Bar Tabs and Credit Cards: The Mixology for POS Developers
Point of sale (POS) systems used in bars and nightclubs have features to support running tabs for customers who order multiple rounds of drinks and pay by credit card—referred to as “bar tabs.” It is a challenge for POS developers to keep the payment process simple for employees and customers while adhering to processing regulations and requirements. Additionally, different merchants have different levels of risk tolerance. For example, a bar in a public airport with unknown customers, where the risk of fraud could be high, may decide that certain penalty fees are worth paying, whereas a local neighborhood bar with a known clientele and lower risk of fraud may not.
Such considerations are the “ingredients” that go into the credit card cocktail—the “mixology” for POS developers. In this paper, we examine each ingredient to help POS developers create a perfect balance between their merchants’ risk tolerance and their needs for customer service, fraud protection, and maintaining compliant authorization practices.
Bar Tab Basics
POS systems designed for food and beverage (F&B) establishments should have easily implemented procedures to open, maintain and close a customer’s tab. What are the basics?
- Be able to open a new customer’s tab by name, seat number or simple identifier. Tabs are customer specific and should be able to “move” with the customer.
- Be able to add multiple “rounds” of items to the running tab, incrementing the total amount due with each round.
- When the customer is ready, present a printed, itemized check. This check informs the customer of the total amount due and initiates the payment process.
- If the customer presents a credit card:
Swipe and process the card for the total amount. The most common way for processing a payment when a tip modification is involved uses a two-step process: Authorization followed by a corresponding Post Authorization.
Insert chip and process the card for the total amount. EMV chip cards are processed in a similar manner to mag-stripe cards, except the transaction request uses a Purchase or Sale request. Depending on your solution, there are two approaches:
If tokenization is not supported on the payment application, the tip modification needs to be added at the time of authorization.
If tokenization is supported, the tip can be adjusted after the authorization with a token request, similar to Authorization and Post Authorization
Manually entered transactions should be discouraged. The need for a manual transaction could indicate fraud. If it is allowed, enforce a rule that all manually entered transactions require an accompanying manual imprint of the card.
Handling bar tabs requires balancing the merchant’s need for greater fraud protection with the need to satisfy card brand regulations. For the cardholder, transparency and clarity is key. The very best practice is to have the server request and physically hold on to the customer’s credit card (or driver’s license) and then swipe the card when the customer requests the final amount.
Implement your bar tabs in clearly defined steps so that any transaction authorization impact is clearly apparent to the cardholder and their account.
Balancing merchant and cardholder fraud controls and card brand regulations
Merchants need to protect themselves, especially in the food and beverage (F&B) industry, from increasing fraudulent card activity, authorization limits, and “dine and dash” customers who purposely find ways to walk out on open tabs. To minimize these risks, POS systems need to offer merchants a way of verifying that credit cards are valid, not reported lost or stolen, and have available funds.
Some businesses require a credit card authorization just to open a tab; some use incrementing pre-authorizations to make sure the card has sufficient funds available; others hold a card or driver’s license until the customer requests the final bill.
To protect cardholders from excessive frozen funds due to multiple pre-authorizations, the card brands have adopted regulations and penalties that aim at reducing a “misuse” of their authorization networks. POS systems are required to process the transactions in a manner that complies with the card brand regulations in order to avoid unnecessary fees.
Card Brand Regulations—Misuse and Zero Floor
The Visa® Misuse of Authorization Network and Zero Floor Limit regulations outlined below were put in place to discourage merchants and the POS systems they use from improperly handling transactions.
Misuse of Authorization Network
The Misuse of Authorization regulation applies to credit card authorizations that are not followed by a matching settled transaction, or in the case of a cancelled or timed out authorization, not properly reversed. Note that the regulations specify, “Properly Reversed.” This means that systems that have relied on “Standard” VoidSale in the past must now add functionality to send a Reversal.
Currently the penalty fee is 4.5 cents per transaction. The penalty applies if a merchant obtains an authorization and does not use it. This penalty was implemented to reduce the occurrence of such authorizations as they can adversely affect a cardholder’s available balance, leading to additional declines.
Zero Floor Limit Fee
The Zero Floor Limit regulation applies to settled transactions that cannot be matched to a previously approved or partially approved authorization.
- Currently this fee is 10 cents per transaction.
- This fee applies to settlement transactions submitted without proper authorization, regardless of cause.
Mixology Ingredients I: Authorization and Post Authorization
The combination of Authorization and Post Authorization is a mainstay of F&B transaction processing. POS developers need to pay particular attention to building these correctly to take advantage of their intended use and avoid unintended misuse.
Whereas the Authorization communicates with the card issuer to confirm, reserve, and set the originating conditions of the transaction, the Post Authorization communicates with the processor to compare, complete and fund the transaction. The card brands enforce this matching requirement. It is the basis for the regulations outlined above.
The Authorization must match the Post Authorization to maintain its best qualifying processing rate—otherwise the transaction reclassifies as a “downgrade” and will have a higher processing rate attached to it.
What is an Authorization? How is it regulated?
- The Authorization hold funds on the available balance of a cardholder’s credit card.
- When an issuing bank approves a Authorization, it reserves the amount requested plus an additional “cushion” of 20%, essentially locking these funds on the credit card.
- Over-authorizing a Authorization for an amount greater than the actual purchase amount and estimating a Authorization amount, are not allowed.
- Authorizations must be finalized using a corresponding Post Authorization.
Why are reversals so important?
Reversals cancel a Authorization transaction by sending the cancellation request directly to the card issuer. The issuing bank can then clear the cardholder’s available open to buy within hours instead of days.
- Before the adoption of reversals, the only option available to POS systems was to use a standard VoidSale, which could remain “pending” on the cardholder’s account for five to seven business days.
- Because Reversals may possibly decline, the card brands mandate support for both Reversal and VoidSale.
Mixology Ingredients II: Card Brand PrePaid Cards and Partial Approvals
Accepting card brand prepaid cards can offer additional challenges for F&B tab handling procedures and tip policies. Card brand prepaid cards can be activated like gift cards with a fixed value that decreases with use. Although they are unique, they look like and are accepted like credit cards, use fixed values like gift cards, and have real-time debit behavior.
- Because these cards are not associated with a cardholder, there is no way to match them to a customer. If a customer rings up a large tab, the risk of potential fraud also increases should the customer present the card for payment and then bails on the balance due.
- Card brand prepaids have a real-time balance that decreases with use. This can present challenges for routine POS functions if the available balance is less than or even equal to the purchase amount.
- Prepaid cards that have a partial amount available pose a similar challenge for tip modification. For example, cardholders present their prepaid card for the tab purchase total amount due of $50:
- If the balance on the card is less than the total check amount, the card issuer will partially authorize the card for only the available balance. The POS handles the balance due.
- Whenever a Partial Approval is returned from the Issuer, this means there are no funds remaining on the card. The following steps should be taken:
a. Immediately request a second form of payment to complete purchase.
b. Capture both the prepaid partial amount and the second form of payment amount.
c. If the second form of payment is a credit card, then present two separate sales drafts for the customer’s signature.
- Card brand rules protect restaurants up to 20 percent of the original authorization for the tip amount. Risk over 20 percent lies with the F&B establishment—this is true for credit cards as well as card brand prepaids. Therefore, if the balance on the card is good, but the cardholder leaves a tip greater than 20 percent, the restaurant is still potentially liable for the amount over 20 percent in a chargeback dispute.
- If the balance on the prepaid card is the same as the initial check total and the cardholder then leaves an additional gratuity, the issuing bank will reject this final overage at the time of the batch settlement. This is because the initial authorization request is sent to the issuer but the final capture is not sent until settlement.
Mixology Ingredients III: EMV Chip Cards
Chip cards add another level of complexity when payment applications support bar tabs because the original concept is for the card to not leave the cardholder’s presence. Unfortunately, use cases such as bar tabs contradict this user interaction. However, by combining the use of tokenization with the proper card verification method (CVM) settings at the merchant level, payment solutions can still accept bar tabs while minimizing user impact and fraud.
Card Verification Method
CVM is the method used to authenticate that the person presenting the card is the valid cardholder. CVMs are selected by the issuers of credit and debit cards and control how EMV cards are authenticated. Chip and signature CVM is one method for validation and typically works better in F&B merchant environments. However, chargeback liability shifts to the least secure party in an EMV transaction. If a cardholder is using a PIN preferring EMV chip card, but the merchant only supports chip and signature verification, the merchant becomes the least secure party in the transaction and may be liable for lost and stolen chargeback liability.
A chip and PIN CVM configuration is useful if you have an EMV device that cardholders can easily access, because they must be physically present at the time of authorization in order to enter their PIN number.
Combining Tokenization with Chip and signature CVM
Similar to Authorization and Post Authorization, this approach allows the merchant to submit an EMV purchase once the final amount is known. Upon authorization, a receipt is provided to the customer to sign and add a gratuity. When a payment application supports tokenization, the merchant will have the ability to modify the EMV purchase with a gratuity after the original authorization.
Bar Tab Mixology
A thumbs up / thumbs down approach
The following outlines three ways of handling credit card payments when implementing bar tabs. Although each option uses tokenization in the transaction sequence, they differ in terms of potential cardholder and card brand impacts.
This approach requires a single authorization on the cardholder’s account and complies with all mag-stripe card brand regulations.
This method requires two requests on the cardholder’s account. The first validates that the card has not been reported lost or stolen (ZeroAuth) by sending a $0.00 amount to the issuer, and the second authorizes the final transaction amount with a token.
This method uses the base sale amount during the authorization and requires a merchant to support chip and signature CVM and tokenization to add the tip after the receipt is signed.