BBT Merchant Services Ref Kit_v1

BB&T Merchant ServicesReference Kit

I M P O RTA N TI N F O R M AT I O N

E N C L O S E D

Welcome to BB&T Merchant Services

Thank you for choosing BB&T as your Merchant Services provider. BB&T has been

providing payment processing solutions to businesses like yours for more than

35 years and has been consistently ranked as one of the top small-business-friendly

banks in the nation. We look forward to servicing your credit card acceptance

needs with a host of products and services that will help your business increase

sales and customer loyalty.

As a BB&T Merchant Services client, you can be confident that BB&T will provide you

with resources and tools to help you grow your business more effectively. This Reference

Kit has been designed to help you get started as well as to identify potential fraud,

reduce chargebacks, ensure compliance, and provide tips for easier processing. These

valuable tips and strategies were developed to help make accepting cards simple

and safe. We hope you find it useful.

If you have questions regarding your account, please contact the Merchant Client

Support Center at 1-877-MRCHBBT (672-4228). Our hours of operation are

8:30 a.m. - 9:00 p.m. Monday through Friday.

Again, thank you for choosing BB&T.

The information in this packet includes summaries of certain requirements imposed as of May 2009 by BB&T, the Card Associations and applicable law relating to merchant acceptance and processing of credit and debit card transactions. This packet is not meant to be a detailed description or a complete listing of all these requirements or of your obligations. We urge you to read your merchant agreement with us, the rules and regulations of the Card Associations and applicable law in order to understand fully all of your obligations as a merchant accepting card transactions and, if appropriate, consult with your own legal advisor. We also note that these requirements may change over time, and that you will be responsible for complying with any such changes as they come into effect.

BB&T Merchant Services is a division of BB&T Financial, FSB, a subsidiary of BB&T Corporation. Member FDIC.

BB&T Merchant Ser v ices – We l c o m e

BB&T Merchant Services Reference Guide

TABLE OF CONTENTS

Getting Started

Da

Lo

Da

Cu

Gl

BB&

Client Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1

Clients Using Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2

Clients Using Software or Payment Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3

Clients Using DialPay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3

ily ProcessingCard Acceptance Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.1

Card Processing Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.3

Key-Entered Transactions/Obtaining Manual Imprints . . . . . . . . . . . . . . . . . . . . . . . . 2.4

Understanding Interchange/Minimizing Processing Costs . . . . . . . . . . . . . . . . . . . . . . 2.8

Your Merchant Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.12

Maintaining Your Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.15

If Your Terminal Breaks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.15

ss PreventionCard Identification Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1

Code 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5

Fraud Prevention Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.6

CVV2/CVC2 Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.6

Address Verification Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.8

Understanding and Avoiding Chargebacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.10

ta Security/CompliancePayment Card Industry Data Security Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1

If You Have a Security Breach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4

Merchant Website Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5

stomize Your SolutionBB&T Merchant Connection Web Based Reporting . . . . . . . . . . . . . . . . . . . . . . . . . 5.1

Check Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2

Gift Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4

Other Card Types (AMEX, PCARD, WEX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5

BB&T Bankcards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.6

ossary/ResourcesGlossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1

Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4

T Merchant Ser v ices – Ta b l e o f C o n t e n t s

CLIENTS SUPPORT1-877-MRCHBBT • 1-877-672-4228

Menu Options

•Ifyouareexperiencingterminalorprintermalfunctionorterminalerrormessages,orifyouneedassistancewithterminaloperation,Press 1 toaccessthetechnicalhelpdesk.

•Pleasechoosethetechnicalhelpdeskthatsupportsyourterminal.

- ForTSYSAcquiringSolutions(formerlyVital),Press 1.

- ForGlobal,Press 2.

- ForPaymentechPress 3.

- ForNDC,Press 4.

- Ifyoudonotknowyourtechnicalsupportprovider, Press 0forBB&TClientSupport.

•Forsupplies,Press 2.

•Forretrievalrequestsorforinquiriesaboutachargebackyourecentlyreceived,Press 3.

•TospeakwithaBB&TClientSupportrepresentativeregardingyourBB&TMerchantServicesaccount,Press 0. Ourofficehoursare8:30a.m.–9:00p.m.(ET),MondaythroughFriday.

•Technicalandterminalsupportisavailable24hoursaday7daysaweek.

Help Desk Sticker Enclosed…

Needterminalortransactionassistance?Serviceandsupportforyourcreditcardandcheckauthorizationequipmentisjustaphonecallaway!

AffixtheHelpDeskstickerincludedinyourwelcomepackage,tothefaceofyourcreditcardterminalorcomputerifusingsoftwareandcallthetoll-freenumberonthestickerwheneveryouneedcreditcardrelatedassistance.

Technical Support is just a phone call away … 24 hours – every day!

1.1BB&T Merchant Ser v ices – G e t t i n g S t a r t e d

Merchant ID #: BBTTerminal ID #: V1234567

General Inquiries:

TSYS Technical Support - Helpdesk:Supplies:Voice Authorizations:

800-552-8227800-300-3328800-291-4840877-672-4228

CLIENTS USING TERMINALS

Clients Purchasing Terminals

Now that you have received your terminal, it’s time to start processing transactions.Inmost cases, your terminal is ready toprocess transactions straightoutof thebox.Pleasetakeafewminutestoensurethatallofthenecessarydevices(terminal,PINPad,orcheckreaders),powerunits,andcordshavebeenincludedinyourpackage.Ifanythingappearstobemissingoriftheterminalisnottheoneyouexpectedtoreceive,contacttheMerchantClientSupportCenterat1-877-672-4228.

Clients with Existing Terminals

Bythetimeyouarereviewingthiskit,youmayalreadybeprocessingwithBB&T;ifso,Welcome! However, if you have not received your terminal programming to startprocessing transactionswithBB&T,youmaycall1-866-634-2125 toobtainyournewdownload.Thedownloadprocessshouldonlytakeafewminutes.

Merchant Terminal Training

Tohelpyougetstartedprocessingtransactionssuccessfully,BB&TMerchantServicesispleasedtoprovideterminaltrainingviatelephoneforyouandyoursalesassociatesatnocharge.Duringtheapplicationprocess,youmayhaverequestedtraining; if so,youwillsoonbecontactedbyoneofourassociatestoscheduleorperformthetrainingandansweranyquestionsyoumayhave.Ifyouprefernottowaittobecontacted,youmaycalltheTrainingHelpDeskat1-866-634-2125toscheduletrainingatatimeconvenientforyouandyoursalesassociates.

Duringtrainingyouwillbeinstructedonhowto:

• Properlyinstallyourcreditcardterminal

• Processsalesandrefunds

• Settlebatches

• Runreports

• Andmuchmore!

If you did not initially request training butwould now like to receive training, pleasecalltheBB&TMerchantClientSupportCenterat1-877-672-4228andwewillbegladtoscheduletrainingforyou.

1.2BB&T Merchant Ser v ices – G e t t i n g S t a r t e d

CLIENTS USING THIRD PARTY SOFTWARE OR PAYMENT GATEWAYSBy the time you are reviewing this you may already be processing with BB&T; if so,Welcome! In order to begin processing through your new merchant account, you oryoursoftwareprovidermayneedspecificinformationfromBB&Ttoconfigureyoursoftwarecorrectly.Dependingon your specific software,wemayprovide a form to you via emailcontainingthebasicinformationnecessary.However,certainsoftwareprovidersrequirespecialparameterformstobecompletedpriortoconfigurationand/orinstallationofyoursoftware.Ifyoursoftwareproviderrequiresinformationfromyouthatwehavenotsupplied,pleasecontacttheMerchantClientSupportCenterat1-877-672-4228.Wewillbehappytoassistyoubysupplyingthespecificinformationrequestedbyyoursoftwareprovider.

Note: If you purchased software through BB&T, your installation or activation disk will provide instructions for getting started. Training may be available for software purchased through BB&T; contact the Merchant Client Support Center for more information.

Note: If you purchased service through BB&T Payment Gateway or Virtual Terminal, you should have received a welcome email and welcome call from a BB&T training specialist to walk you through your new method of processing. If you have not received your welcome email or you are ready for training, please call the Merchant Client Support Center.

Certain settings in your software will affect your transaction costs, your ability to prevent fraud and chargebacks, and your compliance with Card Association rules. It is your responsibility to ensure the settings established in your software are the most appropriate for processing your transactions. In addition, compliance with Data Security Standards established by the Card Associations is critical. Further details on these topics are provided throughout this Reference Kit.

CLIENTS USING DIALPAYDialPay is aprocessingoption that allows authorization andcaptureof transactions via atouch-tonetelephoneinsteadofacreditcardterminal.Thisoptionshouldonlybeusedbymerchantswhohaveaninfrequentneedtoprocesstransactions.Ifyouraccountwassetuptoprocesstransactionsinthismanner,abookletentitledDialPay Authorization with Capture Operating Guidehasbeenincludedinthewelcomepackageyoumayhavealreadyreceived.TheDialPayguidecontainsalloftheinformationyouneedtoprocessyourtransactions.

All DialPay merchants should be processing transactions using the Address Verification Service as described on page 3.7. For Card-Present transactions, manual imprints, as explained on page 2.4, should be obtained. For Card-Not-Present transactions, DialPay merchants should adhere whenever possible to the Fraud Prevention Guidelines on page 3.5.

1.3 BB&T Merchant Ser v ices – G e t t i n g S t a r t e d

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

CARD ACCEPTANCE POLICIESDollar Minimums and MaximumsAlways honor valid Visa®, MasterCard®, or Discover®Network cards in your acceptance category regardless of the dollar amount of the purchase. Imposing minimum or maximum purchase amounts is a violation.

No SurchargingAlways treat card transactions like any other transaction; that is, do not impose any surcharge on a transaction. You may, however, offer a discount for cash transactions, provided that the offer is clearly disclosed to customers and the cash price is presented as a discount from the standard price charged for all other forms of payment.

TaxesInclude required taxes in the total transaction amount. Do not collect taxes separately in cash. This policy reflects the needs of the many Visa, MasterCard, and Discover Network cardhold-ers who must have written records of the taxes they pay for goods and services.

Split SalesPrepare one sales receipt per transaction, using the full transaction amount. Merchants are not allowed to split the cost of a single transaction on a single cardholder account between two or more sales receipts in order to avoid authorization limits.

Laundering Deposit transactions only for your own business. Depositing transactions for a business thatdoes not have a valid merchant agreement is called laundering or factoring. Laundering is not allowed; it is a form of fraud associated with high chargeback rates and the potential for forcing merchants out of business.

No Cash RefundsComplete a credit receipt for merchandise returns or adjustments. Do not provide cash refunds for returned merchandise originally purchased with a card. Visa and Discover Network does not permit cash refunds for any credit or debit card transaction. By issuing credits, you protect your customers from individuals who might fraudulently make a purchase on their account and then return the merchandise for cash.

Delivery of Goods and ServicesDeliver the merchandise or services to the cardholder at the time of the transaction. Cardholders expect immediate delivery of goods and services unless other delivery arrangements have been made. For card-not-present transactions, cardholders should be informed of delivery method and tentative delivery date.

Asking for IdentificationAlthough payment network rules do not preclude merchants from asking for cardholder ID, merchants cannot make an ID a condition of acceptance. Therefore, merchants cannot refuse to complete a purchase transaction because a cardholder refuses to provide ID. The pay-ment networks do not allow merchants to ask for ID as part of their regular card acceptance procedures. Laws in several states also make it illegal for merchants to write a cardholder’s personal information, such as an address or phone number, on a sales receipt. You may ask for ID if the card is not signed; you must have the cardholder sign it and check the signature against two other pieces of identification, including one government issued ID.

2.1BB&T Merchant Ser v ices – D a i l y P r o c e s s i n g

Zero-Percent AuthorizationsMerchants should not estimate transaction amounts. For restaurant merchants, in particular, this means debit or credit card transactions should be authorized only for the known amount of the check. Do not add on an estimated tip.

Cardholders today can check their account balances almost instantly via the Internet or ATMs. An authorization that includes an estimated tip can reduce their available cash or credit balance by an unrecognizable amount.

Say, for example, a cardholder’s restaurant bill is $100, but the staff adds on a 20 percent tip – that is, $20 – for authorization purposes. If the cardholder only adds on a $15 tip, or leaves the tip in cash, the authorization “hold” on the larger amount may make it appear he or she was overcharged. And that, in turn, can mean angry phone calls from unhappy customers – and the potential for reduced business.

To ensure zero-percent tip authorization for all transactions, restaurant merchants should:

• Instructstafftoauthorizeonlyforthecheckamount.Your staff training and review materials should emphasize the importance of authorizing only for the known amount of the check, excluding any estimated tip.

• Ensureyourauthorizationsystemissetupforzero-percentauthorization.

For further information on zero-percent tip authorization, contact the Merchant Client Support Center.

No Transactions on Merchant’s own cardMerchants should not use your own card, or one to which you have access, to process a transaction for the purpose of obtaining credit for your own benefit.

2.2 BB&T Merchant Ser v ices – D a i l y P r o c e s s i n g


CARD PROCESSING PROCEDURES

Doing It Right at the Point of Sale

Whether sales associates are experienced or new to the job, they will accept cards correctly the first time and every time if they follow a few basic procedures. The illustration below provides an overview of the card acceptance steps that should be followed at the point of sale.

Illustration of Card Acceptance

It Pays to Swipe the Stripe

On the back of every card, you’ll find a magnetic stripe. It contains the cardholder name, card account number, and expiration date, as well as special security information designed to help detect counterfeit cards. When the stripe is swiped through the terminal, this information is electronically read and relayed to the Issuer, who then uses it as crucial input for the authorization decision.

Swipe the card to request the transaction authorization. Hold the card throughout the transaction.

Swipe the card to request the transaction authorization. Hold the card throughout the transaction.

While the transaction is being processed, check the card’s features and security elements to make sure the card is valid and has not been altered in any way.

Obtain authorization and get the cardholder signature on the transaction receipt.

Compare the name, number, and signature on the card to those on the transaction receipt.

1

2

3

4

* See page 3.4 for information on Code 10 calls.

If you suspect fraud, make a

Code 10 call*.

Verifying the Account Number

Most POS terminals allow merchants to verify that the account number embossed on the front of the card is the same as the account number encoded on the card’s magnetic stripe. How you check the numbers depends on your POS terminal. In some cases, the magnetic stripe number is displayed on the terminal. In others, the terminal may be programmed to check the numbers electronically. In such instances, you will be prompted to enter the last four digits of the embossed account number, which will then be matched against the last four digits of the account number on the magnetic stripe.

If the account number is printed on the receipt, only the last four digits will be used in many cases. If the numbers don’t match, you will receive a “No Match” message. In such instances, you should make a Code 10 call.*

KEY-ENTERED TRANSACTIONS

If a Card Won’t Read When Swiped

In some instances, when you swipe a card the terminal will not be able to read the magnetic stripe or perform an authorization. When this occurs, it usually means one of three things:

• Theterminal’smagnetic-stripereaderisnotworkingproperly.

• Thecardisnotbeingswipedthroughthereadercorrectly.

• Themagneticstripeonthecardhasbeendamagedordemagnetized.Damagetothecardmayhappen accidentally, but it may also be a sign that the card is counterfeit or has been altered.

If a card won’t read when swiped, you should:

• Checktheterminaltomakesurethatitisworkingproperlyandthatyouareswipingthecardcorrectly.

• If the terminal is OK, take a look at the card’s security features to make sure the card is notcounterfeit or has not been altered in any way.

• Forkey-enteredorvoice-authorizedtransactions,makeanimprintofthefrontofthecard.Theimprintproves the card was present at the point of sale and protects your business from potential chargebacks if the transaction turns out to be fraudulent. The imprint can be made either on the sales receipt generated by the terminal or on a separate manual sales receipt form signed by the customer.


IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

All POS terminals and systems are required to provide account number truncation on electronically printed transaction receipts. This means that only the last four digits of an account number should be printed on the customer’s copy of the receipt, and the expiration date should not appear at all. All POS terminals and systems must now comply with these requirements. The Merchant copy of the receipt may be required to reflect no more than the last four or five digits of the cardholder account number depending upon state or local legislation enacted in the jurisdiction of Merchant’s location. It is Merchant’s responsibility to determine requirements of and comply with local and/or state legislation as applicable. If the full card number does appear on the Merchant’s copy, please make sure the correct receipt, the cardholder copy, is provided to the customer. If the full card number does not appear on the Merchant copy, we suggest you print out a batch detail report before closing out in order to have a record of the full card number. Retain in a secure location.

* See page 3.4 for information on Code 10 calls.


Key-enteredtransactionsarefullyacceptable,buttheyareassociatedwithhigherfraudandhigher

chargebackrates.Keyenteredtransactionsmayincreaseyourprocessingcostsbecauseofthe

increased risks.

MER

CH

AN

TT

IP

Find Causes and Look for Solutions

If a large percentage of your transactions are key entered, you should investigate the situation and try to find out why. The following chart summarizes the most common reasons for high key-entry rates and provides possible solutions.

KEY-ENTRY CAUSE SOLUTION

Damaged Magnetic-Stripe Readers Check magnetic-stripe readers regularly to make sure they are working.

Dirty Magnetic-Stripe Readers Clean magnetic-stripe reader heads several times a year to ensure continued good use.

Magnetic-Stripe Reader Obstructions Remove obstructions near the magnetic-stripe reader. Electric cords or other equipment could prevent a card from being swiped straight through the reader in one easy movement.

Spilled Food or Drink Remove any food or beverages near the magnetic stripe reader. Falling crumbs or an unexpected spill could soil or damage the machines.

Anti-Theft Devices that Keepmagneticanti-theftdeactivationdevicesawayfromanycounter Damage Magnetic Stripes area where customers might place their cards. These devices can erase a card’s magnetic stripe.

Improper Card Swiping •Swipethecardonceinonedirection,usingaquick,smoothmotion. •Neverswipeacardbackandforth. •Neverswipeacardatanangle;thismaycauseafaultyreading.

Special Guidelines Regarding Unembossed CardsUnembossed CardsVisa, MasterCard, and Discover Network both offer unembossed cards to accommodate a changing payment environment. Some cards now have laser-engraved or thermal printing of the account number, presenting a smooth appearance to the face of the cards. Traditionally, these cards were issued outside the United States; however, the cards are now offered for products such as prepaid and gift cards. Below we have provided a list of frequently asked questions regarding unembossed cards.

How do you identify an unembossed card?MasterCard has branded it’s card offering as “MasterCard Electronic” and the logo on the card reflects this terminology. Visa, and Discover Network cards will indicate “electronic use only” on the face of the card. Card numbers on both cards are smooth in contrast to raised numbers on the cards we are familiar with today.

Who can accept unembossed cards?Unembossed cards work just like any other card at the point-of-sale. Any merchant utilizing an electronic payments terminal, which is capable of reading the magnetic stripe, can accept the card.


Directions for Processing Credit Cards Using Manual Imprint

1

2

9

3 4

8

5 67

1

2

10

3 4

8

5 7

Imprint of credit card number will show here.

Imprint of plate showing merchant number, name, and state will show here. If imprint of merchant plate is unavailable, write in the mer-chant name and place of business. (Merchant account number is not required).

Enter description of sale, ex. gift cards, merchandise, etc.

Enter the amount of each sale.

Enter the date of each sale.

Enter the authorization number from Visa or MC.

Enter reference number on the receipt from the terminal.

Enter amount of total transaction.

If cardholders sign the terminal receipt, they are not required to sign manual imprint receipt. Attach the merchant copy to the terminal copy for the merchant’s file.

If manual imprint receipt is used to issue a credit, the merchant has to sign to authorize the credit.

1

2

8

3

4

9

105

6

7

If the magnetic-stripe read fails, what can the merchant do?Visa and Discover Network recommend that the merchant request another form of payment. Because the card is not capable of being imprinted, the merchant would have to hand-write the card number on the sales draft and/or key-enter the transaction. Visa and Discover Network advise that merchants who accept an unembossed card without a swipe do so at their own risk, and could be subject to a “Missing Imprint” chargeback should the issuer dispute the transaction. MasterCard’s requirements indicate their MasterCard Electronic card cannot be processed if the swipe cannot be completed. NO hand-keyed transactions or hand-written sales drafts are allowed. The cardholder must be physically present in order to complete a transaction. If the card is valid only in a country different from where the merchant establishment is located, the card may not be accepted.

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

A manual imprint must NOT consist of an impression taken from the card using pencil, crayon or other writing instrument.


Authorization Responses

During the authorization process, your sales associates should receive one of the following responses, or one that is similarly worded.

RESPONSE MEANING

Approved Card issuer approves the transaction. This is the most common response — about 95% of all authorization requests are approved.

Declined or Card Not Accepted Card issuer does not approve the transaction. The transaction should not be completed. Return the card and instruct the cardholder to call the card issuer for more information on the status of the account.

Call, Call Center, or Referrals Card issuer needs more information before approving the sale. Most of these transactions are approved, but you should call your authorization center and follow the instructions you are given. In most cases, an authorization agent will ask to speak directly with the cardholder or will instruct you to check the cardholder’s identification.

Pick Up Card issuer wants to recover the card. Do not complete the transaction. Inform the customer that you have been instructed to keep the card, and ask for an alternative form of payment. If you feel uncomfortable, simply return the card to the cardholder.

No Match The embossed account number on the front of the card does not match the account number encoded on the magnetic stripe. Swipe the card again and re-key the last four digits at the prompt. If a “No Match” response appears again, it means the card is counterfeit. If it can be done safely, keep the card in your possession, and make a Code 10 call.

Authorization

The authorization process allows the card issuer to approve or decline a transaction. In most cases, authorizations are processed electronically in a matter of moments. However, to protect against fraud, the card issuer may request additional information about the transaction. If properly done, authorizing a transaction is quick and easy and protects merchants against fraud and chargebacks.

Authorization should be seen as an indication that account funds are available at the time of authorization and a card has not been reported as lost or stolen. It is not proof that the true cardholder or a valid card is involved in a transaction. It is highly recommended and in your benefit to settle all authorized transactions daily or within 24 hours of the time of the authoirzation. Settling in this manner may prevent chargebacks and will prevent additional interchange fees.

MER

CH

AN

TT

IP


UNDERSTANDING INTERCHANGE/MINIMIZING PROCESSING COSTS

Q: What is interchange?

A: Interchange is the fee that merchant-acquiring institutions must pay card-issuing institutions to help offset card issuers’ processing costs and cost of funds. Revenue from interchange fees permits issuers to offer consumers value-added card products at lower prices. This helps increase card availability and usage, which benefits merchants through incremental sales and displacement of other more expensive forms of payment. Interchange rates are set and governed by Visa, MasterCard, and Discover Network, and are the same for all card-issuing and merchant-acquiring institutions. Such control helps maintain the integrity of the most widely used, complex electronic payment system in the world.

Q: What are non-qualified transactions?

A: Visa, MasterCard, and Discover Network establish interchange fees for transactions based on the data submitted and the risk associated with the particular transaction. Your merchant account and the agreed-upon rates and fees are based on an interchange level that is established according to your processing method and business type. A non-qualified transaction is a transaction that does not qualify at the expected level because it does not meet Visa, MasterCard, and Discover Network requirements for that level. Your account will be billed the difference in cost between the expected interchange rate and the interchange level at which the transaction actually qualified plus a surcharge.

For example: The interchange level established for an account may require that the card be present and swiped as part of the transaction. The interchange rate is lower because more magnetic stripe content data is submitted and since the card is present, there is lower associated risk. If the card is not present or swiped, the transaction will not meet the requirements for the established interchange level, will be considered non-qualified, and will cost more to process.

Q: Why is a surcharge assessed on non-qualified transactions?

A: Merchant-acquiring institutions assess a surcharge to cover the additional handling costs associated with non-qualified transactions, such as increased processing and operational expenses.

Q: What can I do to reduce the number of non-qualified transactions I have and minimize my transaction costs?

A: To minimize processing costs and ensure that your transactions are clearing at the best possible interchange rate, you should observe the best practices referenced below as indicated for your processing method and business type. For additional advice on reducing transaction processing costs, please contact our Merchant Client Support Center for assistance.

Retail / Face-to-Face Merchants:

• Card-swipeallofyourtransactions.

• Electronicallyauthorizealltransactions.

• Obtainoneauthorizationpertransaction.

• Voiceauthorizedor“forced”transactionswillnotbeeligibleforthequalifiedrate.

• Settlementamountmustequaltheauthorizedamountforsignaturedebit(non-PIN)transactions.

• Alltransactionsmustbesettledwithin24hoursoftheauthorization.

• Indicatethecardispresent(bytransactiontypeoratappropriateprompt)andperformAddressVerification

Services (AVS) on key-entered transactions; a full AVS match must be received on the cardholder’s billing zip

code to qualify for the best non-qualified rate.

• ForMasterCardtransactions:Thesettlementamountforeachtransactionmustbewithin25%oftheauthorized

amount for Beauty Salon transactions and within 10% of the authorized amount for all other transactions.

• ForDiscoverNetworktransactions:Thesettlementamountforeachtransactionmustbewithin20%ofthe

authorized amount for Beauty/Barber Shops and Taxicabs/Limousines and within 10% of the authorized amount

for all other transactions.

Restaurant Merchants:



• Obtainoneauthorizationpertransaction.

• Voiceauthorizedor“forced”transactionswillnotbeeligibleforthequalifiedrate.

• Alltransactionsmustbesettledwithin24hoursoftheauthorization.

• Indicatethecardispresent(bytransactiontypeoratappropriateprompt)andperformAddressVerification

Services (AVS) on key-entered transactions; a full AVS match must be received on the cardholder’s billing zip

code to qualify for the best non-qualified rate.

Hotel Merchants:



• Settlementamountmustequaltheauthorizedamount.

• Settleyourterminaldaily.

• IncludeaRoomorFolionumberonalltransactions.

• IncludetheCheck-inandCheck-outdateonalltransactions.

• IndicatorforAncillarychargesandNo-showchargeisrequired.


Card Not Present - Mail/Phone Order Merchants:


• PerformAddressVerificationServices(AVS)onalltransactions.

• Invoicenumberorcustomerordernumbermustbeincludedonalltransactions.

• Thecustomerservicephonenumberisrequiredinsettlementrecord.

• Thepurchasedateistheshipmentdateandmustbewithinsevendaysaftertheauthorization

date or one day prior to the authorization date.

• Transactionsmustbesettledwithintwodaysofthepurchasedate.


• TransactionmustbeproperlyidentifiedasMail/PhoneOrderwiththeappropriateMOTOindicator.

• BillPaymenttransactionsmustbeproperlyidentifiedwithaMarketSpecificIndicatorof“B”,ACIof“Y”and

processing code of “50” and a MOTO indicator of “01” for one payment, “02” for recurring payment and

“03” for installment payment. The first or initial transaction must be properly identified as Mail/Phone Order;

subsequent transactions must be properly identified as Recurring.

• Transactionidentificationisusuallyhandledautomaticallybyamerchant’stransaction-processingsystem;

however, you should check with your software provider to confirm that your system is properly set up.

Card Not Present - Internet/ Electronic Commerce Merchants:


• PerformAddressVerificationServices(AVS)onalltransactions.

• Invoicenumberorcustomerordernumbermustbeincludedonalltransactions.

• Thecustomerservicephonenumber,emailaddress,orthemerchant’sURLisrequiredinthesettlementrecord.

• Transactionsmustbesettledwithintwodays.


• Thepurchasedateistheshipmentdateandmustbewithinsevendaysaftertheauthorization

date or one day prior to the authorization date.

• Transactionmustbeproperlyidentifiedase-CommercewiththeappropriateECIindicator.

• BillPaymenttransactionsmustalsobeproperlyidentifiedwithaMarketSpecificIndicatorof“B,”

ACI of “Y” and processing code of “50” and an ECI of “5,” “6,” ”7” or “8”.

• Transactionidentificationisusuallyhandledautomaticallybyamerchant’stransaction-processingsystem;

however, you should check with your software provider to confirm that your system is properly set up.


IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

ON ALL TRANSACTIONS:

Make sure your credit card equipment is functioning properly. Do not bypass any terminal or software prompts for specific data; doing so will affect your transaction costs, your ability to prevent fraud and chargebacks, and your compliance with Payment Network rules. If you are a merchant using third-party software, ensure the settings established in your software are the most appropriate for the processing nature of your business.

Business-to-Business Transactions

In order to ensure that transactions conducted with Business, Corporate or Purchasing Cards clear at the best possible interchange rate, you should observe the best practices referenced above as applicable to your processing method and business type. In addition, provide the enhanced data below:

For Business and Corporate Cards:

• SubmittheTaxIncludedIndicatorandSalesTaxAmount(amountmustbebetween0.1%and22%

of the transaction amount for Visa and 1% and 30% of the transaction amount for MasterCard).

For Purchasing Card transactions only:

To meet Level II Enhanced Data requirements:

• SubmittheTaxIncludedIndicatorandSalesTaxAmount(amountmustbebetween0.1%and22%

of the transaction amount for Visa and 1% and 30% of the transaction amount for MasterCard).

– Customer Code (as provided by cardholder) is required at Fuel Merchants.

To meet Level III Enhanced Data requirements:

• SubmitSummaryData(minimumrequireddatashownbelow):

– Discount amount - Last two digits are implied decimal places. Must not be all zeros if a discount

amount exists. Must be all zeros if discount amount does not exist.

– Freight/shipping amount - Last two digits are implied decimal places. Must not be all zeros if a

freight/shipping amount exists. Must be all zeros if freight/ shipping amount does not exist.

– Duty amount - Last two digits are implied decimal places. Must not be all zeros if a duty amount

exists. Must be all zeros if duty amount does not exist.

• and, submit Line Item Detail (minimum required data shown below):

– Item descriptor - Must not be all spaces or all zeros.

– Item quantity - Last four digits are implied decimal places. Must not be all spaces or all zeros.

– Item unit of measure - Must not be all spaces or all zeros.

– Item commodity code - Must not be all spaces or all zeros.

– Item product code - Must not be all spaces or all zeros.

– Item unit cost - Last four digits are implied decimal places. Must not be all spaces or all zeros.

– Discount per Line Item - Last two digits are implied decimal places. Must not be all zeros if a

discount exists. Must be all zeros if discount does not exist.

– Line Item total - Last two digits are implied decimal places. Must not be all spaces or all zeros.



2

3

4

5

6

1

78

9 10 11 12 13 14 15 16 17 18

19 20 22 23 24 25 26 2721

28 29 30 31

3332

35

37

34

36

38

39

1 Address of BB&T Merchant Services

2 Processing MonthThe date your statement was produced (MM-YY). An internal tracking number for BB&T Merchant Services is also included.

3 Processor Use Only

4 Merchant NumberThis number is assigned to your company for identification purposes. It is exclusive to your company. If you call with statement inquiries, please be prepared to provide your merchant number.

5 Routing NumberThis number identifies your bank.

6 Deposit Account NumberThis number identifies your account at your bank.

7 Your Statement Mailing Address

8 AmountThis is the amount that is due to BB&T Merchant Services this month. This amount is deducted from or added to your checking account. It includes the difference between fees owed and fees actually paid.

9 PLPlan Code that identifies the type of card used. See the list of Plan Codes at the bottom of the statement.

10 # SalesTotal number of sales and cash advances for this statement period.

11 $ SalesTotal dollar amount of sales and cash advances for this statement period.

12 # CreditsTotal number of credits for this statement period.

13 $ CreditsTotal dollar amount of credits for this statement period.

14 Net SalesTotal dollar amount of sales and cash advances less total dollar amount of credits.

15 Avg TktDollar amount of the average sales transaction.

16 Disc P/IDiscount charged per item for transactions.

17 Disc %Discount percentage rate assessed for transactions.

18 Discount DueDiscount due to BB&T Merchant Services. This is calculated as either your net or gross sales multiplied by the discount rate plus the discount per item multiplied by the total number of sales.

Transaction DetailThis section displays a breakdown of each trans-action made during the statement period. The transactions are separated into three categories: deposits, adjustments, and chargebacks.

19 DayDay of the month that your batch was processed.

20 Ref NumberReference number assigned to the batch for tracking purposes.

21 *(Transaction Code)Code that identifies the type of transaction processed. See the list of Transaction Codes at the bottom of the statement.

22 PLTransaction plan type. See the list of Plan Codes at the bottom of the statement.

23 # SalesTotal number of sales and cash advances for this batch.

24 $ SalesTotal dollar amount of sales and cash advances for this batch.

25 $ CreditsTotal dollar amount of credits for this batch.

26 Discount PaidTotal discount previously paid to BB&T Merchant Services. This amount will only display if you participate in a daily discount program with BB&T Merchant Services.


Use this information to become familiar with your merchant statement.

How To Read Your Merchant Statement

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

Merchant should review monthly statement and report questions, disputes, or missing transactions within 90 days of receipt of statement. Please refer to Section 1.5(k) of your BB&T Merchant Agreement for additional information. It is important to review your monthly statement for important messages from BB&T regarding your merchant statement.

27 Net DepositTotal dollar amount of sales and cash advances less total dollar amount of credits and paid discount. Deposit, Adjustment and Chargeback totals will appear under each respective section.

Fee TotalsThis section displays the fees that will be charged to the merchant.

28 NumberTotal number of items billed.

29 AmountTotal dollar amount used to calculate the amount billed. (This may not be used for all items.)

30 DescriptionDescription of the item billed.

31 TotalTotal dollar amount to be billed.

32 Total Fees DueTotal dollar amount of fees to be paid by the merchant.

Note: Fees will be deducted on the 15th day (or next business day) of the month following the statement processing date.

Statement TotalsThis section contains discount information and the amount credited or debited from the account. The following fields may appear if applicable.

33 Minimum DiscountMinimum amount of discount that will be charged. This figure will be used if the discount amount is less than the minimum stated in your merchant contract.

34 Discount DueTotal dollar amount of discount due from the merchant as calculated throughout the month.

35 Discount PaidTotal dollar figure of discount that has been paid during the month by the merchant if participating in a daily program.

36 Net Discount DueDiscount due less the discount paid.

37 Fees DueTotal fees due from the merchant.

38 Amount DeductedTotal dollar amount credited or debited from the account.

Statement Message

39 Statement Message Important information from BB&T Merchant Services.

Plan Codes and Transaction CodesList of Plan Codes and Transaction Codes are printed along the bottom border of the statement.


How To Read Your Merchant Statement (continued)

MAINTAINING YOUR ACCOUNT

When to Contact Us

From time to time, your business may experience change. Some changes may require updates to your merchant relationship, including the following:

• DDAAccountNumberor“OperatingAccount”

- If the DDA account is held at a financial institution other than BB&T, the Bank will require a voided check drawn on the new DDA account to be submitted with the written request for verification purposes.

• Ownershiporownershipstructure

• Federaltaxidentificationnumber

• Typeorkindofbusiness

• Processingmethod

• Whenyouemployathirdpartyprovider(s),beginoperatingawebsite,oraddpaymentacceptance to an existing account

• CompanyDBAname

• Address,ortelephone/facsimilenumber

• Whenyouenterintoanagreementwithathirdpartyofferingacashadvanceloanpro-gram, in which you pledge future credit card receivables as collateral

• Whenyoubeginagiftcardprogram

To request account changes, please call the BB&T Merchant Client Support Center at 1-877-672-4228 or send written correspondence to the following address:

BB&T Financial, FSB P.O. Box 200 Wilson, North Carolina 27894

IF YOUR TERMINAL BREAKSIf your terminal becomes inoperable, please follow the steps below:• CalltheClientSupportCenterat1-877-672-4228.• Chooseoption1.• Choosetheappropriatetechnicalhelpdeskfromthemenu.

As a reminder, if you own a terminal that has been deemed obsolete by its manufacturer or is no longer capable of compliance with card association requirements and it becomes inoper-able, you will have to purchase a new terminal in order to continue processing.

Equipment damaged as a result of abuse, power failure, physical damage, fire, or water may not be eligible for replacement or may be subject to additional fees.


CARD IDENTIFICATION FEATURES AND SECURITY ELEMENTS

If you are ever suspicious about a card or transaction, call your authorization center and request a Code 10 authorization.

Every card contains a set of unique design features and security elements developed by each card manufacturer to help merchants verify a card’s legitimacy. By knowing what to look for on each card, your sales associates can avoid inadvertently accepting a counterfeit card or processing a fraudulent transaction. Train your sales staff to take a few seconds to look at the card’s basic features and security elements after they have swiped the card and are waiting for authorization. Checking card features and security elements helps to ensure that the card is valid and has not been altered in any way.

Holding onto the CardSales staff should be instructed to keep payment cards in their possession during transaction processing. Holding onto the card allows time to check card features and security elements and to compare the cardholder signature on the card with the signature on the transaction receipt.

Visa Features (original Visa may be valid through 2010)You may have already noticed that Visa is changing its card design. We have included both the old and new card designs in this guide.

3.1BB&T Merchant Ser v ices – L o s s P r e v e n t i o n

The four-digit number printed below the embossed account number must match the first four digits of the account number.

Check the “Good Thru” or “Valid thru” date. Make sure the date of the transaction is no later than the date on the card. If the transaction date is after the “Good Thru” date, the card has expired. In such instances, an authorization request can be called in to your authorization center, or you can ask the customer for a Visa card that is currently valid. Always request authorization on an expired card. If the Issuer approves the transaction, proceed with the sale. Never accept a transaction that has been declined.

Visa Debit IdentifierTo clearly distinguish Visa Debit cards, all consumer Debit cards must show the word “Debit” above the hologram.

All Visa account numbers start with 4. The embossing should be clear and uniform in size and spacing and extend into the hologram. The account number embossed on the card must match the account number printed on the sales draft or displayed on the terminal (if equipment allows).

A three-dimensional dove hologram should reflect light and seem to change as you rotate the card.

Visa cards have a stylized “V” security character embossed to the right of the expiration date.

Back of Visa CardsAll Visa Cards must be signed in order to be valid. The signature on the sales draft should match the signature on the back of the card. If the card is not signed, ask the cardholder to provide a valid government ID (e.g., driver’s license). Then have the customer sign the card. Check to be sure the signatures match.

The magnetic stripe should appear smooth and straight, with no signs of tampering.

The signature panel should have a repetitive pattern of the word “Visa” printed in color at an angle. A full or partial account number, plus a three-digit Card Verification Value 2 (CVV2), is indent-printed on the signature panel.

Visa Features (Updated Visa Card – Beginning January 2006)

Front of Card

Check the account number for evenness and clarity. Look closely at the account number. On valid cards, the numbers will be even and straight; on altered cards, they may have fuzzy edges, or you may be able to see “ghost images” of the original numbers.

Compare numbers. The printed four-digit number must match the first four digits of the account number above it. Both should begin with a “4.” If the numbers are not identical or the printed number is missing, the card is not valid and should not be accepted.

Check the “Good Thru” or “Valid thru” date. Make sure the date of the transaction is no later than the date on the card. If the transaction date is after the “Good Thru” date, the card has expired. In such instances, an authorization request can be called in to your authorization center, or you can ask the customer for a Visa card that is currently valid.

Back of Card

Check the hologram. When the card is tilted, a ring should appear around the sun and the word “VISA” should appear in the center. If not, the card may be counterfeit.

Look at the signature panel. The signature panel will look like this or have a custom design.

Check for the Card Verification Value (CVV2). It is a three-digit code that appears either on the signature panel or on a white box to the right of the signature panel. Portions of the account number may also be present on the signature panel. CVV2 is used primarily in card-not-present transactions to verify that the customer is in possession of a valid Visa card at the time of the sale.

Check for signs of tampering. Any attempt to erase the signature will cause the word “VOID” to appear.


MasterCard FeaturesAll MasterCard account numbers start with 5. The embossing should be clear and uniform in size and spacing and extend into the hologram. The 16-digit account number embossed on the card must be exactly the same as the account number printed on the sales draft, or displayed on your terminal (if equipment allows).

A three-dimensional hologram with interlocking globes should reflect light and seem to move as you rotate the card. The word “MasterCard” is printed repeatedly in the background of the hologram. The letters “MC” are micro-engraved around the two rings.

Back of MasterCard

The back of the card must be signed.

The magnetic stripe should appear smooth and straight, with no signs of tampering.

The word “MasterCard” is printed repeatedly in multicolors at an angle on a tamper-evident signature panel. You may see only the last four digits of the account number, plus the three-digit CVC2 indent- printed on some newer cards. Some cards may contain the full 16-digit account number, followed by the three- digit CVC2, indent-printed on the signature panel.

Updates for MasterCard (Beginning June 2006)

Front of Card

A three-dimensional hologram with interlocking globes should reflect light and seem to move as you rotate the card. Beginning in June 2006, card issuers have the option of placing the hologram on the card back.

The familiar “MC” security character will not be present on cards issued after June 2006.

To clearly distinguish Debit cards, all new and re-issued consumer Debit cards must display the Debit hologram. By January 1, 2007, all Debit cards must be in compliance with this rule.

Back of Card Beginning in June 2006, card issuers have the option of placing a holographic magnetic stripe on the card back, replacing the Globe hologram or the Debit hologram.

The word “MasterCard” is printed repeatedly in multicolors at an angle on a tamper-evident signature panel. The last four digits of the account number are indent-printed on the signature panel. Beginning in June 2006, the three-digit CVC2 must be printed in a white rectangle to the right of the signature panel.

The MasterCard Alternative Design Option will allow issuers greater flexibility. You may see vertical cards, unembossed cards and smaller size cards.

The pre-printed Bank Identification Number (BIN) must match the first four digits of the embossed account number.

The valid date lists the last day on which the card is valid. Some cards may have an effective date as well.

MasterCard cards have a stylized “MC” security character embossed to the right of the valid dates.

MasterCard Debit HologramTo clearly distinguish MasterCard Debit cards, all new and re-issued consumer Debit cards must display the Debit hologram. By January 1, 2007, all Debit cards must be in compliance with this rule. Until then you may still see some older cards with the word “Debit” printed above the global hologram.

3.3 BB&T Merchant Ser v ices – L o s s P r e v e n t i o n

Discover®

The words “DISCOVER NETWORK” will appear under an ultraviolet light.

All Discover Network account numbers start with 6. The embossing should be uniform in size and spacing, and extend into the hologram.

“Valid Thru” indicates the last month in which the card is valid.

A Business Name may be embossed below the account name.

An embossed Security Character appears as a stylized “D.”

Law Enforcement Phone Line

1-800-347-3083

and appear to move.

The magnetic stripe should appear smooth, with no signs of tampering.

The words “DISCOVER NETWORK” appear on the signature panel,

and an underprint reading “VOID.”

The last four digits of the account

number appear on the signature panel

in reverse indent printing.

The three-digit

Data (CID) appears to the right of the

signature panel.

Merchant Code 10 Authorization

1-800-347-1111 for suspicious transactions

The Discover® Network AcceptanceMark appears on both sides of the card.

American Express®

The letters “AMEX” and a phosphorescence in the Centurion portrait are visible under an ultraviolet light.

Pre-printed (non-embossed)

(CID) should always appear above the account number.

Do not accept a Card after the expiration date.

Only the person whose name is embossed on an American Express Card is entitled to use it.

All American Express account numbers start with 3. Embossing should be clear and uniform in size and

spacing. The number on the front and back of the Card, plus the one printed on the sales receipt

should all match.

With this statement on the Card, American Express reserves the right to

“pick up” the Card at any time.

Some Cards have a hologram of the

American Express image embedded into

the magnetic stripe.

The signature on the back of the Card should

match the customer’s signature on the receipt.

The signature panel is tamper-evident.

Merchant Code 10 Authorization

1-800-528-1212 if you are suspicious of a card transaction


CODE 10 CALLSCode 10 calls allow merchants to alert card issuers to suspicious activity and take appropriate action when instructed to do so. You should make a Code 10 call to your voice authorization center whenever you are suspicious about a card, cardholder, or a transaction. The term “Code 10” is used so the call can be made at any time during a transaction without arousing a customer’s suspicions.

To make a Code 10 call:Keep the card in your possession during the call.

Call your voice authorization center, at 800-291-4840

Enter your Merchant Identification Number

Press # , then 8, then enter card number.

Enter the expiration date.

Enter the amount of the transaction.

You will be transferred to a special operator who will ask you a series of questions that can be answered with a simple yes or no.

• When connected to the special operator, answer all questions calmly and in a normal tone of voice. Your answers will be used to determine whether the card is valid.

• Follow all operator instructions.

• If the operator tells you to pick up the card, do so only if recovery is possible by reasonable and peaceful means.

MER

CH

AN

TT

IP

Emphasize to your sales staff that they can make Code 10 calls even after a cardholder leaves the store. A Code 10 alert at this time may help stop fraudulent card use at another location, or perhaps during a future transaction at your store.


FRAUD PREVENTION GUIDELINES FOR CARD-NOT-PRESENT TRANSACTIONSA range of fraud-prevention policies, guidelines, and services have been developed for card-not-present merchants. Using these tools will help protect your business from fraud-related chargebacks and losses. Mail Order/Telephone Order (MO/TO) and Internet merchants should strongly consider developing in-house fraud control policies and providing appropriate training for employees.

The following sections outline basic fraud-prevention guidelines and best

practices for card-not-present merchants.

Authorize All Card-Not-Present Transactions

Authorization is required on all card-not-present transactions. Card-not-present transactions are considered as zero-floor-limit sales. Authorization should occur before any merchandise is shipped or services performed. An authorization number serves as approval that the card is valid and funds are available. It is not proof that the cardholder was engaged in the transaction.

Ask for Card Expiration Date

Card-not-present merchants should always ask customers for their card expiration, or “Good Thru,” date and include it in their authorization requests.

Including the date helps to verify that the card and transaction are legitimate. A MO/TO or Internet order containing an invalid or missing expiration date may indicate counterfeit or other unauthorized use.

Ask for CVV2/CVC2

The Card Verification Value (CVV2 - Visa), Card Validation Code (CVC2-MasterCard), and Card Identification (CID - Discover) is a three- or four-digit security number printed on the front or back of cards to help validate that a customer is in possession of a legitimate card at the time of an order.

Studies show that merchants who include CVV2/CVC2/CID validation in their authorization procedures for card-not-present transactions can reduce their fraud-related chargebacks.


CVV2/CVC2 PROCESSINGTo ensure proper CVV2/CVC2/CID processing for card-not-present transactions, merchants should:

• Ask card-not-present customers for the last three numbers in the signature panel on the back of their cards.

• If the customer provides a CVV2/CVC2/CID, submit this information with other transac-tion data (card expiration date and account number) for electronic authorization. You should also include one of the following CVV2/CVC2/CID presence indicators, even if you are not including a CVV2/CVC2/CID in your authorization request:

INDICATOR WHAT IT MEANS

0 CVV2/CVC2/CID is not included in authorization request.

1 CVV2/CVC2/CID is included in authorization request.

2 Cardholder has stated that CVV2/CVC2/CID is illegible.

9 Cardholder has stated that CVV2/CVC2/CID is not on the card.

• Evaluate the CVV2/CVC2/CID result code you receive with the transaction authoriza-tion, and take appropriate action based on all transaction characteristics.

CVV2 RESULT CODE RECOMMENDED ACTION

M - Match Complete the transaction, taking into account all other

transaction characteristics and verification data.

N - No Match View a “No Match” response as a sign of potential fraud, which

should be taken into account along with the authorization response

and any other verification data. You may also want to resubmit the

CVV2/CVC2/CID to ensure a key-entry error did not occur.

P - CVV2* Resubmit the authorization request.

S - CVV2** Follow up with the customer to verify that the correct card

location has been checked for CVV2/CVC2/CID.

U*** Evaluate all available information and decide whether to proceed

with the transaction or to investigate further.

* request not processed ** should be on the card, but the cardholder has reported that it isn’t. *** card issuer does not support CVV2/CVC2/CID



ADDRESS VERIFICATION SERVICE

To use the Address Verification Service (AVS), simply ask card-not-present customers for their billing address as it appears on their monthly statement. This information is then submitted with other transaction data for electronic authorization. Address verification and authorization occur simultaneously — in a matter of seconds — and you will receive an AVS response code with the authorization.

You should evaluate the AVS response code and take appropriate action, based on all transaction characteristics and any other verification information received with the authorization (expiration date, CVV2/CVC2/CID, etc.). An authorization response always takes precedence over AVS. Do not accept any transaction that has been declined, regardless of the AVS response.

AVS RESPONSE WHAT IT MEANS

X – Exact Match Address and nine-digit zip code match.

Y – Match Both street address and five-digit zip code match. Complete the

transaction; you can be relatively confident it is legitimate.

A – Partial Match Street address matches, but zip code doesn’t. View as a sign of potential

fraud. Depending on the transaction amount, you may decide to

complete the transaction or investigate further to ensure it is valid.

Z – Partial Match Zip code matches but the street address doesn’t. View as a sign of

potential fraud. Depending on the transaction amount, you may decide

to complete the transaction or investigate further to ensure it is valid.

N – No Match Street address and zip code don’t match. View as a sign of potential

fraud and take further steps to validate the transaction.

U – Unavailable The Issuer’s system is not available, or the Issuer does not support AVS.

The address cannot be verified at present. You must decide whether to

accept or refuse the transaction, or investigate further.

R – Retry The Issuer’s system is not available; try again later. The Issuer’s system

may not be working. You should resubmit your AVS request later.

U – Issuer does not support AVS Evaluate all available information and decide whether to proceed with

the transaction or to investigate further.

Z – Partial Match Unless you sent only a zip code AVS request and it matched, you may

want to follow up before shipping merchandise.

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

If you complete a transaction for which you received an authorization approval and an AVS response of “U” (unavailable), and the transaction is later charged back to you as fraudulent, BB&T Merchant Services may represent the item. U.S. Issuers must support AVS or lose their right to fraud chargebacks for card-not-present transactions.

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

For a zip code only request and P.O. Box address, Issuers may respond with either a “Y” (Exact Match), or a “Z” (Partial match-zip Code Matches).


Suspicious TransactionsCard-not-present merchants should develop in-house policies and procedures for handling irregular or suspicious transactions and provide appropriate training for their sales associ-ates. Being able to recognize suspicious orders may be particularly important for merchants involved in telephone sales, and employees should be given clear instructions on the steps to take to verify these transactions.

Your sales employees should be on the lookout for any of the following signs of suspicious customer behavior :

• Hesitation: Beware of customers who hesitate or seem uncertain when giving you personal information, such as a zip code or the spelling of a street or family name. This is often a sign that the person is using a false identity.

• Rush orders: Urgent requests for quick or overnight delivery — the customer who “needs it yesterday”— should be another red flag for possible fraud. While often perfectly valid, rush orders are one of the common characteristics of “hit and run” fraud schemes aimed at obtaining merchandise for quick resale.

• Random orders: Watch out also for customers who don’t seem to care if a particular item is out of stock —“You don’t have it in red? What colors do you have?”— or who order haphazardly —“I’ll take one of everything!” Again, orders of this kind may be intended for resale rather than personal use.

• Suspicious shipping address: Scrutinize and flag any order with a ship to address that is different from the billing address on the cardholder’s account.

– Requests to ship merchandise to post office boxes or an office address are often associated with fraud.

– Keep lists of zip codes where high fraud rates are common and verify any order that has a ship-to address in these areas.

– If your business does not typically service foreign customers, use caution when shipping to addresses outside the United States, particularly if you are dealing with a new customer or a very large order.

– Requests to wire funds to pay shipping costs are often associated with fraud.

– Requests to provide cash back for any credit card transaction are often associated with fraud.

In examining what appears to be an unusual order, keep in mind that if the sale sounds too good to be true, it probably is. Merchants should NEVER provide cash back to a cardholder when processing a credit card transaction, as this is prohibited by the credit card associations. Also, please be aware of a growing problem impacting merchants across the country. Merchants have received telephone and fax orders, often originating in foreign countries, attempting to purchase goods and services. The cardholder requests that the merchant wire back to them a part of the credit transaction for various reasons, i.e. shipping charges by a carrier of their choice, or for other arrangements they prefer to make rather than follow the normal merchant business practices. These orders often include fraudulent Visa, MasterCard, and Discover Network numbers for payment, which have led to high volumes of chargebacks and signifi-cant merchant losses. These fraudulent schemes particularly target businesses that do not usually handle mail or telephone transactions. Please use caution with any orders received from unusual sources. You must know for certain that you are dealing with the authorized user of the card that is being offered. Never provide cash back to the cardholder under any circumstances.


UNDERSTANDING AND AVOIDING CHARGEBACKSA chargeback is a transaction that an Issuer returns to BB&T Merchant Services — and most often, to the merchant — as a financial liability. In essence, it reverses a sales transaction, as follows:

• The card issuer subtracts the transaction dollar amount from the cardholder’s credit card account. The cardholder receives a credit and is no longer financially responsible for the dollar amount of the transaction.

• The card issuer debits BB&T Merchant Services for the dollar amount of the transaction.

• BB&T Merchant Services may deduct the transaction dollar amount from the merchant’s account. The merchant may lose the dollar amount of the transaction.

For merchants, chargebacks can be costly. You can lose both the dollar amount of the transaction being charged back and the related merchandise. You also incur your own internal costs for processing the chargeback.

Why Chargebacks Occur

The most common reasons for chargebacks include:

• Customer disputes

• Fraud

• Processing errors

• Authorization issues

• Nonfulfillment of copy requests (only if fraud or illegible)

Although you cannot avoid the occurrence of chargebacks completely, you can take steps to reduce or prevent them. Many chargebacks result from easily avoidable mistakes, so the more you know about proper transaction-processing procedures, the less likely you will be to inadvertently do or fail to do something that might result in a chargeback.

Of course, chargebacks are not always the result of something merchants did or did not do. Errors are also made by merchant banks, card issuers, and cardholders.

Avoiding Chargebacks

Most chargebacks can be attributed to improper transaction-processing procedures and can be prevented with appropriate training and attention to detail. The following best practices will help you minimize chargebacks.

IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

Your merchant account is debited the same day the chargeback notification is mailed.

Chargeback Remedies

Even when you do receive a chargeback, you may be able to resolve it without losing the sale. Simply provide BB&T Merchant Services with additional information about the transaction or the actions you have taken related to it. For example, you might receive a chargeback because the cardholder is claiming that credit has not been given for returned merchandise. You may be able to resolve the issue by providing proof that you submitted the credit on a specific date. Send this information to BB&T Merchant Services in a timely manner.

The key in this and similar situations is always to send BB&T Merchant Services as much information as possible to help remedy the chargeback. With appropriate information, BB&T may be able to resubmit, or “re-present,” the item to the card issuer for payment.

Timeliness is also essential when attempting to remedy a chargeback. Each step in the chargeback cycle has a defined time limit during which action can be taken. If you do not respond during the time specified on the request— which may vary depending on Card Association rules— BB&T will not be able to remedy the chargeback. Although many chargebacks are resolved so that the merchant does not lose the sale, some cannot be remedied. In such cases, accepting the chargeback may save you the time and expense of needlessly contesting it.

Point of Sale

• Declined Authorization. Do not complete a transaction if the authorization request was declined. Do not repeat the authorization request after receiving a decline; ask for another form of payment.

• Transaction Amount. Do not estimate transaction amounts. For example, restaurant merchants should authorize transactions only for the known amount on the check; they should not add on a tip.

• Referrals. If you receive a “Call” message in response to an authorization request, do not accept the transaction until you have called the authorization center. In such instances, be prepared to answer questions. The operator may ask to speak with the cardholder. If the transaction is approved, write the authorization code on the sales receipt. If declined, ask the cardholder for another form of payment.

• Expired Card. Do not accept a card after its “Good Thru” or “Valid Thru” date unless you obtain an authorization approval for the transaction.

• Card Imprint for Key-Entered Card-Present Transactions. If you must key-enter a transaction to complete a card-present sale, make an imprint of the front of the card on the sales receipt, using a manual imprinter. Even if the transaction is authorized and the cardholder signs the receipt, the transaction may be charged back to you if the receipt does not have an imprint of the embossed account number and expiration date.

• Cardholder Signature. The cardholder’s signature is required for all card-present transactions. Failure to obtain the cardholder’s signature could result in a chargeback if the cardholder later denies authorizing or participating in the transaction. When checking the signature, always compare the first letter and spelling of the surname on the sales receipt with the signature on the card. If they are not the same, ask for additional identification or make a Code 10 call.



• Digitized Cardholder Signature. Some cards have a digitized cardholder signature on the front of the card, in addition to the hand-written signature on the signature panel on the back. However, checking the digitized signature is not sufficient for completing a transaction. Sales staff must always compare the customer’s signature on the sales receipt with the hand-written signature in the signature panel.

• Fraudulent Card-Present Transaction. If the cardholder is present and has the account number but not the card, do not accept the transaction. Even with an authorization approval, the transaction can be charged back to you if it turns out to be fraudulent.

• Legibility. Ensure that the transaction information on the sales receipt is complete, accurate, and legible before completing the sale. An illegible receipt, or a receipt that produces an illegible copy, may be returned because it cannot be processed properly. The growing use of electronic scanning devices for the electronic transmission of copies of sales receipts makes it imperative that the item being scanned be very legible.

Avoid Illegible Transaction ReceiptsEnsuring legibility of transaction receipts is key to minimizing copy requests and chargebacks. When responding to a copy request, you will usually photocopy or scan the transaction receipt before mailing or electronically sending it to BB&T Merchant Services. If the receipt is not legible to begin with, the copy that the bank receives and then sends to the card issuer may not be useful in resolving the cardholder’s question. If this occurs, the transaction may be returned to you as a chargeback for an illegible copy. At this point, unless you can improve the readability of the transaction receipt, you may end up taking a loss on the transaction.

The following best practices are recommended to help avoid illegible transaction receipts.

• Change point-of-sale printer cartridge routinely.

Faded, barely visible ink on transaction receipts is the top cause of illegible receipt copies. Check readability on all printers daily, and make sure the printing is clear and dark on every sales draft.

• Change point-of-sale printer paper when the colored streak first appears.

The colored streak down the center or the edges of printer paper indicates the end of the paper roll. It also diminishes the legibility of transaction information.

• Keep the white copy of the transaction receipt.

If your transaction receipts include a white original and a colored copy, always give customers the colored copy of the receipt. Since colored paper does not photocopy as clearly as white paper, it often results in illegible copies.

• Handle carbon-backed, silver-backed, or carbonless paper carefully.

Silver-backed paper appears black when copied. Any pressure on carbon backed or carbonless paper during handling and storage causes black blotches, making copies illegible.

Sales-Receipt Processing

• One Entry for Each Transaction. Ensure that transactions are entered into point-of-sale terminals only once and are deposited only once. You may get a chargeback for duplicate transactions if you:

– Enter the same transaction into a terminal more than once

– Process the same transaction with more than one merchant bank

• Voiding Incorrect or Duplicate Sales Receipts. Ensure that incorrect or duplicate sales receipts are voided and that transactions are processed only once.

• Close your Batches as quickly as possible, preferably within 24 hours of the transaction date; do not hold on to them.

• Process credit transactions as quickly as possible.

• Ship Merchandise Before Processing Transaction. For card-not-present transactions, do not process the transactions until you have shipped the related merchandise. If customers see a transaction on their monthly card statement before they receive the merchandise, they may contact their Issuer to dispute the billing. Similarly, if delivery is delayed on a card-present transaction, do not deposit the sales receipt until the merchandise has been shipped.

• Requests for Cancellation of Recurring Transactions. If a customer requests cancella-tion of a transaction that is billed periodically (monthly, quarterly, or annually), cancel the transaction immediately or as specified by the customer. As a service to the customer, advise the customer in writing that the service, subscription, or membership has been cancelled and state the effective date of the cancellation.

• Disclosing Refund, Return, or Service Cancellation Policies. If your business has policies regarding merchandise returns, refunds, or service cancellations, these policies must be disclosed to the cardholder at the time of the transaction. Your policies should be pre-printed on your sales receipts, if not, write or stamp your refund or return policy information on the sales receipt near the customer signature line before the customer signs (be sure the information is clearly legible on all copies of the sales receipt). Failure to disclose your refund and return policies at the time of a transaction could result in a dispute if the customer returns the merchandise.


IMPORTANT

!

IMPORTANT

!

IMPORTANT!

IMPORTANT

IMPORTANT

For questions regarding chargebacks or sales receipt requests, please call 1-877-672-4228, option 3.

PAYMENT CARD INDUSTRY DATA SECURITY STANDARDSRequirements for Protecting Transaction Data

Combating fraud is the shared responsibility of all parties involved in payment card transactions. Visa, MasterCard and Discover Network are reaching out to merchants, acquirers and other partners to minimize risk and share requirements for safeguarding transaction data. Below are the 12 requirements included in the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS can be viewed in its entirety at www.mastercard.com/us/sdp or www.v isa .com/c isp, http : / /d iscovernetwor k .com/fr audsecur i ty /d isc .html/ or www.pcisecuritystandards.org. Compliance with the PCI DSS helps preserve the integrity of the payments system and maintains consumer confidence. Depending on your processing methodand type of business, BB&T may require you to engage with a PCI SSC Qualified Security Assessor (QSA) or Approved Scanning Vendor (ASV) and receive PCI compliance certification.

Any merchant or service provider that stores, processes, or transmits cardholder information must comply with these standards. All eligible merchants and service providers, regardless of size (or in the case of service providers, whether they support issuing or merchant activity)must comply with the 12 basic requirements outlined below.

1. Install and maintain a firewall configuration to protect data. Firewalls are computer software devices that control traffic in the company’s network. This includes unauthorized access from the Internet, as well as access to sensitive areas from the company’s internal network.

2. Avoid vendor-supplied defaults for system passwords. Hackers attempt to identify these passwords and settings, and use them to compromise systems. You should always change these defaults before installing a system on the network.

3. Protect stored transaction data. Keep transaction storage to a minimum and never store sensitive authentication data after authorization. Take precautions to make stored transaction data unreadable through encryption or some other secure and robust approach.

4. Encrypt transaction data when transferred over networks. Sensitive information should always be encrypted during transmission over wireless networks or the Internet, as it is often easy to divert or intercept data while in transit. Never send encrypted transaction information via E-mail.

5. Utilize anti-virus software or programs. Install these mechanisms on all systems that can be affected by viruses and ensure that these systems are current, running, and capable of generating audit logs.

6. Develop and maintain secure systems and applications. As a participating merchant or service provider, you must ensure that all components have the latest vendor security and software patches to protect against external hackers and viruses. Develop standard system development processes and secure coding techniques.

4.1BB&T Merchant Ser v ices – D a t a S e c u r i t y / C o m p l i a n c e

7. Restrict access to data. Limit access to resources and cardholder information to employees who need access to the information to do their jobs and limit access only to what is needed. Establish a mechanism for systems with multiple users that restrict access based on an individual’s need to know.

8. Assign a unique username and password to each person with computer access to transaction data. This allows for all actions taken on the system to be identified and tracked. Take necessary precautions to protect user identification and immediately revoke access by terminated users.

9. Restrict physical access to transaction data. Use appropriate facility entry controls and monitor access. Develop procedures to help personnel easily distinguish between employees and others. Destroy media containing transaction information when it is no longer needed.

10. Track and monitor access to network resources and transaction data. Logging mechanisms and tracking user activity is critical to uncovering unauthorized and illegal activity.

11. Regularly test security systems and processes. New vulnerabilities are continually being discovered. Consistent testing ensures security maintenance.

12. Maintain an information security policy. A strong security policy sets the security tone for the entire company.

Data Security Frequently Asked Questions (FAQs)

Below are answers to frequently asked questions about how to best store, secure and share cardholder information to protect against many forms of fraud. We encourage you to share this information with your partners in the merchant community.

Q. Where do I find the payment industry requirements for account data security?

A. The Payment Card Industry Data Security (PCI DSS) is available on any of the following websites:

the Visa website at www.visa.com/cisp, the MasterCard website at www.mastercard.com/us/sdp, the Discover Network at http://discovernetwork.com/fraudsecurity/disc.html or the PCI Security Standards Council website at www.pcisecuritystandards.org. This standard was developed jointly by MasterCard,Visa and Discover Network and has

been endorsed by other payment brands.

Q. What transaction information can be stored, and what cannot?

A. Once the authorization process is complete, only specific information should be retained.Merchants and third-party agents may securely store the cardholder name, account number, expiration date but should destroy all other transaction information after the Authorization Request Response message is received. This includes discretionary card-read data, CVC2/CVV2 data, PIN data, and address verification service (AVS) data. Failure to adhere to this standard will result in significant fines and termination of your account.

4.2 BB&T Merchant Ser v ices – D a t a S e c u r i t y / C o m p l i a n c e

Q. Where can transaction information be stored?

A. As stated in the PCI DSS, all systems and media containing transaction data must be protected in a secure environment to which access is controlled and limited to selected personnel. Merchants must establish procedures that control all means of access and use a password system to maximize the security of their transaction and cardholder information. REMEMBER: IF YOU DON’T NEED IT, DON’T STORE IT.

Q. Do data storage requirements apply to third-party agents?

A. Yes. The PCI DSS applies to anyone who stores, processes or transmits payment data, including members, merchants and third parties. Third-party agents include Web hosting companies, payment gateways, terminal drivers, software providers and processors. The merchant must inform its bankcard acquirer of its third-party agents – terminal and software vendors, anyone providing transaction processing, sorting or other services – and ensure that these agents adhere to all applicable data security standards.

Q. Does the PCI DSS apply to all merchants or only to online merchants?

A. PCI DSS is mandatory for all merchants, third party agents, and service providers.

Q. Who should assess and regulate security in merchant systems and networks?

A. According to Visa, MasterCard and Discover Network mandates, and depending on the size of a business, merchants may be required to take steps necessary to validate compliance. These steps mayI nclude: an annual onsite audit, quarterly network scan and/or an annual self-assessment questionnaire (SAQ). For merchants, onsite audits may be conducted by qualifiedonsite assessors or by the merchant’s qualified and authorized staff. Qualified scanningvendors must conduct network scans, and the merchant’s internal staff is responsible for completing the SAQ. All PCI compliance validation requirements are listed on the following websites: www.mastercard.com/us/sdp, www.visa.com/cisp, http://discovernetwork.com/fraudsecurity/disc.html, www.pcisecuritystandards.org

Visa, MasterCard and Discover Network are reaching out to merchants, acquirers and their partners to share and publicize these requirements and best practices, and thereby help protect transaction and cardholder information. These policies help to safeguard the entire payments industryand maintain consumer confidence.

BB&T Merchant Services strives to be a trusted business partner to you and your customers.Merchants who are interested in learning more about this initiative can log ontowww.mastercard.com/us/sdp, www.visa.com/cisp, http://discovernetwork.com/fraudsecurity/disc.htmlor www.pcisecuritystandards.org


IF YOU HAVE A SECURITY BREACH

If you experience a suspected or confirmed security breach, you should:

• Immediately contain and limit the exposure.

To prevent any further loss of data, conduct a thorough investigation of the suspected or confirmed loss or theft of account information within 24 hours of the compromise.

– Do not access or alter compromised systems. Do not log on to the machine or change passwords.

– Do not turn off the compromised machine. Instead, isolate compromised systems from the network by unplugging their cables.

– Preserve logs and electronic evidence.

– Log all actions taken.

– If using a wireless network, change the service set identifier (SSID) — or network name — on the access point (AP) and on other machines that may be using this connection (with the exception of any systems believed to be compromised).

– Be on HIGH alert and monitor all payment systems.

• Alert all necessary parties. Be sure to contact:

– Your internal information security group, incident response team and legal department

– Your merchant bank : BB&T Merchant Services at 1-877-672-4228.

Contact must be made immediately and no later than 24 hours after discovery of a suspected breach. BB&T will follow up with you to discuss the compromise and review the action required to demonstrate the ability to prevent future loss or theft of transaction information.

Provide all compromised accounts to your BB&T Merchant Services within 10 businessdays. All potentially compromised accounts must be provided and transmitted as instructedby your merchant bank and card associations. The card associations will distribute thecompromised account numbers to Issuers and ensure the confidentiality of entity and nonpublic information.

Within 3 business days of the reported compromise, provide an Incident Report document to BB&T Merchant Services.

4.4 BB&T Merchant Ser v ices – D a t a S e c u r i t y / C o m p l i a n c e

MERCHANT WEBSITE REQUIREMENTS

Note: Merchants must notify BB&T Merchant Services prior to establishing a website and accepting payment transactions online.

The Card Associations require that you include certain content or features on your website. These elements are intended to promote ease of use for online shoppers and reduce card-holder disputes and potential chargebacks.

• Complete description of goods and services. Remember you have a global market, which increases opportunities for unintended misunderstandings or miscommunications. For example, if you sell electrical goods, be sure to state voltage requirements, which vary around the world.

• Customer service contact information, including e-mail address or phone number. Online communication may not always be the most time-efficient or user-friendly for some customers. Including a customer service telephone number as well as email address promotes customer satisfaction.

• Return, refund, and cancellation policy. This policy must be clearly posted.

(See Disclosure for Card-Not-Present Merchants on page 3.5.)

• Delivery policy. Merchants set their own policies about delivery of goods; that is, if they have any geographic or other restrictions on where or under what circumstances they provide delivery. Any restrictions on delivery must be clearly stated on the website.

• Country of origin. You must disclose the permanent address of your establishment on the website.

• Export restrictions (if known).

Best Practices for the Web

Suggested best practices for merchant websites include:

• Privacy statements.

• Information on when credit cards are charged. You should not bill the customer until merchandise has been shipped.

• Order-fulfillment information. State timeframes for order processing and send an email confirmation and order summary within one business day of the original order. Provide up-to-date stock information if an item is back-ordered.

• Customer service timeframes. Ideally, customer service emails or phone calls should be answered within two business days.

• A statement on website regarding security controls used to protect customers.

• A statement encouraging cardholders to retain a copy of the transaction.


Merchants cannot convert transaction amounts into a different currency. Equivalent amounts in other currencies may be shown, but they must be clearly labeled as being listed for information only.

MER

CH

AN

TT

IP

BB&T Merchant Connection® Web Based Reporting Through BB&T Merchant Connection, you have immediate access to everything you need to know about your account 24 hours a day.

ONLINE CONVENIENCE

All you need is a computer with the minimum operating requirements* and access to the Web. No special skills are needed. No more waiting for your monthly merchant statement to arrive in the mail. The information is at your fingertips for instant access.

*Minimum operating system requirements are: Internet Explorer 6.0 sp2 or higher; Adobe Reader version 8.0 or higher; Adobe Flash Player version 9 or higher; Pop-up windows should be allowed to pop-up and not be forced into a new window/tab or blocked from view. If a pop-up blocker is enabled on your browser, the pop-up blocker needs to allow pop-up windows for www.mreports.com.

Start Using the Speed of the Internet Right Away

Take a moment to look over the features on the following pages, then log on to see how these powerful advantages can save you time and help you more efficiently run your business.

• Performsalesvolumecomparisonsandanalyzepotentialmerchantfraud.

• Monitorbatchesforhighrisktransactionactivity.

• Report features includeflexibledate ranges, long-term storage,datafiles and chain re-ports.

• Downloadreportdataforimportintoyouraccountingsoftware.

Information Security

• AllinformationiscommunicatedthroughthewebusingSSL-encryption,thewebstandard.

• AccessrequiresuseofabankissueduserIDandpassword.

Common Report Features

•Changethestartandenddatesforreportstoviewinformationbyday,orrolledupbyweek, month, or any other date range.

•Upto30monthsofhistoricaldata.

• Forbusinesseswithmultiplelocations,usesummaryreportstoseeinformationforthebusiness as a whole, as well as detailed reports for each individual location.

•Clickonunderlineddollar amounts to seemore information,or clickonunderlinedcolumn headings to list information in alpha or numeric order.

For more information: www.bbt.com/merchantservices

Everything You Need To Know 24 Hours A Day, 7 Days A Week

5.1BB&T Merchant Ser v ices – C u s t o m i z e Yo u r S o l u t i o n

CHECK SERVICESWithoptionsavailablethroughBB&TMerchantServices,youcanremovealmostalloftheuncertainties when accepting a paper check:

• WithElectronic Check, you convert paper checks into electronic funds transfers at the point of sale, and funds are moved electronically from consumer’s account to your account through the Automated Clearing House (ACH) network.

•WithCheck Verification, you take advantage of a verification system at the point of sale to identify potential check fraud and habitual bad check writers before you accept a check. Or you can choose to have us guarantee payment.

These services allow you to reduce losses due to check fraud and non-sufficient funds, shorten the time required for checks to clear, and please your customers by continuing to offer the option of paying by check.

Electronic Check Conversion Options

You may choose from two options in the conversion process:

• Conversion Only – Paper checks are converted at the point of sale with account verification. A third-party processor will determine the probability that the check will be paid. The risk of loss remains with you.

• Conversion With Guarantee – A guarantor ensures that you receive payment for the check.

Check Verification

If you prefer a more traditional approach to accepting payment by check, our Check Verification serviceallowsyoutoreducetheacceptanceofNSFswhilecontinuingtodepositchecksatyour bank. The process is transparent to your customers.

Check Verification Options

You can choose from two options in the verification process:

• Verification Only – Checks are verified at the point of sale against national databases to identify habitual bad check writers or the potential for check fraud.

•Verification With Guarantee – BB&T guarantees that you will be reimbursed in full for most returned checks. Payroll checks, third-party checks, and money orders are among the few items not eligible for the program.

5.2 BB&T Merchant Ser v ices – C u s t o m i z e Yo u r S o l u t i o n

5.3BB&T Merchant Ser v ices – C u s t o m i z e Yo u r S o l u t i o n

Benefits to You

The Check Verification program provides you with greater confidence in the checks you accept, while contributing to a smooth sales transaction at the point of sale. Other benefits include:

•Reducedexposuretofraud

• Smootherandfastercheckoutforcustomers

• Reducedlossesfromnon-sufficientfunds

• Improvedefficiencyresultingfromfewerreturnedchecksandcollections (verification with guarantee option)

• Uninterruptedcashflow(verificationwithguaranteeoption)

For details, talk with your BB&T Merchant Sales Consultant, or call 1-877-MRCHBBT (672-4228).

BB&TMerchantServicesisadivisionofBB&TFinancial,FSB,asubsidiaryofBB&TCorporation.MemberFDIC.

5.4 BB&T Merchant Ser v ices – C u s t o m i z e Yo u r S o l u t i o n

GIFT CARDS

Whether you’re a small merchant or a large chain, you know you can take advantage of the efficiency and profitability of gift cards. They are among the fastest growing merchant products ever introduced, with more than 115 billion cards issued and growth above 20 percent annually.

These pre-paid cards carry your business’ name. They allow your customers to determine the value they want to store on the card and the ability to pay by credit card, check or cash. Card buyers are making a commitment to purchase from you before they select the products or services you offer.

Youmayalsousethecardtoprovideextraconveniencetoyourfrequentbuyersorrecognizeand reward preferred customers. The gift card program can be used for special sales and promotions and is a great tool to attract new customers.

Ring up the Benefits

Greater brand awareness. Increased sales. Improved customer loyalty. Your store-branded card delivers these benefits…and more.

You keep the full cash value of stored value card sales in your store. Customers tend to be less price sensitive, which means the cards actually generate additional sales.

Storedvaluecardsalsorepresentagreatpromotionaltoolforyou.Thecardsareanever-present reminder of your business. They bring customers back frequently so that you become their shopping destination.

Ease of Use

Thestoredvaluesystemflowssmoothly forcustomersandmerchants.Cardsareeasytopurchase and use. Activation, sales, and balance inquiries all occur in real time between your point of sale terminal and our processing center. The transaction is fulfilled, data is captured, and a response is transmitted back to your terminal where paper receipts – including the card balance – can be generated for you and your customer.

LooktoBB&Ttoprovidea full rangeofsupport in implementingyourstoredvaluecardprogram. Turnkey marketing and promotional materials, such as counter displays, posters, and table tents, are available.

Youcanchoosetheprogramthatmatchesyoursizeandneeds,orwe’llcustomizeaprogramjust for you – all on an accelerated schedule that usually can have your program ready to roll out in just a few days. And you’ll get ongoing support that is readily accessible through our helpdeskandClientSupportCenter.

For details, talk with your BB&T Merchant Sales Consultant, or call 1-877-MRCHBBT (672-4228).


5.5BB&T Merchant Ser v ices – C u s t o m i z i n g Yo u r S o l u t i o n

OTHER CARD TYPES

BB&Tcancustomizeyourprogramtoacceptanyandallmajorcreditcardpaymentoptions,includingVISA, MasterCard, American Express, Discover Network, Wright Express, andVoyager plus purchasing cards, Electronic Benefits Transfer (EBT) cards, debit cards, and healthcare spending cards. Accepting other card types can increase your customers’ spending with you but understanding these different card types can be challenging. Almost everyone isfamiliarwithVisa,MasterCard,AmericanExpress,andDiscover,butwhataboutothercardtypes? Would accepting them increase your sales, customer loyalty, or bottom line?

American Express Cards – These cards for both consumers and businesses have significantly grown in popularity over the last several years. As demand for acceptance of American Express cards grow, if you are not already, you may decide to accept these card types. BB&T Merchant Servicescanprovidepricinganddocumentationtogetyoustarted.

Wright Express and Voyager Fleet Cards – Fleet Cards are generally used by companies thathavea“fleet”ofvehiclesusedasapartofthebusiness.Dependingonwherethecardis used, the card will prompt for additional information in order to accept the transaction. Asthepopularityoffleetcardsgrows,demandfortheacceptanceofthesecardswillgrowas well. Fleet cards can be accepted by both fuel and nonfuel merchants that have clients requestingfleetcardacceptance.Mostcommonly,fleetcardsareacceptedatconveniencestores, auto repair shops, car washes, and auto part stores.

Commercial Cards–Thesecards,whicharesimilartofleetcardswiththeiradvancedreporting and additional prompts, are used by companies that prefer to use cards over checks fortheirlowdollarpurchases.ByacceptingMasterCardandVISAyouwillautomaticallybeable to accept these cards; however, you may not be passing the additional data requested by this card type. Merchants performing a significant number of business-to-business transactions may receive requests to process commercial cards.

Electronic Benefits Transfer (EBT) – EBT is a card program that allows recipients toauthorizetransferof theirgovernmentbenefits fromaFederalaccount toamerchantaccounttopayforproductsreceived.EBTiscurrentlybeingusedinmanyStatesto issuefood stamps and other benefits. EBT cards are generally accepted at grocery stores and other retailerswheregovernmentsubsidizedpurchasingisallowed.

Debit Cards–AlthoughacceptingVISAandMasterCardallowsyoutoacceptdebitcards,you may choose to accept PIN-based debit, where the customer enters their PIN at the point of sale. This eliminates the customer’s signature and may reduce your cost.

HealthCare Spending Cards – These cards have become increasingly popular as insurance providers look to save money and create efficiencies. HealthCare Spending Accounts(HSAs)andFlexibleSpendingAccounts(FSAs)aregenerallyacceptedatmedicalpractices,pharmacies,andhospitals.(SpecialsoftwaremayberequiredtomeetIRSrequirements.)

No matter how your customers choose to pay, we’ll help make the process a positive experience.

For details on accepting any of these card types call 1-877-MRCHBBT (672-4228).


5.6 BB&T Merchant Ser v ices – C u s t o m i z i n g Yo u r S o l u t i o n

BankCard Services

BB&T offers the versatile Visa Business Credit Card to business clients requiring a credit line less than $100,000 to meet their everyday business purchasing needs and Visa Commercial OneCard solutions to business clients requiring a credit line greater than $100,000 to meet their purchasing, corporate or fuel and business vehicle needs.

These simplified choices replace cash, checks and personal credit cards - and are offered with noannualorper-cardfee,24/7onlineaccountaccessandmaintenance,aswellascustomizedreportsandindividualizedaccountstatements.Inaddition,theVisaLiabilityWaiverProgramand proactive fraud monitoring are included features.

The BB&T Visa Platinum Credit Card gives you convenient credit on a personal level for everyday items or special purchases. Accepted at over 32 million merchant locationsworldwide, the BB&T Platinum Card comes withzeroliabilityforunauthorizeduseandeasyonline account management with Credit Card Connection. And a low introductory rate, 25-day grace period and optional BB&T Rewards Program add to the superior value that the BB&T Platinum Card offers.

For complete details on BB&T ‘s Consumer and Commercial Credit Cards, please call 1-800-397-1253 or visit a local BB&T financial center.

BB&TcreditcardsaresubjecttocreditapprovalandareissuedbyBB&TFinancial,FSB,asubsidiaryofBB&TCorporation.

MemberFDIC.

Address Verification Service (AVS)A service that a mail/telephone order merchant can perform to verify that the street number and zip code that the cardholder provides the Merchant matches the address on file with the card- issuing bank. AVS is designed to reduce fraud.

Account NumberThe payment card number (credit or debit) that identifies the issuer and the particular cardholder account.

AcquirerA financial institution that initiates and maintains contractual agreements with merchants for the purpose of accepting and processing credit and debit card transactions (also: Card Acquirer, Financial Institution, Merchant Bank).

AuthenticationThe process of verifying identity of a subject or process.

AuthorizationThe process of validating with the card issuing institution that funds are available on the card at the time the authorization request is submitted by the merchant.

Authorization CodeA numerical code designated by the issuer, given at the time the transaction is approved by the card issuer. If the transaction is declined, the issuer will respond with a “decline” response. The code is always included on the electronically printed sales receipt. If a manual sales draft needs to be created by the merchant, the original approval code must be included on this draft.

Batch ProcessingThe authorization of transactions offline when immediate approval is not required. Transactions are collected in a batch and sent as one transmission for authoriza-tion and/or settlement. Batch processing is generally used with mail/telephone order transactions.

Card-Not-PresentA type of card transaction in which the card is not present at the point of sale for the magnetic stripe to be read. These are considered higher risk transactions.

Card-Validation CodeThe three-digit value printed on the signature panel of a payment card used to verify card-not-present transactions. On a MasterCard payment card this is called CVC2. On a Visa payment card this is called CVV2.

CardholderThe customer to whom a card has been issued or the individual authorized to use the card.

6.1BB&T Merchant Ser v ices – G l o s s a r y / R e s o u r c e s

Cardholder DataAll personally identifiable data about the cardholder and relationship to the Member (i.e., account number, expiration date, data provided by the Member, other electronic data gathered by the merchant/agent, and so on). This term also accounts for other personal insights gathered about the cardholder (i.e., addresses, telephone numbers, and so on).

ChargebackA bankcard transaction disputed by a cardholder. The dispute is sent from the cardholder’s issuing bank to the merchant’s bank for review.

Check GuaranteeA service that guarantees check payment to a mer-chant up to a specified amount. However, merchants are required to perform correct authorization procedures.

Check VerificationA service that provides merchants with some secu-rity against bad checks. The person writing the check is matched against a national negative file database to flag outstanding or bad checks on record from other members of this service.

CompromiseAn intrusion into a computer system where unauthorized disclosure, modification, or destruction of cardholder data may have occurred.

ConsumerIndividual purchasing goods and /or services.

DBADoing Business As. Compliance validation levels are based on the transaction volume of a DBA or chain of stores (not of a corporation that owns several chains).

Dial-Up TerminalAn authorized terminal that uses a telephone line to communicate with the authorization center.

Discount RateThe fee charged by the merchant financial institution to the merchant for services rendered in connection with processing card sales transactions.

EBTElectronic Benefits Transfer - The automation of government benefits through electronic authoriza-tion, data capture and settlement processes. Plastic cards with magnetic stripes are used, eliminating paper benefits and coupon distribution.

ECRElectronic Cash Register - A cash register that also emulates a point-of-sale terminal for processing credit card transactions.

Glossary/Resources

EDCElectronic Draft Capture – The use of a point-of-sale device to authorize and settle credit card transac-tions.

EFTElectronic Funds Transfer – An electronic system that automatically moves funds, e.g., an ATM withdrawal or pay-by-phone transaction.

FirewallHardware and/or software that protect the resources of one network from users from other networks. Typically, an enterprise with an intranet that allows its workers access to the wider Internet must have a firewall to prevent outsiders from accessing its own private data resources.

Force-postThe process by which a voice-authorized transac-tion is key-entered to be settled electronically with a batch of transactions. Also know as a post-auth.

GatewayManages the electronic connection between consumers and their financial institutions and transmits data.

Gift CardA reusable, stored-value card that enables merchants to have an electronic alternative to paper gift certificates.

HostThe main hardware on which software is resident.

ImprinterA device used to imprint embossed card information onto a sales draft for payment card transactions. An imprinter is used if the card is present and the POS device cannot read the contents of the magnetic stripe.

Information SecurityProtection of information for confidentiality, integrity and availability.

Interchange FeeA fee that acquiring banks must pay issuing banks to offset the issuer’s cost of funds and processing expenses.

IP addressAn IP address is a numeric code that uniquely identifies a particular computer on the Internet.

Magnetic StripeA panel located on the back of a payment card containing magnetically encoded cardholder account information.

6.2 BB&T Merchant Ser v ices – G l o s s a r y / R e s o u r c e s

Magnetic Stripe Data (Track Data)Data encoded in the magnetic stripe used for authorization during a card present transaction. Entities may not retain full magnetic stripe data subsequent to transaction authorization. Specifically, subsequent to authorization, service codes, discretionary data/CVV, CVC and MasterCard/Visa reserved values must be purged; however, account number, expiration date, and name may be extracted and retained.

Magnetic Stripe ReaderA point-of-sale device that reads the encoded information from the magnetic stripe when the card is passed through the reader. Readers may read Track Two, which contains the cardholder account number and expiration date, or both Track Two and Track One, which contains the cardholder name.

NetworkA network is two or more computers connected to each other so they can share resources.

Offline DebitDebit transaction that occurs when a Visa/Master-Card check card is authorized through the credit card system and the amount is debited from the cardholder’s checking (DDA) account.

Offline TransactionA transaction that is authorized through a voice authorization and later keyed into a POS terminal prior to settlement.

PasswordA string of characters that serve as an authenticator of the user.

PINPersonal Identification Number – A numeric code used as verification to complete a transaction via a payment card. The number is entered in to a keypad and is encrypted to travel along with the authorization.

POSPoint of Sale – The location in which a payment card transaction occurs, usually by way of a device such as a credit card terminal or cash register.

POS TerminalA terminal at the point of sale, connected via telecommunication lines to a central computer. Authorization, recording, and transmission of electronic transactions are performed through the terminal.

Private Label CardA card issued by a merchant that can only be used in the issuing merchant’s business. An example would be a department store credit card.

Reason CodeA two-digit code identifying the reason a chargeback was initiated.

Re-authorization (re-auth, add auth)To request an additional amount to be authorized on an existing transaction. Used in the lodging industry when the original authorization is not sufficient to cover the charges.

Recurring TransactionA transaction charged to a cardholder’s account (with prior permission) on a periodic basis for recur-ring goods and services, i.e., health club memberships.

RefundA refund occurs when the merchant rebates all, or a portion, of an original transaction amount to the cardholder. Refunds are made to the same card that was used for the original transaction.

Retail TransactionA face-to-face transaction in which the cardholder presents a card to the merchant to pay for goods or services.

ReversalWhen an acquirer successfully represents a charge-back to the issuer, the chargeback is reversed and the funds are returned to the merchant.

Sensitive Cardholder DataData whose unauthorized disclosure may be used in fraudulent transactions. It includes, the account number, magnetic stripe data, CVC2/CVV2 and expiration date.

SettlementThe process in which a merchant transmits batches of transactions to the acquirer. In interchange, it is the process by which acquirers and issuers exchange financial data resulting from sales transactions, cash advances, merchandise credits, etc.

6.3BB&T Merchant Ser v ices – G l o s s a r y / R e s o u r c e s

Split DialThe capability of a card terminal to dial different telephone numbers to obtain an authorization or settlement of different card types.

SSLAn established industry standard that encrypts the channel between a web browser and Web server to ensure the privacy and reliability of data transmitted over this channel.

T&E CasCards that are developed for and used primarily in travel-related services.

Track OneTrack One information, stored on the magnetic stripe on the back of a card, has the cardholder’s name in addition to the account number and expiration date stored in it.

Track TwoTrack Two information, stored on the magnetic stripe on the back of a card, has the account number and expiration date.

Transaction DataData related to an electronic payment.

TruncationThe practice of removing a data segment. Commonly, when account numbers are truncated, the first 12 digits are deleted, leaving only the last 4 digits.

VAR Value Added Reseller - A third party that certifies its software to be used on a processor’s system.

Voice AuthorizationTransactions authorized by a voice operator. Voice-approved transactions must be “forced” into a terminal batch for settlement.

Resources

BB&T website:

www.BBT.com

BB&T Merchant Services website:

www.BBT.com/merchantservices

BB&T Client Support

1-877-672-4228 Monday – Friday, 8:30 a.m. – 9:00 p.m. (ET)

Visa

http://usa.visa.com/merchants/index.html

Visit this site for information on:

• Visapoliciesandprocedures

• Visamarketingmaterials,stickers,tiptrays,checkpresenters,etc.

Visa Fulfillment

1-800-VISA-311 (1-800-847-2311)

MasterCard

www.mastercard.com/us/merchant

Visit this site for information on:

• MasterCardacceptancepolicies

• ServicesprovidedbyMasterCard

• MasterCardmarketingmaterialssuchasstickers,tiptrays, check presenters, etc.

MasterCard Fulfillment

1-800-622-7747

Discover Network

http://www.discovernetwork.com/clientsupport/signage.htmlVisit this site for Discover Network marketing materials

http://www.discovernetwork.com/getstarted/merchant/merchant.htmlVisit this site for Discover Network policies and procedures

Data Security Related Siteswww.visa.com/cisp www.mastercard.com/us/sdphttp://discovernetwork.com/fraudsecurity/disc.htmlwww.pcisecuritystandards.org

6.4 BB&T Merchant Ser v ices – G l o s s a r y / R e s o u r c e s

BBT.com 5/1/09C0036450000

Documents

BBT Merchant Services Ref Kit_v1