Industry
Spring 2022 American Express Network Changes and What They Mean for Your Business
There are over half a dozen documents for the April 2022 network changes. You could plow through all of them to understand how changes impact your operations, financial forecasting needs, and technical environment. While we’ll never know your merchant model as well as you do, you can think of us as your farmer’s almanac for growing payment processing success. And if you grow your knowledge, you can cultivate better outcomes. Let’s quickly recap the importance of these changes which we introduced in a previous blog:
Changes generally fall into one or more of the following categories: authorizations; capture, settlement, or submission; disputes; fees
Changes are often driven by regulatory changes to protect consumer rights, are released semi-annually, and they often have downstream impacts on reporting, monitoring, and customer experience
Some changes are mandatory, others are not, though changes that aren’t mandated often result in fees if they aren’t implemented
Effective dates can change
Many of the upcoming changes are new to American Express processing but align with other card network processing concepts. Read through everything or skip to the sections most relevant to you business using the links below.
Changes to Recurring Billing Processes
American Express announced requirements to address the use of credentials-on-file without direct participation from the cardmember effective October 14, 2022. The changes will add codes and formats needed to process and identify a merchant initiated transaction (MIT) in authorizations and submission and includes important details about cardholder consent and notifications.
Authorizations on Refunds and Credits
Other card networks have already worked this crop of changes into their rotation yet many merchants may still be trying to figure out how to handle refunds when they are declined or charged back for no approval code. American Express is not making this mandatory—yet—but it’s likely given how this has grown into fees and chargeback losses where it already applied to Visa and Mastercard.
Revised American Express SafeKey Fraud Liability Shift
SafeKey is the American Express version of 3DS and is designed to help reduce fraud. The AESK program shifts the liability of a fraud chargeback to the issuer if the conditions of the program are met.
New Error for Mismatched Merchant Category Codes (MCCs)
A new soft error message was announced in the Notification of Specification Changes (NOSC) April 2022 guide. On the surface, this is a pretty minor change and announcement, but it might grow into something you need to watch out for.
Expansion of Indirect Acceptance Modules Includes Installment Payment Providers (IPPs)
American Express is expanding their support to include marketplace sellers and installment payment providers, which is big news. They’re adding definitions to their glossaries, expanding submission records to include enhanced data, and modifying chargeback requirements.
Reminders About Past Announcements
SafeKey 1.0 will be deprecated and all users must migrate to 2.0 by October, 2022. This is similar to dates for changes to 3DS for Visa/Mastercard as well, and it’s important to not let this sneak up on you.
The inbound fee increased from .060% to 1% on April 1, 2022: this is essentially a cross border fee and applies to charges on cards issued outside of the US and/or Canada, depending on where your business is located
Data encryption format change: this was previously announced for implementation but has been delayed with no new date provided
Into the Weeds
Changes to Recurring Billing Processes: Details
American Express announced requirements to address the use of credentials-on-file without direct participation from the cardmember effective October 14, 2022. The changes will add codes and formats needed to process and identify a merchant initiated transaction (MIT) in authorizations and submission and includes important details about cardholder consent and notifications. New terminology will also be added to their glossary since this is a new concept for American Express:
Cardmember initiated transaction (CIT) - A transaction which involves the direct participation of the cardmember.
Credential-on-file - Any cardmember account data, including but not limited to PAN or token, that is stored by merchants. Merchants may store credentials-on-file to initiate merchant initiated transactions and cardmembers may use their credential-on-file to initiate cardholder initiated transactions
Merchant initiated transaction (MIT) - A transaction based on a prior agreement between cardmember and merchant that is initiated by the merchant without direct participation from the cardmember, through merchant use of account data on file
Original transaction identifier (O-TID) - A transaction identifier (TID) generated by the AEGN during an authorization request for a cardmember-Initiated transaction which links all subsequent merchant initiated transactions back to the original cardmember initiated transaction.
Credentials-on-file are a great way to drive loyalty and reduce friction at checkout. When cards are stored, however, they pose a risk. A great way to reassure your customers, obtain required consent to store the card, reduce customer effort, and improve authorization success would be to use Toucan, our network tokenization service and/or Loon, our account updater service. When you ask the customer for consent to store their card, you can use that event to trigger one of these two Pagos services.
Toucan offers improved security (if you choose to store only the network token value vs. the customer's card) and improves authorization success.
If you want to store the customer’s card, subscribe to Loon so when the cardholder's card is replaced, you’ll have a way to keep the card on file up to date!
Authorizations on Refunds and Credits: Details
Other card networks have already worked this crop of changes into their rotation yet many merchants may still be trying to figure out how to handle refunds when they are declined or charged back for no approval code. American Express is not making this mandatory—yet—but it’s likely given how this has grown into fees and chargeback losses where it already applied to Visa and Mastercard.
The change is expected to ensure that by October 2022 merchants and processors are ready to handle the new authorization message calls. It’s being communicated as a means of improving customer awareness and reducing disputes. The announcement includes changes that will be included in the October Regulations that state “If you choose to support Authorization for Credit, you shall comply with the Authorization requirements as applicable.”
If you already have a process in place to deal with declined refunds on Visa and Mastercard, this should be an easy change to make any time after October or until it’s required. If you are not sure how you are handling things like declines or chargebacks on refunds or credits, this is one more reason to start minding your garden. (We’ll have a blog that digs deeper into this topic.)
Revised American Express SafeKey Fraud Liability Shift: Details
SafeKey is the American Express version of 3DS and is designed to help reduce fraud. The AESK program shifts the liability of a fraud chargeback to the issuer if the conditions of the program are met. The criteria are calculated monthly, based on all charges as determined by American Express. The change is minor but will yield less fraud loss savings and may mean merchants need to prepare a response plan.
Today program eligibility requires either:
A fraud ratio of less than 1% or
Fraud charges of less than U.S. $25,000
After October 14, 2022, the requirements will be to:
Not exceed a 0.9% fraud ratio and
Fraud charges of less than USD $25,000
The change also adds the condition that, if at any time the fraud to sales ratio is exceeded, the merchant must work with American Express to reduce the number of disputed charges coming from their establishment.
Some cards, such as gift cards, are not eligible for the AESK Program, because they cannot be fully authenticated by the issuer at the time of the charge. These are not included in calculations of your ratio.
If you want to create alerts and measurements for these programs, you may want to consider adding a perch for these birds!
Parrot Batch gives you access to the American Express BIN range and card product types as well as Visa, Mastercard, and Discover. Plus, it allows you to use the data anywhere you need it.
Peacock provides a consolidated view of all your chargebacks by type, by the network, with count, and amounts.
Canary allows you to track when your volume of fraud chargebacks on American Express cards reach thresholds in advance of being notified by American Express. This added time and responsiveness—and the ability to quickly determine if the challenges you’re facing are network-specific or not—will save you time and money.
New Error for Mismatched Merchant Category Codes (MCCs): Details
A new soft error message was announced in the Notification of Specification Changes (NOSC) April 2022 guide. This code will be returned when the merchant category code value doesn't correlate with authorization. Direct link merchants and third-party processors are expected to be able to receive and process this new value by October 2022. Certification is not required, but this changes potential monitoring opportunities which (as we have seen before) can grow from changes to fees, and from fees to chargebacks.
Expansion of Indirect Acceptance Modules Includes Installment Payment Providers (IPPs): Details
American Express is expanding their support to include marketplace sellers and installment payment providers, which is big news. They’re adding definitions to their glossaries, expanding submission records to include enhanced data, and modifying chargeback requirements.
These fields are mandatory and certification is required. The name value is the Installment payment Providers (IPPs) which are offering the bill now pay later (BNPL) payment option and the end beneficiary. Additional chargeback response criteria for these transactions require a copy of the IPP’s terms and conditions agreed to by the cardmember and details explaining how the cardmember did not comply with the terms and conditions.
Network Change Documents
We're pitching in to reduce the complexity of payments for businesses with our interpretations of network regulations and changes. However, if you want to get into the weeds, here are some relevant documents to reference and share with your technical teams:
Notification of Specification Changes (NOSC) Publication Date: April 2022
Mandates Publication: April 2022
Global Codes & Information Guide April 2022
Global Credit Authorizations Guides (ISO 8583 1993 (version1 ) April 2022
Global Credit Authorizations Guides XML April 2022
Global Financial Submission Guide April 2022
Merchant Regulations International Aprill 2022
Merchant Regulations U.S April 2022
Access Note: Log into your American Express merchant account to download these documents. If you don't have a direct merchant account with them, ask your payment service provider for them.
Next Steps
Keep an eye on the Pagos Blog for additional updates on industry changes. Interested in working with Pagos? Check out Pagos.ai or contact us for more information.
We've provided the content in this blog post solely to inform and educate. Pagos doesn't provide legal advice and this content shouldn't be taken as such. You're strongly encouraged to consult with your payments partners and legal teams before implementing any changes based on the content in this post.
By submitting, you are providing your consent for future communication in accordance with the Pagos Privacy Policy.