By Brandes Elitch
Traditionally, the core competency of ISOs is "making the sale." This means being able to convey the value proposition of accepting credit cards and then convince merchants they should use that ISO instead of a competitor. But selling and execution are two different things, and sometimes underwriting gets delayed.
Merchants always ask why underwriting is so complicated and time-consuming. Well, there are some big changes occurring right now in the world of credit card processing that will change underwriting. New business models are changing how merchants are underwritten, in some cases doing away with the traditional process.
At the same time, regulators are taking an opposite approach - increasing the regulatory requirements for underwriting at ISOs and acquiring banks. Let's take a look at these changes, and how they might affect the ISO community.
First, the model that created ISOs is changing irretrievably. The model was based on the fundamental fact that, except for very large merchants, it just wasn't easy for a merchant to get an account. The merchant had to fill out an overwhelming and never-ending stream of paperwork, similar to a Small Business Administration loan application.
A merchant had to include years of financial and tax records, a site inspection and a personal guarantee. Then, the merchant needed the ISO to figure out the type and configuration of equipment needed, which in the past included what type of phone lines were necessary to support large payment volume in multiple locations.
At the time, when there was no Internet nor mobile phone technology, the ISO really was a gatekeeper. This was particularly true for small merchants. A merchant whose line of credit was less than a million dollars typically banked with a community bank. Small banks were not acquirers or principal banks for the card brands.
Up to that point, the merchant was accustomed to doing all financial transactions with the local banker, but now had to go outside of that comfort zone and shop for card processing. As a gatekeeper, the ISO got to mark up equipment the merchant really couldn't buy directly anywhere else, and the ISO got to keep part of the interchange, too.
Interchange rates were so convoluted and complicated that many merchants stopped trying to figure out their bankcard statements. I know this because when I would ask merchants for their rates, I would almost never get a realistic answer. That's because they never read their statements and didn't know what they were paying.
I remember hearing Square Inc. founder Jack Dorsey speak at a bankcard conference three years ago. As an ex-banker, I was pretty skeptical, well, truthfully, really skeptical. I couldn't figure out how Square could underwrite the merchant. It turned out I was wrong, or more precisely, my question was irrelevant.
That's because this whole concept involves the idea of letting anyone accept a credit card payment, using a device they already own. Now, "underwriting" takes a couple of minutes: you download the app, type in your name and address, link your bank account and answer three security questions. That isn't underwriting, but maybe that's all right.
You can't sign up a million users in a couple of years if you have to underwrite them. Dorsey is not challenging the MasterCard Worldwide-Visa Inc. payment card monopoly; in fact, he's their best salesperson. He is democratizing a process that was, until then, more like an exclusive club. This isn't "incremental change"; this is a revolution in the payments world.
In August 2012, Square finalized an agreement with The Starbucks Coffee Co. for payment card processing. You know Starbucks, the music retailer.
In fact, the 11,000 stores are open 18 hours a day, and play 60 songs every four hours, so they are, in the parlance of the music business, "laying down 3 million spins a day." Another revolution - this time in the music biz.
Speaking of music, what if Apple Inc. could take the iPhone and add the ability to use near field communication (NFC) technology to enable consumers to pay with their phones? Or, even more interesting, what if the consumer could buy something at the POS with NFC technology, and charge it to their iTunes accounts?
Then the transaction would settle in Apple's processing account with its acquirer (Apple aggregates transactions in a way ISOs cannot). Wouldn't this make Apple the merchant acquirer? How would an ISO get paid in this transaction set?
And who underwrites the merchant in this case? Sounds problematic, but who would have guessed that a company that made personal computers would become the largest music retailer? That was revolutionary, especially to all the music retailers that no longer exist. Another big change is the trend toward in-store payments without using the traditional POS providers. In August 2012, PayPal Inc. heralded a plan to integrate with Discover Financial Services and its 7 million merchants. Merchants like this because it will be cheaper for them to get paid.
They can debit the PayPal user's account via an automated clearing house debit (cost: a few cents), rather than pay interchange (cost: about 2 percent). This is an equipment agnostic solution: the merchant merely needs to settle with PayPal (or PayPal via the Discover tracks) - another revolution.
One way to look at this is to revisit the traditional definition of a processor, courtesy of The Green Sheet:
Any back-end or settlement network that is receiving those authorizations and settling them to a sponsor bank is also a processor. This network would have either a front-end or back-end, or both, that is involved in the physical authorization or settlement of a transaction.
In this world, all transactions settle to the merchant's account in the merchant's acquiring bank. The bank underwrites the merchant in the event of merchant defalcation (misappropriation of funds), fraud or just bankruptcy, because credit card transactions have a six-month chargeback tail. That is why underwriting is so important.
Until recently, MasterCard and Visa divided merchants into "card present" (point of sale) and "card not present." Card-not-present merchants paid significantly higher rates, had significantly fewer chargeback rights and were considered significantly more risky to acquiring banks.
While this was business as usual when card-not-present meant MO/TO; the Internet and mobile phones changed all that, and the underwriting distinctions are not so clear anymore.
Do you notice a common thread here? For the ISO, it's called "disintermediation." It means that merchants are no longer obligated to find an ISO to provide them with hardware and software and an acquiring bank to enable them to process credit card transactions.
It means they don't need an intermediary to underwrite them, and for the acquiring bank to lay off some risk on the ISO. It even means that the merchant may not even need an acquiring bank in the first place.
Once upon a time I helped to start, or rather kick-start, an acquiring operation for a small bank that had the luck or foresight to be a principal bank for the card brands (then known as associations).
We stumbled on an opportunity to take what the largest issuing bank believed to be the major source of its chargebacks, and to provide a solution. Our goal was to bring chargebacks down in this merchant category code from over 10 percent to 1 percent - a tall order.
My job was to convince the real regulators (the Federal Deposit Insurance Corp., our Big Six accounting firm, our board of directors and the risk management departments at the associations) that we had a viable plan to do this and could manage the chargebacks.
Of course, we also had to convince about 50 merchants who would actually be paying the freight, as they always do.
I got on a plane and flew to New York to meet with the president of MasterCard to get his approval. He was supportive. Visa was more problematic; we had to deal with its risk management department, staffed with ex-FBI agents. They just couldn't understand that we were the good guys, riding into town to get rid of the bad guys.
So, the underwriting process in this case took a few months to accomplish, and it gave me an understanding of why this is important.
It was a lot of work, but it paid off, because the experience allowed us to build a bankcard department that made the bank desirable as a target to a larger bank that wanted to play in this space.
The larger bank paid five times book value for the smaller bank, because it wanted the bankcard department. Normally, a bank sells in the range of two to three times book value, or used to, before the current unpleasantness in banking.
This experience gave me a perspective on merchant underwriting that is hard for me to change. All this came into focus with the recent pronouncements by bank regulators that, going forward, they will hold banks and ISOs to much stricter "know your customer" rules in the payment processing space.
No longer can acquirers rely on personal guarantees, reserve accounts and past merchant histories. They cannot perform an initial underwriting and then let three or four years go by without ever updating the file.
The regulators will hold the ISO principals personally responsible for laxity in the underwriting process, which should be enough to get anybody's attention.
Given the changes in underwriting, this is not going to get any easier. The concept of not just losing your business, but being held personally liable and going to jail, is an onerous one for ISO principals.
In my next article, I will explore the new regulatory guidelines in more detail and provide some solutions for ISOs and acquiring banks on how to deal with the new underwriting guidelines.
Brandes Elitch, Director of Partner Acquisition for CrossCheck Inc., has been a cash management practitioner for several Fortune 500 companies, sold cash management services for major banks and served as a consultant to bankcard acquirers. A Certified Cash Manager and Accredited ACH Professional, Brandes has a Master's in Business Administration from New York University and a Juris Doctor from Santa Clara University. He can be reached at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next