I just got notice from Authorize.net about “MasterCard/Discover Partial Authorization”. Oh joy. Time to take my shopping cart code out for a whirl!
MasterCard and Discover are requiring all merchants to support the requirements with the exception of merchants that exclusively process transactions via batch uploads, mail order/telephone order (MOTO), or recurring payment transactions.
If all you do is ecommerce, then you don’t have to support this feature at all. Internet transactions are classified as MOTO.
The item immediately above it confuses me:
Are e-commerce merchants required to support these changes as well?
Yes, e-commerce merchants are required to offer at least one opportunity for customers to submit an additional form of payment after receiving a partial approval.
While I can’t speak to the US but in the UK this isn’t true - MOTO is for when you receive the customers’ CC info by phone or mail and input this into your payment solution, also known as cardholder not present. An ecommerce shop requires the cardholder to input their CC info themselves and so can comply with any additional security requirements (ie password authorisation) without having to pass on CC info to a merchant. Most regulations over here now preclude the merchant (apart from the big stores who can pay millions to develop and maintain a secure system that allows them to accept and process CCs securely) from handling CCs without using a payment gateway such as Protx