April 15, 2019
Updated: March 1, 2020
LINKS to ALL Regulatory Articles (Visa, MasterCard, European/PSD2 )can be found at the end of this article.
Who do these new regulations affect?
These regulations affect negative option billing merchants. A negative option billing model refers to a merchant that sells a good or service at a nominal or “free” price to a consumer.
The merchant requires the consumer give payment information upfront to receive the trial product and bills the consumer on a future date, unless the consumer proactively cancels their subscription.
The typical model is as follows
Product is free on Day 1Consumer is charged for the “freetrial” on Day 14Consumer is then shipped newproduct and charged again on Day 30
Trial Start Date and Duration: The trial period must begin on the date that the product is received by the customer. This means that delivery time must be taken into consideration and the duration cannot start until the consumer has received the product.
Delivery time can fluctuate but it is recommended that merchants assess their average delivery time. This can be provided by the fulfillment provider. In sticky.io merchants are advised to configure the trial duration with delivery time in mind.If the merchant is selling a 14day trial and average delivery time is 4 days, the merchant should configure the trial duration as 18 days
Rebill consent: After a trial, before any rebill is initiated the merchant must provide the following information to the consumer: Payment amount, payment date, secondary payment date (if applicable), merchant name as it appears on cardholders statement (descriptor), and instructions for cancelling. The merchant MUST also get explicit consent BEFORE issuing the rebill.
sticky.io will have a “consent_required” parameter in the New Order requests.Merchants will be responsible for passing the flag designating the transaction as needing consent prior to the rebill, sticky.io will set the next rebill date, however the transaction will not rebill until further action is taken. In sticky.io merchants will be able to set a “Consent confirmation” email, X days prior to a rebill that requires consent. The merchant can customize this notification by payment type. sticky.io recommends at least 3 days prior to the rebill; this will give the consumer enough time to give consent. Merchants will need to make a subsequent API request confirming that consent has been received. sticky.io will also allow for customer service reps to consent upon customer request(within the sticky.io order details interface)The merchant will need to configure an email with the aforementioned information.
Cancellation Policy: The merchant must provide a direct link to an online cancellation procedure on the website where the cardholder made the initial purchase. In the event the page is down the merchant must present a customer service phone number on the website maintenance page.
The merchant must send a confirmation to the cardholder when the subscription has been cancelled. sticky.io provides the ability for merchants to send a “Cancellation Notification.” This notification can be found in the Email Triggers and Email Templates and configured to any product subscription.
Can I provide all the consent information and consent links as part of the order confirmation email? If we cannot, please describe exactly what part of the MasterCard AN2202 rules we are not following by doing this?
According to the regulations, the consent information must be a separate communication AFTER the trial has ended. It cannot be collected upfront, in your trial confirmation email,and the Order Consent email/template cannot be sent too early in the trial process. From AN2202: "After the trial period for a product has ended, but before any additional payments are made by the cardholder, the merchant must provide the cardholder with the following information for which the cardholder’s authorization will be requested, and the merchant must obtain the cardholder’s explicit consent for the payment amount before initiating the authorization request"
What are the recommendations for "Transaction notifications and storage"?
Depending on your volume, you could choose to BCC your Email triggers configured in sticky.io to a normal Gmail account you create for archiving purposes. For higher volumeson Google Mail you can look into this: https://gsuite.google.com/products/vault/
sticky.io states: For free Trial 5968 merchants not using the NMI PaySafe gateway, you will have to pass the consent_required=1 parameter in the NewOrder API call for MasterCard transactions.
If you are not on the NMI PaySafeContinuity gateway, then the compliance will be up to you, the merchant.If you are running a free trial, then on the NewOrder API call you make toinitiate that transaction, you need to pass consent_required=1 in the APIparameters if it is a MasterCard transaction. It is in your control and sticky.iois providing you the tools to be compliant. Only on the NMI PaySafeContinuity gateway do we "force" consent requirements by default.
If we offer a coupon discount on the first purchase, will this still fall under the new MasterCard AN2202 rules?
We have posed this question toseveral of the acquirers and processors, and according to them, having acoupon on the first purchase does NOT opt you out of the new regulations.You will still be considered negative option trial in this case. However,we encourage you to talk through this with your acquirer/processor.
Does this affect companies that do not offer free trials but do use subscriptions?
If you just do straightsubscriptions, the new rules do not apply to you. However, if your MID isstill 5968 and with PaySafe, be sure to send "consent required =0"to ensure you opt out of the default consent requirements that PaySafe hasinstituted with us.
Our initial products are recurring to another product at a lower price. Does our offer fall under the new MasterCard AN2202 rules?
This business model should NOTfall under MasterCard AN2202 rules. We recommend that you double checkwith your processor to make sure that you are not currently classified asa MCC 5968 merchant
Does this affect digital delivery products, or just physical?
This only affects physicaldelivery products. Just make sure your trial product DESCRIPTION clearlyindicates this, in case it is called into question.
If I am classified as a MCC 5968 merchant, but my model is Straight Sale continuity we don't have to register?
You are okay if doing StraightSale continuity. Just make sure you pass into your NewOrder calls the newconsent_required=0 flag to ensure any auto-rules required by PaySafe arebypassed.
ADDITIONAL REGULATORY ARTICLES
Paysafe MasterCard Updates - Effective 4/22/20
Visa Compliance - Sticky.io Setup
VISA - PaySafe Email Templates
Reminder Visa Trial Compliance
MASTERCARD - Paysafe Email Templates
MasterCard Compliance - Sticky.io setup
Payment Services Directive PSD2