Archive | Card Organization Rules RSS feed for this section

The Supreme Court Weighs in on Merchant Surcharging

30 Mar

On March 29, 2017, the United States Supreme Court issued its long-awaited decision on the litigation surrounding the New York law that prohibits surcharges.  In Expressions Hair Design, et al. v. Schneiderman, Attorney General of New York, et al., the Supreme Court was asked to decide whether a New York law prohibiting merchants from charging credit card users a surcharge above the sticker price was constitutional.  The practical outcome of the Supreme Court decision is that it does not definitively  answer whether the 10 state laws that prohibit surcharges are unconstitutional.  The technical outcome is that the Court remanded, or sent back, the case to the lower court, requiring the lower court to determine whether the law is an unconstitutional violation of the First Amendment.

The Court first reviewed the history of efforts to pass along interchange costs to consumers.  The Court noted that merchant contracts historically barred merchants from charging credit card users higher prices than cash customers, which Congress put a stop to when it passed the Truth In Lending Act.  That law prevented surcharges and it prevented merchants from giving discounts to cash customers.  When Congress allowed the federal surcharge ban to expire, ten states, including New York, enacted their own surcharge bans.

The merchants in the Expressions Hair Design case were five New York businesses who wished to impose surcharges on customers who used credit cards.  As a result, they wanted to advertise their prices by posting a cash price and a price which included a surcharge.

The pivotal issue was whether the surcharge ban regulated conduct, i.e., was a price regulation, rather than speech.  Because the statute told merchants nothing about the amount they were allowed to charge, the Court concluded that the law regulates how sellers communicate their prices, not what they charge.  “In regulating the communication of prices rather than prices themselves, [the New York law] regulates speech.”

The Supreme Court, having determined that the law regulates speech, and not conduct, sent the case back to the lower court to analyze whether it violated the constitutional right to free speech.  The lower court had concluded that the law regulated conduct, and therefore did not analyze that issue.

As you may recall, ten states currently have laws banning surcharges.   Many of these statutes also have been challenged on First Amendment grounds.  In this case and in a parallel Texas case, the federal appellate courts upheld the state statute. In contrast, the Eleventh Circuit struck down Florida’s law governing surcharges.

The Supreme Court decision did not address whether the New York law was constitutional, but it did conclude that the statute regulated speech and had to be analyzed under First Amendment standards.  That decision is binding on other courts.  So, to the extent challenges to similar state statutes were rejected because the court did not think free speech was involved, those decisions will have to be revisited.  The ultimate effect of this decision will depend on whether the case makes its way back to the Supreme Court after the lower court rules again, and how the courts interpret the various state laws that prohibit surcharges.

For now, industry companies should act as though the ten state laws that ban surcharging are still effective.

But stay tuned.

–Eric Linden, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

–Holli Targan, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

Cyber Insurance Shortfalls

20 Feb

If you store cardholder data, transaction information, or other personally identifiable information you may want to revisit your cyber insurance policy to verify the extent of your coverage.  A court recently found that the cyber insurance policy held by P.F. Chang’s did not cover many losses suffered in P.F. Chang’s data breach.  Based on the court’s findings in this decision and given the structure of the payments industry, many cyber insurance policies will not provide processors, ISOs, or payment facilitators with coverage against fees, fines, and assessments issued by the card brands.
On June 10, 2014, P.F. Chang’s learned that hackers had obtained approximately 60,000 credit card numbers belonging to its customers.  P.F. Chang’s turned to its cyber insurance policy to cover the costs of the data breach.  The policy had been advertised as “a flexible insurance solution designed by cyber risk experts to address the full breadth of risks associated with doing business in today’s technology-dependent world” that “[c]overs direct loss, legal liability, and consequential loss resulting from cyber security breaches.”
Under the cyber insurance policy, P.F. Chang’s was reimbursed for approximately $1.7 million for the cost of an investigation and defending litigation.  However, the insurance company denied coverage of three assessments by MasterCard: a Fraud Recovery Assessment of $1,716,798.85; an Operational Reimbursement Assessment of $163,122.72; and a Case Management Fee of $50,000.  These assessments were technically received by Bank of America, and not by P.F. Chang’s.  P.F. Chang’s used Bank of America Merchant Services (“BAMS”) for its payment processing services.  The assessments were contractually passed through to P.F. Chang’s under its merchant agreement with Bank of America.  P.F. Chang’s filed a lawsuit seeking to recover the amount of the MasterCard assessment.
In its opinion, the court sided with the insurance company.  The court found that the Fraud Recovery Assessment was not covered because: P.F. Chang’s received the assessment from BAMS pursuant to its merchant agreement; BAMS did not suffer any privacy injury (as it was the issuing bank’s records that were breached rather than the acquiring bank’s records); and the policy only covered claims brought by those persons whose records were accessed without authorization.
In addition, the court found that all three MasterCard assessments were excluded from P.F. Chang’s coverage.  The policy excluded any liability contractually assumed, an exclusion commonly found in insurance contracts.  This exclusion means that any loss incurred by P.F. Chang’s as the result of a contractual relationship (in this case as a result of its merchant agreement with BAMS) would not be covered.
Processors, ISOs, and payment facilitators are typically liable for card brand assessments incurred by their sponsor financial institution under their sponsorship agreement.  If you suffer a breach, you may incur card brand assessments.  If one of your merchants suffers a breach, and the merchant isn’t able to pay the related assessments from the card brands, you will likely be liable for the assessment.  Would your cyber insurance policy cover such expenses?  It would be worth your time to check on your insurance coverage and, if appropriate, work with your broker to adjust your insurance policy accordingly.
– James Kramer, Attorney, Jaffe Raitt Heuer & Weiss, P.C.

James Kramer

James Kramer

James is a member of the firm's Electronic Payment Group, Corporate Group and Business Transactions Group. James counsels clients on contractual, regulatory, and compliance matters as well as on purchases, sales, mergers, and acquisitions. He routinely advises and negotiates on behalf of financial institutions and entities in the electronic payments industry.

New Card Brand Fee Disclosure Requirements

4 Aug

There is a subtle shift afoot surrounding merchant fee disclosures.  Both MasterCard and Visa have revised their Rules to require more transparency in card processing charges.  Merchant acquirers and payment facilitators would be wise to revise their merchant agreement forms to incorporate the new guidance.

The MasterCard Rules now specify that acquirers and payment facilitators must deliver to merchants and sub-merchants a separate fee disclosure in the merchant contract.  The disclosure must detail, in truthful, clear and simple terms, the methodology by which each merchant fee is calculated. 

To give the industry insight on what will satisfy the new requirement, MasterCard has published a sample fee disclosure that will comply with the Rules.  We are talking nitty-gritty detail here.  MasterCard recommends that the following be included: 

  • Any monthly minimum fee
  • Qualified rate (credit cards): X.X%
  • Mid qualified rate: Qualified rate + X.X%
  • Non-qualified rate: Qualified rate + X.X%
  • MasterCard assessment fee: X.X%
  • Penalty to cancel prior to expiry date
  • Description of discount rate calculation

Further, MasterCard suggests including the following information on a distinct disclosure page, if not disclosed elsewhere in the agreement:  the date of the contract, cancellation terms, the name and address of the acquirer, the name and address of service providers, the name and address of the terminal provider, and when the merchant will receive payment for transactions.

In addition, MasterCard now requires that card processors and payment facilitators provide a minimum of 30 days advance notice to the merchant of any fee increase or introduction of a new fee.  This is treading new ground:  rarely have the card brands mandated business terms in a contract with a merchant.  As a best practice, MasterCard advises acquirers and payment facilitators to include terms within the merchant contract that permit the merchant to terminate its agreement without penalty within 90 days of receiving notice of a fee increase or introduction of a new fee.

 Visa, too, has published new merchant fee guidelines.  In May, 2015 Visa noted that the Visa Rules prohibit representing any fee created by an acquirer as a fee levied by Visa.  The guidance explained that Visa charges are imposed on the acquirer, not on the merchant, and therefore that all fees should be described as a “Processing Fee for Visa Transaction” and not Visa fee.  Acquirers and payment facilitators must review their solicitations, marketing material, agreements, notifications, and statements and develop corrective action plans by In September 1, 2015, with full compliance required by January 1, 2016. 

We suggest that card processors analyze their existing merchant agreement forms, and revise the templates to incorporate the MasterCard and Visa mandates.

 –Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

Aggregator Rules Evolve

11 Dec

 It’s been awhile now since Visa and MasterCard revised their rules to permit merchant aggregation of payment transactions.  Recently MasterCard refined the concept yet again, this time to increase the annual dollar volume limit a sub-merchant may process to $1,000,000, and to institute a few other tweaks to the merchant aggregator program.

 A refresher:  Back in 2011 Visa and MasterCard revised their rules to permit small internet and face-to-face merchants to be aggregated under a master merchant.  Both card brands treated the aggregating entity as a merchant.  So in addition to special rules relating to aggregators, all requirements imposed on merchants also applied to the aggregators themselves.  These “master merchants” are permitted to provide payment processing services to smaller “sub-merchants”.  MasterCard calls this a Payment Facilitator or “PayFac”.  Visa uses the Payment Service Provider or “PSP” nomenclature.  Once a sub-merchant’s annual volume hit $100,000 per card brand, that sub-merchant was ineligible for aggregation, requiring a contract directly with the acquirer. 

 The aggregator model has enabled small merchants to accept payment cards.  It also has enabled a broader array of companies to offer payment processing services.  All sorts of entities are electing to become aggregators.  Previously any non-bank company that desired to generate revenue by providing payment processing services to merchants was required under the card brand rules to become an independent sales organization, or ISO.  The aggregation rules now allow those entities to become aggregators instead.   In some instances traditional ISO companies are qualifying as aggregators.  And companies that have created software that caters to a certain merchant vertical are bundling their software offerings with payments under the aggregator construct.

 This past October, MasterCard revamped its PayFac standards.  PayFacs are now classified as a type of service provider, rather than a merchant.   The permissible submerchant transaction volume was raised from $100,000 to $1,000,000 in annual MasterCard volume.  Entities with higher annual volumes must enter into direct merchant agreements with an acquirer. 

 In addition, the revised rules state that performing a credit check when screening a prospective merchant or submerchant is not required if the entity has annual MasterCard transaction volume of $100,000 or less.  Further, the new standards specify clauses that must appear in contracts between PayFacs and submerchants, and mandate that submerchant contracts must include all provisions required to be included in a standard merchant agreement.

 We have observed an interesting evolution in the contract terms entered into between PayFacs and acquiring sponsor banks.  As the acquirers gain experience with the PayFac model, that is reflected in a shifting of the terms under which acquirers are willing to sponsor aggregators.  History proves that nothing ever stays the same in the payments business; we expect this new aggregator model will continue to morph and have an effect on the payments landscape for some time to come.

 –Holli Targan, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

Aggregation Considerations

17 Apr

The world of payments is changing, and the card brands are keeping up.  Recognizing that face-to-face micro-merchants have an interest in accepting payment cards, Visa and MasterCard now permit small merchants of all commerce types to be aggregated under a master merchant.  Previously only internet merchants could be sponsored this way.  But aggregation has been extended to new merchant types, including face-to-face merchants.  This is big news, with potentially big revenue opportunities. Many ISOs are wondering whether they should either become, or sponsor, a merchant aggregator.   Below are a few of the many factors a company should consider.  

Both card brands treat the aggregating entity as a merchant.  So in addition to special rules relating to aggregators, all requirements imposed on merchants also apply to the aggregators themselves.  The nuance is that now these “merchants” are permitted to provide payment processing services to smaller “sub-merchants”.   This means that master merchants assume all loss liability of their sub-merchants, resulting in greater due diligence of master merchants by acquiring sponsors.  It should also result in sponsor merchants instituting robust underwriting processes to investigate sub-merchants before accepting them.  Likewise, risk mitigation by master merchants, such as volume limitations or reserve requirements imposed on sub-merchants, will be critical. 

Certain merchant types, such as up-selling, infomercial, and multi-level marketing businesses can never be aggregated.  And once a sub-merchant’s annual volume hits $100,000 per card brand, that sub-merchant is ineligible for aggregation, and must have a contract directly with the acquirer.  In addition, special contractual provisions are required to be included in the master merchant/acquirer agreement and in the sub-merchant/master merchant contract.  

Aside from the card brand rules, there are other regulatory considerations.  If the funds generated from card acceptance will be sent to someone other than the sub-merchant, then state and federal laws surrounding money transmitters may be implicated.  This is a whole different world.  The Federal Bank Secrecy Act and each of the states regulate the transmission of money by any entity that is not a chartered financial institution.  Closely analyze whether your program needs to comply, and budget for undertaking this analysis to be conducted by an aggregation expert. 

The revenue potential opened up by the new aggregator rules could be huge.  As with any opportunity, there is also risk.  Structuring the business with relevant regulatory considerations in mind will facilitate minimizing the hazards while reaping the greatest rewards.

Holli Targan

Attorney & Partner

Surcharge Specifics

28 Mar

Retailers’ demand to pass along to consumers the cost of accepting credit cards has been granted.  Effective January 27, 2013 and as a result of the settlement agreement in In re Payment Card Interchange Fee and Merchant Discount Litigation, Visa and MasterCard revised their Rules to permit merchants to “surcharge” or require cardholders to shoulder the cost of paying with a credit card. There is a lot of buzz in the industry about this development, and rightfully so.  Under what conditions can surcharges be imposed?

First, there are restrictions on surcharging.  The amount the merchant may charge the cardholder is limited to the average discount rate that a merchant pays to its acquirer.  In fact, MasterCard requires a statement to the cardholder that the surcharge is not greater than the merchants’ discount rate.  Further, at least 30 calendar days before assessing a surcharge, the merchant must notify its card processor and the card brands of its intent to do so.

Next, merchants must comply with a few requirements.  Surcharges must be disclosed at the point-of-entry and the point-of-sale.  For on-line transactions, the first page that references credit card brands must include notice of the surcharge.  In addition, the fees must be conspicuously divulged on every receipt – both in store and on-line.  The receipt must show the surcharge amount separately on the front of the receipt in the same type font and size as other items, after the subtotal and before the final transaction amount.  Disclosures must not disparage the brand, network, issuer or payment card product being used.  A request that a consumer use a form of payment with lower acceptance costs does not constitute disparagement.

For e-commerce, mail order/telephone order, and unattended transactions, the cardholder must have the opportunity to cancel the transaction after the disclosures are provided.

Surcharges are permitted only on credit, and not debit or prepaid card, payments.  Terminals that offer a choice for debit transactions in the form of “credit” and “debit” buttons must ensure that debit transactions are not surcharged.

If a surcharged transaction is subsequently credited back to the consumer, the merchant must refund any surcharge assessed on that transaction.  For partial refunds, the surcharge amount has to be pro-rated.  A card issuer is permitted to include the surcharge amount in any chargeback amount, and for partial chargebacks, the surcharge amount must be pro-rated.

Keep in mind that despite this permission, the laws of 10 states ban surcharges.  Eighteen other states are currently considering legislation that prohibits surcharges.  What can an acquirer suggest to a merchant?  The new surcharge rules do not affect the Visa and MasterCard Rules regarding convenience fees, which are still permitted under certain circumstances and which may be an option for merchants.

After all of the hype, it appears that the hard-fought right merchants sought to pass along the cost of accepting credit cards has been won.  Despite this, there has not been a stampede to take advantage of this permission.  A few large retailers have announced that they do not intend to surcharge credit transactions.  Certainly competitive forces are coming into play.  It’s also possible that uncertainty about the requirements set forth above is having an effect, particularly on smaller merchants.


Holli Targan

Attorney & Partner