ePay Customer Care: An Expert Guide to Fast, Secure Payments Support

When to Contact Customer Care and How to Classify Severity

Engage ePay customer care when payment availability, settlement timing, chargebacks, or configuration changes impact revenue or compliance. Classify incidents by severity before opening a case; it streamlines triage and improves time-to-resolution. A practical model is: P1 (critical outage affecting all transactions or a full region); P2 (degradation such as elevated declines, webhook failures, or delayed settlements across multiple merchants or MIDs); P3 (single-merchant functional issues like refund errors, reconciliation mismatches, or reporting gaps); P4 (how-to questions, configuration requests, and minor UI defects).

Recommended response targets for a mature payments support organization are: P1 initial response within 15 minutes and continuous work until mitigation; P2 within 1 hour, updates every 2 hours; P3 within 1 business day; P4 within 2 business days. Expect 24/7 coverage for P1–P2 and business-hours coverage for billing, onboarding, and routine configuration. Many processors commit to 99.95% monthly uptime—about 21.9 minutes of allowable downtime per month—paired with post-incident root-cause analysis (RCA) within 5 business days.

Contact Channels and Hours

The fastest path for non-critical issues is the merchant portal’s case/ticket system. It auto-attaches account identifiers and metadata (MIDs, terminals, recent transactions), which reduces repeated back-and-forth. For live incidents (P1), use your contract’s 24/7 incident number or “urgent” case channel; for changes requiring authorization (e.g., enabling 3-D Secure, adding a descriptor, adjusting MCC), use an authenticated case so customer care can verify permissions and log approvals. Billing and compliance desks typically operate Monday–Friday, 08:00–18:00 local time, excluding bank holidays.

Always consult the public status page before escalating. If an ongoing incident is posted (e.g., “Elevated issuer timeouts in EU region”), subscribing to updates prevents duplicate reports and keeps you informed of milestones (identified, mitigating, resolved, RCA). For priority routing, include your SLA tier (Standard, Enhanced, or Premium) and the business impact in quantifiable terms (e.g., “Authorization success down 7.6% since 14:10 UTC across 3 stores”).

What to Include When You Open a Case

High-quality, structured information accelerates diagnostics. Provide transaction-level and system-level details rather than screenshots alone. Below is a concise checklist used by high-performing merchant support teams to reach definitive answers on first touch or within the first investigative cycle.

• Timeframe and scope: start/end timestamps in UTC; number of affected transactions; regions/MIDs/channels (e.g., eCommerce, POS, MOTO).
• Transaction artifacts: masked PAN (first 6/last 4), token or transaction ID, RRN, authorization code (if any), AVS/CVV results, ISO 8583 response codes (e.g., 05, 14, 51), 3DS status (e.g., frictionless ARes, CRes challenge result).
• Error telemetry: API endpoint, HTTP status, request ID/correlation ID, webhook event IDs, and sample payloads with PII redacted. Include gateway log timestamps to the millisecond if available.
• Business impact: revenue at risk (USD/EUR), decline-rate deltas versus a 7-day baseline, impacted SKUs or checkout paths, and any recent code/config releases (version, change window).
• Environment: production vs. sandbox; SDK/library versions; TLS settings; IPs/subnets if whitelisting is enforced.
• Steps to reproduce: exact sequence, parameters, and expected result vs. actual result. Attach HAR/network traces for browser flows.

Common Issues and Fast First Checks

Authorization declines cluster around issuer decisions or data quality. If you see a jump in response code 05 (Do Not Honor) or 51 (Insufficient Funds), compare by BIN, issuer country, card brand, and risk score. For code 14 (Invalid Card Number), inspect Luhn validation and input formatting. Settlement delays often trace to cutoff windows—if the batch transmits after the processor’s window (commonly 21:00–23:00 UTC), funds post T+2 rather than T+1. Refunds generally reach cardholders in 3–10 business days; card scheme SLAs vary by region, and ACH/SEPA refunds typically settle in 1–3 business days.

• Webhooks and notifications: check signature validation, TLS versions, and firewall rules; most gateways retry on 5xx with exponential backoff (e.g., 5, 15, 60 minutes, up to 24 hours). Ensure idempotency keys are honored to prevent duplicate side effects.
• 3-D Secure friction: spikes can come from issuer directory outages; confirm DS status and retry logic. Enabling 3DS 2.2 improves exemptions and account-on-file flows versus 2.1.
• Tokenization and vault errors: verify token lifecycle; expired or migrated tokens should return distinct error codes—map them to a card update workflow, not a generic decline.
• POS intermittency: verify terminal time sync (NTP drift >5 minutes causes reversals), network latency (<250 ms to gateway), and firmware versions. Batch stuck in “open” often indicates one failed ticket; close/reopen or partial reclose per terminal guidance.

Chargebacks and Disputes

ePay customer care supports representment but relies on merchant-provided evidence. For card-not-present transactions, EU PSD2 SCA (fully enforced in 2021) lowered fraud-driven chargebacks where SCA was applied or exemptions were valid. Typical networks allow 30 calendar days for initial response and 45 days for pre-arbitration; always check scheme-specific windows. Maintain an evidence pack template: invoice/receipt, delivery confirmation, device/IP data, 3DS results, refund policy, and prior customer correspondence.

Benchmark win rates vary by vertical, but 25–35% is a common baseline for CNP when evidence is consistent. Friendly fraud is best addressed with clear descriptors, proactive receipts, and dynamic 3DS when risk scores exceed a set threshold. Track chargeback ratio monthly (Visa metric often measured as disputes-to-sales count) and keep it below 0.9%; exceeding thresholds can trigger monitoring programs with additional fees and remediation plans.

Compliance, Security, and Data Privacy in Support Interactions

Never transmit full PAN, CVV2, or unmasked magnetic-stripe data in tickets or emails. PCI DSS v4.0 (released March 2022) requires strict controls around storage and transmission; send only tokens, masked numbers, and redacted logs. For authentication resets and configuration changes, expect multi-factor verification plus role-based approval from an account admin. Customer care should refuse CVV or full PAN even if provided.

For GDPR requests (EU), customer care will route data subject access requests (DSARs) through a privacy team, with a response due within 30 days under Article 12, extendable by 60 days for complex cases. Log retention policies typically keep gateway logs 180–365 days; request a secure file exchange link for large evidence bundles. If you require attestations, ask for current PCI AOC, SOC 2 Type II, and penetration test summaries; many providers refresh these annually.

Service Levels, Uptime, and Incident Management

Most processors target 99.95%–99.99% API uptime per calendar month. At 99.99%, the monthly downtime budget is roughly 4.4 minutes. Maintenance windows should be published at least 7 days in advance with regional timing and expected impact (<5 minutes read-only, for example). Subscribe to status notifications to receive start/end, mitigation steps, and follow-up RCAs. A good RCA includes timeline, customer impact quantified, contributing factors, corrective actions, and long-term preventive measures with owners and dates.

Ask customer care to enable IP allowlists, circuit breaker alerts, and threshold-based notifications (e.g., auth success drops >3 percentage points in 15 minutes). For high-volume merchants, synthetic test transactions every 1–5 minutes can detect edge degradations faster than passive monitoring. After any P1, request a joint review call within 48 hours to decide on changes such as retry policies, timeouts (commonly 5–10 seconds for auth), and failover routing.

Billing, Fees, and Adjustments

Billing tickets often involve reconciling gateway fees, scheme/network assessments, and interchange. Interchange++ statements show three components separately; flat-rate plans roll them into a single blended rate (e.g., 2.9% + $0.30 per authorization). Chargeback fees commonly range from $15–$25 per case; retrieval/request-for-information fees can be $2–$5. Settlement funding typically follows T+1 or T+2 for domestic cards; cross-border can extend to T+3/T+5, depending on acquirer and currency conversion cutoffs.

For fee disputes, provide the invoice ID, period, and 3–5 sample transactions illustrating the mismatch, plus your pricing schedule or MSA exhibit. Customer care can issue credits or adjustments after validation, usually within the current or next billing cycle. Premium support tiers (often $300–$1,500 per month depending on volume and 24/7 access) may include faster SLAs, a named CSM, and quarterly optimization reviews. Confirm in writing any fee changes; retain amendments with effective dates and MID coverage.

Onboarding and Account Changes Through Customer Care

KYC/KYB refresh cycles run every 12–24 months or upon material changes (ownership, directors, bank accounts, or product risk). Expect requests for government IDs, proof of address (dated within 90 days), company registration documents, and bank letters or voided checks. Adding a new MID or currency typically completes in 1–3 business days if underwriting risk is unchanged; new high-risk MCCs can take longer and may require enhanced due diligence.

For configuration: enabling 3-D Secure, updating soft descriptors, whitelisting IP ranges, or adjusting fraud rules normally completes within 4–24 business hours post-approval. Two-factor resets require identity verification of an account admin. For SFTP report delivery, provide SSH public keys and desired delivery windows (e.g., 02:00–03:00 UTC); reports like transaction journals, settlement summaries, and chargeback registers are typically generated daily and month-to-date.

Escalations and Executive Reviews

If a case stalls, ask support to apply an escalation matrix: Tier 1 agent → Senior specialist → Duty manager → Incident commander (for P1) → Account manager/CSM. Provide the case ID, severity justification, and business impact quantified in revenue and customer experience terms (e.g., “Checkout abandonment increased from 42% to 57% in the last 2 hours, est. loss $18,400”). Clear, data-driven escalation notes often unlock engineering prioritization.

Service credits, when contracted, are usually tied to missed uptime or response SLAs and capped (commonly at 25% of the monthly platform fee). Request credits within the stipulated window (often 30 days after the month closes) and attach monitoring evidence. For chronic issues, schedule an executive business review (EBR) quarterly to examine KPIs—authorization rate, fraud rate, chargeback ratio, latency, and settlement timeliness—and agree on a 90-day improvement plan with named owners and target dates.

Final Tips for Faster Resolutions

Standardize your ticket templates, align timestamps to UTC, and tag every issue with a clear severity and impact statement. Maintain a three-month baseline dashboard for auth rates, latency, and error classes so anomalies are provable within minutes. With disciplined inputs and quantified impacts, ePay customer care can route, diagnose, and resolve issues significantly faster, minimizing lost revenue and customer friction.