Business disruptions caused by the pandemic, world events, and supply chain issues have accelerated payment innovation. These challenges forced merchants to stay ahead of the curve by understanding new customer behaviors and launching advanced technology solutions—all while maintaining compliance.

Staying on top of this fast-changing payment landscape can feel like a full-time job, which is why it’s crucial to have a partner that can remove the burden. To help you see the big picture, we pulled together four important advisories that can help essential businesses understand what’s coming and how to stay ahead.

8-Digit Credit Card BINs are Here—Are You Ready?

The payments ecosystem is growing at a breakneck pace. As a result, it’s running out of available Bank Identification Numbers (BINs).  BINs are typically the first six digits of every payment and card number, used to help identify the issuing payment brand and financial institution. To address the shortage, the International Organization for Standardization (ISO) is expanding the length of BINs from six digits to eight. This change could potentially have a significant, widespread impact on retail technology and operations.

The new rules—first announced in 2015—became effective in April 2022. All merchants must now be able to support both six- and eight-digit BINs. Failure to meet this requirement could result in:

  • API failures
  • Misrouted payment transactions
  • Incorrect input validation logic
  • Non-compliance with data security and privacy standards

Epicor is continuously evaluating how this requirement impacts our systems, and will continue to make necessary changes as needed. In the meantime, this ISO article on 8-digit BIN changes can help you gain a deeper understanding of the new standards and their implications for your business.

How to Avoid the Pitfalls of “Card-Not-Present” Transactions

As the name suggests, a card-not-present (CNP) transaction is any instance in which a merchant never actually sees or handles the physical payment card, such as phone or mail-in orders. But the vast majority of CNP transactions are online purchases. As of 2021, eCommerce represented nearly 25 percent of retail purchases. Unfortunately, the growth in eCommerce is accompanied by a rise in CNP chargebacks, costing some merchants significant revenue in the process.

The chargeback process allows cardholders to recover funds in the event of fraud or abuse. But when a cardholder files a card-not-present chargeback against a company, not only do the funds from the transaction get automatically pulled from the merchant’s bank account, the business also loses the sales revenue plus any merchandise shipped and the cost of overhead expenses. In addition, the business gets hit with a chargeback fee assessed by the processor.

At Epicor, we help you lower the risk of accepting payments that may trigger CNP chargebacks. These simple preventive steps set you up for success:

  • Make billing descriptors obvious: If customers can’t recognize the merchant’s name on their billing statement, they may file chargebacks. Ensure descriptors are clear at first glance.
  • Implement alerts: Chargeback alerts notify vendors of an intended chargeback, giving the merchant the chance to issue refunds that stop the customer dispute before a chargeback is filed.
  • Ask for card security codes (CVVs): CVV codes are printed on the credit card and cannot be stored elsewhere. If the buyer doesn’t have the code, they likely aren’t the authorized cardholder.
  • Use an address verification service (AVS): AVS is an automated tool that compares the billing address given at checkout against the address on file with the bank. A disparity could indicate potential fraud.
  • Confirm when you’re unsure: When in doubt, contact the customer and validate the information you have been provided.

If You Accept Credit Cards, You Accept Responsibility for Data Privacy

Breaches against major retailers have put payment card industry (PCI) regulations in the spotlight for all businesses, regardless of size. Collectively known as the Payment Card Industry Data Security Standard (PCI DSS), these regulations apply to every business that relies on credit and debit cards for transactions.

The moment a customer shares a credit or debit card number, the business becomes responsible for keeping the data associated with that card secure. If a merchant is noncompliant, they could face penalties of up to $100,000—or be stripped of payment processing services altogether.

If you accept credit card payments over the phone, follow these important protocols to maintain data security:

  • Make sure you use a secure network to accept Primary Account Numbers (PANs) and other sensitive information.
  • Separate the servers used to enter credit card information from other parts of your network. This provides further protection as the card information is entered.
  • If your business records phone calls, ensure that credit card information is redacted in the recording.
  • Never write down card information relayed over the phone.
  • Never have staff members email customer credit card information to the back office.
  • Ensure all employees are trained on PCI compliance procedures.

Into the Future: Goodbye Magnetic Stripe!

After decades of swiping magnetic stripes for credit card transactions, merchants and consumers have finally adjusted to inserting chip-enabled credit cards. Although most credit cards still contain magnetic stripes, they now serve mainly as a backup method. The magnetic stripe is officially reaching its expiration date and will start to disappear in several regions. It will be retired in 2024 in Europe, and in 2027 in the United States.

This is good news for merchants, as chips are safer. For each transaction, the embedded chip creates a unique transaction code that is validated by the issuing bank to ensure the card is genuine. The lag in merchants replacing older magnetic stripe terminals with EMV-compliant card terminals will become a problem in the future. To avoid any delays with customer purchases, now is the time to make the full move to EMV-compliant, chip-reading terminals.

Customer habits and expectations that emerged over the last two years are here to stay. Merchants must now adopt an omnichannel commerce strategy to ensure they can reach customers anytime, anywhere. As a result, businesses large and small must invest in industry-specific, digital solutions to remain competitive and compliant moving forward. Epicor continues to keep our customers, and their customers, efficient and secure with every business transaction.

Learn how Epicor payment solutions can help your business stay ahead.

Shay Smith
Director of Product Management, Payments

Shay Smith is an experienced payment Industry professional with expertise in integrated ERP payment processing. Shay is responsible for Epicor Payment Exchange and the Epicor Payment Gateway. 

Read More by Shay Smith