6/5/19 LimeLight Platform Updates for MasterCard Compliance

LimeLight platform updates for MasterCard regulations compliance:

In order to remain compliant with the new MasterCard regulations (AN2202) as a TPP LimeLight will be implementing two changes on Wednesday 6/5/2019 that will affect all subscription transactions processed on the NMI Paysafe Processing Continuity gateway.

 

1 - Consent Rules Enforcement

Functionality update: The LimeLight "NMI Paysafe Processing Continuity" Gateway profile will enforce consent rules on all MasterCard trial orders (where initial amount doesn’t equal the recurring/rebill amount).

If a “standard subscription” (meaning the amount of the initial is the same as the recurring/rebill) is detected, then consent requirements will be bypassed.

2 - consent_required override via API

Functionality update: Passing consent_required=0 in the API call will no longer override consent required.

All MasterCard initial subscription orders processed through the LimeLight "NMI Paysafe Processing Continuity" Gateway profile with trial orders will require consent. If consent_required=0 is passed in the API call it will be ignored and the subscription will not rebill until consent is received.

3 - Consent Notification

Functionality update: The Consent email notification must be sent before an order can receive consent (flag as consent_received.)

Currently the LimeLight platform is set up to automatically require consent for any MasterCard initial order processed through an NMI Paysafe Processing Continuity gateway profile. These transactions will not rebill until consent is received from the cardholder. The transaction cannot be flagged as consent_received until the Consent notification has been sent.

Configure the Consent Notification Email Template.

  • Navigate to Settings > Email Notifications > Email Templates > Actions > Add Email
  • Templates > Select Consent Notification from the dropdown > Select Template > Customize your Consent Notification > Save. Be sure to add:
  • Alert Days (use 1 day to ensure you comply with “after the trial period has ended”)
  • Master Card as the Payment Type

 email_consent.jpg

In the Template body you must include the following:

  • Your specific cancellation instructions which includes a direct link to an online cancellation procedure on the website where the cardholder made the initial purchase (See Cancellation Policy below).
  • Your merchant name as it appears on cardholders statement.
  • The {nextsubscriptiondate} token - The date in which the credit card charge will happen.
  • The {nextsubscriptionamount} token - The amount that the credit card will be charged.

Cancellation Policy: The merchant must provide a direct link to an online cancellation procedure on the website where the cardholder made the initial purchase.

  • Configure the Consent Notification Email Template (Instructions listed in Rebill Consent above).
  • This online cancellation link must be provided by the merchant. LimeLight does not provided a hosted cancellation link. We only provide a hosted consent link if merchant chooses to use it.

A standard {consent_url} and {consent_token} are included in the default template body (e.g. <a href="{consent_url}{consent_token}">Click here to opt-in to subscription</a>). Clicking the LimeLight hosted consent link will provide a generic message “Thank You, [customer name]. Your order has been updated. Your next billing will occur on mm/dd/yyyy”. However, if you prefer to use your own branded page/link you can add it to the template. Please refer to our API documentation: Navigate to Orders > Order Compliance Consent.

consent_body.jpg

Configure the Consent Notification Email Trigger.

  • Navigate to Settings > Email Notifications > Actions > Add > select Consent Notification > configure the Name, Description, SMTP Profile > select the Consent Notification created above > add your list of BCC Emails that should also get the Notification (A record of the notification sent to your customer must be retained for one year - See #4 Storage of transaction receipt below) > Publish > Save

Storage of transaction receipt: Acquirers will be required to monitor transactions to identify when the same cardholder account number is used across multiple MIDs. When this is identified the acquirer may require proof of each transaction.

 

  • Navigate to Settings > Email Triggers > Click the Order Confirmation name configured to your trial product > Add your list of BCC Emails that should also get the Notification > Save.

consent_BCC.jpg

Configure the Consent Notification Email trigger (See above).

  • Navigate to Settings > Email Triggers > Click the Consent Notification name configured to your trial product > Add your list of BCC Emails that should also get the Notification > Save.

 

Add the Notification to the trial product.

  • Navigate to Products > Products > click on the trial product name > select Custom Notifications in the Parameters section > click the down arrow on Custom Email Notification to open the section > Actions > Add > select Consent Notification as the Type > select the Trigger configured above > Save the product

consent_product.jpg

  • *To Add the notification to multiple products; Click the ellipsis on the on the Consent Notification email trigger > Select Add to Products > Select the products to apply the notification to > Save.

consent_multi_assign.jpg

 

Example of default Consent Notification and hosted consent page:

Consent_thank_you.jpg

3 ways an order is updated as consent_received

  • The cardholder clicks the LimeLight hosted consent link in the Consent Notification email as described in the steps above.
  • Order Compliance Consent API POST when the cardholder clicks a consent link from your branded page. Please refer to our API documentation: Navigate to Orders > Order Compliance Consent.
  • A customer service rep clicks the ‘Consent Received’ on the Order Details page in the LimeLight platform when the cardholder give verbal consent.

  Consent_link.jpg                

  • Note: A customer service rep cannot update ‘Consent Received’ on the order details page until after the consent notification has been sent.