Skip to main content
sticky.io Setup for MasterCard Compliance sticky.io

This article will walk you through ways to set up your sticky.io instance to be in compliance with Mastercard's rules for merchants

Support avatar
Written by Support
Updated over a week ago

Originally Published: April 1, 2019

Last Updated: February 3, 2022

Links to all regulatory articles (Visa, MasterCard, European/PSD2) can be found at the end of this article.


PLEASE READ - IMPORTANT 2022 UPDATES:

In November 2021, Mastercard revealed several changes to their rules for subscription billing that will go into effect in 2022. Requirements listed in this section impact all merchants deploying subscription/recurring billing models. Additional requirements apply to negative option programs, where the merchant offers a free or discounted trial period before automatically enrolling the consumer into a full-priced subscription.

Newly implemented changes applicable to all subscription/recurring billing merchants:

  • By March 22nd, 2022, merchants must provide customers with emailed receipts after every billing. The email must include transaction details and clear instructions on how to cancel.

  • By March 22nd, 2022, merchants must provide all customers with an electronic way to cancel their subscriptions. This method should be "similar to unsubscribing from email messages or any other electronic method".

    • This excludes phone numbers, contact email addresses or requiring customers to visit a physical location.

  • By September 22nd, 2022, disclosures must be made at the "point of payment" to inform customers about the terms of the trial or subscription and the amount and frequency of any future payments. These disclosures must be made prior to enrolling customers in a subscription and the merchant must obtain the customer's affirmative acceptance of the terms.

    • This information must be clearly visible without any action from the customer. Traditional "terms and conditions" links, drop-down menus or placing the information at the bottom of the page where customers would have to scroll down to see it.

    • For ecommerce merchants, the "point of payment" can be defined as the checkout page as well as any page where customers can review the details of their order and any page where payment information is entered.

  • By March 22nd, 2022, merchants using subscription billing models or negative option billing models with periods between billing of six months or longer will need to send subscription reminders to consumers. The notifications must be sent between three and seven days before the card is automatically charged. The notification can be sent electronically by email or by any other electronic method.

    • For negative option billing models, these notifications must:

      • be sent before the consumer is automatically enrolled in the full plan

      • inform the consumer that the subscription plan will start at the end of the trial period unless canceled before the stated date

      • contain the basic terms of the subscription and instructions on how to cancel

Newly implemented changes applicable only to merchants using negative option billing models:

  • By September 22nd, 2022, disclosure of the terms of the trial, the length of the trial period and the price and frequency of the subsequent subscription must be made at the "point of payment". This includes the screen where customers enter their payment information or any screen that displays a summary of the order (including shopping carts).

    • Requiring the consumer to click on a link, expand a message box or scroll down the page to see the terms will not satisfy the requirements.


The following information was published prior to 2022 and is separate from the updates described above

Disclosure of offer page information. Transactions must include the Website URL where the cardholder requested the product.

NewOrder API requests must include the ‘website’ parameter. For more information, please refer to our API documentation: Navigate to API > Orders > NewOrder 

Trial Start Date and Duration: The trial period must begin on the date that the product is received by the customer.

Configure the trial duration with delivery time in mind. For example, if you are selling a 14-day trial and the average delivery time is 4 days, then configure the trial duration as 18 days.

For Next-Gen: Navigate to Products > Offers> Click on the Offer name > In the Trial section: Click on the Custom Duration radio button in the Trial Duration sub-section > enter in the new trial duration to account for delivery time > Save. If using Delayed Billing; Select 'When to Charge' >Delayed Billing > Configure the Days to Delay duration to account for delivery time > Save

For Legacy: Navigate to Products > Click on the trial Product name > Click the down arrow on Subscription to open the subscription section > Update Subscription Type field to ‘Bill By Cycle’ > Update the Days To Next Billing days to the new trial duration to account for delivery time > Save.

Rebill Consent: After the trial period for a product has ended, but before any rebill is initiated the merchant must provide subscription information and cancellation information to the customer.

Configure the Consent Notification Email Template.

Navigate to Settings > Email Notifications > Email Templates > Actions > Add Email Templates> Select Consent Notification from the drop-down > Select Template> Customize your Consent Notification > Save.

Be sure to add:

 -Alert Days (use 1 day to ensure you comply with “after the trial period has ended”)

- Mastercard as the Payment Type

 In the template body, you must include the following:

You must add your specific cancellation instructions which include a direct link to an online cancellation procedure on the website where the cardholder made the initial purchase (See Cancellation Policy below).

You must add:

  • your merchant name as it appears on the cardholder's statement

  • {nextsubscriptiondate} token - The date on which the credit card charge will happen

  • {nextsubscriptionamount} token - The amount that the credit card will be charged

A standard {consent_url} and {consent_token} are included in the default template body (e.g. Click here to opt-in to subscription).

Clicking the sticky.io hosted consent link will provide a generic message “Thank You, [customer name]. Your order has been updated. Your next billing will occur on mm/dd/yyyy”. However, if you prefer to use your own branded page/link you can add it to the template. Please refer to our API documentation: Navigate to Orders > Order Compliance Consent. 

Example of default Consent Notification and hosted consent page:

Configure the Consent Notification Email Trigger.

Navigate to Settings > EmailTriggers > Actions > Add > Select Consent Notification >Configure the Name, Description, SMTP Profile > Select the Consent Notification created above > Add your list of BCC Emails that should also get the Notification (A record of the notification sent to your customer must be retained for one year  Storage of transaction receipt below) > Publish > Save 

Add the Notification to the trial product.

Navigate to Products > Products> Click on the trial product name > Select Custom Notifications in the Parameters section > Click the down arrow on Custom Email Notification to open the section > Actions > Add > Select Consent Notification as the Type > Select the Trigger configured above > Save the product.

To add the notification to multiple products, click the ellipsis on the Consent Notification email trigger > Select Add to Products > Select the products to apply the notification to > Save

Two ways an order is updated as consent_received

  1. The cardholder clicks the sticky.io hosted consent link in the Consent Notification email as described in the steps above.

  2. A customer service rep clicks the ‘Consent Received’ on the Order Details page in the sticky.io platform when the cardholder gives verbal consent. 

Note: A customer service rep cannot update 'Consent Received' on the order details page until after the consent notification has been sent

Cancellation Policy: The merchant must provide a direct link to an online cancellation procedure on the website where the cardholder made the initial purchase.

Configure the Consent Notification Email Template (Instructions listed in Rebill Consent above). This online cancellation link must be provided by the merchant. sticky.io does not provide a hosted cancellation link. We only provide a hosted consent link if the merchant chooses to use it. 

Storage of transaction receipt: Acquirers will be required to monitor transactions to identify when the same cardholder account number is used across multiple MIDs. When this is identified, the acquirer may require proof of each transaction.

Configure the Order Confirmation Email trigger. Navigate to Settings > Email Triggers > Click the Order Confirmation name configured to your trial product > Add your list of BCC Emails that should also get the Notification > Save Configure the Consent Notification Email trigger (See above). Navigate to Settings > Email Triggers >Click the Consent Notification name configured to your trial product >Add your list of BCC Emails that should also get the Notification >Save. 

Send receipt for all transaction attempts: Each time a merchant attempts a transaction, a receipt must be sent to the cardholder via email or other electronic means. The merchant must also provide instructions to cancel the subscription. For unsuccessful transactions, the decline reason must be provided.

Configure the Decline Notification Email Template. Navigate to Settings > Email Templates > Actions > Add Email Templates > Select Decline Notification from the drop-down > Select Template > Customize your decline template > Save. Be sure to add: In the Template body you must include the following:

  • {decline reason} token - The decline reason provided by the gateway

  • {next subscription date} token - The date on which the credit card charge will happen. 

Configure the Decline Notification Email Trigger.

Navigate to Settings > Email Triggers > Actions > Add > Select Decline Notification > Configure the Name, Description, SMTP Profile > Select the Decline Notification created above > Add your list of BCC Emails that should also get the Notification> Publish > Save

Add the Notification to the trial product. Navigate to Products > Products> Click on the trial product name > Select Custom Notifications in the Parameters section > Click the down arrow on Custom Email Notification to open the section > Actions > Add > Select Decline Notification as the Type > Select the Trigger configured above >Save the product Confirm that the Order Confirmation, Cancellation Notification, Return Notification and Void Notifications are all configured to your trial and rebill products. 

ADDITIONAL REGULATORY ARTICLES

Did this answer your question?