The Green Sheet Online Edition
February 13, 2012 • Issue 12:02:01
Are your marketing materials compliant?
Payment Card Industry (PCI) Data Security Standard (DSS) compliance has been a hot industry issue in recent years. Are you aware the card brands have rules and regulations for marketing solicitation and program materials, too? It's important to adhere to the standards, which were established to prevent reputational harm to the payments system, because if you don't, your business could face potential audits, penalties and fines.
Who needs to comply?
According to the Visa International Operating Regulations dated Oct. 15, 2011, third-party agents must act in accordance with all rules pertaining to marketing solicitation and program materials. Visa Inc. maintains two public lists of third-party agents at its website, www.visa.com/third-party-agent.
Included in the lists are: Independent Sales Organization (ISO), Encryption Support Organization (ESO), Third Party Servicer (TPS), Merchant Servicer (MS) and High-Risk Internet Payment Service Provider (HRIPSP). MasterCard Worldwide provides a slightly different list of service providers in the Dec. 7, 2011, MasterCard Rules: Independent Sales Organization (ISO), Third Party Processor (TPP), Data Storage Entity (DSE) and Service Provider Registration Facilitator (SPRF).
What materials are involved?
What constitutes marketing solicitation and program materials? MasterCard Rules identifies the following items: stationery, letterhead, business cards, merchant applications, merchant agreements, merchant statements and marketing materials. Marketing solicitation and program materials can encompass many formats, including brochures, websites, flyers, advertisements, postcards, telemarketing scripts, email signatures, tradeshow booth graphics, forms, manuals, quick reference guides.
A good rule of thumb in determining which materials need to comply with card brand rules and regulations is to identify whether the materials are merchant-facing. Ask if they will be put in front of current or prospective merchants. If the answer is yes, compliance standards apply.
How to be compliant?
Basically, the card brands want merchants to know exactly who they will be or are doing business with. As such, TPAs and service providers may not suggest or in any manner imply they are direct customers or representatives of the card brands or that they are acquiring bank employees. They must identify their relationships with merchant acquiring banks (which are the card brands' customers), and not create the impression that the card brands or their merchant acquirers endorse their businesses.
TPAs and service provider organizations must make it clear to merchants the role they play in providing services and not use any misleading statements. How is this accomplished? By providing a clear statement that identifies the TPA or service provider as an agent of its merchant acquirer, as well as the location of the acquiring bank's headquarters on every piece of marketing and program material. An example of this statement could be:
ABC Merchant Services is a registered ISO of XYZ
Acquiring Bank, City, State.
If a TPA or service provider has multiple acquiring relationships, this needs to be denoted. Further, marketing and program materials must not state or imply the TPA or service provider is participating in or conducting any activity not expressly permitted by the card brand standards.
Sub-ISOs, agents and merchant level salespeople (MLSs) cannot advertise and promote their businesses without identifying themselves as representatives of their ISOs. An example of this type of disclosure statement could be:
LMNOP Inc. is an authorized representative of
BC Merchant Services, a registered ISO of XYZ
Acquiring Bank, City, State.
Note: Visa stated it does not recognize "sub agents"; confer with your registered ISO for advice on correct wording.
How is compliance validated?
Your merchant acquirer specifies the disclosure verbiage that should appear and be communicated on all your marketing and program materials. If card brand, merchant acquirer or ISO, sub-ISO, agent or MLS logo use is desired, your acquiring bank will dictate their order, location and placement. Generally, if an ISO's logo appears, the acquiring bank logo must also be present in an equal font size and location. Merchant acquirers have procedures for reviewing solicitation and program materials; typically they will want to review and approve them before publication, distribution or any other use.
Consequences of noncompliance
The card brands and acquirers regularly audit and randomly investigate payment businesses for proper and clear disclosure. Identified noncompliance typically results in a warning to correct the situation on first offense, but continued noncompliance can result in substantial fines and disciplinary action levied by the card brands, which are passed down through merchant acquirers.
An unregistered ISO, agent or MLS can face a $25,000 fine for the first offense, with fines escalating to six figures if noncompliance is not readily rectified. Additionally, many sub-ISO, agent and MLS agreements include a residual stream penalty clause for noncompliance.
So make sure your marketing solicitation and program materials comply with card brand rules and regulations and are in line with your merchant acquirer's policies and procedures. This will protect your business from penalties and fines, as well as serve to enhance the reputation and legitimacy of your business as a participant in the payments industry.
Peggy Bekavac Olson founded Strategic Marketing, a full-service marketing and communications firm specializing in financial services and electronic payment companies, after serving as Vice President of Marketing and Communications for TSYS. She can be reached at 480-706-0816 or firstname.lastname@example.org. Information about Strategic Marketing can be found at www.smktg.com.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.