The Green Sheet Online Edition
December 14, 2009 • Issue 09:12:01
Uncle Sam's finger in the payment pie: A legislative update
Having flourished outside the public limelight for about a generation, the merchant acquiring sector today confronts legislative and regulatory initiatives on multiple fronts that have the potential to radically change the way acquirers and their partners operate.
The first big change takes effect Jan. 1, 2011. That's when acquirers and other providers of credit and debit card settlement services must start keeping track of gross transaction totals, by individual merchant, for annual reports to the Internal Revenue Service. The first of these reports - detailing monthly and annual gross total credit and debit card payments by merchant during 2011 - are due to the IRS early in 2012.
The proposed rules contain an exemption from reporting for merchant accounts that process less than $20,000 in yearly credit card payments.
The new rules were imposed under the Housing and Economic Recovery Act of 2008, and they mirror closely the reporting requirements already governing many banks and companies (those familiar 1099 forms). The major difference is that the proposed IRS Form 1099-K, unlike other "miscellaneous" income reports, asks for monthly as well as yearly gross payment totals by merchant (payee).
Merchants must be identified by business name and address as well as tax identification number (TIN); those that fail to provide valid TINs would be subject to backup withholding, according to a draft of IRS rules for implementing the new requirement. Since acquirers already require TINs when opening merchant accounts, the new reporting requirement shouldn't be too difficult to implement, according to industry consultant Paul Martaus.
Similar reporting proposals had been circulating around Washington, D.C., for about four years and had been successfully thwarted by banking industry lobbyists until 2008, when Congress was forced to bail out Fannie Mae and Freddie Mac, two government sponsored enterprises pushed into bankruptcy by the subprime mortgage meltdown. Under federal budget rules, public expenditures are supposed to be matched by new revenues.
"Everything happened so fast," said Thomas Goldsmith, Director of Communications and Public Relations at the Electronic Transactions Association. "Congress needed revenue offsets to help pay for the bailouts." The industry had little opportunity to rally forces against the proposal, Goldsmith added.
Instead, industry groups have been focusing efforts on working alongside the IRS, contributing expertise to the rule-writing process. The ETA, for example, put together a working group of tax attorneys from various member companies charged with reviewing the draft in detail and submitting comments, according to Mary Bennett, the ETA's Director of Government and Industry Relations.
The premises that underlie the new requirements are that at least some retailers are under-reporting income to the IRS, and if that money can be identified and taxed, it will produce a financial windfall for the government.
"Time and time again, we have seen that better information reporting helps the tax system work better by ensuring everyone pays what they owe," said IRS Commissioner Douglas Shulman. "The IRS will work closely with stakeholder groups to ensure a smooth implementation of this new program."
Martaus, however, believes the government is overestimating the new requirement's monetary potential. "I've been following this issue for several years, and every time it has been raised again the revenue estimates have grown exponentially," he said.
Comments on the draft are due to the IRS by Jan. 27, 2010. Copies of the draft rules and the proposed new 1099-K form are available for download from the IRS Web site. The agency also has scheduled a public hearing on the proposal for Feb. 10, 2010, at the IRS headquarters in Washington, D.C.
Interchange debate sputters
While the momentum for tax reporting was overwhelming, the opposition to the interchange status quo that was building on Capitol Hill earlier this year appears to have been tempered. Martaus suggested the turning point came when House Financial Services Committee Chairman Barney Frank, D-Mass., "pretty much gave it short shrift." Frank's committee took testimony on an interchange reform bill during a hearing in October 2009, but Frank described it as merely a fact-finding mission. That, of course, hasn't prevented opponents of interchange from trying to force the issue. 7-Eleven Inc. delivered to Congress in late September 2009 a stack of petitions totaling what it said were 1.6 million signatures from consumers demanding an end to "unfair credit card fees" (which is how many opponents describe interchange).
More recently, the National Association of Convenience Stores inaugurated a national campaign to generate millions of additional consumer signatures demanding congressional action. The NACS campaign, slated to begin Dec. 15, seeks to duplicate the 7-Eleven petition drive at convenience stores large and small. "Be Part of the Biggest Consumer Petition Drive in American History," the NACS proclaimed in a recent member alert.
The interchange bill (H.R. 2382) that was the subject of the House Financial Services Committee's October hearing, and was authored by Rep. Peter Welch, D-Vt., would allow merchants to impose minimum purchase amounts for card payments, prohibit higher interchange rates for rewards cards and empower the Federal Trade Commission with oversight authority for acquirer-merchant relationships.
The Government Accountability Office, a congressional watchdog agency, weighed in on the interchange debate in late November, explaining in a report (Credit Cards: Rising Interchange Fees Have Increased Costs for Merchants, but Options for Reducing Fees Pose Challenges, GAO-10-45) that there are no guarantees that lower interchange will save consumers money. What's more, the GAO wrote, "identifying such savings would be difficult."
The ETA made similar points in a statement submitted to the House Financial Services Committee in October. "[T]here is no evidence that merchants would attain savings or guarantee to pass price reductions, if any, on to consumers," the ETA statement read in part. "As an attempt to insert the federal government into a series of business-to-business agreements, H.R. 2382 would hurt consumers, not help them."
The American Bankers Association cheered the GAO report and stated that "efforts by the merchant community to have the government interfere with the payment system amount to little more than retailers not wanting to pay their fair share and to have consumers bear this burden."
David S. Evans, an economist and author of Paying with Plastic: The Digital Revolution in Buying and Borrowing, suggested in a recent blog post at www.pymnts.com that the GAO report puts lawmakers on notice that any serious effort to legislate the interchange issue could be a political bomb. "Consumers will not perceive Congress as having done them any favors if measures to reduce interchange fees are passed," Evans wrote. "They won't notice any savings at checkout even if there are some. We already saw this movie in Australia."
The Reserve Bank of Australia moved to regulate interchange several years ago, and while merchant discounts have dropped, there has been no concrete evidence to date that consumer prices have demonstrably changed.
Focus on data breach laws
Another legislative challenge facing the acquiring sector involves data security or, more specifically, data breach notification requirements.
Absent federal breach notification guidelines, the acquiring sector and businesses that accept credit and debit card payments are subject to a patchwork of state laws and enforcement policies. According to the National Conference of State Legislators, data breach laws are on the books of 45 states and the District of Columbia, and dozens of new proposals are being introduced in state legislatures every year that would amplify or otherwise amend these statutes.
"Breach notification is the piece that's really troublesome for us," said the ETA's Bennett. "Today there is no real clarity about who bears responsibility for breach notifications."
In Texas alone, six bills were introduced regarding data security breaches just this year. And in Virginia there were seven. One bill pending in the Virginia House (H.B. 971) proposes strict breach notification guidelines and makes provisions for customers whose records have been compromised to seek civil damages in court. And before the Texas House, proposed legislation would mandate Payment Card Industry Data Security Standard compliance by card-accepting businesses and would allow banks to take noncompliant, breached businesses to court.
Meanwhile, one bill (S.B. 155) introduced in the Pennsylvania Senate earlier this year expands upon existing notification requirements. A bill in the Pennsylvania House (H.B. 1458) would require card-accepting businesses to destroy all customer records containing personal information.
For businesses such as payment acquiring entities that operate across multiple state lines, the prospect of complying with scores of local requirements regarding data security and breaches is "a logistical nightmare," Bennett said. "We want there to be one national standard for breach notifications." It's a mission that has had Bennett spending a great deal of time this fall on Capitol Hill, educating the legislative staffers who are working on data security legislation. At least three large data security bills are pending in Congress, and data breach notification is just a small part of any one of them, Bennett noted. "We've been getting in there very early in the process, explaining our industry to the people who are writing these giant bills," she said.
The Personal Data Privacy Protection Act (S.1490), introduced into the Senate by Patrick Leahy, D-Vt., would, among other things, classify data security theft as racketeering, set standards for securing personal data and penalties for failing to abide by those standards, and create an Office of Federal Identity Protection within the FTC. All this is in addition to addressing breach notification requirements. The bill was approved by the Senate Judiciary Committee (which Leahy chairs) and now awaits a vote in the full chamber.
Sen. John D. Rockefeller IV, D-W.V., has a bill pending before the Senate Committee on Commerce, Science and Transportation, which he chairs, that takes a national infrastructure approach to data security. The Cybersecurity Act of 2009 (S.773) calls for a comprehensive cyber-security strategy for the nation and licensing procedures for cyber-security professionals, for example.
Sen. Joe Lieberman, I-Ct., Chairman of the Senate Homeland Security Committee, is also said to be drafting legislation that addresses cyber-security; he has not yet introduced a bill.
Meanwhile, on the other side of Capitol Hill, Rep. Bobby Rush, D-Ill., introduced the Data Accountability and Trust Act (H.R 2221), which calls for FTC regulations that companies would be required to follow in protecting personal customer information and for reporting breaches. The bill, which passed the House Energy and Commerce Committee, also specifically preempts state information security laws.
Bennett said lawmakers have been receptive to the ETA's input on this legislation. She cautioned, however, that final legislation is not imminent. "This is massive legislation that will require approval in three or four committees," she said, and then reconciliation of those that are approved. "It's a bit like what's going on with the health-care bill," she added.
Although no legislation addressing data security and data breaches has been introduced in either the Senate Banking or House Financial Services committees, Bennett noted that any final bill in either chamber would need to be put to a vote before one of those two committees.
Patti Murphy is Senior Editor of The Green Sheet and President of The Takoma Group. E-mail her at email@example.com.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.