It became evident that the chain of financial responsibility contingent with offering and gaining a merchant account is grossly misunderstood. It was during a panel discussion in Europe that the comment was made to one of the panelists stating that they, unlike an aggregator, do not take any financial risk. Although this is a common assumption, it is inaccurate and this column will explain why.
Credit card processing starts with a consumer and ends with a merchant and although they are interacting with one another, there is a long chain of players in between that makes it all possible.
When it is a merchant account that is causing the loss, the card associations will go after the acquiring bank, the acquiring bank will go after the ISO and the ISO will go after the merchant.
The consumer has a credit card, which is offered and issued by a financial institution. When the consumer agrees to this credit card, they sign an agreement to be responsible for the charges that they incur on that card and if they do not pay it off, as per the agreed terms, then they pay the interest for the balance until it is paid in its entirety.
For that financial institution to be able to offer the card, they had to become an issuing bank for the card association of the brand they are issuing. This process has the financial institution signing an agreement with the card association abiding by their regulations and essentially being responsible for the cards they issue to their consumers. The issuing financial institution is financially responsible for the debt that is being accumulated on the cards that they issue. If a consumer is unable to pay off their debt, it is the issuing financial institution that bears that financial risk.
The card associations have a responsibility to both the issuer and acquirer banking members. The card associations create the brand, the network, the rules and regulations and are the ones that are judge and jury regarding those regulations. They have no financial risk on a transaction level as their contracts with the issuers and the acquirers place all that transactional risk back on the acquirers. However, the card associations have the brand risk, which they endeavor to protect, and this is why they issue the fines and rules to protect their brand and theoretically the consumers.
Acquiring banks (the banks that hold the actual merchant account) take on all financial risk with the card associations. They are the ones that introduce the transactions into the networks, are responsible for performing their due diligence on the merchants/IPSPs and are being monitored by the card associations for compliance, not only on each merchant account but as a participant overall. Just as merchant accounts have thresholds where they become out of compliance, acquiring banks do as well. This last piece of information should help you understand banks motives in applying pressure on you to bring down your chargebacks even though you might technically be in compliance. It is simply a matter of the banks overall ratio and if your merchant account is above their threshold then they have to have several other accounts below the threshold to keep their portfolio compliant.
An independent sales organization (ISO) is a third-party agent that partners with merchant banks to establish and manage merchant accounts on behalf of the merchant banks. ISOs may also be referred to as merchant service providers when they offer financial transaction processing services.
These ISOs are registered with Visa and work with usually one acquiring bank but sometimes they will contract with more than one acquiring relationship. ISOs have to state on their documentation including their advertising, at which acquiring bank they are an ISO. The ISO signs an agreement with the acquiring bank and depending on their underwriting package the acquiring bank determines the parameters to which the ISO may operate within the bank. For instance, they may be able to load and issue a MID to a merchant who is $100,000 per month or under if it is a specific type of retail operation but they need to have the bank approve deals over $100,000. Regardless of the parameters set, the acquiring bank will have the ultimate determination if the merchant will be allowed to process and for how long. This agreement also places financial risk on the ISO for the merchant portfolio that they are operating at that acquiring bank.
The merchant provides the details and documentation regarding the business type and transaction information that is being requested for the merchant account. The ISO will evaluate this information, perform their underwriting due diligence, pull credit information and research the merchant via numerous channels available to them. When they have pulled together a satisfactory underwriting package they submit it to the acquiring bank for processing.
This process could result in a declined application by the bank, a request for further information or newly defined restrictions on the requested processing. The merchant signs an agreement with the ISO stating that they take on the financial risk of the transactions that they are processing. The ISO sets up the hold period and the reserves to reduce the financial risk if the merchant does not live up to its obligations.
Aggregators or IPSPs are similar to merchants in that they are the registered owner of the merchant account. Whether the aggregator is contracting directly with the acquiring bank or through an ISO they have signed an agreement that puts the financial responsibility on them and they have their clients (sponsored merchants) sign an agreement with them for their services.
In a perfect world, consumers and merchants would live up to their obligations and fraudsters would not exist. When it is a merchant account that is causing the loss, the card associations will go after the acquiring bank, the acquiring bank will go after the ISO and the ISO will go after the merchant.