By Elaina Smith
A merchant portfolio made up of mostly retail businesses is inherently less risky than one made up of mostly ecommerce. Or is it? The pandemic caused numerous businesses to change the ways cards were accepted and products or services were delivered, triggering payment processors to adapt to these new business needs. But those weren't the only changes for payment processors.
Processors and ISOs that held portfolios consisting mostly of retail and restaurant businesses—the very type of portfolios that have long been considered low risk—fared the worst during the pandemic.
So, what are the new definitions of high risk and low risk in merchant portfolios, and how can these risks be sufficiently managed? In this post-COVID world, business type and card-present don't translate to lower likelihood of loss. Risk perception has shifted. The simplistic methods some companies used to underwrite risk before 2020 no longer suffice. This paradigm shift underscores the need for more sophisticated risk monitoring tools.
Many ISOs rely on a mix of processor applications, homegrown systems and third-party services to manage merchant portfolios. This dispersed infrastructure is ripe for errors, particularly in risk. If risk managers review transactional data to make risk decisions, but then must log into a separate system to implement the requisite changes, such as a merchant hold or reserve setting, what is the likelihood these changes will be completed accurately?
The complexity of using different systems is eliminated when ISOs bring decision-making and resulting actions to a single platform. The only way to accomplish this is to perform all merchant management functions, such as billing and funding, and risk review on the same platform. Anything less introduces a higher likelihood for human error and diminishes the overall risk management program.
The pandemic moved the underwriting goalposts for many ISOs. Card-present, future-delivery business types that had long been considered low risk (hotels, catering and events) suddenly posed a real threat of loss to ISOs. This shift forced us to revisit how we underwrote new business. Business type and presence of card were no longer enough to determine likelihood of loss. If these types of businesses, along with retail and restaurants, could no longer be considered low risk, was anything left in the low risk category?
A solid underwriting program remains a necessity, but if the definition of low risk is constantly in flux, the only remaining solution is a robust, continuous risk monitoring program once merchants are boarded and processing.
Again, this approach employs a single merchant and risk platform with timely, accurate data and sophisticated risk metrics. ISOs can hedge against risk by reviewing current processing trends against historic averages and by continuously monitoring credit, retrieval and chargeback ratios. A robust risk scoring system that prioritizes review of merchants that have riskier activity in any given day is also required. No ISO can review every transaction for every merchant, but with the proper tools, ISOs can ensure the right transactions are getting reviewed.
The pandemic era also introduced the need for regional awareness. Most U.S.-based processors have traditionally monitored risk based on Standard Industrial Classification, not ZIP code, but with the wide variation in shutdown measures between states, and even within a state between metropolitan and rural areas, much insight is gained by knowing the physical location of a business and the restrictions in place there.
The pandemic also spurred demand for a shorter timeline between card acceptance and merchant deposits. An economic slowdown left cash-strapped businesses wanting the few payments they did accept to hit their bank accounts more quickly. Payment processors and ISOs responded with offers of “instant” payments and “enhanced” next-day funding.
What compromises are made when ISOs accelerate the timeline between acceptance and merchant funding? It depends, but it’s always more risky. If ISOs are paying merchants before they’ve been funded by the card companies, there is an immediate, significant financial risk. ISOs are using their own funds, or worse, expensive, borrowed funds. ISOs also must assume these transactions will clear with the card networks and be funded on the normal, next-day timeline. However, on rare occasions, sales can reject before they clear, or the processor can miss a clearing window.
Another compromise an ISO makes when paying merchants funds more quickly is that the risk-review timeline is significantly shorter. It’s unlikely a risk manager can perform a comprehensive review on a merchant that is funded immediately at batch-out. Such a review would require active risk monitoring of real-time transactions, tools that currently are unavailable to most ISOs. All else being equal, the more time and data a risk manager has at hand, the better the resulting risk decision.
High-risk and low-risk portfolio definitions have changed. This shift should encourage us to re-examine the ways we define risk, but more importantly, the ways we monitor it. Even if a deal is poorly underwritten based on invalid risk assumptions, a solid risk monitoring program can mitigate potential exposure.
Elaina Smith is the CFO of Secure Bancard, a wholesale ISO based in Alpharetta, Ga. Most recently, she helped develop and implement Pioneer by Settlement Data Systems, an SaaS solution that enables ISOs to run their business more efficiently. She can be reached at firstname.lastname@example.org.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next