In the ever-evolving landscape of electronic payments, Mastercard has introduced a significant update to its Data Integrity standards, aimed at enhancing the security and efficiency of cardholder and merchant transactions. This change requires all merchants and their vendors to ensure that point-of-sale (POS) devices, systems, and gateways are updated to comply with Mastercard’s latest requirements, specifically monitoring Cardholder-Initiated Transaction (CIT) and Merchant-Initiated Transaction (MIT) indicators.
Understanding the Update
Mastercard’s new edit, targeting the data integrity of e-commerce and credential-on-file (COF) transactions, mandates the inclusion of specific CIT and MIT indicators. This initiative is designed to differentiate between various transaction types more clearly, improving accuracy and fraud prevention.
The edit scrutinizes transactions for the presence of a valid CIT or MIT Indicator in the authorization messages. These indicators must be included in specific data elements and subfields, following detailed criteria laid out by Mastercard.
Compliance Requirements
Merchants using systems like Clover should anticipate updates supporting these requirements by the first quarter of 2024. Vendors, in collaboration with merchants, must verify that their platforms are prepared to support these changes, with special attention to the platforms used for authorizations such as Nashville, North, Omaha, and Buypass.
It’s crucial for vendors to engage with their certification representatives and Mastercard to clarify and confirm the specific requirements. Failure to adapt could necessitate a vendor switch for the merchant to maintain compliance.
Action Steps for Compliance
- Update POS Systems: Merchants must ensure that their POS devices or systems are running the latest applications that include the required Mastercard updates.
- Address End-of-Life (EOL) Devices: Devices nearing EOL may not meet new or existing EMV requirements and should be replaced to comply with Mastercard’s regulations.
- Monitor and Correct Transactions: By addressing merchants with the highest number of transaction errors, compliance can be achieved more swiftly. However, all merchants under a merchant acquirer should be updated to avoid non-compliance.
- Understand the Fines: Mastercard has set out a clear fine structure for non-compliance, starting at $2,500 per month for each non-compliant Independent Sales Organization (ISO) or acquirer, with fines escalating based on the duration of non-compliance.
Potential Consequences
Non-compliance not only risks substantial fines but could also lead to the termination of Mastercard entitlements. Facilitators will likely pass through any fines to the non-compliant partners or merchants, emphasizing the collective responsibility within the payment ecosystem.
Conclusion
As the deadline approaches, it is imperative for all parties involved—merchants, vendors, and their service providers—to understand and act upon these changes. Ensuring compliance not only aligns with Mastercard’s standards but also fortifies the integrity and security of the payment processing network, benefiting all stakeholders in the long run.
