Context

Mitigating Payment Processing Risks

The integrity of our payment processing system is crucial for the uninterrupted operation of our platform. The recent requirements from Visa to include accurate customer data during payment processing highlight a significant risk in our current operations. Presently, our system sends fake data to SIBS, jeopardizing the acceptance of Visa transactions and exposing us to potential legal actions. This document serves to address this critical issue by proposing a solution to integrate the accurate collection and transmission of customer data. The motivation behind this initiative is to ensure the reliability of our payment processing, safeguard our operations from legal risks, and uphold the trust and satisfaction of our customers. The primary objective is to outline the steps needed to transition to a compliant and secure payment processing system.

Problem Statement

Risk of Non-Compliance with Visa Payment Requirements

The current method of processing Visa payments through SIBS lacks compliance with the newly mandated requirements set by Visa. This non-compliance involves the transmission of fake customer data, putting the acceptance of transactions at risk and potentially leading to legal implications.

• Transaction Rejection Risk: Fake data can lead to the rejection of transactions by Visa, impacting customer experience and operational efficiency.

• Legal and Regulatory Issues: Providing inaccurate data violates Visa's regulations, potentially leading to legal actions.

• Customer Trust and Satisfaction: If customers become aware of the data inaccuracies, it could erode their trust and satisfaction with our platform.

• Operational Disruptions: Rejected transactions can cause delays and interruptions in the order fulfillment process, affecting overall business performance.

Target Audience

Persona 1: Customers

• Needs: Secure and reliable payment processing, data privacy, and smooth transaction experience.

• Behaviors: Customers regularly place orders via the Whitelabel App, preferring quick and secure payment methods. They expect transparency and accuracy in handling their personal information.

• Pain Points: Concerns about data privacy, fear of transaction failure, and potential delays in order processing.

• User Story:

  • As a customer, I want to ensure that my payment details are processed securely and accurately, so I don't face issues with my order and have confidence in the platform's reliability.

• Example Use Case: Jane, a regular Burger King customer, tries to place an order but faces transaction rejection due to fake data. Jane contacts Support which is unable to understand why her transaction was denied. Jane then contacts VISA to understand why her transaction is being denied. VISA Support tells Jane that the transaction was denied due to incorrect information. This disrupts her experience and leads to frustration, eroding her trust in the platform.

Persona 2: Support Operators

• Needs: Efficient tools to manage customer issues related to payment failures, clear insights into transaction statuses, and accurate customer data to provide effective support.

• Behaviors: Frequently interact with the Support/Admin Tool to handle customer complaints and resolve payment issues. They rely on accurate transaction data to diagnose problems swiftly.

• Pain Points: Difficulty in resolving issues due to inaccurate data, increased workload from transaction failures, and customer dissatisfaction.

• User Story:

  • As a support operator, I need access to accurate transaction data so that I can quickly resolve payment issues and maintain customer satisfaction.

• Example Use Case: John, a support operator, receives multiple complaints about failed Visa transactions. Due to fake data being transmitted, he struggles to provide accurate solutions, leading to increased call times and customer dissatisfaction.

Expected Outcome

VISA Data Requirements

1. The remaining fields of the 12 originally communicated as being required in AI13277 will be reverted to “required conditional” with the next publication of the Visa Secure Program Guide.

2. At least one phone number out of work, home or mobile must be provided.

3. It is recommended to provide both phone and email data fields for authentication; however, if the market only collects one of the data fields, then providing one of the two options satisfies the minimum data requirement.

4. Only for browser-based transactions

5. Except in markets where the billing address fields do not exist

6. Only for SDK transactions

Must-Haves

1. Accurate Data Collection and Transmission of all Mandatory fields

   • Description: Ensure the collection of the mandatory customer data for Visa transactions

   • Rationale: This is critical to comply with Visa's requirements, preventing transaction rejections and avoiding potential legal and regulatory issues.

   • Perceived Business Value: High. Compliance with Visa's requirements will ensure uninterrupted transaction processing, maintain customer trust, and avoid legal penalties.

2. Integration with PAYCOMET for Accurate Data Transmission

   • Description: Modify the integration with PAYCOMET to transmit the newly required accurate customer data instead of fake values.

   • Rationale: Directly addresses the core issue of sending fake data, ensuring that Visa transactions are processed correctly.

   • Perceived Business Value: High. Ensures compliance, reduces risk of transaction rejections, and upholds the platform's reliability.

3. Integration with SIBS for Accurate Data Transmission

   • Description: Modify the integration with SIBS to transmit the newly required accurate customer data instead of fake values.

   • Rationale: Directly addresses the core issue of sending fake data, ensuring that Visa transactions are processed correctly.

   • Perceived Business Value: High. Ensures compliance, reduces risk of transaction rejections, and upholds the platform's reliability.

Should-Haves

1. Accurate Data Collection and Transmission of all Recommended fields

   • Description: Ensure the collection of the mandatory customer data for Visa transactions

   • Rationale: This is critical to comply with Visa's requirements, preventing transaction rejections and avoiding potential legal and regulatory issues.

   • Perceived Business Value: High. Compliance with Visa's requirements will ensure uninterrupted transaction processing, maintain customer trust, and avoid legal penalties.

Open questions

1. Which fields will be mandatory or optional?

2. To mandatory fields will we add the asterisk in front of the field label/placeholder?

3. Currently, the mandatory validation messages are displayed one by one as the user is filling in. Are we going to follow this behavior? My suggestion is to change this behavior and display all the mandatory messages at the same time. We should change this for the older fields as well.

4. The email and phone number will be pre-filled. In the case of the phone number, will we get this info from the user data or the phone number provided on the delivery details section on the cart page?

5. In case the user enters a credit card of the Mastercard type, will we continue to require the fields, display the fields, and send this information to Paycoment?

6. If the user chooses the "Ticket Restaurant” what will be going on?

7. How will we deal with the vaulted cards?

Success Metrics

Insights

Stakeholder Interviews

[Document here the main insights from interview if applicable]

Analytics

[Document here the main insights from analytics if applicable]

User Research

[Document here the main insights from research if applicable]

Competitor Landscape