Archive | Merchant Acquiring RSS feed for this section

State Law Mandates New Merchant Contract Requirements

3 Feb

The payments world is in a constant state of change, and the requirements surrounding clauses that must be included in card processing agreements with merchants are no exception.  Typically, language that must appear in merchant contracts is handed down from the card brands.  To remain compliant with those constantly-evolving requirements a close eye on card brand rule revisions has been essential.  But now states are getting into the act as well.     

Tennessee provides the latest example.  Effective March 1, 2016, Tennessee requires that all merchant agreements disclose certain terms, such as the effective date and term of the contract,  the circumstances surrounding early termination or cancellation, and a complete schedule of all fees applicable to card processing services.  These requirements are benign enough, as the vast majority of commercial contracts already contain those provisions. 

But here comes the sticky part.  In addition to the above, the Tennessee statute requires the payment acquirer to provide monthly statements.  So far so good – everyone provides monthly statements.  However, the law mandates that certain data points be included in each monthly statement, including an itemized list of all fees assessed since the previous statement, the total value of the transactions processed, and, if the acquirer is not a bank, an indication of the “aggregate fee percentage”.  The aggregate fee percentage is calculated by dividing the fees by the total value of processed transactions during the statement period.

The troubling requirement is the last one:  that any non-bank payment acquirer include in monthly statements the fees imposed, calculated as a percentage of the total value of the transactions processed during the statement period.  Currently such a calculation is not determined, so systems will need to be revamped to include that information in statements. 

And a determination will need to be made as to who, exactly, this requirement applies to.  The law says it is imposed on non-bank payment acquirers.  Certainly that includes payment facilitators.  But if both an ISO and a bank are a party to a merchant agreement and provide the statement, does the aggregate fee percentage need to be included in the monthly statement?  It’s not clear.  A conservative interpretation would suggest that if any non-bank is a party to a merchant agreement, the aggregate fee percentage should be disclosed each month.

Interestingly, the remedy for non-compliance with the Tennessee law is limited to an option by the merchant to terminate the contract.  Before the merchant may cancel the agreement, it must give the acquirer 30 days’ notice.  If the non-compliance is cured, then the merchant is not permitted to terminate the agreement.

ISOs, banks, and processors should review the new Tennessee statute to ensure compliance with its provisions.  And now that the payments industry is on the radar of state legislators, card processors will need to monitor state law developments to keep up with shifting obligations. 

–Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

New Card Brand Fee Disclosure Requirements

4 Aug

There is a subtle shift afoot surrounding merchant fee disclosures.  Both MasterCard and Visa have revised their Rules to require more transparency in card processing charges.  Merchant acquirers and payment facilitators would be wise to revise their merchant agreement forms to incorporate the new guidance.

The MasterCard Rules now specify that acquirers and payment facilitators must deliver to merchants and sub-merchants a separate fee disclosure in the merchant contract.  The disclosure must detail, in truthful, clear and simple terms, the methodology by which each merchant fee is calculated. 

To give the industry insight on what will satisfy the new requirement, MasterCard has published a sample fee disclosure that will comply with the Rules.  We are talking nitty-gritty detail here.  MasterCard recommends that the following be included: 

  • Any monthly minimum fee
  • Qualified rate (credit cards): X.X%
  • Mid qualified rate: Qualified rate + X.X%
  • Non-qualified rate: Qualified rate + X.X%
  • MasterCard assessment fee: X.X%
  • Penalty to cancel prior to expiry date
  • Description of discount rate calculation

Further, MasterCard suggests including the following information on a distinct disclosure page, if not disclosed elsewhere in the agreement:  the date of the contract, cancellation terms, the name and address of the acquirer, the name and address of service providers, the name and address of the terminal provider, and when the merchant will receive payment for transactions.

In addition, MasterCard now requires that card processors and payment facilitators provide a minimum of 30 days advance notice to the merchant of any fee increase or introduction of a new fee.  This is treading new ground:  rarely have the card brands mandated business terms in a contract with a merchant.  As a best practice, MasterCard advises acquirers and payment facilitators to include terms within the merchant contract that permit the merchant to terminate its agreement without penalty within 90 days of receiving notice of a fee increase or introduction of a new fee.

 Visa, too, has published new merchant fee guidelines.  In May, 2015 Visa noted that the Visa Rules prohibit representing any fee created by an acquirer as a fee levied by Visa.  The guidance explained that Visa charges are imposed on the acquirer, not on the merchant, and therefore that all fees should be described as a “Processing Fee for Visa Transaction” and not Visa fee.  Acquirers and payment facilitators must review their solicitations, marketing material, agreements, notifications, and statements and develop corrective action plans by In September 1, 2015, with full compliance required by January 1, 2016. 

We suggest that card processors analyze their existing merchant agreement forms, and revise the templates to incorporate the MasterCard and Visa mandates.

 –Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

What to Do in the Face of a Dispute

9 Mar

What do you do when your exclusive agent starts referring merchants to a different processor?  What if your residuals from your ISO are cut off, or if you don’t receive the hold-back payment from the buyer of your merchant portfolio?

These are the kind of disputes that regularly arise in the payments industry and which require immediate attention.  What should you do when faced with them?

First, gather up all relevant documents, including written agreements, emails and letters concerning the dispute as well as information that supports the other side.  Then, reach out to a lawyer knowledgeable and experienced in the industry.  Knowledge of the payments business is critical because courts will look to industry standards in interpreting contractual ambiguities.

Should you file a lawsuit right away?  We typically recommend, instead, that a demand letter be sent.  A demand letter lays out in some detail what your grievances are, why the contract or parties’ dealings support your position, and what you want the other side to do.  If you are the recipient of a demand letter, gather up the same materials and get them to your counsel right away.

The principal goal of a demand letter is to begin a discussion to reach a resolution of the dispute.  A resolution of a dispute, however, is not the same thing as capitulation.  It involves compromise and negotiation.  Why compromise?  Because litigation is expensive, time-consuming, distracting and the end result is always uncertain.  A negotiated resolution to a dispute is far preferable to one costing tens of thousands of dollars and dragging on for months if not years.

Of course, some disputes cannot be resolved amicably or are of such dire importance that immediate court intervention is necessary.  Under such circumstances, litigation may be the only recourse.

Litigation starts with preparing a complaint which sets forth facts and the plaintiff’s claims.  That document is filed with the court and is served on the other side.  The other side usually has 20 to 30 days to answer depending on the state.  The next step is usually written discovery, meaning a set of questions which need to be answered.  Following written discovery, usually depositions are taken where lawyers question witnesses under oath.  Once all discovery is complete, the parties often will file motions for summary judgment.  A motion for summary judgment asks the court to rule that there are no issues of fact requiring trial and that, as a matter of law, you are entitled to prevail on your claims.  Preparation of a good motion for summary judgment is an arduous task requiring the summation of all of the evidence gathered through the discovery process.  If the court finds that it is unable to grant summary judgment for either side, then the case will proceed to trial.

Litigation can be a lengthy, costly and distracting process.  It will consume many hours of internal personnel time.  Conventional wisdom says that 99% of commercial litigation matters get resolved before trial.  There is, therefore, no reason why a resolution could not have been reached at the demand letter stage rather than after 12 months of discovery and tens or hundreds of thousands of dollars of expense.  If you provide your lawyer with all relevant information at the outset of the dispute, significant costs may be avoided with little, if any, difference in the ultimate outcome.

 — Eric A. Linden, Attorney and Partner, Jaffe Raitt Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Aggregator Rules Evolve

11 Dec

 It’s been awhile now since Visa and MasterCard revised their rules to permit merchant aggregation of payment transactions.  Recently MasterCard refined the concept yet again, this time to increase the annual dollar volume limit a sub-merchant may process to $1,000,000, and to institute a few other tweaks to the merchant aggregator program.

 A refresher:  Back in 2011 Visa and MasterCard revised their rules to permit small internet and face-to-face merchants to be aggregated under a master merchant.  Both card brands treated the aggregating entity as a merchant.  So in addition to special rules relating to aggregators, all requirements imposed on merchants also applied to the aggregators themselves.  These “master merchants” are permitted to provide payment processing services to smaller “sub-merchants”.  MasterCard calls this a Payment Facilitator or “PayFac”.  Visa uses the Payment Service Provider or “PSP” nomenclature.  Once a sub-merchant’s annual volume hit $100,000 per card brand, that sub-merchant was ineligible for aggregation, requiring a contract directly with the acquirer. 

 The aggregator model has enabled small merchants to accept payment cards.  It also has enabled a broader array of companies to offer payment processing services.  All sorts of entities are electing to become aggregators.  Previously any non-bank company that desired to generate revenue by providing payment processing services to merchants was required under the card brand rules to become an independent sales organization, or ISO.  The aggregation rules now allow those entities to become aggregators instead.   In some instances traditional ISO companies are qualifying as aggregators.  And companies that have created software that caters to a certain merchant vertical are bundling their software offerings with payments under the aggregator construct.

 This past October, MasterCard revamped its PayFac standards.  PayFacs are now classified as a type of service provider, rather than a merchant.   The permissible submerchant transaction volume was raised from $100,000 to $1,000,000 in annual MasterCard volume.  Entities with higher annual volumes must enter into direct merchant agreements with an acquirer. 

 In addition, the revised rules state that performing a credit check when screening a prospective merchant or submerchant is not required if the entity has annual MasterCard transaction volume of $100,000 or less.  Further, the new standards specify clauses that must appear in contracts between PayFacs and submerchants, and mandate that submerchant contracts must include all provisions required to be included in a standard merchant agreement.

 We have observed an interesting evolution in the contract terms entered into between PayFacs and acquiring sponsor banks.  As the acquirers gain experience with the PayFac model, that is reflected in a shifting of the terms under which acquirers are willing to sponsor aggregators.  History proves that nothing ever stays the same in the payments business; we expect this new aggregator model will continue to morph and have an effect on the payments landscape for some time to come.

 –Holli Targan, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Durbin Regulation Ruling: Appeals Court Overturns Lower Court Decision

21 Mar

 Today the District of Columbia Court of Appeals upheld the Federal Reserve Board’s regulations interpreting the Durbin Amendment, and in so doing reversed the lower court’s decision invalidating those rules.  Last July, Judge Leon of the U.S. District Court concluded that the Board’s regulations violated the Durbin Amendment statute’s plain language.  Today the Court of Appeals disagreed, holding that the Board’s rules are a reasonable construction of the law. 

The court noted that it reviewed the Board’s interpretation of the law directly, according no deference to the lower court’s ruling.  In an opinion that is a marked departure from the lower court’s combative tone, today’s opinion logically analyzes each of the arguments advocated by the merchants and by the Federal Reserve Board, concluding that the Board’s interpretation of the Durbin Amendment language should stand.

The court remanded back to the Board one aspect of the Durbin regulation, requiring an explanation of the Board’s interpretation of the fraud prevention adjustment.  In the meanwhile, the existing regulation remains in place.

Thus, unless and until today’s decision is appealed to the Supreme Court, both the interchange fee and the anti-exclusivity aspects of the current regulation govern.

 –Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

 

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Preventing Headaches: Do Your Due Diligence

30 Sep

We’ve encountered a few situations lately that underscore the importance of following basic sound contracting practices.  Rushing to move projects along as quickly as possible may lead companies to contract with vendors before thorough investigation, at their peril.  Far too often researching a potential supplier to discover whether the company is able to perform according to plan is ignored. 

Time spent on conducting due diligence up front can save you money and headaches down the road.  Due diligence means investigating a prospective vendor to ensure that the company is what its agents say it is, and that the company can do what they say they will do.

 Why should you bother?  Scrutinizing every prospective contracting party may avoid lost opportunities, costly mistakes, litigation, and degradation of your good name later on.  In situations where the supplier will be performing a service to your customers, the company will affect your profitability and influence how the customer perceives the quality of the service.  In other cases, a vendor may be manufacturing a piece of equipment or developing software, and inexperience may result in months or years of delay.  The few hours that it takes to complete due diligence will reveal information indicating whether the company is able to perform – information that you are better off knowing before the contract is signed.

 Below are the basics of a due diligence policy to get you started:

 The Policy.  Contracting procedures should require that a “due diligence checklist” be filled out on every prospective vendor.  The checklist will highlight key information that should be explored.  Some of the material may be sensitive in nature, so the prospect may feel more comfortable disclosing such information after both sides sign a confidentiality agreement.  The due diligence policy should require that the disclosures be updated at least annually on companies with whom you will have a continuing relationship. 

 The Inquiry.  Every situation is unique, but at a minimum the following should be examined:

*          The company’s most recent financial statement, audited if available. 

*          Talk to at least three business references that have a contractual relationship similar to the one you are contemplating.  Dig deep, asking the references about challenges they have faced working with the prospective vendor. 

*          Professional biographies on individuals in the company with significant management responsibility. 

*          A schedule of all material insurance policies in effect. 

*          Disaster contingency plans. 

*          Outstanding, anticipated, and recently concluded legal action by or against third parties and all government investigations. 

*          Policies and procedures covering security controls. 

The investigation should be thorough enough to uncover information that will reveal whether or not the company can perform the best job for you, and will be there for the long haul.  A good due diligence policy that has the support of senior management can be your best defense against problems down the road. 

–Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

 

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Bottom Line on the Durbin Amendment Court Ruling

22 Aug

So wow, right?  Who could have guessed that the Federal Reserve Board (“FRB”) regulation implementing the Durbin Amendment would be completely eviscerated.  In 2011 a group of merchants filed suit arguing that the regulation issued by the FRB (“Rule”) did not interpret the statute correctly. On July 31, 2013 Judge Leon of the US District Court for the District of Columbia agreed.   The twists and turns relating to that pricing structure we all know and love as interchange, and those involving debit card routing options, just keep coming.   Yesterday the FRB announced that it will appeal the Court decision.   

Here is the bottom line on what the Court ruled:

1. The interchange fee cap adopted by the FRB (21 cents plus .05% of volume) violates the statutory language of the law, and is void. 

2.  The routing option mandating that two unaffiliated networks be available on each debit card also violates the law, and was struck down.  

Judge Leon declared that the Rule is an unreasonable interpretation of the Durbin Amendment statute because it ignores Congress’ directives regarding interchange fees and network exclusivity. 

With regard to interchange, the Court decided that the plain language and legislative history of the statute make clear exactly which issuer costs may be included in the interchange transaction fee standard, and that the inclusion of other costs violates the law. The decision opined that the only amounts that could be considered in setting the fee cap are the incremental authorization, clearing and settlement costs of a particular transaction.  Judge Leon believes that the law did not allow the FRB to consider any additional costs, including fixed costs, transaction monitoring costs, an allowance for an issuer’s fraud losses, or network processing fees. 

Similarly, the Court found that the non-exclusivity provisions of the Rule contravene both the letter and spirit of the statute.   Judge Leon stated that Congress intended that each transaction must be routed over at least two competing networks for each authorization (PIN and signature) method.  The Rule requires at least two unaffiliated networks be enabled on each debit card, not each debit transaction.  Currently issuers may make only one network available for many transactions, since certain transactions, such as Internet transactions, cannot be authorized via PIN. Thus, because two signature networks are not available on every card for every type of debit transaction, the law is violated.  

So technically the Rule has been overturned.  But where does that leave things?  The Court originally “stayed” its ruling, to enable the FRB and the plaintiffs to present arguments on why the Rule should not be immediately overturned.  Invalidating the Rule means no regulation would be in place guiding industry action.  

The FRB announced yesterday that it will appeal the decision to a higher court, and will ask the appeals court to continue to stay Judge Leon’s ruling pending that appeal.  In the meanwhile, the US District Court again stayed its decision.  So for now, the existing Rule is still effective.  Stay tuned.

–Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

 

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Keeping Merchant Information Confidential

19 Jul

Yesterday I participated in a panel discussion at the Midwest Acquirer’s Association meeting in Chicago.  The topic of the session was the duties every company in the payments space has to keep customer information confidential. 

Industry businesses know plenty about obligations to protect cardholder information by complying with PCI mandates.  But many are not aware of legal requirements to keep their customers’ (i.e., merchants’) personal information secure. 

ISOs and processors typically obtain personal information about merchant principals on the merchant account application form.  Names, addresses, social security numbers, driver’s license numbers, employment history, bank account numbers, and even credit card numbers are provided.  Such information is defined as personally identifiable information (“PII”) required to be kept safe by both Federal and state law. 

On the Federal level, the Federal Trade Commission has filed suit against a number of companies for failing to protect the security of customers’ personal information.   The lawsuits are based on a theory that the businesses have engaged in unfair or deceptive acts.  In those cases, the FTC alleged that the company did not follow reasonable or appropriate security practices, or made false representations regarding its security practices. 

On the state level, a number of states have laws that require businesses to maintain the security of PII.  For example, California law requires that: 1) businesses shred or modify customer PII to make the PII unreadable when the records are no longer to be retained; 2) companies maintain reasonable security procedures and practices to protect PII from unauthorized access; and 3) a company that discloses PII to a third party must require by contract that the third party implement reasonable security procedures to protect the PII.  

California takes this quite seriously.  In early July the California Attorney General stated that it will make it an enforcement priority to investigate breaches involving unencrypted personal information, noting that companies should tighten security controls on PII that they hold. 

State data security breach laws also come into play, which require that any business that maintains PII inform consumers of a data breach or the likelihood of misuse of that information.  Under some state laws, the Attorney General must also be notified.  Each applicable state’s law must be examined to determine specific compliance requirements. 

It turns out the PCI compliance is not enough:  payment companies would be well advised to research their obligations under relevant state law to prevent disclosure and misuse of their customers’ personal information. 

 

–Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

 

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

FTC Sues Another Independent Sales Organization

24 Jun

Not more than a day after we reported a similar action, the FTC filed suit against another independent sales organization, attempting to hold it liable for the alleged fraud perpetrated by its telemarketing merchant.  One significant difference is that in this complaint, the former President of the ISO is personally named.

The lawsuit was filed against Newtek Merchant Solutions and Derek Depuydt, its past President, in the action against Global Financial Assist, LLC (“GFA”), a company providing a credit card interest rate reduction service that was sold through telemarketing.  The claim also names HES Merchant Services Company, Inc. (“HES”), a consulting company that set up the telemarketing operation and website for GFA, provided the Newtek merchant accounts, and assisted with chargeback recovery services.

Newtek and Depuydt allegedly violated the FTC’s Telemarketing Sales Rule (“Rule”), which provides that it is a deceptive telemarketing act and a violation of the Rule for a person to provide substantial assistance or support to any telemarketer when that person knows or consciously avoids knowing that the telemarketer is engaged in a deceptive telemarketing act, as defined in the regulation. 

The FTC maintains that Newtek’s payment processing services enabled the charges on consumers’ card accounts to clear through the credit card networks, and that without Newtek’s and Depuydt’s assistance, it would have been impossible for the merchant to charge consumers fees for the interest rate reduction services.  Further, Newtek and Depuydt allegedly knew that many of HES’ accounts were connected to operations that were likely engaged in fraud.

Cited as support for the ISO’s violation of the Rule is the fact that the merchant failed to produce telemarketing scripts when asked.  The document states:  “Newtek simply ignored this deficiency, which would have alerted them to the [telemarketing sales rule] violation.”  Also noted was the fact that the credit reports pulled by Newtek stated that the principals had substantial debts and serious delinquencies.  And similar to the previous complaint, the FTC asserts that MasterCard put the merchant on a monitoring list for excessive chargebacks and Newtek’s response was merely to increase the merchant reserve.

These two actions indicate a massive shift in the card processing landscape.  Any business connected to processing card transactions, from ISOs to consultants to the card processors, should take a hard look at their underwriting practices to ferret out merchants engaged, or even potentially engaged, in deceptive telemarketing practices.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

FTC Claims Card Processor Is Liable for Merchant Fraud

20 Jun

   firealarmOn June 4, 2013, the Federal Trade Commission named independent sales organization IRN Payment Systems (“IRN”) in a lawsuit alleging that IRN violated the FTC’s Telemarketing Sales Rule by processing credit card transactions for, and providing cash advances to, a merchant engaged in deceptive telemarketing.  The FTC’s complaint claims that IRN provided substantial assistance to the merchant by, among other things, processing chargebacks while knowing or consciously avoiding knowledge of the merchant’s fraudulent acts. 

The FTC’s suit should be heard as a fire alarm throughout the card processing industry.  The complaint serves both as a loud warning of the pitfalls of processing for certain types of telemarketing merchants, and as a guide on how to avoid the FTC’s wrath when doing so.

The merchant, Innovative Wealth Builders, Inc. (“IWB”), claimed through telemarketing campaigns that it would save consumers money by reducing interest rates on their outstanding credit card balances.  The FTC alleges that IRN’s due diligence revealed that IWB was a telemarketing company selling debt relief services with complaints against it on consumer websites.  Further, IRN was aware of IWB’s deceptive practices through a number of warning systems, including that IWB’s chargeback rates at times exceeded 40% and that IWB was placed on MasterCard’s high fraud alert program. 

Despite such indications, IRN continued to process transactions.  The FTC states that IRN responded to “the numerous indicators of the illegal nature of [IWB’s] business by seeking to protect its own interests”, specifically, increasing the merchant’s reserve account.  In addition, IRN allegedly assisted the merchant in challenging chargeback disputes and made recommendations on how to defeat chargeback requests. 

Those are actions routinely taken by card processors in the normal course of business.  The difference, it seems, is that IRN profited by earning fees for itself while turning a blind eye and “allowing” (apparently by processing its card transactions) IWB to harm consumers who purchased the bogus card interest rate reduction services.

The FTC’s Telemarketing Sales Rule provides that it is a deceptive telemarketing act and a violation of the Rule for a person to provide substantial assistance or support to any telemarketer when that person knows or consciously avoids knowing that the telemarketer is engaged in a deceptive telemarketing act, as defined in the regulation. 

The filing of this action underscores that the FTC is serious about holding card processors liable for the acts of their merchants.  The industry would be well advised to take heed.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com