t Integrity Bankcard Consultants, Inc., we've been astonished numerous times recently while reviewing some very inadequately drafted merchant agreements.

For example, some didn't include any provision allowing the acquirer to terminate the agreement when a merchant declares bankruptcy. In these instances, the acquirer could be forced to process for a merchant involved in a Chapter 11 proceeding.

Another merchant agreement had no provision allowing the acquirer to hold merchant funds. Many others didn't even cover the card Associations' basic merchant agreement required provisions.

If your merchant agreement has not been revised yet in 2004, it's probably time to review it and see if it complies with the current Visa and MasterCard rules and regulations. For example, no later than Jan. 1, 2002, acquirers were to have updated their merchant agreement to require e-commerce merchants to display the following on their Web sites:

• The merchant's consumer data privacy policy
• The security method the merchant uses to transmit payment data

Many merchant agreements still do not have these provisions, and now in 2004 Visa has added additional requirements.

Generally, most of the form, content and appearance of a merchant agreement is at the discretion of the acquirer. However, each merchant agreement must contain at least the required provisions in the Visa and MasterCard rules and regulations to the extent permitted under applicable law.

Here is a partial list of Visa requirements that must be included in the merchant agreement:

• Provide for the immediate termination of a merchant for any significant circumstances that create harm or loss of goodwill to the Visa system
• Ensure that the merchant acknowledges and understands the importance of compliance with Visa security requirements relating to transaction information, storage and disclosure
• Require that the merchant notify the acquirer of its use of any agent that will have any access to cardholder information
• Require an e-commerce merchant to display the merchant outlet's permanent establishment address and its country of domicile on its Web site
• State the terms required to satisfy payment directly to the merchant, including, but not limited to, the name of the financial institution to which the acquirer must deposit funds for payment of transactions
• Clearly state the acquirer's name and location in letter size consistent with the rest of the merchant agreement printing and in a manner that makes the acquirer's name readily discernible by the merchant
• A merchant must not deposit transactions until it completes the transaction, ships or provides the goods or performs the purchased service
• The merchant must obtain the cardholder's consent for a recurring transaction
• The merchant must not deposit a transaction that it knows or should have known to be either fraudulent or not authorized by the cardholder
• The merchant is responsible for its employees' actions while in its employ
• The merchant may deposit a prepayment, within specified time limits if the merchant advises the cardholder of the immediate billing at the time of the transaction, or for prepayment of services, or for full prepayment of custom-ordered merchandise, manufactured to the cardholder's specifications. A disclosure that states compliance with the provisions of the Cardholder Information Security Program (CISP) is also required.

It gets even more complex and confusing because there are additional provisions that must be included in merchant agreements for certain types of merchants, such as:

• "Limited Acceptance Merchants" (A merchant that accepts either, but not both Visa credit and business cards or Visa debit cards)
• T&E merchants
• High-risk telemarketing merchants
• Merchants receiving BIN information
• Central reservation service merchants
• International airline merchants
• E-commerce merchants
• National merchants
• Internet payment service providers
• High-risk Internet payment service providers

Another related violation of the Visa rules and regulations that we've seen in merchant agreements we've reviewed recently is that they have not been signed by the member bank, as required, and are not on file at the member bank's place of business, also as required.

In its case against Certified Merchant Services (CMS), the Federal Trade Commission (FTC) alleged that CMS failed to disclose various charges or fees in its merchant contracts.

The FTC said "that in many instances CMS deceptively failed to disclose, clearly and conspicuously, that they would charge merchants certain fees, including a minimum of $25 if the merchants did not reach a certain level of card sales; a semi-annual fee of between $33 and $50; and a cancellation fee of between $300 and $400 for canceling within three years of signing a service contract."

Some ISOs still have similar fees, which are still "buried" in the fine print of their merchant agreements. These contract provisions should be revised to clearly disclose all the fees including any cancellation fee.

If the ISO continues to include provisions, the provisions should be adequately disclosed, and consideration should be made to developing a process to make sure merchants are fully aware of the provisions.

When calling the merchant, the ISO can use a checklist and re-verify all the rates and fees quoted in the merchant's contract. It's essential that the ISO maintain a record of the conversation and make note of the name of the person with whom the fees were verified, along with the phone number called, time and date, etc.

David H. Press is Principal and President of Integrity Bankcard Consultants, Inc. Phone him at 630-637-4010, e-mail dhp@integritybankcard.net or visit www.integritybankcard.net