By Adam Atlas
Attorney at Law
A value-added reseller (VAR) increases the value of third-party products by adding customized products or services to them for resale, typically to end-users, as integrated products or turnkey solutions. Today, ISOs and VARs are working together more than ever before, so it is an opportune time to discuss legal issues arising from the relationships between them.
A VAR, for example, could be the provider of a data and information management platform for veterinarians. Inevitably, the VAR will wish to establish a connection between its own platform and payments made to veterinary clinics so that veterinarians won't need to log into multiple systems to manage appointments, services provided, inventory and payments.
The VAR will realize that to access merchant payment information, it must integrate with the ISO, gateway or acquirer that facilitates payment acceptance for the clinic. ISOs are the natural point of connection between VARs and payment data.
Both the VAR and the ISO have a legitimate an independent interest in the merchant relationship. The ISO has an interest in the merchant because it establishes the payment acquiring relationship that produces residuals, which are the principal form of revenue for the ISO. The VAR is in the business of supplying its own platform and depends on its own relationship with the merchant for that purpose.
Inevitably, one or the other will be the first to establish a relationship with the merchant. The entity that first approaches the merchant usually believes itself to be owner of the greater relationship with the merchant. However, most ISOs are not, for instance, in the business of selling veterinary software. This exemplifies the legitimate need for the VAR to have some direct business and legal relationship with the merchant.
Similarly, VARs are not usually familiar with the intricacies of acquiring relationships, which justifies a direct business and legal relationship between the ISO and the merchant as well. In any case, payment network rules oblige an ISO to disclose its name to merchants and for appropriate agreements to be in place between the merchant and the acquiring institution.
Neither the ISO nor the VAR wishes to be liable for acts or omissions of the other party. The legal relationships between ISO, VAR and merchant should support that preference. Title in the merchant relationship and each party's rights and responsibilities flow directly from the relevant contracts.
The ISO and VAR should ensure that each aspect of their services is framed within the relationship between them and their respective relationships with the merchant.
This agreement must also contemplate a scenario where one or the other entity stops serving the merchant. If the VAR stops serving the merchant, the ISO may have a legitimate right to serve the merchant through integrating with a substitute VAR. Conversely, if the ISO stops serving the merchant, the VAR should be able to integrate with another ISO so as to ensure continuous service to the merchant.
The agreement should plan for the realistic possibility that one or the other will have to step away from the merchant at some point; it benefits neither to harm the merchant should disruption occur.
Parties should endeavor to create various categories of data. Some data will be for use only by the ISO and its acquirer; other data is likely to be used by only the VAR. That said, there will be instances where large amounts of data will be important for both the ISO and the VAR. Parties should not shy away from these complex data management and title relationships. They should, instead, make an effort to define them clearly in their contracts so as to avoid surprises and disappointment.
APIs and tokenization of data vastly simplify the integration of two or more parallel relationships with a single merchant. The ISO should be able to continue servicing the merchant even if the VAR cannot and vice versa.
ISOs must be especially careful if medical data is involved. Medical data is subject to law relating to confidentiality and consents (the Health Insurance Portability and Accountability Act) that may become binding on an ISO if it is integrated with a medical VAR. In simple terms, an ISO should avoid coming into contact with medical data.
With the benefit of payfac sponsorship and other creative models, ISOs can partner with VARs to implement pricing that bundles the two entities' respective services. Again, the parties should prepare for a scenario where one or the other is substituted for a new supplier.
ISOs are usually prohibited by their processors from re-soliciting merchants they have placed with the processor. VARs sometimes have difficulty understanding this requirement given that a typical VAR business is not regulated the way an ISO is regulated by obligations to both processors and payment networks.
Flexibility and open mindedness are cornerstones to success in relationships between ISOs and VARs. When one party attempts to take greater control of the merchant relationship than is natural, the merchant suffers and both suppliers suffer as well.
In publishing The Green Sheet, neither the author nor the publisher is engaged in rendering legal, accounting or other professional services. If legal advice or other expert assistance is required, the services of a competent professional should be sought. For further information on this article, please contact Adam Atlas, attorney at law by email at firstname.lastname@example.org or phone at 514-842-0886.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next