-1

(Not sure if this is the right place to ask. Please point out other forums if that's not the case).

I'm based in Europe, and I've set up an invoicing system for a client of ours which uses a tokenization system provided by his bank, as part of the bank's secure payment services. (In other words, this is not any of the big american services like Paypal, Braintree, Stripe...).

The problem is that, in order to input a credit card into the system, this bank needs to charge an initial amount of 0.01 € to it... and when it does that, the credit card owner gets a text message code to approve that charge, without which the card number cannot be introduced. This is not practical for my client, for a variety of reasons. We have asked the bank, and they say that this is all dependant on the card issuing bank, and they can't do anything about it.

My question is...: what do we do to avoid this? From what I remember, other tokenization system I've used also had an initial 0.01 cent charge, and yet I never received any text messages from them (this was a few years ago, admittedly, before 2FA became widespread). How do the big payment processors (Authorize.net, Stripe, etc.) manage to store credit cards without making an initial charge and triggering two-factor authentication in the process?

Thanks.

PaulJ
  • 1,410
  • 4
  • 25
  • 43

1 Answers1

1

The reason behind performing an authorisation (not a charge) is to ensure the card is valid before it is stored.

However, the $0.01 authorisation is now considered 'the old way' of doing this. Most card acquirers now allow an authorisation value of $0.00 to be used solely to check the card is valid. This shouldn't trigger any 2FA where it is supported.

Obviously though, this is payment processor dependant on whether they support this 'new' functionality. A small number are still stuck in their ways

The other alternative is just to process the full transaction value. It shouldn't be necessary to submit the card for tokenisation before using it, though admittedly this depends on your business use case.

PaulG
  • 13,182
  • 9
  • 51
  • 74
  • Thanks a lot for your answer. We did try to send 0.00€ as amount, and the system returned an error. We are now going to lobby our payment processor so that they allow 0.00€ operations, and it would strengthen our case if we could name other companies that allow this. Do you know of any specific examples? (Paypal, Authorize.net...) Or is pretty much every big company right now? – PaulJ Feb 03 '17 at 13:17
  • 1
    @PaulJ I would say all the big processors should support this by now. Here's Authorize.net's take on the change (introduced in 2009!) https://community.developer.authorize.net/t5/News-and-Announcements/Authorize-Net-Support-of-Visa-Mandates/td-p/518 – PaulG Feb 03 '17 at 13:27