payment processing agreements: key ... - amazon web services
TRANSCRIPT
Payment Processing Agreements: Key Provisions
for Retailers, Banks, and Payment Processors
Today’s faculty features:
1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific
The audio portion of the conference may be accessed via the telephone or by using your computer's
speakers. Please refer to the instructions emailed to registrants for additional information. If you
have any questions, please contact Customer Service at 1-800-926-7926 ext. 1.
THURSDAY, MARCH 11, 2021
Presenting a live 90-minute webinar with interactive Q&A
John L. Barton, Partner, Pillsbury Winthrop Shaw Pittman LLP, Austin, Texas & Washington, D.C.
Tips for Optimal Quality
Sound Quality
If you are listening via your computer speakers, please note that the quality
of your sound will vary depending on the speed and quality of your internet
connection.
If the sound quality is not satisfactory, you may listen via the phone: dial
1-877-447-0294 and enter your Conference ID and PIN when prompted.
Otherwise, please send us a chat or e-mail [email protected] immediately
so we can address the problem.
If you dialed in and have any difficulties during the call, press *0 for assistance.
Viewing Quality
To maximize your screen, press the ‘Full Screen’ symbol located on the bottom
right of the slides. To exit full screen, press the Esc button.
FOR LIVE EVENT ONLY
Continuing Education Credits
In order for us to process your continuing education credit, you must confirm your
participation in this webinar by completing and submitting the Attendance
Affirmation/Evaluation after the webinar.
A link to the Attendance Affirmation/Evaluation will be in the thank you email
that you will receive immediately following the program.
For additional information about continuing education, call us at 1-800-926-7926
ext. 2.
FOR LIVE EVENT ONLY
Program Materials
If you have not printed the conference materials for this program, please
complete the following steps:
• Click on the link to the PDF of the slides for today’s program, which is located
to the right of the slides, just above the Q&A box.
• The PDF will open a separate tab/window. Print the slides by clicking on the
printer icon.
FOR LIVE EVENT ONLY
Negotiating Payment Processing Agreements
March 11, 2021
John Barton
Agenda
Part I: OverviewPart II: Classifications - Merchants and MorePart III: Payment Processing AgreementsPart IV: Referral AgreementsPart V: Compliance
6 | Negotiating Payment Processing Agreements
PART I: Overview- Payments Ecosystem- Payment Transaction Flow
7 | Negotiating Payment Processing Agreements
Players in the Payments Ecosystem
Player Roles
Card Brand
Networks
Provide the electronic networks which allow consumers, merchants,
processors, and banks to facilitate transactions
Maintain operating rules and regulations
Visa and Mastercard have member banks that issue cards and acquire
merchants
American Express and Discover issue their own cards and consolidate
the functions normally provided by the merchant bank, card issuer, and
card network
Issuers Issue credit cards to consumers on behalf of the card networks
Issue payment to the merchant’s bank (the acquiring bank) on behalf of
their customers (and assume risk of non-payment)
Sponsor
Banks
(Acquirers)
Enable merchants to accept credit card payments from a customer’s
card-issuing bank within a credit card network.
Perform processing, settlement and servicing (itself or more often using
an affiliated or third-party processor)
8 | Negotiating Payment Processing Agreements
Players in the Payments Ecosystem
Player Roles
Payment
Processors
Provide payment processing services to merchants
Front-end processors route transactions from the merchant to the
cardholder’s bank to request authorization
Back-end processors accept settlements from front-end processors and
move the payment to the merchant’s issuing bank
Independent
Sales
Organizations
(ISOs)
Sell payment card acceptance and processing to merchants (acting as
intermediaries between merchants, payment processors, and acquiring
banks)
ISO roles can range from pure referral agents to more active participants
in servicing, risk management
ISVs and
VARs
Offer payment acceptance and processing through software or other
reseller model – often acting as referral agents with an acquirer/processor
partner
9 | Negotiating Payment Processing Agreements
Players in the Payments Ecosystem
Player Roles
Gateway
Providers
Software applications that securely encrypt payment information and
transfer that data between the merchant’s store or website, the bank that
processes the payment, and the bank that issued the card used to make
the purchase. Gateways are often embedded in an online shopping cart
or in an in-store POS
Other Third
Party Service
Providers
Third parties that provide a variety of ancillary services (data analytics,
dispute management, anti-fraud)
Merchants Seller of goods and services who contracts with Acquirer for payment
acceptance
Payment
Facilitators
(Aggregators)
Third-agent that can sign sponsored merchants and/or facilitate settlement
for sponsored merchants (also referred to as sub-merchants)
10 | Negotiating Payment Processing Agreements
Players in the Payments Ecosystem
Player Roles
Marketplaces Online entity that brings together customers and sellers on a marketplace-
branded platform, processes transactions and receives settlement on
behalf of the sellers
Third-Party
Bill Payment
Providers
Merchant that enables customers to use cards to pay retailers that
generally do not accept them. Two Kinds
• Consumer Bill Payment Providers (CBPS)
• Business Payment Service Providers (BPSP)
Digital Wallet
Operators
Software-based systems that store card credentials and use them to make
payments
• Pass-Through – typically mobile-phone based solutions that pass-
through credentials to seller (no funds stored in the wallet). (e.g., Apple
Pay)
• Stored Value – Similar to a prepaid card. Card used to pre-load wallet
with funds.
• Staged Digital Wallet – Back-to-back funding (e.g., PayPal)11 | Negotiating Payment Processing Agreements
Payments Ecosystem
12 | Negotiating Payment Processing Agreements
Source Business Insider
Transaction Flow
Authorization
• Cardholder presents card to a merchant in exchange for goods or services (through in-store POS, online gateway, or mobile application)
• Merchant sends a request for payment authorization to payment processor
• Payment processor submits transactions to the appropriate network
• Network passes authorization request on to the issuing bank
• Issuing bank approves or declines the transaction
• Issuing bank sends approval (or denial) back along the line to the card association, merchant bank and finally to the merchant
Settlement and Funding
• Merchant send batches of authorized transactions to payment processor
• Payment processor passes transaction details to the networks
• Network passes details on to the issuing bank
• Issuing bank charges the cardholder’s account for the amount of the transactions
• Issuing bank then transfers appropriate funds for the transactions to the merchant bank, minus interchange fees
• The merchant bank deposits funds into the merchant account
13 | Negotiating Payment Processing Agreements
Transaction Flow
14 | Negotiating Payment Processing Agreements
Source – bancardsales.com
PART II: Classifications - Merchants and More- Merchants- PayFacs- Marketplaces- Digital Wallets- Bill Pay Providers
15 | Negotiating Payment Processing Agreements
Categorization – Merchant or Something Else?
• An entity that deposits a Transaction, receives settlement from, or contracts with an Acquirer is classified as a Merchant if all of the following apply:
o The entity represents itself as selling the goods or services to the Cardholder
o The entity uses its name primarily to identify its Merchant Outlet to the Cardholder
o The entity provides recourse to the Cardholder in the event of a dispute (i.e., handles customer service and returns)
16 | Negotiating Payment Processing Agreements
Categorization – Merchant or Something Else?
• Otherwise, the entity is classified as one of the following:o A Payment Facilitator (also referred to as master merchant or
(payment aggregator)o A Marketplaceo A Digital Wallet Operator (DWO)
• Each Network reserves the right to determine which classification applies – taking into consideration
o The entity’s name that appears on the Transaction Receipto The entity that:
• Owns or takes possession of the goods or services• Books the sale as revenue• Provides customer service and handles returns
o Any other criteria they elect to use
17 | Negotiating Payment Processing Agreements
Payment Facilitators – Definition and Attributes
• Visa Definitiono Third Party Agent or non-Member VisaNet Processor that deposits
Transactions, receives settlement from or contracts with an Acquirer on behalf of a Sponsored Merchant
• Key Attributes o Authorized to sign sponsored merchants to accept cardso Can’t sign other PayFacs or Marketplaceso Processes transactions directly or using third party processoro Responsible for due diligence, underwriting, and complianceo Contracts directly with, and provides servicing to, sponsored
merchantso Sponsor Bank may settle via the PayFac or directly to sponsored
merchants
18 | Negotiating Payment Processing Agreements
Payment Facilitators – Definition and Attributes
• Various business models (for example)o Specializing in payment acceptance for either micro-merchants
(e.g., food trucks) or narrow/highly-specialized industry segments with unique needs (e.g., rent, education, or government payments)
o Other types of service providers who include payment processing and (sometimes) settlement as a value-added service, alongside their suite of services to sellers
19 | Negotiating Payment Processing Agreements
Payment Facilitators - Considerations
Benefits
• Additional revenue
• Ability to offer payment processing as part of larger technology solution
• More control over customers
• More access to data
• Ability to offer ancillary services
Interim Solutions
• Referral model with option to transition to PayFac
• Consumer Bill Pay Provider
Requirements
• Select and contract with eligible acquiring bank (and processor)
• Meet eligibility requirements
• Register with the networks
• Draft sponsored merchant contracts (flow-down obligations)
• Provide (or contract for) processing platform
• Implement Compliance Plan
20 | Negotiating Payment Processing Agreements
Payment Facilitator - Compliance
• Money Transmission Considerationso Understand flow-of-funds – taking possession may trigger licensing requirements
o Direct settlement from Sponsor Bank to Sponsored Merchants likely avoids licensing requirements
• Managing PayFac Compliance Obligationso Network Rules, PCI, State and Federal consumer protection and data security
o Define roles and responsibilities (PayFac, Acquirer, Processor)
o Written policies and procedures
o Compliance manager (named individual)
o Employee and Sponsored Merchant Training
o Formal monitoring and oversight program
o Watch out for, and respond to, red flags
o Flow-down obligations and liability to Sponsored Merchants
21 | Negotiating Payment Processing Agreements
Payment Facilitator – Sponsored Merchant Contracts
• Format: Stand-alone contract or integrated in other terms
• Content:
o Similar to standard merchant contract
o Pass-Through Obligations and Liability
• Parties:
o PayFac contracts with each Sponsored Merchant
o Acquiring Bank contracts with Sponsored Merchants with > $1m in annual Visa Transaction Volume as follows:
• For Sponsored Merchants new to the PayFac, before processing any Transactions
• For Sponsored Merchants with existing contracts with the PayFac, the earlier of either: (i) renewal of the agreement ; and (ii) 2 years after annual Visa volume exceeds USD 100,000
o Amex will require a direct contract as well for Sponsored Merchants with more than $1m in Amex transaction volume
22 | Negotiating Payment Processing Agreements
Marketplace – Definition and Qualification Requirements
Visa classifies an entity that meets all of the following as a Marketplace:
• Brings together cardholders and retailers on an electronic commerce website or mobile application
• Its name or brand is:
o Displayed prominently on the website or mobile application
o Displayed more prominently than the name and brands of retailers using the Marketplace
o Part of the mobile application name or URL
• Handles payments for sales and refunds on behalf of the retailers that sell goods and services through the Marketplace, and receives settlement for Transactions on their behalf
23 | Negotiating Payment Processing Agreements
Marketplace – Definition and Qualification Requirements (cont)
• Is financially liable for disputes and resolves disputes between Cardholders and retailers by providing either: (i) a decision that binds both Cardholder and retailer; or (ii) a money-back guarantee funded by the Marketplace
• Ensures that no retailer exceeds both:
o USD 10 million in annual Visa volume through the Marketplace
o 10% of the Marketplace’s annual Visa volume
• The following Merchant types are not eligible to be Marketplaces or retailers using a Marketplace:
o Franchises
o Travel agents
o High-Brand Risk Merchants
24 | Negotiating Payment Processing Agreements
Marketplace – Other Considerations
• Acquirers must register each Marketplace with Visa and obtain written confirmation that they qualify
• Marketplace must conduct due diligence on retailers and maintain risk management controls to do all of the following:
o Prevent Transactions that are illegal in the location of the Marketplace, the location of its retailers, or the location of the Cardholder
o Prevent the sale of counterfeit products or goods that infringe intellectual property
o Provide a process to investigate and remediate rights-holder complaintso Ensure that the Marketplace and its retailers are not engaged in any
activity that could cause harm to the Visa brando Ensure compliance with all laws, regulations, requirements, and Visa
Rules relating to anti- money laundering and anti-terrorist fundingo Ensure the Marketplace complies with all rules relating to Merchants
unless inconsistent with a rule specific to Marketplaces
• Amex has recently added a similar definition of “marketplace” to its regulations. We will likely see new rules from all the other networks soon.
25 | Negotiating Payment Processing Agreements
Staged Digital Wallets
• Functionality that o Can be used at more than one retailer; ando Uses both:
• An account or accounts assigned to the Cardholder to complete a purchase
• A Payment Credential to fund or reimburse the account assigned to the Cardholder
• Is used to complete a Transaction, in any order, as follows:o Purchase: Uses the account assigned to the Cardholder to pay the retailero Funding:
• Uses the Payment Credential to fund or reimburse the Staged Digital Wallet.
• The Digital Wallet Operator deposits the Transaction for the funding amount with its Acquirer using the Payment Credential.
• Is capable of purchases using Back-to-Back Funding
26 | Negotiating Payment Processing Agreements
How Do They Differ?
• Settlement
o Merchant: Sponsor bank pays merchant account
o Pay Fac: Banks may settle to PayFac or directly to Sponsored Merchants
o Marketplace and SDWO: Banks settle to Marketplace or SDWO
• A Marketplace must have a software platform (website or mobile app ) that brings cardholders and retailers together
• Size Requirements / Restrictions
o Merchant - None (subject to Bank approval)
o PayFac – None, but at $1m the Acquirer must contract with Sponsored Merchant
o Marketplace – No one retailer may have more than $10m in Visa and more than 10% of Marketplace’s annual Visa volume
• Merchants and Marketplaces responsible for dispute resolution
27 | Negotiating Payment Processing Agreements
Consumer Bill Payment Service (CBPS)
• New Visa classification – effective October 17, 2020
• Similar to Payment Facilitator but does not require sponsored merchant contract
• Designed to enable credit card payments to entities that do not accept credit cards
• Acquirer Requirements (among others)o Register the CBPS with Visa and obtain written approval for each
CBPS.
o Due diligence review of the CBPS and the non-Visa-accepting billers to ensure compliance
28 | Negotiating Payment Processing Agreements
Consumer Bill Payment Service (CBPS)
• Acquirer Requirements Continued - ensure that the CBPS:o Makes payments only to billers that are businesses located in the same
country as the CBPSo Uses the appropriate MCC to identify a billero Performs customer verification (KYC) and meets all applicable anti-money
laundering requirements for all non-Visa-accepting billers before initiating Transactions for such billers
o Only aggregates payments to a single billero If using a Card to pay billers for the associated bill payment, only uses a
Visa Commercial Card if the Cardholder paid using a Visa Commercial Card
o Clearly discloses to the Cardholder, before the Transaction takes place, that it is the Merchant and that the Transaction involves only the transfer of money from the Cardholder to the third party
o Complies with additional transaction processing and reporting requirements.
29 | Negotiating Payment Processing Agreements
Consumer Bill Payment Service (CBPS)
• Eligible MCCso 4900 (Utilities – Electric, Gas, Water, and Sanitary)o 6012 (Financial Institutions – Merchandise, Services, and Debt
Repayment)o 6051 (Non-Financial Institutions – Foreign Currency, Non-Fiat
Currency [for example: Cryptocurrency], Money Orders [Not Money Transfer], Account Funding [not Stored Value Load], Travelers Cheques, and Debt Repayment)
o 6513 (Real Estate Agents and Managers – Rentals)o 8011 (Doctors and Physicians [Not Elsewhere Classified])o 8050 (Nursing and Personal Care Facilities)o 8062 (Hospitals)o 8099 (Medical Services and Health Practitioners [Not Elsewhere
Classified])
30 | Negotiating Payment Processing Agreements
Consumer Bill Payment Service (CBPS)
• Eligible MCCs continued
o 8211 (Elementary and Secondary Schools)
o 8220 (Colleges, Universities, Professional Schools, and Junior Colleges)
o 8241 (Correspondence Schools)
o 8244 (Business and Secretarial Schools)
o 8249 (Trade and Vocational Schools)
o 8299 (Schools and Educational Services [Not Elsewhere Classified])
o 9311 (Tax Payments)
• Similar classification for B2B - Business Payment Solution Provider (BPSP)
31 | Negotiating Payment Processing Agreements
PART III: Payment Processing Agreements
32 | Negotiating Payment Processing Agreements
Payment Processing Agreement - Parties
The standard payment processing agreement includes three parties
Acquiring Bank Processor / ISO Merchant
Members of Visa / MC Sells payment acceptance to merchants
Contracts to accept cards
Authorizes others (primarily (processors/ISOs) to sell card acceptance
Underwrites, signs and onboards merchants
Submits payment (via POS or software gateway)
Sets underwriting standards and maintains/oversees compliance
Performs core processing services
Provides goods/services and manages customer relationship (returns, refunds)
Facilitates settlement Offers ancillary services
Most Processors/ISOs are authorized to sell Amex to merchants with <$1m in Amex volume. Merchants with $1m or more in Amex volume must have a direct Amex agreement in addition to a processing agreement.
33 | Negotiating Payment Processing Agreements
Payment Processing Agreement -Structure
Contract Structure
• Merchant Application
• Terms and conditions
• Bank Authorizations
• Personal Guaranty (if applicable)
• Addendums for ancillary services (direct or with third parties)
o E-check
o POS / Gateways
o Consulting/analytics
o Fraud mitigation, tokenization, other ancillary services
• Separate card acceptance agreements for AXP and Discover (sometimes)
• May be a stand-alone agreement or integrated under MSA or other online terms and conditions
34 | Negotiating Payment Processing Agreements
Payment Processing Agreement -Considerations
Practical Considerations
• Is the contract negotiable – yes with exceptions
• Terms vary significantly depending on context
o Deal size (processing volume)
o Acquirer/Processor
o Business model
o Other leverage
• Negotiation process
o RFP to multiple Bank/Processor/ISOs
o Leverage competition
o Negotiate all key terms before final selection
• Use of bank/processor contract
35 | Negotiating Payment Processing Agreements
Payment Processing Agreement – What’s Important?
Merchant priorities• Pricing
• Scope (and value-add)
• Performance
• Technology and solution
• Minimize PCI obligations
• Flexibility and leverage
• Continuity of service
• Rights to use data
• Fair allocation of risk
Acquirer/Processor Priorities• Same as merchant priorities, but with
different perspective• Standard processes and flexibility to
change them• Flexibility to change policies and
pricing• Flow-down rights• Right to use data• Limiting liability• Credit risk policies / reserves• Long-term commitment / exclusivity• Auto-renewal• Ancillary services • Compliance
36 | Negotiating Payment Processing Agreements
How much leverage do you have?
Largest 150 merchants generate more than half of the total payments in North America. The smallest 80% of merchants only generate 2% of revenue
37 | Negotiating Payment Processing Agreements
Payment Processing Agreement - Pricing
Primary components of price:
• Interchange - payable to issuing bank and determined by many factors. Among them:
o Physical presence or absence of the card during the transactiono Processing method used (e.g., swiped, manually entered or e-commerce)o Credit card companyo Card type (e.g., regular, premium, commercial, rewards or government-
issued)o Merchant’s business type (as determined by merchant category code)
• Assessments payable to card networks
• Processing fees payable to acquirer and processor
American Express:
• Discount Rate payable to American Express (directly or indirectly)
• Processing fees payable to processor
38 | Negotiating Payment Processing Agreements
Payment Processing Agreement – Pricing
Tiered Pricing
• Blends hundreds of interchange rates (0.05% to >1.65% into 3 categories)
o Qualified
o Mid-qualified
o Non-qualified
• Complex and Opaque
• Inconsistent buckets problem
Flat Rate
• Fixed rate for all credit and debit card transactions (e.g., 2.9% + $0.30)
Subscription
• Flat monthly service fee with smaller per transaction fee
39 | Negotiating Payment Processing Agreements
Payment Processing Agreement – Pricing
Interchange +• Pass-through of interchange and assessments without mark-up• Processor fee is incremental
o Usually a percentage (e.g., 0.70% + $0.05 / authorization)o Can be a flat percentage or tiered based on volume
• Most transparent and increasingly commonOther Fees• Statement Fees• Equipment Fees• Chargeback Fee• Retrieval Fee• IVR or Voice Authorization Fee• Non-Compliance Fees
40 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective
Merchant / Payment Facilitator
Perspective
Term 3-5 years
Auto-renewal
Varies – but 3 years is most common –
ideally with early termination options
Be aware of multi-year auto-renewal
provisions
Exclusivity Bank and/or Processor is
exclusive provider of payment
services
No exclusivity (particularly if there is a
minimum commitment)
If there is exclusivity, negotiate:
• Scope (services, geography, transaction
type)
• Exceptions (e.g., gateways, ancillary
services, transition at end of term)
41 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue Bank / Processor Perspective
Merchant / Payment Facilitator
Perspective
Scope of
PayFac
Authorization
Approval may be limited to
particular geography, industry, or
products and services
PayFac required to follow
detailed underwriting
requirements – case-by-case
approval likely required for high
risk and other merchant
categories
Broad discretion to change
standards and to refuse to
onboard any merchant
Broad authorization to operate
business and sign merchants
Clear guidelines that allow for quick
and efficient onboarding
Negotiate approvals for key
merchant categories upfront
SLAs for timely response and
approvals
42 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective
Merchant / Payment Facilitator
Perspective
Fees Core fees included on
application or in pricing exhibit
Clear rights to pass through
network charges, fines, fees
and other amounts
Rights to pass through
increases from third parties
Unilateral rights to change fees
on notice to Merchant / PayFac
List all fees in one place
Fees can be changed only when the
changes reflect changes made by networks
Minimum notice period to comply and
enable flow-down to Sponsored Merchants
Supporting documentation for fee increase
Termination rights
43 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue Bank / Processor Perspective
Merchant / Payment Facilitator
Perspective
Minimum
Commitm
ents
Include monthly minimum fee
(particularly for PayFac)
Varies – may be acceptable with
negotiation of the following issues
• Amount
• Ramp-up period
• Exceptions
Disputed
Charges
Bank shall presume that any
amounts the Bank pays to or debits
from Merchant are correct unless
Merchant disputes these by sending
Bank written notice within thirty (30)
days of the date of the applicable
statement containing any disputed
payments or debits.
Dispute period should be 90-180 days
Reciprocal prohibition on back-billing
by processor
44 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective
Merchant / Payment Facilitator
Perspective
Rules and
Regulations
Merchant / PayFac required to
comply with all laws and
network rules
Also required to comply with
any policies, procedures,
guidelines, and other
documentation provided by
Bank or Processor
Some contracts will include
detailed sections from network
rules
Bank / Processor should have
reciprocal obligations
Require disclosure of all relevant
documentation
Limit Bank or Processor rights to
unilaterally change policies, procedures
or guidelines (other than to comply with
laws and network rules)
Flow-down terms are generally
acceptable, but caveat that they apply
only to the extent they are consistent
with the network rules
Changes Option to pass through costs
of compliance / changes
Processor should make changes at its
expense
45 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective
Merchant / Payment Facilitator
Perspective
Data
Security
Merchant / PayFac must
comply with PCI and all
additional network security
requirements
PayFac must ensure
compliance of its Sponsored
Merchants and service
providers
Merchant must ensure
compliance of its service
providers
Bank / Processor position is reasonable
Confirm contract has reciprocal data
security obligations for Bank / Processor
Address Merchant Data security
separately
46 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue Bank / Processor Perspective
Merchant / Payment Facilitator
Perspective
Changes Maintain right to unilaterally
changes terms and pricing
Need to be able to offer a
standard service, comply with
bank and network requirements,
and recover unexpected costs
Limit rights to changes required by law
or network rules
Add objection process and/or
termination rights
Minimum notice period to comply
and/or flow-down terms to Sponsored
Merchants
47 | Negotiating Payment Processing Agreements
Payment Processing Contract Issues
Issue Bank / Processor Perspective
Merchant / Payment Facilitator
Perspective
Rights in
Data
Cardholder Information –
governed by PCI
Preserve rights to use
Transaction and Merchant Data
Cardholder Information – governed by PCI
Retain rights to use Transaction Data and
Merchant Data (and limit Bank /
Processor)
Add confidentiality obligations on Bank /
Processor covering business, transaction,
customer and similar data
48 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue Bank / Processor Perspective
Merchant /
PayFac
Perspective
Termina
tion
Very broad rights for Bank / Processor to terminate (some
mandated by Network Rules)
Merchant has violated any provision of this Merchant
Agreement.
• Material adverse change in Merchant’s financial condition,
or Bank determines in its sole discretion that Merchant’s
processing activity could result in a loss to Bank.
• Bankruptcy or similar occurrences
• Providing any false, incomplete or misleading information.
• Excessive chargebacks e.g., > 1% of Charges in a month
• Inadequate funds in settlement account
• Employee fraud
See next slide
49 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue Bank / Processor Perspective
Merchant / Payment Facilitator
Perspective
Termina
tion
• Unable to perform any obligation
• Failure to pay any amount when due
• Failure to fund reserve
• Any representation or warranty is not
true or accurate
• Default of any agreement with Bank
• Changes to the network rules that
cause Bank to be in breach
• Any circumstances arise regarding
Merchant or its business that create
harm or loss of goodwill to any
Network.
• Limited rights for PayFac / Merchant
to terminate (with exceptions)
Bank / Processor Rights
• Limit subjective termination rights
• Add materiality qualifiers
• Extend notice periods
• Add cure periods where appropriate
Merchant / PayFac Rights
• Reciprocal termination rights where
appropriate
• Termination rights for any change in
pricing, policy, underwriting
guidelines, or reserve requirements
• Termination for convenience rights
(possibly for a fee)
50 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective
Merchant / Payment Facilitator
Perspective
Early
Termination
Fee
PayFac pays the remaining
value of the contract (various
ways to calculate) following
any termination
Often payable for any reason
other than termination by
Merchant / PayFac for
uncured material breach
Eliminate altogether if possible or limit to
specific termination events (e.g., PayFac
early termination without cause or Bank
termination for uncured material default)
Negotiate termination fee calculation
• Not to exceed MRC or other cap
• 25% of remaining contract (vs. 100%)
• N/A after initial (TBD) period
51 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective Payment Facilitator Perspective
Ownership of
Sponsored
Merchant
Relationships
Contracts vary – sometimes
not addressed directly
Roles / responsibilities should during
term should be clearly allocated
between Processor and PayFac
Exclusive rights to communicate and
market to Sponsored Merchants
Ownership of merchant portfolio –
rights to direct assignment to any
other Bank / Processor
52 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective
Merchant / Payment Facilitator
Perspective
Transition
Assistance
Generally not addressed in
form contract.
Contingent on merchant
compliance with terms and
reserve funding
Option to extend services for some period
following termination (90-180 days) to
maintain service continuity unless
prohibited by law or a network
Exception from exclusivity (if applicable)
De-
conversion
Conditioned on notice and
payment of standard fees
Add process and timing expectations
Commercially reasonable or negotiated
rates
Express commitment to assign merchant
contracts
Continued provision of services and
economics until deconversion is completed
53 | Negotiating Payment Processing Agreements
Payment Processing Agreements
• Scope
o Continued right to receive services
o Knowledge transfer
o Rights in Data
• Other issues
54 | Negotiating Payment Processing Agreements
Issue Bank / Processor PayFac
Time Period 0 – 6 months 6 – 12 months
Triggers N/A if customer is in breach Expiration or termination for any reason
Fees and rates Then-current standard rates or existing plus premium
Negotiated rates continue
Exclusivity/MRC MRC continues Exclusivity / MRC cease to apply
Extension Rights No Yes (with reasonable notice)
Non-solicit Employees Merchants
Payment Processing Agreements
Issue
Bank / Processor
Perspective
Merchant / Payment Facilitator
Perspective
Performance
Standards
None specified in
standard contracts
Add general performance warranty
Add Service Levels – e.g.,
• Platform availability
• Settlement timeframes
• Customer support
• Incident management
• Dispute management
• Timeliness of key functions (e.g.,
underwriting approvals and onboarding)
Remedies – termination; credits
55 | Negotiating Payment Processing Agreements
Payment Processing Agreements
56 | Negotiating Payment Processing Agreements
Issue Processor Merchant / PayFac
Credit calculation - Fixed amount- X% (Weighting Factor) * Y (% of fees)
Amount at Risk 0 – 10% 10 – 15%
SLA Weighting 100 points (fixed) 150 - 250 points (dynamic)
Applicable Fees % * Fees for Specific Service % * Total Monthly Fees
Escalating $ Depends Yes
Other Remedies Sole and exclusive remedy Non-exclusive remedy
Earn-back Yes No
Improvement Negotiated Automatic
Termination Only if material breach Specific SLA threshold
Excuses General and broad Specific and limited
Bonuses Yes Depends
Payment Processing Agreements
Issue
Bank / Processor
Perspective Merchant / Payment Facilitator Perspective
Reserve Broad rights to take
reserve of any amount to
protect against
chargebacks and other
financial exposure
Reserve account is
generally owned by Bank
and controlled by Bank /
Processor
Reserve continues
following termination to
cover trailing activity (e.g.,
180 days or until financial
exposure no longer exists)
Several issues to negotiate:
• Initial reserve amount
• Triggers
• Amount (formula; caps)
• Notice and reporting
• Timing
• Alternatives (letter of credit)
• Termination rights
57 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective Merchant / Payment Facilitator Perspective
Offset
and
debit
rights
Broad access to merchant
/ payfac accounts and
rights to debit any amount
owed
Rights to set-off amounts
owed by merchant /
payfac or their affiliates
under any agreement
Limit debit rights to network fees and
adjustments and undisputed processing fees
Limit set-off of amounts owed under other
agreements
Security
interest
Merchant / PayFac grants
security interest in all
funds / accounts
Narrow to reasonable scope
Consider impact on third party debt
arrangements
58 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue Bank / Processor Perspective Merchant / Payment Facilitator Perspective
Personal
Guaranty
Broad rights if anything in
discretion violations rules,
regulations, violation of law or
creates other risk
Required by network rules
No personal guaranty
Bank / Processor has other ways to protect
against financial exposure
N/A for public companies or non-profits
Rights to
suspend
or cease
services
Broad rights if anything in
discretion violations rules,
regulations, violation of law or
creates other risk
Required by network rules
Notice
Materiality
Limit to offending sponsored merchant
Right to terminate
59 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue Bank / Processor Perspective
Merchant / Payment
Facilitator Perspective
Assign-
ment
Bank / Processor rights to assign
without merchant consent
Processor right to change banks
without merchant consent
Prohibition on assigning any rights
without prior consent (due diligence
and underwriting typically required)
Consent required for assignment
(and/or termination rights)
Indemni-
fication
Broad indemnity from PayFac
Limited or no indemnity from Bank /
Processor
Add reciprocal indemnities where
appropriate
Add IP infringement indemnity
Add exceptions for Bank /
Processor breach, negligence,
misconduct
60 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective
Merchant / Payment Facilitator
Perspective
Liability
Limitation
Exclusions of consequential
damages
Caps on direct damages
(sometimes as low as the
lesser of $10,000 and 3
months processing fees)
Generally applicable only to
Bank / Processor
(Negotiated terms may vary
between Bank / Processor)
Limits limitations should be reciprocal
Exceptions for:
• Data breach
• Network fees, fines and penalties
• Fees, chargebacks and other amounts
owed under the agreement
• Failure to pay / misdirection of settlement
funds
• Gross negligence, fraud, willful misconduct
Narrow warranty disclaimer so that it doesn’t
exclude liability altogether
61 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective Merchant / Payment Facilitator Perspective
Responsibility
for third
parties
Merchant / PayFac
are responsible and
liable for all
Sponsored
Merchants and all
third party software,
equipment and
service providers
Bank / Processor position is reasonable - so long
as the (i) third parties are contracting with
Merchant / PayFac and (ii) there are carve outs
for Bank / Processor breach, negligence or other
misconduct
PayFac will likewise flow obligations down to its
Sponsored Merchants
Merchants will flow-down obligations to service
providers (though negotiating indemnity / liability
terms can be difficult with some service providers)
Add reciprocal terms for Bank / Processor
affiliates, contractors and employees
62 | Negotiating Payment Processing Agreements
Payment Processing Agreements
Issue
Bank / Processor
Perspective
Merchant / Payment Facilitator
Perspective
American
Express
Merchant agreement will
often have a separate
section of terms governing
Amex OptBlue or other
programs
Generally accept flow-down terms
Dispute
Resolution
Consistent governing law
across agreements
Generally mandatory
arbitration
Business-to-business
arbitration is generally
permitted
Some Merchants / PayFacs will negotiate
but generally accept Bank / Processor
positions
63 | Negotiating Payment Processing Agreements
PART V: ISO/Bank Referral Agreements
64 | Negotiating Payment Processing Agreements
ISO/Bank Referral Agreements
• Structureo ISO/Bank refer merchants to an Acquirer/Processoro Merchant enters into Merchant Processing Agreement with
Acquirer/Processoro Acquirer/Processor pays negotiated compensation to
ISO/Bank
• General Issueso Term and Termination o Exclusivity (and exceptions)o Risk allocation (generally ISO/Bank but some exceptions)
65 | Negotiating Payment Processing Agreements
ISO/Bank Referral Agreements
• Pricingo Signing bonus (deal level and merchant level)
o Wholesale Rates vs. Revenue Share
o Incentives
o Ancillary equipment and services
o May vary by merchant category (converted, contributed, new)
66 | Negotiating Payment Processing Agreements
ISO/Bank Referral Agreements
• Servicingo Marketing support and personnel commitments
o Merchant servicing
o ISO/Bank servicing
o Access to systems, information and reporting
67 | Negotiating Payment Processing Agreements
ISO/Bank Referral Agreements
• Rights in Merchantso Who sets price to merchants
o Who controls marketing and communication
o Non-solicitation
o Portfolio ownership (right to transfer at end of deal)
• Performanceo Scope, warranty, and general commitments
o Service levels and remedies
68 | Negotiating Payment Processing Agreements
ISO/Bank Referral Agreements
• Legal Termso Governance process
o Confidentiality
o Data security
o Liability
o Indemnity, insurance and other allocation of risk terms
o Audit and compliance
69 | Negotiating Payment Processing Agreements
PART V: Compliance
70 | Negotiating Payment Processing Agreements
Who are the Regulators?
• Payments Generally
o Network Rules – enforced on flow-down basis in payments ecosystem
• Data Security and Privacy
o Networks (and flow-down entities)
o Federal Regulators – FTC, CFPB, FFIEC
o State AG / Regulators
• Consumer Protection
o Networks (and flow-down entities)
o Federal Regulators – FTC, CFPB
o State AG / Regulators
• Additional Financial Regulations and Regulators
o KYC/AML – FinCEN, OFAC
o Money Transmission – State and Federal 71 | Negotiating Payment Processing Agreements
Card Network Rules
Card Network Rules
• Maintained by each card network
• Provide rules and requirements for all players in the payments ecosystem
• Published 2x per year (April and October)
• Not legal requirements – enforced by agreement
• Incorporated by reference in payments processing agreements
72 | Negotiating Payment Processing Agreements
Card Network Rules
• Honor All Cards – Merchants must accept all categories of debit, credit and prepaid cards
• Treat all Networks the same
• Marketing and use of logos/marks
• Flow-down of obligations and liability
• Data Security – PCI, EMV, and network-specific programs and validation requirements
• Clear communication and disclosure (return/refund policies, additional fees)
• Disputes, chargebacks, credits
• Processing requirements
• Surcharges, Convenience Fees, Service Fees, Cash Discounts, Minimums
• Stored Credentials and Recurring Payments
• Registration requirements (Processors, ISOs, PayFacs, and others)
73 | Negotiating Payment Processing Agreements
Surcharges – Definition and Requirements
Definition - A fee assessed to a Cardholder by a Merchant in the US Region or a US Territory that is added to a Credit Card Transaction for the acceptance of a Credit Card.
Rules and Requirements• Compliance with applicable law – surcharging is prohibited and/or
regulated in several states
• Compliance with other network rules (below are Visa requirements)
• Applies to credit card charges only
• Must treat all card brands the same
• Allowed for all merchant categories
• Must be included in transaction amount (not collected separately)
• Must notify Visa in writing at least 30 days before surcharging74 | Negotiating Payment Processing Agreements
Surcharges – Rules and Requirements
Rules and Requirements • Can be a flat fee or a percentage
• May not exceed the cost of acceptance – defined as the average Merchant Discount Rate that a Merchant pays to its Acquirer for Credit Card Transactions. The average Merchant Discount Rate is calculated based on Credit Card Transactions conducted by the Merchant for the preceding one or 12 months, at the Merchant’s option.
• Disclosure to merchants at POS must include all of the following:
o The exact amount or percentage of the US Credit Card Surcharge
o A statement that the surcharge is being assessed by the Merchant and is only applicable to credit Transactions
o A statement that the surcharge amount is not greater than the applicable Merchant Discount Rate for Visa Credit Card Transactions at the Merchant
75 | Negotiating Payment Processing Agreements
Surcharges – Disclosure Requirements
Transaction Type Point-of-Entry Point-of-Transaction
Face-to-Face
Transaction
Main entrance(s) of the Merchant Outlet, in a
minimum 32-point Arial font, but in any case, no
smaller or less prominent than surrounding text
Every customer checkout or payment location, in a
minimum 16-point Arial font, but in any case, no
smaller or less prominent than surrounding text
Electronic Commerce
Transaction
The first page that references credit card brands
accepted, in a minimum 10-point Arial font, but in any
case, no smaller or less prominent than surrounding
text
Checkout page, in a minimum 10-point Arial font, but
in any case, no smaller or less prominent than
surrounding text
Mail Order
Transaction
The first page of the catalog that references credit
card brands accepted, in a minimum 8-point Arial font,
but in any case, no smaller or less prominent than
surrounding text
Mail order form, in a minimum 10-point Arial font, but
in any case, no smaller or less prominent than
surrounding text
Telephone Order
Transaction
The first page of the catalog that references credit
card brands accepted, in a minimum 8-point Arial font,
but in any case, no smaller or less prominent than
surrounding text
Verbal notice from the telephone order clerk, including
US Credit Card Surcharge amount
Unattended Cardholder-
Activated Terminal
Main entrance(s) of the Merchant Outlet (if applicable)
(for example: gas [petrol] station store) in a minimum
32-point Arial font, but in any case, no smaller or less
prominent than surrounding text
On the Unattended Cardholder-Activated Terminal or
virtual disclosure on the payment terminal screen, in a
minimum 16-point Arial font, but in any case, no
smaller or less prominent than surrounding text
76 | Negotiating Payment Processing Agreements
Convenience Fees
Definition- A fee charged by a Merchant for a bona fide convenience to the Cardholder (for example: an alternative channel outside the Merchant’s customary payment channel) that is not charged solely for the acceptance of the Card.
Rules and Requirements
• No registration required
• Allowed for all merchant categories
• Charged for bona fide convenience in the form of an alternative payment channel (must be an alternative channel available for which a fee doesn’t apply – e.g., a convenience fee may be charged for an online ticket sale if the customer can buy at box office without the fee)
• Applied to CNP only (but prohibited if merchant operates exclusively in CNP environment)
77 | Negotiating Payment Processing Agreements
Convenience Fees
• Charged only by the Merchant that provides goods or services to the Cardholder
• Applicable to all forms of payment accepted in the payment channel
• Disclosed clearly to the Cardholder (i) as a charge for alternative payment channel convenience and (ii) before completion of the transaction
• Must be a flat or fixed amount, regardless of the value of the payment due
• Must be included as part of the total amount of the Transaction and not collected separately
• May not be charged in addition to a surcharge
• May not be charged on a Recurring or Installment Transaction
78 | Negotiating Payment Processing Agreements
Service Fee
Definition - A fee assessed to a Cardholder that uses a Card to pay for goods and services in a permitted Merchant category.
Rules and Requirements
• Government and Education industries only
• Reasonable reflection of the transaction costs (e.g., discount rates and processing fees)
• Flat, fixed, banded, or ad valorem amount, regardless of the value of the payment due, as required by applicable laws or regulations
• Assessed on the final Transaction amount (after discounts/rebates)
• May not be charged in addition to a surcharge or Convenience Fee
• May be processed as a separate Transaction
79 | Negotiating Payment Processing Agreements
Storing Payment Credentials
Obtain Cardholder’s express informed consent in an agreement containing the following:
• Information related to the Transaction, including:o Description of goods or serviceso Total purchase priceo Cancellation and refund policieso Surcharges (when permitted and assessed)
• Information about the Merchant (including location and contact information)
• Separate from general terms and conditions
• Terms regarding use of payment credentials
o The Account Number (last four digits only)
o How the Cardholder will be notified of any changes to the agreement
o Transaction amount or a description of how the Transaction amount will be determined
80 | Negotiating Payment Processing Agreements
Storing Payment Credentials
• Terms regarding use of payment credentials
o The Transaction Currency
o How the Stored Credential will be used
o Timing and frequency of Transactions (if scheduled) or the event that will trigger a transaction (if unscheduled) – e.g., balance drops below $25
o The expiration date of the agreement, if applicable
o The length of any trial period, introductory offer, or promotional period
o The Merchant must retain this information for the duration of the agreement and provide it to the Cardholder or Issuer upon written request.
o Stored credentials may not be used for finance charges or interest
81 | Negotiating Payment Processing Agreements
Recurring Transactions
The Merchant must do all of the following:
• Provide a simple cancellation procedure, and, if the Cardholder’s order was initially accepted online, at least an online cancellation procedure.
• Include the fixed dates or intervals on which the Transactions will be processed.
• At least 7 days before a Recurring Transaction, notify the Cardholder via email or other agreed method of communication if a trial period, introductory offer, or promotional period is going to end. The Merchant must include in the communication the Transaction amount and Transaction Date of subsequent Recurring Transactions and a link or other simple mechanism to enable the Cardholder to easily cancel Transactions online or via SMS/text message.
Additional Laws and Regulations
• Electronic Fund Transfer Act
• Restore Online Shoppers’ Confidence Act (ROSCA)
• FTC Act
• State laws governing recurring billing and subscriptions 82 | Negotiating Payment Processing Agreements
PCI Compliance
PCI-DSS (Payment Card Industry Data Security Standard)
• Administered by Visa, MC, Amex, Discover and JCB
• Applies to all companies that accept, process, store or transmit card info
o Regardless of size and solution (e.g., call center entering info into secure third-party portal)
o Includes network branded debit and prepaid cards
• Card information includes:
o Account number alone or with cardholder name, expiration data and or service code
o Sensitive Authentication Data – mag stripe, chip data or other security-related info
83 | Negotiating Payment Processing Agreements
PCI Compliance
• Non-compliance can result in:
o Suspension of card acceptance
o Non-compliance fines of $5,000 - $100,000
o Additional exposure in event of a data breach (card replacement costs; chargebacks)
o Forensic audit
• Merchant obligations can be minimized through use of processors / solutions, but not eliminated
PA-DSS (Payment Application Data Security Standard)
• Applies to vendors who provide payment products to merchants
84 | Negotiating Payment Processing Agreements
PCI Compliance – Goals and Requirements
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
85 | Negotiating Payment Processing Agreements
PCI Compliance – Goals and Requirements
Implement Strong Access Control Measures
7. 7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security for employees and contractors
86 | Negotiating Payment Processing Agreements
PCI Compliance
• Level 4 - complete annual Self-Assessment Questionnaires (SAQ) or alternate validation permitted by its Acquirer.
• Levels 2-3 - complete an SAQ and Attestation of Compliance (AOC)
• Level 1 - file a Report on Compliance (ROC) by Qualified Security Assessor (QSA) and submit an AOC
Level Description
1 Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
2 Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year
3 Any merchant processing 20,000 to 1M Visa e-commerce transactions per year
4 Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants (in any acceptance channel) — processing up to 1M Visa transactions per year.
Scope of PCI obligations varies depending on transaction volume
87 | Negotiating Payment Processing Agreements
PCI Compliance
Onsite or Self-Assessment
Self-Assessment
Questionnaire (SAQ) External Vulnerability Scan
A detailed assessment performed by a PCI SSC Qualified Security Assessor (QSA) or by a PCI SSC Internal Security Assessor (ISA). The assessment validates to the acquirer that the organization is handling card data in accordance with the Payment Card Industry Data Security Standard (PCI DSS).
Validation tool for eligible merchants who self-assess their PCI DSS compliance and who are not required to undergo an onsite assessment.
Vulnerability Scanning performed by a PCI SSC Approved Scanning Vendor (ASV) of all Internet–facing system components that are a part of, or provide a path to, the cardholder data environment.
Applies to: Level 1 (Onsite required) and 2 Merchants
Applies to: Levels 2, 3 and 4 Merchant
Applies to: All Merchants (as applicable
88 | Negotiating Payment Processing Agreements
Laws and Regulations
• Telephone Consumer Protection Act (TCPA)
• Fair Debt Collection Practices Act (FDCPA)
• Electronic Funds Transfer Act (EFTA)
• Equal Credit Opportunity Act (ECOA)
• Bank Secrecy Act (BSA) - AML
• Gramm-Leach-Bliley Act (GLBA)
• FTC and CFPB laws prohibiting unfair, deceptive and/or abusive acts or practices ((UDAAP)
• Fair Credit Reporting Act (FCRA)
• Money Transmission laws
• State laws and regulations – e.g., those governing
o Data breach and privacy laws
o Surchargingo Fee disclosureso Auto-renewal lawso Recurring billing
89 | Negotiating Payment Processing Agreements
State Data Privacy
• California Consumer Privacy Act of 2018 (CCPA)
• Virginia Consumer Data Protection Act of 2020o Signed into law on March 2, 2021o Goes into effect January 1, 2023o Creates consumer rights in data similar to CCPA and GDPRo Requires businesses to establish “reasonable administrative, technical and
physical data security practices” and to conduct assessments for of them for their processing activities.
o Does not include private right of action – VA attorney general will enforceo Applies to persons that conduct business or promote products and that (i)
control or process data from at least 100,000 consumers or (ii) control or process personal data from at least 25,000 consumers and derive 50% of gross revenue from sales of personal data.
o Exemptions for financial institutions subject to GLBA, covered entities or business associates under HIPAA, non-profits, and higher education.
• Similar legislation pending in other states – e.g., NY, WA, FL, MN
90 | Negotiating Payment Processing Agreements
Recent FTC Enforcement
• FDMS
o FTC charged that FDMS (through Wholesale ISO – First Pay) violated the FTC Act and Telemarketing Sales Rule in processing transactions in connection with various debt relief and business opportunity scams and other criminal activity.
o Allegations included:
• Permitted accounts to be opened under false names with deceptive information (e.g., many applications with duplicative information)
• Permitted onboarding of accounts with very high chargebacks or suspected criminal activity
• Ignored warnings from employees and sponsor banks
• Failed to properly screen sales agents
• Inadequate controls on high-risk merchants
o FDMS required to pay $40.2m and to implement stringent underwriting and monitoring programs for Wholesale ISOs
o Appointment of independent assessor to oversee high-risk merchant compliance for three years
91 | Negotiating Payment Processing Agreements
Recent FTC Enforcement
• Qualpay
o Processed payments for a merchant that sold “get-rich-quick” business coaching services
o $46m judgement
o FTC alleged the company ignored red flags:
• Excessive chargebacks
• Negative online reviews and F-rating from the BBB
• Risky multi-level marketing business mode
• Incomplete and inconsistent information on merchant applications
• Failure to review processing statements, marketing materials and telemarketing scripts
92 | Negotiating Payment Processing Agreements
Recent FTC Enforcement
• Madera Merchant Services, LLC, B&P Enterprises, LLC
o Enforcement by FTC and State of Ohio
• FTC Act
• Telemarketing and Consumer Fraud and Abuse Prevention Act
• Ohio Sales Practices Act
o Allegations that the defendants:
• Used remotely created payment orders and remotely created checks (RCPOs) to facilitate payments for unscrupulous merchants
• Processed millions in sham student debt reduction and credit card reduction via telemarketing schemes
o $8.6m judgement and permanent ban
93 | Negotiating Payment Processing Agreements
Recent CFPB Enforcement
• BrightSpeed Solutions Inc
o March 3, 2021 CFPB action - Alleges processing of payments for companies that offered technical-support services and products over the internet, but instead tricked consumers, often older Americans, into purchasing expensive and unnecessary antivirus software or services
• Dwolla
o Older but representative of CFPB authority
o Allegations of inaccurate description of data security safeguards (a UDAAP) and inadequate safeguards
94 | Negotiating Payment Processing Agreements
Enforcement – Key Takeaways
• Regulators are aggressively policing payment processors who facilitate fraudulent schemes
• Enforcement may result in permanent bans, financial liability, asset surrender
• Recommendations
o Maintain and follow policies and procedures
o Merchant (Sponsored Merchant) due diligence and underwriting
o Proactive ongoing monitoring and audit
o Payment Processors cannot “look the other way” (e.g., opening multiple accounts, incomplete or misleading applications)
o Proactive response to red flags, complaints, vulnerabilities
o Assign compliance manager and conduct employee and merchant training
o Clearly define roles and responsibilities (Bank, Processor, ISO, PayFac)
o Maintain adequate data security safeguards and policies
o Describe things clearly and accurately - Data security safeguards, fees, key terms and conditions
95 | Negotiating Payment Processing Agreements
Contact Information
John Barton | PartnerPillsbury Winthrop Shaw Pittman LLP512-580-9625 (o)202-744-9853 (m)[email protected]
96 | Negotiating Payment Processing Agreements