By Adam Atlas
Attorney at Law
Perhaps the most valuable thing I can do in this article is to inform readers of the greatest pitfalls I have seen ISOs and merchant level salespeople (MLSs) fall into, in legal terms, over the years. I have pared down my list to five that I feel are especially educational. I hope none of these ever happens to you.
In this article, I have often used the term "ISO" to refer to both ISOs and MLSs because both should be equally concerned with the scenarios described herein. I have also omitted names to protect the identities of the victims.
Believe it or not, some ISOs and agents do not know, with complete certainty, whether they carry liability on merchant losses. In other words, if one of their merchants were to incur a few hundred thousand dollars of chargebacks, these ISOs and MLSs do not know whether they would be asked to carry that liability.
In one case, an ISO was carrying liability under the ISO agreement, but since large losses had never occurred, the processor was not in the habit of passing the liability through to the ISO. Then came a merchant who was in the business of selling fancy electric beds to elderly buyers for $7,000 apiece.
One day, the merchant sold 20 beds, took the money from the sales and never delivered the beds. This time, the processor did not absorb the liability and turned to the ISO to pay nearly $150,000 in chargebacks when the elderly customers did not receive their beds. The payment obligation in this scenario decimated the ISO's children's college fund - and more. The lesson here is to know when you carry liability and when you do not and to plan accordingly.
When a husband and wife who jointly operate an ISO are getting along, their business can thrive. When divorce comes along, however, one spouse can be left holding the short end of the ISO business. I am not a family lawyer, so I cannot make recommendations as to prenuptial agreements, and so on, but I can recommend that all spouses in ISO businesses make provisions for a breakup scenario.
I also recommend that spouses arrange for each to have a similar level of access to their company's information and reporting. This will make it harder for one spouse to control the business to the detriment of the other after a divorce.
Also, like all ISOs, spouse-operated ISOs should have legally sound agreements with their MLSs so they cannot move the ISO's merchants elsewhere. This will, for example, help prevent spouses from siphoning merchants out of a disputed ISO business.
It's a plus to have language in an ISO agreement that allows the ISO to move merchants to a different acquirer. Have you ever thought about how you might actually accomplish that move if you had to? Would your processor be reasonable and cooperative?
In one especially sad scenario, the processor for the original acquirer was unwilling or unable to provide data concerning the merchants in a format that was easily transferrable to the new acquirer.
The ISO had to hire data-entry staff to re-enter basic information concerning thousands of merchants, some of which was accessible only through paper files. The "portability right" in that scenario resulted in the loss of huge swaths of the portfolio to the detriment of the ISO.
So, if you have portability, meaning the ability to cause your acquirer to assign your merchant agreements to another acquirer, take time with your acquirer to think about how you might actually implement such a migration or deconversion. You are better off facing the hurdles well before you are asked to jump through them and are up against a deadline to extricate your merchants from an acquirer's platform.
We sometimes pity merchants who unwittingly store thousands of credit card numbers that are then stolen, leading to business-ending fines from Visa Inc. and MasterCard Worldwide.
But what about ISOs? Some ISOs that are either large enough to carry some of the processing burden themselves or too small to know that aggregating is not a wise business practice may end up storing cardholder data and be forced to face the costly consequences of a breach. ISO security breaches are crippling not only because of potential association fines, but also because of the reputational damage to an affected ISO's merchant base.
The Payment Card Industry Data Security Standard push in recent years has brought ISO education on security to a new level, but one should always be prudent not to collect unnecessary data and to secure all data that is collected. Incidentally, ISOs should be concerned not only with card company fines, but also with civil and penal claims from state regulators under privacy statutes.
The ability to make a lot of money by fudging the numbers one way or another in our industry has served as an invitation to those who lack moral fiber to run wild. The classic example of this is a salaried employee of an ISO (and I have seen it at the major processor level as well), who has an agent agreement "on the side."
In this situation, the employee draws a salary from an ISO to work full time for that ISO, but during working hours, the employee is also using office computers, phones and faxes to sign merchants with another ISO.
As outrageous as this may sound, I have seen it happen. In some cases, these individuals are caught, prosecuted and expelled from the industry. However, in other cases, they carry on undetected.
The culprits sometimes blame low salaries that do not provide enough money to pay their personal expenses, but most of the time the motivation behind these scenarios is just plain greed.
I apologize if I have been too melodramatic in this article, but I think ISOs should be aware of mistakes other payment professionals have made so they can prevent costly and potentially irreversible mistakes.
In publishing The Green Sheet, neither the author nor the publisher is engaged in rendering legal, accounting or other professional services. If you require legal advice or other expert assistance, seek the services of a competent professional. For further information on this article, email Adam Atlas, Attorney at Law, at firstname.lastname@example.org or call him at 514-842-0886.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next