Credit card surcharge -- implement *that*, suckers ...



  • So we had a customer whose system we were upgrading to (among other things) implement a new corporate look-and-feel (since that customer had been bought by a corporate small-company-eater).

    Among one of the things that they wanted us to implement was a 2% surcharge for customers paying by credit card. Yep, no problem, said the marketing guy / account manager.

    So the question then arose: how do you check whether the card number which a customer enters is actually a credit card without actually connecting to that account and checking it explicitly?

    We never managed to solve that problem, so what we did was provide a radio on the page: "Credit card" and "Debit card" or something like that. Both buttons led to the same code, but the credit card button added 2% to the price. So, if the user pressed "Debit card" and paid by credit card, there is nothing we could do to stop them.

    Yes, that's right, we relied upon the combined honesty and naivety of the customer to press the right buttons.



  • If you have repeat customers, I guess you could keep the database for them... keep the database of credit card numbers.... NO! BAD BRAIN! BAD BRAIN!



  • You charge the 2% fee in both cases. It's a fee to process the transaction as credit. The company is going to be charged interchange either way right?

    A fee like that was against the card agreement until recently.



  • Would have been a plan that -- but not what the customer asked us to do. The solution we offered was the one suggested by the customer, after we explained the technical problems (i.e. there is no quick and easy method to determine whether a particular card number is for a cc or dc, which we discovered after a bit of research, which we were quite surprised by).



  • Couldn't you have charged the fee at settlement as long as the customer was aware?



  • @JazzyJosh said:

    A fee like that was against the card agreement until recently.

    Didn't realize that changed... But considering a cash discount was ok under the old rules, it's about time!



  • Did they just miss the idea of doing the increase to both or is there some reason they only wanted it on CCs? Don't deal with people pay us directly so I've not had to deal with this junk.


  • kills Dumbledore

    Most e-commerce sites I use have a drop down of card types with things like visa debit, visa credit etc. I always assumed the validation for each card type was slightly different, including the credit/debit distinction within a card issuer


  • SockDev

    @Jaloopa said:

    I always assumed the validation for each card type was slightly different

    Not really; IIRC, the validation rules for credit and debit card numbers, regardless of issuer or credit provider, are identical.



  • Many cards can process as either a debit or a credit card, with slightly different rules on how much it costs the store and how quickly the funds are removed from your account.


  • SockDev

    True, but those differences happen after the validation, Shirley?



  • Right, but my point would be that, at least for those cards, the number alone couldn't be sufficient.

    And how did you know my name was Shirley?


  • SockDev

    You can certainly tell some thing from the card number alone; just check the IIN:



  • TRWTF here is that you can't do a DEBIT CNP (Card Not Present) transaction... Unless... DON'T TELL ME YOU ARE ASKING FOR THEIR PIN...

    ANY CNP transaction should end up processing as CREDIT... A customer can use a debit card, but it will ride the credit rails instead of routing through the debit networks... Meaning the fees from the issuer (Visa/MC) should be consistent, whether the card is technically DEBIT or CREDIT.

    To answer the question explicitly, there is no way for you to determine credit/debit based on the card number alone.

    @RaceProUK, unless you have a list of BINs that you can lookup against and cross to Debit/Credit, that won't help. I doubt you will find this list of BINs...


  • SockDev

    I did say you can tell some things; I never said what those things were :stuck_out_tongue:



  • I'm guessing that the reason for the credit card fee is to recoup the transaction cost. When you process a card as a credit card, the merchant pays the fees. If you process it as a debit card, the fees are passed on to the customer (they buy $50 worth of stuff from you, and see a $52 debit on their bank statement).

    Since you aren't running debit cards as debit cards, the fees will still be there. The merchant should treat them the same as credit cards. Are they planning on passing the processing fee on to credit card holding customers and eating the fee for debit card holding customers? That sounds weird.



  • My Debit and Credit cards both start with 4 and have Visa logos on them..


  • SockDev

    I refer you to two posts above yours



  • @Jaime said:

    If you process it as a debit card, the fees are passed on to the customer (they buy $50 worth of stuff from you, and see a $52 debit on their bank statement).

    :wtf:



  • @Jaloopa said:

    Most e-commerce sites I use have a drop down of card types with things like visa debit, visa credit etc. I always assumed the validation for each card type was slightly different, including the credit/debit distinction within a card issuer

    It's pretty easy to validate a number is valid for any type of card. (And, correspondingly, tell a VISA apart from a Mastercard based solely on the digits provided-- those manual selections might be required for things like Amazon Gift Cards, but aren't if you only accept mainstream CC providers.)

    AFAIK, it's impossible to check whether a card is a debit or credit card based solely on the digits entered. OP seems to back-up that belief.

    @powerlord said:

    My Debit and Credit cards both start with 4 and have Visa logos on them..

    The "test card" for VISA is: 4111 1111 1111 1111 (it passes the validation check as a valid number, but if sent to a payment processor it'll be rejected.)

    Mastercard's is: 5500 0000 0000 0004



  • @loopback0 said:

    @Jaime said:
    If you process it as a debit card, the fees are passed on to the customer (they buy $50 worth of stuff from you, and see a $52 debit on their bank statement).

    :wtf:

    Whether or not you pay a fee depends on the rules of your bank account. The point is that if there are any fees, they are the customer's responsibility. Fees for credit transaction are always paid by the seller. Until recently, it was against VISA and MasterCard's merchant agreements to attempt to pass the fee on to the customer.


  • SockDev

    In the UK, debit card fees are paid by the seller too


  • Discourse touched me in a no-no place

    @RaceProUK said:

    You can certainly tell some thing from the card number alone; just check the IIN:

    I don't think that helps with, say, a debit Visa. My card starts with 4; I don't see how you can tell whether it's a debit or credit card from that, unless there's more that the WP article doesn't have. Further, as others said, I can process it debit or credit, and the number's the same either way.



  • Including whatever the acquirer adds on.
    VISA (and maybe the others) recently changed their pricing from being a flat rate (8p) per debit transaction to an amount that varies on the size of the transaction (0.2% + 1p; max 50p).



  • @FrostCat said:

    I don't think that helps with, say, a debit Visa.

    It doesn't.

    @FrostCat said:

    I don't see how you can tell whether it's a debit or credit card from that

    You can't.



  • @blakeyrat said:

    The "test card" for VISA is: 4111 1111 1111 1111 (it passes the validation check as a valid number, but if sent to a payment processor it'll be rejected.)

    Mastercard's is: 5500 0000 0000 0004

    Well, in this case I was apparently replying to a troll who posted as non-sequitur as if it were an answer.



  • Same here. It used to be (in the nineties) that you paid a surcharge when you made a debit payment for a very low amount (10 cents below 25 guilders, typically, IIRC). That got lifted by everyone pretty much overnight after a piece of scientific research got published that said cash transactions were more expensive on the merchants. Note merchants need to pay more than the noted value for loose change.

    Nowadays everyone prefers electronic payment - faster, less hassle, and less risk of robberies.



  • @RaceProUK said:

    Many card issuers print the first four digits of the IIN on their card, just beneath where the number is embossed, as an added security measure....

    I wonder what's supposed to make that security? It's not like card fraudsters couldn't print the number too.

    That's as a bad as making you enter the zip code to validate a credit card. So bad guy steals my wallet, gets my card and my driver's license, the latter of which has my zip code... :wtf:



  • @blakeyrat said:

    The "test card" for ...

    I've always used 4444 3333 2222 1111 and 5454 5454 5454 5454.



  • Are those guaranteed to not be taken now or in the future? It wouldn't be fun if every time you run your batch of integration tests, some random Joe Schmuck gets a call from the bank about a fraud attempt...



  • They are listed on more than one gateway documentation so I guess they are reserved! Our system already integrates with over a dozen payment gateways so I know.



  • @blakeyrat said:

    whether a card is a debit or credit card based solely on the digits entered.

    Visa debit cards are relatively new here. When I first got mine in 1999 they were only available through credit unions and not banks, but it was the only way I could get a "credit card" since I was a poor student and could get no "credit". Using them online was exactly like using a credit card but in a shop either button would work the same to me. The merchant would be charged more for "credit" though.



  • @CoyneTheDup said:

    That's as a bad as making you enter the zip code to validate a credit card. So bad guy steals my wallet, gets my card and my driver's license, the latter of which has my zip code...

    Never mind that AVS is a :barrier: to international travelers...

    Filed under: post codes vary...



  • @tarunik said:

    Never mind that AVS is a to international travelers...

    Well that just makes it a bigger :wtf: than I even thought.



  • @Zemm said:

    I've always used 4444 3333 2222 1111 and 5454 5454 5454 5454.

    I've got a twenty page document with hundreds of them. Each number fails in a different way, so you can test your software thoroughly.


  • Discourse touched me in a no-no place

    @Jaime said:

    Each number fails in a different way, so you can test your software thoroughly.

    Define "different way"? I'm curious what generally there is beyond "isn't an allocated an account" and "bad checksum".


  • SockDev

    It's mainly for testing stuff alongside the number itself e.g. invalid expiry date, CVV2 check fail, stuff like that.

    IIRC, it's CVV2; it's been a while since I worked with CC gateways.


  • Discourse touched me in a no-no place

    Ah, gotcha.



  • @FrostCat said:

    Define "different way"? I'm curious what generally there is beyond "isn't an allocated an account" and "bad checksum".

    Some examples: several severities of address verification failure, back end failures of various kinds, stolen card, expired.



  • @tarunik said:

    AVS is a to international travelers

    American Vacuum Society?
    Advanced Visual Systems?
    Adaptive Vest System?
    AVS video editor?
    Auto Ventshade?

    Have to get halfway down the second page of Google results before finding anything related to credit cards. DEFINE YOUR ABBREVIATIONS, YOU IDIOTIC BYWK OF DHEPO F';AOE DOPF;EO;PAD ENDALDKNFE!!!!! </blakeyrant>

    Filed under: I feel dirty now.



  • @HardwareGeek said:

    Filed under: I feel dirty now.

    So do I whenever I have to resort to page 2 on google...



  • @Mikael_Svahnberg said:

    @HardwareGeek said:
    Filed under: I feel dirty now.

    So do I whenever I have to resort to page 2 on google...

    What about page 3?



  • Well. Page 3 in the Sun is often page 1 on Google. :giggity:



  • What are you searching for you dirty young man!


  • SockDev

    I assume page 3 :laughing:



  • AVS in a payment card context = Address Verification Service, always


  • SockDev

    and it's a pain in the ass.

    we just found out why our international revenues for our e-commerce sites went to shit recently.

    turns out our third party payment processor made a code update such that zip code is required for AVS to pass and decline all transactions where the zip code is not of the format Zip+4, regardless of the selected billing country... Natch there is no client side validation that indicates this.

    .... and yoiu know the real kicker? they're based in the UK!


  • SockDev

    @accalia said:

    and yoiu know the real kicker? they're based in the UK!

    I :facepalm: in the name of my countrykin



  • @Jaime said:

    Until recently, it was against VISA and MasterCard's merchant agreements to attempt to pass the fee on to the customer

    In many locations it is still against the law to charge a higher price or surcharge for using a credit card [however, a discount for cash is legal]



  • @TheCPUWizard said:

    In many locations it is still against the law to charge a higher price or surcharge for using a credit card

    However, in the EU it's generally only illegal to issue additional charges to a consumer that exceed the costs borne by the trader to establish the means of transaction. Directive 2011/83/EU, Article 19

    That still means a simple surcharge of 2% is probably illegal in some cases, as almost all card vendors have a two-component fee: part flat and part percentage and the math just wouldn't work out.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.