Adult merchants face a wide range of challenges and considerations, including those surrounding the receipt and processing of payments for their products and services — a process governed by numerous corporate rules, international laws, and an overriding need for profitability.
Fortunately, technology and today’s top billing services providers, go over and above to assist clients in what has become a very competitive commodity sector, helping them to stay abreast of the latest legal requirements and compliance issues — and in some cases, entirely managing the process.
At the end of the day, our aim is to protect the interests of reputable merchants that have been in business for years. -Thierry Arrondo, Vendo Services
XBIZ recently asked a selection of the most distinguished experts in adult billing, “What are 2017’s most significant compliance issues and how is your company addressing these issues?”
According to NETbilling CEO Mitch Farber, compliance covers a broad spectrum, ranging from general merchant compliance to PCI compliance and beyond.
“PCI compliance is a requirement for all merchants and processors, regardless of how, where and when they accept payments,” Farber told XBIZ. “Whether you have a merchant account using a payment gateway, billing through a third party IPSP, or using a phone swipe or retail terminal, you as a merchant are expected and required to be PCI compliant.”
Farber says this essentially means that if a business accepts credit cards/debit cards/EBTs, then it must meet the Payment Card Industry Data Security Standard (PCI DSS) established by the card associations, including Visa/MasterCard/Discover/Amex/JCB.
“If you’re not in compliance with PCI DSS, you’re putting your entire business at risk,” Farber explains. “Your merchant bank, payment gateway or processor can help you be compliant — as non-compliance can mean big fines if breaches occur, so NETbilling is happy to assist all of our clients with their PCI compliance needs.”
OrbitalPay Vice President Karen Campbell told XBIZ that OrbitalPay/GET is endlessly advancing in compliance, security, and technology.
“We process for a wide variety of business models, each with their own specific compliance issues,” Campbell explains. “In retail, it is EMV and chip technology.
In the adult sector, it is keeping up with the card association’s acceptance guidelines which are always evolving.”
“Technology and compliance go hand in hand,” Campbell adds. “As a result, we have the tools in place to ensure that our merchants are safe within the parameters of acceptance.”
Mobius Payments President Mia Hyun puts chargeback compliance at the top of the list.
“Visa and MasterCard’s thresholds and tolerance for exceeding the thresholds are only getting stricter,” Hyun told XBIZ. “Partnering with a merchant processor who has their client’s longevity in mind is the key to success.”
Harmik Gharapetian, Epoch’s vice president of sales and marketing, points to Visa Inc.’s 2016 agreement to purchase Visa Europe as a catalyst in the evolution of compliance issues.
“Previously, the E.U. region had a somewhat more lenient chargeback threshold, but as of July 1, 2016, the E.U. merchants threshold limit came in line with that of the U.S. region, [dropping] from two percent to one percent,” Gharapetian told XBIZ. “Eight months into the new requirement, we’ve seen a smooth transition.”
“Remaining compliant with industry regulations is another excellent reason to use a well-established PSP as your primary billing solution,” Gharapetian added.
Vendo Services Managing Director Thierry Arrondo outlined a number of significant compliance issues facing merchants and processors today, including enhancements to VISA/MasterCard’s longstanding rules regarding acquirer jurisdiction, merchant location, and website disclosures.
“In August 2016 VISA announced a clarification and reinforcement of the requirements related to the Merchant Outlet Location and Website Disclosure rules,” Arrondo explains. “As announced in the Visa Business News and Europe Member Letter editions published in August 2016, the Visa Rules were updated in October 2016 to clarify location requirements for all merchants, payment facilitators, and sponsored merchants.”
Arrondo notes that among the rules’ highlights are an acquirer requirement to verify merchants’ correct location and clarification of location disclosures for card-absent transactions.
“Visa recommends that acquirers review their merchant portfolios (especially e-commerce portfolios) to conduct appropriate due diligence to determine correct merchant locations, [and] any merchant located outside the acquirer’s jurisdiction must be transitioned to an acquirer licensed in the appropriate country,” Arrondo told XBIZ. “Acquirers must also ensure their e-commerce merchants correctly and prominently display a merchant’s location information to the cardholder during the checkout process.”
“The Visa rules require that a card-absent merchant uses its principal place of business as the merchant outlet location,” Arrondo adds. “The principal place of business can be defined as the fixed location where the executive officers direct, control, and coordinate the activities of the company (generally, its headquarters). A merchant may have only one principal place of business for it and its direct subsidiaries.”
Arrondo told XBIZ that the rules allow an additional country to be used as a further merchant outlet location for transactions in card-absent environments as long as the following apply:
• The merchant has a permanent location at which the merchant’s employees or agents conduct business activity directly related to providing the cardholder with the goods or services purchased in the specific transaction.
• The merchant assesses sales taxes on the transaction activity[based] on the total amount of the sale of the goods or services.
• The location is the legal jurisdiction, for the transaction, that governs the contractual relationship between the merchant and the purchaser of the goods or services (the cardholder).
“A card-absent merchant must disclose the location of the transaction to the cardholder at the time of the transaction [by prominently displaying] the merchant outlet country to the cardholder on the same screen as the checkout screen or on a page immediately prior to the checkout screen,” Arrondo shares. “It must not be contained only via a hyperlink.”
Arrondo says that although these rules are not radically new, their reinforcement may have important implications in the portfolios of some acquirers.
“In the past, acquirers and payment facilitators allowed a certain level of flexibility when onboarding companies that had been incorporated with the only purpose to establish relationships with acquirers based in a different region than the merchant’s region,” Arrondo explains. “For example, it was common to find merchants with headquarters in the U.S. that would create a company in Europe to establish an acquiring relationship in Europe. These companies [had] no ‘substance,’ i.e. no employees or business activity. The reinforcement of this rules will not allow the use of this type of companies for onboarding purposes anymore.”
“The reinforcement of these rules should also prevent online merchants from incorporating many companies with the purpose of opening many accounts at different acquirers to process transactions above the chargeback thresholds, spreading the chargebacks among the different accounts and meeting the 100 chargeback limit,” Arrondo adds. “For example, a merchant with 500 chargebacks a month and a three percent chargeback ratio could process transactions without penalties if he opens 10 accounts with 10 different acquirers and receives 50 chargebacks at each account.”
Arrondo says that this particular business model is known as “thin MID,” and it presents some unique challenges for merchants and billing providers alike.
“Vendo is addressing this issue by trying to understand the rules (this is not always easy with VISA and MasterCard) and supporting merchants with complex cases — especially in the cases of multilevel company structures and companies with subsidiaries,” Arrondo concluded, adding, “At the end of the day, our aim is to protect the interests of reputable merchants that have been in business for years.”
ChargebackHelp’s Raja says now that the dust has settled from Visa’s purchase of Visa EU, the company is developing best practices to help its merchants stay below the new count and ratio thresholds.
“We’re also wary of EMV compliance,” Raja told XBIZ. “As more storefront merchants become compliant and lock out card-present fraud, it will drive a spike in fraud attacks on card-not-present merchants. So, we’re expecting a busy year.”
Gary Jackson, managing vice president of sales at CCBill, said that strictly speaking, compliance for the card brands has changed little, expect for some specific content items such as an end to escort listings and the increasing scrutiny of fantasy-situation-content tied to more extreme content.
“However, we are seeing a trend in which merchants are going to merchant account providers when they run into compliance problems with card brands and the banks,” Jackson said. “Many are launching with vanilla content to get a push through their underwriting, but then change the site. They then get caught and are in a bind. “It’s a shortcut method used by some loose services providers, but its ends up being very short sighted.”
It is clear from the comments of these billing experts that different business models, content types, operational locations, customer bases, and more, will affect a merchant’s playing field and the rules of the game he or she must play by.
To learn how your company can maximize its bottom line while staying on the straight and narrow, contact your payment processor of choice — they’re your partners in success.