The Green Sheet Online Edition
July 09, 2007 • Issue 07:07:01
Vigilant compliance revisited
I've often addressed topics that many of you, as ISOs and merchant level salespeople (MLSs), might rather avoid. My articles have dealt with behind-the-scenes subjects that may restrict your activities or address what may seem like onerous requirements.
Here is a review of some important back-office and card Association issues:
In light of recent Federal Trade Commission and card Association actions, avoid processing illegal transactions. Both Visa U.S.A. and MasterCard Worldwide rules prohibit such processing.
And they enforce their rules. They have levied fines for processing gambling, prescription drug, pornography and cigarette transactions over the Internet.
Work with your customers on Payment Card Industry (PCI) Data Security Standard compliance. Also, ensure that your own activities are in compliance with PCI and card Association rules.
Since the jolt of the CardSystems Solutions Inc. and The TJX Companies Inc. fiascos, all card Association-approved security assessor companies are busy. The compliance process takes time. But it is required of all merchants and any entity that stores, transmits or processes cardholder data.
Validation of compliance is part of that process. And requirements vary based on factors such as transaction volume. Get up to speed on what you and your merchants need to do.
U.S.-based merchants who sell products primarily to Americans and process transactions offshore are on the card Associations' radar. Expect continued, heightened scrutiny in this area.
If some of your merchants have high chargeback levels or are in business sectors that sustain high chargeback levels, pay close attention to them.
Card Associations are increasing pressure on such merchants, as well as those who sell products with restrictive terms and conditions and those who use "free gift sites" to obtain customer referrals.
The latter tend to have a high volume of returns because customers don't really want their products: They just want the "free" plasma TV, computer or iPod offered for signing up (or referring others) for specified products. Customers tend to cancel when they get their free product or believe they were scammed and will never receive the goods.
Be diligent about underwriting. The card Associations require that acquirers _ prior to entering into a merchant agreement _ determine that a prospective merchant is financially responsible and will abide by all regulations and applicable law.
Before entering into a merchant agreement, acquirers must:
- Query the Member Alert to Control High-Risk (MATCH) list to determine if a prospective merchant has been terminated for cause
- Inspect premises and records to ensure that merchants have the proper facilities, equipment, inventory, agreements and personnel required and, if necessary, license or permits to conduct business. If a merchant has multiple outlets, inspect at least one location.
- Verify that merchants' businesses are valid.
- Investigate merchants' previous merchant agreements.
- For MO/TO merchants, obtain detailed business descriptions.
The FTC watches over ISOs, MLSs and many types of merchants. Generally, the businesses the FTC has sued are the kinds of companies you should avoid.
To prevent FTC scrutiny, never lie to merchants or assist others in making misrepresentations of material facts. Specifically, this means:
- Don't tell merchants that an ISO's services will cut their business expenses if this is not absolutely true.
- Don't tell merchants that if they are dissatisfied with any services or representations made by an ISO, they can cancel or transfer to another card processor at any time without further obligation if that is not true.
- Don't promise to repay to merchants cancellation fees charged by prior credit card processors if your ISO will not do this.
- Don't promise to buy out the remainder of merchants' existing equipment leases if your ISO refuses to do this.
- Prominently and clearly list all fees in bold type near the merchant signature line in your merchant agreement. ISOs with fees buried in the fine print of the agreement should revise the document.
- Clearly and conspicuously disclose, both orally and in writing, any material fact relating to fees, as detailed in the fine print of the merchant agreement.
- Provide merchants copies of their executed agreements at the time they are signed.
- Never modify contracts without merchants' knowledge after they are signed.
- Take reasonable steps to monitor the conduct of your agents, representatives, employees or independent contractors in complying with card Association requirements.
- When merchants are victimized by misrepresentations, make things right. Give customer service reps issues to look for and a process for informing management that will assist merchants and make them whole after they have been mistreated.
Merchant education is a good practice that will help you retain customers. The card Associations also require that acquirers institute ongoing fraud prevention measures. These include visits to merchants, distribution of helpful literature and participation in merchant seminars.
The card Associations have made major strides in providing online educational tools (including relevant sections of their rules and regulations). Use them.
A fond farewell
For more details on these issues, my prior articles can be found in the GS Online archives. They are also available at www.integritybankcard.com.
I have enjoyed interacting with you, the readers of The Green Sheet, regarding what you can do to protect your business interests. Now, after four years and some 60 articles, I'm passing the torch of regular column writing to newer writers. However, I will continue to submit articles to The Green Sheet on occasion.
Best wishes to all of you.
David H. Press is Principal and President of Integrity Bankcard Consultants Inc. Call him at 630-637-4010, e-mail firstname.lastname@example.org or visit www.ibc411.com.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.