Electronic Clearing House, Inc.
R E V E R B E R A T I O N S R E V E R B E R AT I O N S
March 2007
Vol. XII No. 3
What are the most common reasons that credit cards
are declined
Of all the thousands of credit card transactions that come
NOTE: While ECHO supports this program that pays
our way each day, almost 14% of them are declined. There
merchants to "pick up" cards, be sure to use caution and
are many reasons why these transactions are not approved.
discretion before deciding to do so. You could be putting
Below is a list of the top five for Visa cards:
yourself in danger with someone who could be a criminal, so
only do so if the situation feels comfortable and safe.
1. Setup Error (the merchant doesn't accept that particular
card) - 36%
Don't Forget!
2. Insufficient Funds (oops!) - 34%
New Voice Authorization Number
3. Pick Up Card (special condition, lost, or stolen) - 9%
We wanted to remind you that there is a new Voice
4. Invalid Account Number (no such number) - 3.8%
Authorization number for VISA and MasterCard transactions.
5. Transaction Not Permitted to Cardholder - 4%
This is the number that you must call when you are prompted
to get a voice authorization to complete a transaction. The
In the "pick up card" decline category, the decline is
new toll-free number is:
accompanied with the recommendation that the merchant
keep the card and not return it to the customer. This is
800-325-9855
primarily for cards that have been reported as lost or stolen.
When you call this number you will only need to enter your
Telling the cardholder that "there is a problem with the card,"
ECHO-ID number (aka, ECHO account number). The system
and that they can call their bank to have it replaced is one
will prompt you through the process, just as it did before.
way to break the news gently.
Decline for CVV2 failure
Other
Restricted Card
3%
2%
2%
Transaction Not Permitted to
Cardholder
4%
Setup Error
Expired Card
36%
3%
Insufficient Funds
34%
Pick Up Card, special
condition, lost or stolen
Invalid Account Number
9%
Visa Card Declines
(no such number) 7%
o
o
o
o
Electronic Clearing House, Inc.
730 Paseo Camarillo
Camarillo, California 93010
1-805-419-8700
www.echo-inc.com
img
PCI Audits
Last month we told you about the PCI DSS. These
letters
letters stand for the Payment Card Industry Data Security
Standards. These standards have been created to
protect cardholder information. Any merchant or service
provider that collects, stores, or transmits cardholder data
is required to follow these standards and to be certified
compliant with PCI DSS.
To be certified compliant, merchants must complete a
To
self-assessment questionnaire that needs to be reviewed and
updated on a yearly basis. In addition, merchants must also
conduct a network vulnerability scan at quarterly intervals. This scan
seeks out areas of vulnerability in computer systems, network server
components, and any applications included in, or connected
to, the cardholder data environment. Both of these validation
actions must be performed by an approved scanning vendor.
Program Costs
You are likely wondering what all these requirements are going to cost. The cost will depend on the depth of service
that you are looking for and your PCI Merchant Level. For instance a level 1 merchant, one who processes over 6
million transactions per year, could spend thousands of dollars per year on a full PCI compliance program. However,
a level 4 merchant, one who processes under 20,000 transactions per year, may only spend about $250 per year on
a full program.
Some approved scanning vendors offer level 4 merchants a self-assessment questionnaire-only option for about $50
per year. However, it's highly recommended that those merchants go through a full compliance program in order to be
certified. A full compliance program usually includes vulnerability scanning of IP addresses, an online self-assessment
questionnaire, online PCI training for your employees, and customer support. Depending on the vendor you choose
necessary steps they may offer other valuable services at an additional cost, or in some cases for free.
Though these validation actions may seem like extreme measures, it is essential that we do all that we can to ensure
the security of cardholder data. Failure to take preventive measures can lead to both a financial headache and a
significant reputation problem for your company.
For more information on PCI compliance and a list of approved scanning vendors, please call ECHO Security at
800-262-3246 ext. 6.
Security Standards
https://www.pcisecuritystandards.org/
CouncilTM
If you require additional information, our Customer Support department is open 24 hours daily and can be reached at 800-262-3246, ext. 1.
ECHO merchants process on the Electronic Clearing House, Inc. (ECHO) network. ECHO is a publicly owned company trading on NASDAQ under
the symbol "ECHO". ECHO provides thousands of merchants with reliable processing of bank cards and checks. Merchants are sponsored by FIRST
REGIONAL BANK, Agoura Hills, CA (800-777-0929). Member FDIC.