Other considerations for acquirer and third-party provider back-end best practices
David Press, president of Integrity Bankcard Consultants, Inc.-a consulting firm specializing in Acquirer Back Office Solutions, including Underwriting, Risk, Merchant Operations and compliance with Visa and MasterCard Rules and Regulations-believes the first 30 to 40 days after an acquirer issues a merchant ID are the most important for monitoring the merchant.
"It's the first 30-40 days when I like to watch the processes," he said. "That's when you research and find out whether the organization is a bricks and mortar or an e-commerce business."
With over 25 years of experience in the areas of financial crime and insurance fraud investigations, he has worked and trained the Secret Service and local law enforcement agencies to understand, recognize and prosecute credit card fraud.
Add to that, he has worked he worked on the acquirer side as a manager with Peach Tree Bancard, Harbridge Merchant Services and First Interstate Bank in the areas of underwriting, compliance, chargebacks, collections, security and investigations.
Press knows a lot about the relationship between the acquirer, ISO and merchant.
"It's [the relationship] like dating," he continued. "The first 30 to 40 days is when the merchant lays the foundation…if they are doing things that need scrutiny now, you can correct them and make a good relationship."
With his years of consulting with ISOs, numerous acquiring banks, and third-party processors, he offered the following tips and guidelines for acquirers, ISOs and third party vendors, concerning PCI compliance.
Underwriting
Acquiring banks can do a lot, in the beginning of the relationship with the merchant, to make sure that merchant is well on its way to compliance, by underwriting the merchant application, according to Press.
"You really need to dot all Is and cross all Ts," said Press. "Make sure the information on the merchant application is correct. Verify who the principals are, and their credit worthiness. Ask yourself, 'If the person has no assets, how do you collect if they file for bankruptcy?"
Merchant considerations
As it relates to the merchant, Press explained that all aspects of the merchant's business come into play.
"Does the merchant answer the phone properly?" says Press. "Do they have terms and conditions with Trade Commission?"
He emphasized making sure that the said merchant is not putting the acquirer or ISO at risk with their own rules and regulations.
E-commerce considerations
If the merchant is an e-commerce organization, it's important to distinguish whether the organization owns his or her own Web site, according to Press.
"Do they own their website or fronting for another company? Do they own their own domain? " These are some of the questions Press said should be asked by the acquirer, or a third party service provider.
Checking the MATCH File
According to Press, acquirers and ISOs often have issues concerning merchant MATCH files. "An acquirer may approve a merchant on a Monday, but the merchant is not on the match file until Wednesday, so you must check the match file immediately," he said.
An acquiring bank cannot approve a merchant, if their name is on the MATCH list.
"The acquirer must check the MATCH file, as soon as possible, and if there is no record of that merchant on the MATCH file, then print the screen and put it in their folder," Press explained. "Failure to do that can cause the merchant to be terminated, because the acquirer didn't make and inquiry into the match until days after the initial approval."
Chargebacks
A chargeback fee is charged to a merchant when a customer makes a claim that their card has been charged and the merchant has not delivered the product or performed the service.
For the first 45 days that an acquirer or ISO is working with a new merchant, it's important to note whether the merchant is getting chargebacks right away, according to Press.
"Immediate chargebacks tells you what this merchant is doing…it could be something as simple as a different company name on a bill, or it could be that when someone entered the phone number they transposed the numbers," he said.
Monitoring Risk
One of the biggest areas that acquirers need to assess is Risk.
It's up to the acquirer or ISO to make sure the merchant's information is always kept up-to-date.
"A merchant my change ownership, but they don't get in touch with the acquirer or the credit card company," said Press. "What happens is that on the merchant's credit card terminal, there is the old merchant name, but he's changed the name of the business…the merchant gets charged leasing fees for the terminal."
If the business changes ownership, or if there is a name change, the new owners have to fill out a new merchant application.
Out of all of the areas outlined above, Press says that acquirers signing up fraudulent merchants are the biggest risk issue as it relates to laying the groundwork for PCI compliance.
"Card issuers are likely to file compliance cases to transfer their losses due to acquirers signing up fraudulent merchants," he said. "For PCI Compliance to be successful, first there has to be a smooth working relationship with the ISO, acquirers, and card issuers."
Suggested Links:
 Print this page
 Send this page to a friend
Introduction
Who is the acquirer?
Step 1: Engage all internal resources
Step 2: Acquirers and ISOs-Identify and partner with a qualified ASV and/or QSA
Step 3: Engage all external resources to make your merchants aware of PCI Compliance
Step 4: Supply the tools that the merchant needs for PCI compliance
Step 5: Implement and maintain a proper tracking and reporting system
Other considerations for acquirer and third-party provider back-end best practices
|
| |
|
