wind River Financial believes in transparency of all association fees applicable to your merchant processing costs, so we will be passing through these changes with no additional mark-up. For a full listing of these new fees please go to our web site in our Merchant Portal and Resource Library and look for the title October 2015 Interchange Modifications.

VISA Interchange Fees and New Programs – Visa will Implement new U.S. interchange programs to support tier qualification requirements for business card transactions. For details click here.

MasterCard Interchange Fees -MasterCard introduced new Interchange programs for U.S. Data Rate 1 Healthcare for the MasterCard Commercial Payments Account and MasterCard Prepaid Commercial Payments Account products. Click here for details.

Discover Card Rate Changes for Existing Prepaid Interchange Programs – Discover will implement new U.S. interchange programs for e-commerce transactions. Click here for details.

Wind River Fee Changes- On October 1, 2015 Wind River will increase PCI non-compliant fees by $5.00 per month.

EMV Liability Shift – On October 1, 2015 card present counterfeit fraud liability will shift to the party that has the lesser technology. Therefore if the merchant is not EMV enabled the counterfeit fraud liability will shift to them. For details click here.

April 2014 Interchange and Network Fee Notification for Payment Processing

There are a number of new and enhanced fee structures effective April 1, 2014 being implemented by VISA, MasterCard, Discover Card, and other network providers. Wind River Financial believes in transparency of all association fees applicable to your merchant processing costs, so we will be passing through these new fees with no mark-ups or changes. There are hundreds of fee structures and not all are applicable to all card types or to all merchants, so detailed below are the few that will affect most merchants’ day to day transaction processing costs. For a full listing of these new fees please follow the links provided
April 2014 Interchange Modifications.
VISA Interchange Fees and New Programs Visa will introduce new interchange programs for new consumer products as well as modify assessments on the Acquirer International Services Assessment. Click here for details.
Pulse Merchant Participation Fee – The Pulse Debit Network will charge a $9.00 annual participation fee to merchants processing a pin debit transaction on the Pulse network.

Visa Issues Malware Alert

Visa recently released the specific malware alert shown below that primarily effects integrated POS systems. It includes information on how to potentially identify this specific malware within IT networks.

Primary audience: IT, Information Security, Incident Response

 

Summary

Chewbacca is a relatively new variation of malware (Trojan.Win32.Fsysna.fej) targeting Point of Sale (POS) systems that run on Microsoft Windows. Chewbacca utilizes keylogger and memory scraping/parsing functionality. The malware is privately utilized, meaning that it is not currently distributed through online criminal forums and therefore is not known to be widely available. Since approximately October 2013, the malware has been linked to several dozen merchant compromises.
Distribution and Installation
Since the Chewbacca malware is private at the moment (i.e. being used by a limited number of criminals), it is not yet clear how the malware is disseminated or what the total potential number of victims may be. Analysis of current samples indicates that the Chewbacca malware installs a copy of itself in the Windows startup folder, as a file named “spoolsv.exe.” Clearly, the file name disguises the Trojan as a Windows Print Spooler service executable, and placement in the Startup folder causes it to run automatically at Windows startup. It should be noted that unlike some malware, Chewbacca currently has no persistence mechanism and thus deleting the malicious spoolsv.exe executable and rebooting the infected machine will remove the malware.

Data-stealing capability
Chewbacca features two distinct data-stealing mechanisms: a generic keylogger and a memory scanner designed to specifically target POS systems. The memory scanner dumps a copy of a running process’s memory and searches it using simple regular expressions for credit and debit card magnetic stripe data (track 1 and track 2). If a card number is found, the malware extracts it and enters it into a log. Extracted magnetic stripe data is stored within the “system.log” file inside the user’s %temp% folder.

Network traversal and data exfiltration
One of the important innovations associated with the Chewbacca malware is that communication between an infected machine and the Command and Control (C2) server is handled through the TOR (The Onion Router) network. Using a network of encrypted relay systems, it is designed to conceal a user’s identity along with the contents of his communications. Tor often communicates over TCP 443 and it can be difficult to distinguish from normal TLS network traffic. All communications are encrypted, concealing the real IP address of the malware’s C2 server(s), which makes network detection more difficult.

For Chewbacca to function properly on the TOR network, it requires a TOR proxy application, which is installed on the infected machine. It is here, on the POS system, where the best opportunity for detection exists. In addition to identifying the TOR client application itself (tor.exe) on a POS system, it is possible to detect TOR running on a Windows system by issuing “netstat –nt” from a Windows command prompt. Look for the TOR listener, typically running on TCP 9050.

Mitigation
Visa requires participants in the payment system to comply with all PCI-DSS requirements and we recommend taking the following preventative steps to address this specific threat:

• Prevent the use of TOR on POS systems. This can be done by adding TOR and its components (Tor, Vidalia, TOR Browser) to antivirus solutions and application blacklisting controls. Network filtering, particularly outbound traffic from POS systems, can also be used to disable the malware’s ability to exfiltrate data.

• Control the Windows Administrator account. Data-stealing malware (like Chewbacca) requires Administrator-level permission in order to perform memory-scanning and key logging functions. Make it more difficult for malware to gain Administrative privileges.

• Assign a strong password for all accounts on the POS system.

• Create a unique local Administrator password for each and every POS system.

• Do not allow users to be local Administrators on a POS system.

• Change password frequently (at least every 90 days).

• Ensure the POS system functions as a single purpose machine. To reduce the risk of malicious software infection, disallow all applications and services (i.e. Internet browsers, email clients) that are not directly required as part of the POS’s core functionality in processing payments.

• Keep operating system patch levels up to date. For Windows, this means ensuring Windows Update is functioning and automatically applying monthly security patches.

• Restrict permissions on Windows file sharing or disable file sharing altogether. Unless absolutely necessary, Visa recommends disabling file sharing on POS systems. Microsoft has published instructions on how to disable simple file sharing and set permissions on shared folders.

Technical Threat Indicators
IOC
Type
Notes
%ALLUSERSPROFILE%\Start Menu\Programs\startup \spoolsv.exe
Filename
Attempt by the actors to hide the malware as a standard printer spooler application
%TEMP%\system.log
Filename
After installation, the key logger creates this file, logging keyboard events and windows focus changes
ekiga.net
Domain
Spoolsv.exe requests the public IP of the victim via a publicly accessible service at hxxp://ekiga.net/ip (which is not related to the malware)
86.64.162.35
IP
ekiga[.net] resolves to this IP. This is a legitimate service utilized by the malware to request the public IP of the victim
Mozilla / 4.0 (compatible; Synapse)
Non-Standard User Agent
Upon execution Chewbacca performs an external IP lookup by doing a GET request to ekiga[.]net, a legitimate service that replies with the IP address the request is sent from. The GET request is constructed with a non-standard User-Agent.
%TEMP%\tor.exe
Filename
Tor v0.2.3.25 is dropped as “tor.exe” to the user’s Temp and runs with a default listing on “localhost:9050”
5ji235jysrvwfgmb.onion
C2
Chewbacca performs a memory scan on running processes with the following regular expressions and uploads the results via hxxp://ji235jysrvwfgmb.onion/recvdata.php
21f8b9d9a6fa3a0cd3a3f0644636bf09
MD5
Chewbacca binary is a PE32 executable compiled with Free Pascal 2.7.1 (the version dated 22.10.2013). The 5 MB file contains Tor 0.2.3.25 as well.
0392f25130ce88fdee482b771e38a3eaae90f3e2
SHA1
Chewbacca binary is a PE32 executable compiled with Free Pascal 2.7.1 (the version dated 22.10.2013). The 5 MB file contains Tor 0.2.3.25 as well.
31d4e1b2e67706fda51633b450b280554c0c4eb595b3a0606ef4ab8421a04dc9
SHA256
Chewbacca binary is a PE32 executable compiled with Free Pascal 2.7.1 (the version dated 22.10.2013). The 5 MB file contains Tor 0.2.3.25 as well.
Additional Resources
This malware targets Windows-based POS systems, including Windows XP. It should be noted that Microsoft’s support ends in April 2014 for Windows XP and January 2016 for Windows XP Embedded operating systems. POS applications built on these platforms will be placed at increased risk.

To report a data breach, contact Visa Fraud Control:
• USFraudControl@visa.com

For more information, please contact Visa Risk Management: cisp@visa.com