How Negative Option Billing Merchants can remain compliant in LimeLight

Who do these new regulations affect?

These regulations affect negative option billing merchants. A negative option billing model refers to a merchant that sells a good or service at a nominal or “free” price to a consumer.

The merchant requires the consumer give payment information upfront to receive the trial product and bills the consumer on a future date, unless the consumer proactively cancels their subscription.

The typical model is as follows

  • Product is free on Day 1
  • Consumer is charged for the “free trial” on Day 14
  • Consumer is then shipped new product and charged again on Day 30

When do these new regulations take effect?

The new standard will take effect on April 12, 2019. Merchants, processors, and acquirers must be compliant by that date.

Note: This will affect any new subscriptions starting after April 12th.

 

Here are the new MasterCard regulations and how to stay compliant in LimeLight:

 

  1. MCC Classification: Negative option billing merchants that provide a physical product will be assigned the MCC of 5968: Direct Marketing—Continuity/Subscription Merchants.

    No action needed within the LimeLight platform, the Merchant should have conversations with their processor.

    • Acquirers must register the merchant through the Mastercard Registration Program
    • Acquirers must also code any transactions originating from high risk negative option billing.
    • This will be the responsibility of the acquirer and merchant to assign the appropriate MCC and register with MasterCard

  2. Disclosure of offer page information: Transactions must include the Website URL where the cardholder requested the product. Merchants will be required to provide the website URL with each transaction and this information will be transmitted to the gateway/processor.

    DELIVERED - 1/30/19

    • Merchants will be responsible to send the “Website” with the transaction request to LimeLight
    • LimeLight has provided two new API parameters in the NewOrder requests to allow merchant to submit
      • “Website” - URL where the transaction was initiated by the cardholder. Website Domain will be sent in the request to Mastercard
      • “Vendor” - The third party hosting the offer page, if using a hosted solution.

  3. Trial Start Date and Duration: The trial period must begin on the date that the product is received by the customer. This means that delivery time must be taken into consideration and the duration cannot start until the consumer has received the product.

    Features already in place in the LimeLight platform 

    • Delivery time can fluctuate but it is recommended that merchants assess their average delivery time. This can be provided by the fulfillment provider
    • In LimeLight, merchants are advised to configure the trial duration with delivery time in mind.
      • If the merchant is selling a 14 day trial and average delivery time is 4 days, the merchant should configure the trial duration as 18 days

  4. Rebill consent: After a trial, before any rebill is initiated the merchant must provide the following information to the consumer: Payment amount, payment date, secondary payment date (if applicable), merchant name as it appears on cardholders statement (descriptor), and instructions for cancelling. The merchant MUST also get explicit consent BEFORE issuing the rebill.

    Targeted - 2/13/19

    • LimeLight will have a “consent_required” parameter in the New Order requests
    • Merchants will be responsible for passing the flag designating the transaction as needing consent prior to the rebill
    • LimeLight will set the next rebill date, however the transaction will not rebill until further action is taken
    • In LimeLight merchants will be able to set a “Consent confirmation” email, X days prior to a rebill that requires consent. The merchant can customize this notification by payment type. LimeLight recommends at least 3 days prior to the rebill; this will give the consumer enough time to give consent.
    • Merchants will need to make a subsequent API request confirming that consent has been received.
    • LimeLight will also allow for customer service reps to consent upon customer request (within the LimeLight order details interface)
    • The merchant will need to configure an email with the aforementioned information.
      • This can be provided on the initial order receipt using the Order Confirmation email trigger or X (3) days prior to rebill using the Consent Notification email trigger
    • LimeLight will provide corresponding email tokens to provide the necessary information
      • Payment Amount = {nextsubscriptionamount}
      • Payment Date = {nextsubscriptiondate}
      • Secondary Payment date - Merchants will be responsible for defining when the transaction will be attempted again in the even of a decline. This can be done by using the Decline Manager schedule configuration. IE: “In the event of a decline we will reattempt the transaction 3 days following the scheduled payment date”
      • Merchant Name {descriptor}
    • The merchant will be responsible to add the tokens and instructions for cancelling

  5. Cancellation Policy: The merchant must provide a direct link to an online cancellation procedure on the website where the cardholder made the initial purchase. In the event the page is down the merchant must present a customer service phone number on the website maintenance page.

    Features already in place in the LimeLight platform

    • The merchant must send a confirmation to the cardholder when the subscription has been cancelled.
    • LimeLight provides the ability for merchants to send a “Cancellation Notification.” This notification can be found in the Email Triggers and Email Templates and configured to any product subscription.

  6. Storage of transaction receipt: Acquirers will be required to monitor transactions to identify when the same cardholder account number is used across multiple MIDs. When this is identified the acquirer may require proof of each transaction.

    DELIVERED - 1/30/19

    • Acquirers will require merchants to retain receipts of each transaction for up to one year. In the event they are audited due to same account number across multiple MIDs they must provide evidence that each was a bonafide transaction.
    • LimeLight will allow for the merchant to BCC copies of each email receipt.
      • In LimeLight merchants can configure a BCC email address in the Email Trigger; the merchant can add multiple BCC email addresses if needed.
      • Storage of the emails is the responsibility of the merchant.
        • Cloud storage is available to merchants at a low cost.
        • Google Cloud offers a terabyte for $10/mo

  7. Send receipt for all transaction attempts: Each time a merchant attempts a transaction the merchant must send receipt to the cardholder via email or other electronic means. The merchant must also provide instructions to cancel the subscription. Following an unsuccessful transaction the merchant will also need to provide the decline reason.

    TARGETED - 2/13/19

    • LimeLight will provide a new email trigger merchants can configure to email upon unsuccessful transaction attempts.
      • The new email trigger event “Decline transaction” will be found in the email triggers accompanied with a new email template
    • LimeLight will also provide a new token for {gatewaydeclinereason} to be used in the email to provide the decline reason  to the cardholder.

  8. Recurring Transactions: All recurring transactions at the same acquirer must be processed under the same MID that was used for the initial payment transaction.

    Features already in place in the LimeLight platform

    • Merchants are highly suggested to “preserve” the gateway in LimeLight, therefore all future rebills will remain under the same Merchant ID
    • Merchants can also utilize MID Group in LimeLight to ensure that initial transactions and upsells get processed within the same “group”