Merchants do not need to retain a full 16-digit card number to resolve a transaction dispute, despite demands from some acquirers and processors, according to Visa Inc.
In clarifying its rules, Visa announced July 14 that merchants may use other identifying information, such as a time stamp of the sale and transaction amount, in conjunction with a truncated or masked card number in transaction disputes. Merchants always have had the option to use a substitute for the actual card number, Visa says.
Visa issued the clarification after the National Retail Federation, a Washington, D.C.-based merchant group, informed the company about the confusion.
Merchants should have a choice of using different types of information in lieu of a complete card number, a Visa spokesperson tells PaymentsSource. Only truncated card numbers are printed on a consumer’s receipt.
Apparently, some acquirers and processors demanded that merchants retain a complete card number so they could more easily find the transaction should a dispute arise. Such policies actually may contradict the payments industry’s efforts to prevent merchants from retaining sensitive card data beyond the actual transaction.
Issuers also must accept a disguised or truncated card number on transaction receipts, Visa says.
“Visa agrees with what we’ve been saying, that merchants shouldn’t be required to store card numbers,” David Hogan, federation senior vice president and chief information officer, tells PaymentsSource. “This clarification from Visa is a promising step in that direction.”
Merchants do not want to hold onto card numbers, Hogan says
“The challenge has been, in the past we feel as if we were forced to secure some information that we don’t want to have in our four walls,” he says.
Visa also this week released a set of best practices for tokenization, including token generation, how to map the token to the original transaction, defining the repository for holding the cardholder data, and how cryptographic keys should be managed and used.
“This is part of a broader effort to help merchants improve their data security, simplify compliance and eliminate unnecessary data storage when merchants can,” the Visa spokesperson says.
What do you think about this? Send us your feedback.
