With UBC’s Digital Payment Program to replace ePayment launched, all ePayment onboarding requests will be redirected to DPP

Learn more

You are here:
Home > Virtual Terminal > Requirements > Visa Compliant Mandate FAQs

Visa Stored Information Mandate FAQs

Here are additional information relevant to ePayment:

· Is an electronic format of consent considered OK? For example a call center agent, can send some sort of link to the cardholder and they can just check a box to agree to the T & C’s?
Merchants may choose to implement the consent in a manner that best suits their business needs. For example, a merchant may require a checkbox or click-through process to accept T&Cs when a payment credential is initially stored.

· Another criteria of the consent is how the cardholder will be notified of any changes to the consent agreement, what are some examples of the “changes” to the consent form? Also in what format do you want the notification will be in – phone vs email vs hard copy letter? What is Visa requiring? If a change is made, does UBC need to re-attain consent? Or is the original consent suffice?

There are 4 key elements to an acceptable consent agreement:
1. A Truncated version of the stored credential (last four digits of the card or account number)
2. How the cardholder will be notified of any changes to the consent agreement
3. The expiration date of the consent agreement (if applicable)
4. How the stored credential will be used

Visa requires merchant to disclose these elements but has no specific requirements on how these elements must be disclosed to a cardholder.

Merchants may choose to implement this in a manner that best suits their business needs. For example, a merchant may require a checkbox or click-through to accept T&Cs when a payment credential is initially stored.

How a stored credential will be used: Example within T&Cs to which the cardholder is consenting: "Your card-on-file will be billed automatically on the 3rd day of each month for services provided for the duration of this agreement."

How terms of use of a stored credential are changing: Example with an email to cardholder indicating how previously accepted T&Cs are changing: "Please note that your card-on-file will now be billed on the last day of each month (previously the 3rd day of each month) with your contract terminating in Sept 2018 after which your payment credential will no longer be stored."

· How are these consent forms supposed to be stored? Electronically or hard copies? In what secure format?
How merchants capture and store a consent agreement may differ for each merchant. Visa has not provided requirements on how consent must be obtained or stored.

· What is the motivation for Visa implementing this change? Why are they brining this in?
Consent agreement rules exist today within the Visa rules and are being amended to address the stored credentials more clearly -see pg. 372https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf. The intent of the communication sent out in September was to inform merchants of upcoming changes. Moneris has engaged Visa to ensure our customers have time to make the necessary changes within a reasonable timeframe and without penalty.

Details of the mandate can be found here: https://epayment.it.ubc.ca/virtual-terminal/requirements/visa-stored-cre...

A place of mind, The University of British Columbia

UBC Information Technology
6356 Agriculture Road
Vancouver, BC V6T 1Z2,

Emergency Procedures | Accessibility | Contact UBC | © Copyright The University of British Columbia