By: Dan Frechtling, SVP of Marketing and Chief Product Officer
What is a greater of concern for payment facilitators — fraud or compliance? That question was posed to me last week at Payment Facilitator Day, part of ETA Transact 2016. The answer? Compliance, due to its growing complexity and unpredictability.
Compliance begins with the card networks. The card networks have brand protection programs, like Visa’s GBPP and MasterCard’s BRAM. They also scrutinize other areas, such as transaction laundering and third-party service providers.
The card networks place a lot of responsibility on PFs for compliance. Visa’s Core Rules state the payment facilitator “is liable for all acts, omissions, Cardholder disputes, and other Cardholder customer service related issues” of sponsored merchants. PFs are also “financially liable for each Transaction processed on behalf of the Sponsored Merchant.” MasterCard says concisely that the PF “must ensure that each of its submerchants complies with the standards applicable to merchants.” American Express requires PFs to conduct KYC and AML checks on sponsored merchants, as that responsibility is contractually delegated from the acquirer.
Yet the card scheme rules are largely codified, so following them is a matter of investing time to learn them and investing resource to follow them. It’s government regulators that cause compliance to engender greater heartburn.
First, there’s the alphabet soup of federal agencies (FTC, CFPB, OCC, FDIC…) and violation classes (BSA/AML, FTA, UDAP, UDAAP, TSR, FDCPA…). Then there’s guidance by enforcement action, meaning case law precedents are created by court victories.
Many of these compliance court victories target payment intermediaries like PFs. And the fines are steep. PayPal, the largest US PF, was ordered to pay $7.7 million for transactions that violated US sanctions. The FTC won a $16 million judgment against Top Shelf Marketing, payment processors Vixous Merchant Services and Keybancard, and other defendants. Global Client Solutions, debt-settlement payment processor, paid the CFPB $7 million for illegal upfront fees.
There’s also regulation by the states that can classify some PFs as money transmitters. When they are classified as such, “there may be bonds that have to be put up, insurance requirements, fee disclosures. So the cost of becoming a money transmitter can be fairly daunting,” says Heather Mark of Propay.
Now, just because compliance is a bigger headache than fraud doesn’t mean fraud is receding. The payment system remains vulnerable despite industry advances. PCI standards and new technologies have improved security, but e-wallets, mobile point-of-sale and payment intermediaries (like PFs) mean more doors can be unlocked to cheat payments. Further, launderers have a choice of hiding places, from crypto-currency to gift cards.
Further, the fraud side is better armed than before. Within the dark web, fraud-as-a-service has emerged, with black markets in cards, identities and financial information. More and more state-sponsored hits on FIs are occurring. Law enforcement only has the resources to focus on the biggest threats.
But as much as fraud is a concern, compliance is a bigger worry. Government regulators are at best imprecise, and some cynics would say purposefully unclear. We’ve heard those charged with protecting their businesses say things like, “we study for an English test and regulators give us a math test,” or “the regulators are just sitting in hidden speed traps handing out tickets. Or as a lawyer on another panel said at Payment Facilitator day, “we are no longer flying under the radar” with regulators, so “we will need to keep on our toes.”
G2’s Market Brief: Payment Facilitators helps PFs prepare for the compliance expectations of card networks, government regulators and acquirers.