MasterCard Compliance - FAQ

Consent

  • Can I provide all of the consent information and consent links as part of the order confirmation email? If we cannot, please describe exactly what part of the MasterCard AN2202 rules we are not following by doing this.
    • According to the regulations, the consent information must be a separate communication AFTER the trial has ended. It cannot be collected upfront, in your trial confirmation email, and the Order Consent email/template cannot be sent too early in the trial process. From AN2202: "After the trial period for a product has ended, but before any additional payments are made by the cardholder, the merchant must provide the cardholder with the following information for which the cardholder’s authorization will be requested, and the merchant must obtain the cardholder’s explicit consent for the payment amount before initiating the authorization request"
  • What the recommendations for "Transaction notifications and storage"?
    • Depending on your volume, you could choose to BCC your Email triggers configured in LimeLight to a normal gmail account you create for archiving purposes. For higher volumes on Google Mail you can look into this: https://gsuite.google.com/products/vault/
  • LimeLight States states: For free Trial 5968 merchants not using the NMI PaySafe gateway, you will have to pass the consent_required=1 parameter in the NewOrder API call for MasterCard transactions. Should we implement the consent for the order which has processed with MasterCard either using the NMI Paysafe gateway or another gateway?
    • If you are not on the NMI Paysafe Continuity gateway, then the compliance will be up to you, the merchant. If you are running a free trial, then on the NewOrder API call you make to initiate that transaction, you need to pass consent_required=1 in the API parameters if it is a MasterCard transaction. It is in your control and LimeLight is providing you the tools to be compliant. Only on the NMI Paysafe Continuity gateway do we "force" consent requirements by default starting April 12.

Offering Discounts and Coupons

  • If we offer a coupon discount on the first purchase, will this still fall under the new MasterCard AN2202 rules?
    • We have posed this question to several of the acquirers and processors, and according to them, having a coupon on the first purchase does NOT opt you out of the new regulations. You will still be considered negative option trial in this case. However, we encourage you to talk through this with your acquirer/processor.

Who is affected

 

  • We are in the process of migrating to LimeLight from a different CRM, The other CRM has not sent us any communications regarding the new regulations. Are these regulations equally applicable to everyone?
    • If you are you currently classified as a MCC 5968 merchant then the MasterCard AN2202 rules are applicable as of April 12 2019.
  • Will any of these new regulations affect existing customers on the NMI PaySafe MID, or only new customers?
    • Any existing subscriptions prior to April 12 will not be affected in any way. You can continue to run those rebills without consent. Also, keep in mind the consent requirement is only for the FIRST post-trial rebill. There is no consent requirement for subscription rebills after that.

Does my business model fall under MasterCard AN2202 rules

  • Does this affect companies that do not offer free trials but do use subscriptions?
    • If you just do straight subscriptions, the new rules do not apply to you. However, if your MID is still 5968 and with Paysafe, be sure to send "consent_required=0" to ensure you opt out of the default consent requirements that Paysafe has instituted with us.
  • Our initial products are recurring to another product at a lower price. Does our offer fall under the new MasterCard AN2202 rules?
    • This business model should NOT fall under MasterCard AN2202 rules. We recommend that you double check with your processor to make sure that you are not currently classified as a MCC 5968 merchant
  • Does this affect digital delivery products, or just physical?
    • This only affects physical delivery products. Just make sure your trial product DESCRIPTION clearly indicates this, in case it is called to question.
  • If I am classified as a MCC 5968 merchant, but my model is Straight Sale continuity we don't have to register?
    • You are okay if doing Straight Sale continuity. Just make sure you pass into your NewOrder calls the new consent_required=0 flag to ensure any auto-rules required by Paysafe are bypassed.

 

 

What is LimeLight doing to help Merchants remain compliant

  • How will LimeLight determine which gateways are sending the URL?
    • As of 04/12/2019, NMI is not yet supporting the URL being sent into the auth/sale transaction, but it will likely be in place by end of the month. We will incorporate sending the URL on a gateway by gateway basis as the functionality is available and pushed onto us by the processors.
  • Will there be a MCC code section added to gateway setup, to ensure that MIDs that are NOT 5968 are handled differently than 5968?
    • We do plan to add an MCC field to gateways, but for now, you can pass in "consent_required=0" in your NewOrder API calls to bypass consent requirements if you feel the transaction does not qualify under the new MasterCard AN2202 rules, and this will override any gateway rules that the banks/processor has put in place.