payment processing agreements: key ... - amazon web services

Payment Processing Agreements: Key Provisions

for Retailers, Banks, and Payment Processors

Today’s faculty features:

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

The audio portion of the conference may be accessed via the telephone or by using your computer's

speakers. Please refer to the instructions emailed to registrants for additional information. If you

have any questions, please contact Customer Service at 1-800-926-7926 ext. 1.

THURSDAY, MARCH 11, 2021

Presenting a live 90-minute webinar with interactive Q&A

John L. Barton, Partner, Pillsbury Winthrop Shaw Pittman LLP, Austin, Texas & Washington, D.C.

Tips for Optimal Quality

Sound Quality

If you are listening via your computer speakers, please note that the quality

of your sound will vary depending on the speed and quality of your internet

connection.

If the sound quality is not satisfactory, you may listen via the phone: dial

1-877-447-0294 and enter your Conference ID and PIN when prompted.

Otherwise, please send us a chat or e-mail [email protected] immediately

so we can address the problem.

If you dialed in and have any difficulties during the call, press *0 for assistance.

Viewing Quality

To maximize your screen, press the ‘Full Screen’ symbol located on the bottom

right of the slides. To exit full screen, press the Esc button.

FOR LIVE EVENT ONLY

Continuing Education Credits

In order for us to process your continuing education credit, you must confirm your

participation in this webinar by completing and submitting the Attendance

Affirmation/Evaluation after the webinar.

A link to the Attendance Affirmation/Evaluation will be in the thank you email

that you will receive immediately following the program.

For additional information about continuing education, call us at 1-800-926-7926

ext. 2.

FOR LIVE EVENT ONLY

Program Materials

If you have not printed the conference materials for this program, please

complete the following steps:

• Click on the link to the PDF of the slides for today’s program, which is located

to the right of the slides, just above the Q&A box.

• The PDF will open a separate tab/window. Print the slides by clicking on the

printer icon.

FOR LIVE EVENT ONLY

Negotiating Payment Processing Agreements

March 11, 2021

John Barton

Agenda

Part I: OverviewPart II: Classifications - Merchants and MorePart III: Payment Processing AgreementsPart IV: Referral AgreementsPart V: Compliance

6 | Negotiating Payment Processing Agreements

PART I: Overview- Payments Ecosystem- Payment Transaction Flow


Players in the Payments Ecosystem

Player Roles

Card Brand

Networks

Provide the electronic networks which allow consumers, merchants,

processors, and banks to facilitate transactions

Maintain operating rules and regulations

Visa and Mastercard have member banks that issue cards and acquire

merchants

American Express and Discover issue their own cards and consolidate

the functions normally provided by the merchant bank, card issuer, and

card network

Issuers Issue credit cards to consumers on behalf of the card networks

Issue payment to the merchant’s bank (the acquiring bank) on behalf of

their customers (and assume risk of non-payment)

Sponsor

Banks

(Acquirers)

Enable merchants to accept credit card payments from a customer’s

card-issuing bank within a credit card network.

Perform processing, settlement and servicing (itself or more often using

an affiliated or third-party processor)



Player Roles

Payment

Processors

Provide payment processing services to merchants

Front-end processors route transactions from the merchant to the

cardholder’s bank to request authorization

Back-end processors accept settlements from front-end processors and

move the payment to the merchant’s issuing bank

Independent

Sales

Organizations

(ISOs)

Sell payment card acceptance and processing to merchants (acting as

intermediaries between merchants, payment processors, and acquiring

banks)

ISO roles can range from pure referral agents to more active participants

in servicing, risk management

ISVs and

VARs

Offer payment acceptance and processing through software or other

reseller model – often acting as referral agents with an acquirer/processor

partner



Player Roles

Gateway

Providers

Software applications that securely encrypt payment information and

transfer that data between the merchant’s store or website, the bank that

processes the payment, and the bank that issued the card used to make

the purchase. Gateways are often embedded in an online shopping cart

or in an in-store POS

Other Third

Party Service

Providers

Third parties that provide a variety of ancillary services (data analytics,

dispute management, anti-fraud)

Merchants Seller of goods and services who contracts with Acquirer for payment

acceptance

Payment

Facilitators

(Aggregators)

Third-agent that can sign sponsored merchants and/or facilitate settlement

for sponsored merchants (also referred to as sub-merchants)



Player Roles

Marketplaces Online entity that brings together customers and sellers on a marketplace-

branded platform, processes transactions and receives settlement on

behalf of the sellers

Third-Party

Bill Payment

Providers

Merchant that enables customers to use cards to pay retailers that

generally do not accept them. Two Kinds

• Consumer Bill Payment Providers (CBPS)

• Business Payment Service Providers (BPSP)

Digital Wallet

Operators

Software-based systems that store card credentials and use them to make

payments

• Pass-Through – typically mobile-phone based solutions that pass-

through credentials to seller (no funds stored in the wallet). (e.g., Apple

Pay)

• Stored Value – Similar to a prepaid card. Card used to pre-load wallet

with funds.

• Staged Digital Wallet – Back-to-back funding (e.g., PayPal)11 | Negotiating Payment Processing Agreements

Payments Ecosystem


Source Business Insider

Transaction Flow

Authorization

• Cardholder presents card to a merchant in exchange for goods or services (through in-store POS, online gateway, or mobile application)

• Merchant sends a request for payment authorization to payment processor

• Payment processor submits transactions to the appropriate network

• Network passes authorization request on to the issuing bank

• Issuing bank approves or declines the transaction

• Issuing bank sends approval (or denial) back along the line to the card association, merchant bank and finally to the merchant

Settlement and Funding

• Merchant send batches of authorized transactions to payment processor

• Payment processor passes transaction details to the networks

• Network passes details on to the issuing bank

• Issuing bank charges the cardholder’s account for the amount of the transactions

• Issuing bank then transfers appropriate funds for the transactions to the merchant bank, minus interchange fees

• The merchant bank deposits funds into the merchant account


Transaction Flow


Source – bancardsales.com

PART II: Classifications - Merchants and More- Merchants- PayFacs- Marketplaces- Digital Wallets- Bill Pay Providers


Categorization – Merchant or Something Else?

• An entity that deposits a Transaction, receives settlement from, or contracts with an Acquirer is classified as a Merchant if all of the following apply:

o The entity represents itself as selling the goods or services to the Cardholder

o The entity uses its name primarily to identify its Merchant Outlet to the Cardholder

o The entity provides recourse to the Cardholder in the event of a dispute (i.e., handles customer service and returns)


Categorization – Merchant or Something Else?

• Otherwise, the entity is classified as one of the following:o A Payment Facilitator (also referred to as master merchant or

(payment aggregator)o A Marketplaceo A Digital Wallet Operator (DWO)

• Each Network reserves the right to determine which classification applies – taking into consideration

o The entity’s name that appears on the Transaction Receipto The entity that:

• Owns or takes possession of the goods or services• Books the sale as revenue• Provides customer service and handles returns

o Any other criteria they elect to use


Payment Facilitators – Definition and Attributes

• Visa Definitiono Third Party Agent or non-Member VisaNet Processor that deposits

Transactions, receives settlement from or contracts with an Acquirer on behalf of a Sponsored Merchant

• Key Attributes o Authorized to sign sponsored merchants to accept cardso Can’t sign other PayFacs or Marketplaceso Processes transactions directly or using third party processoro Responsible for due diligence, underwriting, and complianceo Contracts directly with, and provides servicing to, sponsored

merchantso Sponsor Bank may settle via the PayFac or directly to sponsored

merchants


Payment Facilitators – Definition and Attributes

• Various business models (for example)o Specializing in payment acceptance for either micro-merchants

(e.g., food trucks) or narrow/highly-specialized industry segments with unique needs (e.g., rent, education, or government payments)

o Other types of service providers who include payment processing and (sometimes) settlement as a value-added service, alongside their suite of services to sellers


Payment Facilitators - Considerations

Benefits

• Additional revenue

• Ability to offer payment processing as part of larger technology solution

• More control over customers

• More access to data

• Ability to offer ancillary services

Interim Solutions

• Referral model with option to transition to PayFac

• Consumer Bill Pay Provider

Requirements

• Select and contract with eligible acquiring bank (and processor)

• Meet eligibility requirements

• Register with the networks

• Draft sponsored merchant contracts (flow-down obligations)

• Provide (or contract for) processing platform

• Implement Compliance Plan


Payment Facilitator - Compliance

• Money Transmission Considerationso Understand flow-of-funds – taking possession may trigger licensing requirements

o Direct settlement from Sponsor Bank to Sponsored Merchants likely avoids licensing requirements

• Managing PayFac Compliance Obligationso Network Rules, PCI, State and Federal consumer protection and data security

o Define roles and responsibilities (PayFac, Acquirer, Processor)

o Written policies and procedures

o Compliance manager (named individual)

o Employee and Sponsored Merchant Training

o Formal monitoring and oversight program

o Watch out for, and respond to, red flags

o Flow-down obligations and liability to Sponsored Merchants


Payment Facilitator – Sponsored Merchant Contracts

• Format: Stand-alone contract or integrated in other terms

• Content:

o Similar to standard merchant contract

o Pass-Through Obligations and Liability

• Parties:

o PayFac contracts with each Sponsored Merchant

o Acquiring Bank contracts with Sponsored Merchants with > $1m in annual Visa Transaction Volume as follows:

• For Sponsored Merchants new to the PayFac, before processing any Transactions

• For Sponsored Merchants with existing contracts with the PayFac, the earlier of either: (i) renewal of the agreement ; and (ii) 2 years after annual Visa volume exceeds USD 100,000

o Amex will require a direct contract as well for Sponsored Merchants with more than $1m in Amex transaction volume


Marketplace – Definition and Qualification Requirements

Visa classifies an entity that meets all of the following as a Marketplace:

• Brings together cardholders and retailers on an electronic commerce website or mobile application

• Its name or brand is:

o Displayed prominently on the website or mobile application

o Displayed more prominently than the name and brands of retailers using the Marketplace

o Part of the mobile application name or URL

• Handles payments for sales and refunds on behalf of the retailers that sell goods and services through the Marketplace, and receives settlement for Transactions on their behalf


Marketplace – Definition and Qualification Requirements (cont)

• Is financially liable for disputes and resolves disputes between Cardholders and retailers by providing either: (i) a decision that binds both Cardholder and retailer; or (ii) a money-back guarantee funded by the Marketplace

• Ensures that no retailer exceeds both:

o USD 10 million in annual Visa volume through the Marketplace

o 10% of the Marketplace’s annual Visa volume

• The following Merchant types are not eligible to be Marketplaces or retailers using a Marketplace:

o Franchises

o Travel agents

o High-Brand Risk Merchants


Marketplace – Other Considerations

• Acquirers must register each Marketplace with Visa and obtain written confirmation that they qualify

• Marketplace must conduct due diligence on retailers and maintain risk management controls to do all of the following:

o Prevent Transactions that are illegal in the location of the Marketplace, the location of its retailers, or the location of the Cardholder

o Prevent the sale of counterfeit products or goods that infringe intellectual property

o Provide a process to investigate and remediate rights-holder complaintso Ensure that the Marketplace and its retailers are not engaged in any

activity that could cause harm to the Visa brando Ensure compliance with all laws, regulations, requirements, and Visa

Rules relating to anti- money laundering and anti-terrorist fundingo Ensure the Marketplace complies with all rules relating to Merchants

unless inconsistent with a rule specific to Marketplaces

• Amex has recently added a similar definition of “marketplace” to its regulations. We will likely see new rules from all the other networks soon.


Staged Digital Wallets

• Functionality that o Can be used at more than one retailer; ando Uses both:

• An account or accounts assigned to the Cardholder to complete a purchase

• A Payment Credential to fund or reimburse the account assigned to the Cardholder

• Is used to complete a Transaction, in any order, as follows:o Purchase: Uses the account assigned to the Cardholder to pay the retailero Funding:

• Uses the Payment Credential to fund or reimburse the Staged Digital Wallet.

• The Digital Wallet Operator deposits the Transaction for the funding amount with its Acquirer using the Payment Credential.

• Is capable of purchases using Back-to-Back Funding


How Do They Differ?

• Settlement

o Merchant: Sponsor bank pays merchant account

o Pay Fac: Banks may settle to PayFac or directly to Sponsored Merchants

o Marketplace and SDWO: Banks settle to Marketplace or SDWO

• A Marketplace must have a software platform (website or mobile app ) that brings cardholders and retailers together

• Size Requirements / Restrictions

o Merchant - None (subject to Bank approval)

o PayFac – None, but at $1m the Acquirer must contract with Sponsored Merchant

o Marketplace – No one retailer may have more than $10m in Visa and more than 10% of Marketplace’s annual Visa volume

• Merchants and Marketplaces responsible for dispute resolution


Consumer Bill Payment Service (CBPS)

• New Visa classification – effective October 17, 2020

• Similar to Payment Facilitator but does not require sponsored merchant contract

• Designed to enable credit card payments to entities that do not accept credit cards

• Acquirer Requirements (among others)o Register the CBPS with Visa and obtain written approval for each

CBPS.

o Due diligence review of the CBPS and the non-Visa-accepting billers to ensure compliance



• Acquirer Requirements Continued - ensure that the CBPS:o Makes payments only to billers that are businesses located in the same

country as the CBPSo Uses the appropriate MCC to identify a billero Performs customer verification (KYC) and meets all applicable anti-money

laundering requirements for all non-Visa-accepting billers before initiating Transactions for such billers

o Only aggregates payments to a single billero If using a Card to pay billers for the associated bill payment, only uses a

Visa Commercial Card if the Cardholder paid using a Visa Commercial Card

o Clearly discloses to the Cardholder, before the Transaction takes place, that it is the Merchant and that the Transaction involves only the transfer of money from the Cardholder to the third party

o Complies with additional transaction processing and reporting requirements.



• Eligible MCCso 4900 (Utilities – Electric, Gas, Water, and Sanitary)o 6012 (Financial Institutions – Merchandise, Services, and Debt

Repayment)o 6051 (Non-Financial Institutions – Foreign Currency, Non-Fiat

Currency [for example: Cryptocurrency], Money Orders [Not Money Transfer], Account Funding [not Stored Value Load], Travelers Cheques, and Debt Repayment)

o 6513 (Real Estate Agents and Managers – Rentals)o 8011 (Doctors and Physicians [Not Elsewhere Classified])o 8050 (Nursing and Personal Care Facilities)o 8062 (Hospitals)o 8099 (Medical Services and Health Practitioners [Not Elsewhere

Classified])



• Eligible MCCs continued

o 8211 (Elementary and Secondary Schools)

o 8220 (Colleges, Universities, Professional Schools, and Junior Colleges)

o 8241 (Correspondence Schools)

o 8244 (Business and Secretarial Schools)

o 8249 (Trade and Vocational Schools)

o 8299 (Schools and Educational Services [Not Elsewhere Classified])

o 9311 (Tax Payments)

• Similar classification for B2B - Business Payment Solution Provider (BPSP)


PART III: Payment Processing Agreements


Payment Processing Agreement - Parties

The standard payment processing agreement includes three parties

Acquiring Bank Processor / ISO Merchant

Members of Visa / MC Sells payment acceptance to merchants

Contracts to accept cards

Authorizes others (primarily (processors/ISOs) to sell card acceptance

Underwrites, signs and onboards merchants

Submits payment (via POS or software gateway)

Sets underwriting standards and maintains/oversees compliance

Performs core processing services

Provides goods/services and manages customer relationship (returns, refunds)

Facilitates settlement Offers ancillary services

Most Processors/ISOs are authorized to sell Amex to merchants with <$1m in Amex volume. Merchants with $1m or more in Amex volume must have a direct Amex agreement in addition to a processing agreement.


Payment Processing Agreement -Structure

Contract Structure

• Merchant Application

• Terms and conditions

• Bank Authorizations

• Personal Guaranty (if applicable)

• Addendums for ancillary services (direct or with third parties)

o E-check

o POS / Gateways

o Consulting/analytics

o Fraud mitigation, tokenization, other ancillary services

• Separate card acceptance agreements for AXP and Discover (sometimes)

• May be a stand-alone agreement or integrated under MSA or other online terms and conditions


Payment Processing Agreement -Considerations

Practical Considerations

• Is the contract negotiable – yes with exceptions

• Terms vary significantly depending on context

o Deal size (processing volume)

o Acquirer/Processor

o Business model

o Other leverage

• Negotiation process

o RFP to multiple Bank/Processor/ISOs

o Leverage competition

o Negotiate all key terms before final selection

• Use of bank/processor contract


Payment Processing Agreement – What’s Important?

Merchant priorities• Pricing

• Scope (and value-add)

• Performance

• Technology and solution

• Minimize PCI obligations

• Flexibility and leverage

• Continuity of service

• Rights to use data

• Fair allocation of risk

Acquirer/Processor Priorities• Same as merchant priorities, but with

different perspective• Standard processes and flexibility to

change them• Flexibility to change policies and

pricing• Flow-down rights• Right to use data• Limiting liability• Credit risk policies / reserves• Long-term commitment / exclusivity• Auto-renewal• Ancillary services • Compliance


How much leverage do you have?

Largest 150 merchants generate more than half of the total payments in North America. The smallest 80% of merchants only generate 2% of revenue


Payment Processing Agreement - Pricing

Primary components of price:

• Interchange - payable to issuing bank and determined by many factors. Among them:

o Physical presence or absence of the card during the transactiono Processing method used (e.g., swiped, manually entered or e-commerce)o Credit card companyo Card type (e.g., regular, premium, commercial, rewards or government-

issued)o Merchant’s business type (as determined by merchant category code)

• Assessments payable to card networks

• Processing fees payable to acquirer and processor

American Express:

• Discount Rate payable to American Express (directly or indirectly)

• Processing fees payable to processor


Payment Processing Agreement – Pricing

Tiered Pricing

• Blends hundreds of interchange rates (0.05% to >1.65% into 3 categories)

o Qualified

o Mid-qualified

o Non-qualified

• Complex and Opaque

• Inconsistent buckets problem

Flat Rate

• Fixed rate for all credit and debit card transactions (e.g., 2.9% + $0.30)

Subscription

• Flat monthly service fee with smaller per transaction fee


Payment Processing Agreement – Pricing

Interchange +• Pass-through of interchange and assessments without mark-up• Processor fee is incremental

o Usually a percentage (e.g., 0.70% + $0.05 / authorization)o Can be a flat percentage or tiered based on volume

• Most transparent and increasingly commonOther Fees• Statement Fees• Equipment Fees• Chargeback Fee• Retrieval Fee• IVR or Voice Authorization Fee• Non-Compliance Fees


Payment Processing Agreements

Issue

Bank / Processor

Perspective

Merchant / Payment Facilitator

Perspective

Term 3-5 years

Auto-renewal

Varies – but 3 years is most common –

ideally with early termination options

Be aware of multi-year auto-renewal

provisions

Exclusivity Bank and/or Processor is

exclusive provider of payment

services

No exclusivity (particularly if there is a

minimum commitment)

If there is exclusivity, negotiate:

• Scope (services, geography, transaction

type)

• Exceptions (e.g., gateways, ancillary

services, transition at end of term)



Issue Bank / Processor Perspective


Perspective

Scope of

PayFac

Authorization

Approval may be limited to

particular geography, industry, or

products and services

PayFac required to follow

detailed underwriting

requirements – case-by-case

approval likely required for high

risk and other merchant

categories

Broad discretion to change

standards and to refuse to

onboard any merchant

Broad authorization to operate

business and sign merchants

Clear guidelines that allow for quick

and efficient onboarding

Negotiate approvals for key

merchant categories upfront

SLAs for timely response and

approvals



Issue

Bank / Processor

Perspective


Perspective

Fees Core fees included on

application or in pricing exhibit

Clear rights to pass through

network charges, fines, fees

and other amounts

Rights to pass through

increases from third parties

Unilateral rights to change fees

on notice to Merchant / PayFac

List all fees in one place

Fees can be changed only when the

changes reflect changes made by networks

Minimum notice period to comply and

enable flow-down to Sponsored Merchants

Supporting documentation for fee increase

Termination rights





Perspective

Minimum

Commitm

ents

Include monthly minimum fee

(particularly for PayFac)

Varies – may be acceptable with

negotiation of the following issues

• Amount

• Ramp-up period

• Exceptions

Disputed

Charges

Bank shall presume that any

amounts the Bank pays to or debits

from Merchant are correct unless

Merchant disputes these by sending

Bank written notice within thirty (30)

days of the date of the applicable

statement containing any disputed

payments or debits.

Dispute period should be 90-180 days

Reciprocal prohibition on back-billing

by processor



Issue

Bank / Processor

Perspective


Perspective

Rules and

Regulations

Merchant / PayFac required to

comply with all laws and

network rules

Also required to comply with

any policies, procedures,

guidelines, and other

documentation provided by

Bank or Processor

Some contracts will include

detailed sections from network

rules

Bank / Processor should have

reciprocal obligations

Require disclosure of all relevant

documentation

Limit Bank or Processor rights to

unilaterally change policies, procedures

or guidelines (other than to comply with

laws and network rules)

Flow-down terms are generally

acceptable, but caveat that they apply

only to the extent they are consistent

with the network rules

Changes Option to pass through costs

of compliance / changes

Processor should make changes at its

expense



Issue

Bank / Processor

Perspective


Perspective

Data

Security

Merchant / PayFac must

comply with PCI and all

additional network security

requirements

PayFac must ensure

compliance of its Sponsored

Merchants and service

providers

Merchant must ensure

compliance of its service

providers

Bank / Processor position is reasonable

Confirm contract has reciprocal data

security obligations for Bank / Processor

Address Merchant Data security

separately





Perspective

Changes Maintain right to unilaterally

changes terms and pricing

Need to be able to offer a

standard service, comply with

bank and network requirements,

and recover unexpected costs

Limit rights to changes required by law

or network rules

Add objection process and/or

termination rights

Minimum notice period to comply

and/or flow-down terms to Sponsored

Merchants


Payment Processing Contract Issues



Perspective

Rights in

Data

Cardholder Information –

governed by PCI

Preserve rights to use

Transaction and Merchant Data

Cardholder Information – governed by PCI

Retain rights to use Transaction Data and

Merchant Data (and limit Bank /

Processor)

Add confidentiality obligations on Bank /

Processor covering business, transaction,

customer and similar data




Merchant /

PayFac

Perspective

Termina

tion

Very broad rights for Bank / Processor to terminate (some

mandated by Network Rules)

Merchant has violated any provision of this Merchant

Agreement.

• Material adverse change in Merchant’s financial condition,

or Bank determines in its sole discretion that Merchant’s

processing activity could result in a loss to Bank.

• Bankruptcy or similar occurrences

• Providing any false, incomplete or misleading information.

• Excessive chargebacks e.g., > 1% of Charges in a month

• Inadequate funds in settlement account

• Employee fraud

See next slide





Perspective

Termina

tion

• Unable to perform any obligation

• Failure to pay any amount when due

• Failure to fund reserve

• Any representation or warranty is not

true or accurate

• Default of any agreement with Bank

• Changes to the network rules that

cause Bank to be in breach

• Any circumstances arise regarding

Merchant or its business that create

harm or loss of goodwill to any

Network.

• Limited rights for PayFac / Merchant

to terminate (with exceptions)

Bank / Processor Rights

• Limit subjective termination rights

• Add materiality qualifiers

• Extend notice periods

• Add cure periods where appropriate

Merchant / PayFac Rights

• Reciprocal termination rights where

appropriate

• Termination rights for any change in

pricing, policy, underwriting

guidelines, or reserve requirements

• Termination for convenience rights

(possibly for a fee)



Issue

Bank / Processor

Perspective


Perspective

Early

Termination

Fee

PayFac pays the remaining

value of the contract (various

ways to calculate) following

any termination

Often payable for any reason

other than termination by

Merchant / PayFac for

uncured material breach

Eliminate altogether if possible or limit to

specific termination events (e.g., PayFac

early termination without cause or Bank

termination for uncured material default)

Negotiate termination fee calculation

• Not to exceed MRC or other cap

• 25% of remaining contract (vs. 100%)

• N/A after initial (TBD) period



Issue

Bank / Processor

Perspective Payment Facilitator Perspective

Ownership of

Sponsored

Merchant

Relationships

Contracts vary – sometimes

not addressed directly

Roles / responsibilities should during

term should be clearly allocated

between Processor and PayFac

Exclusive rights to communicate and

market to Sponsored Merchants

Ownership of merchant portfolio –

rights to direct assignment to any

other Bank / Processor



Issue

Bank / Processor

Perspective


Perspective

Transition

Assistance

Generally not addressed in

form contract.

Contingent on merchant

compliance with terms and

reserve funding

Option to extend services for some period

following termination (90-180 days) to

maintain service continuity unless

prohibited by law or a network

Exception from exclusivity (if applicable)

De-

conversion

Conditioned on notice and

payment of standard fees

Add process and timing expectations

Commercially reasonable or negotiated

rates

Express commitment to assign merchant

contracts

Continued provision of services and

economics until deconversion is completed



• Scope

o Continued right to receive services

o Knowledge transfer

o Rights in Data

• Other issues


Issue Bank / Processor PayFac

Time Period 0 – 6 months 6 – 12 months

Triggers N/A if customer is in breach Expiration or termination for any reason

Fees and rates Then-current standard rates or existing plus premium

Negotiated rates continue

Exclusivity/MRC MRC continues Exclusivity / MRC cease to apply

Extension Rights No Yes (with reasonable notice)

Non-solicit Employees Merchants


Issue

Bank / Processor

Perspective


Perspective

Performance

Standards

None specified in

standard contracts

Add general performance warranty

Add Service Levels – e.g.,

• Platform availability

• Settlement timeframes

• Customer support

• Incident management

• Dispute management

• Timeliness of key functions (e.g.,

underwriting approvals and onboarding)

Remedies – termination; credits




Issue Processor Merchant / PayFac

Credit calculation - Fixed amount- X% (Weighting Factor) * Y (% of fees)

Amount at Risk 0 – 10% 10 – 15%

SLA Weighting 100 points (fixed) 150 - 250 points (dynamic)

Applicable Fees % * Fees for Specific Service % * Total Monthly Fees

Escalating $ Depends Yes

Other Remedies Sole and exclusive remedy Non-exclusive remedy

Earn-back Yes No

Improvement Negotiated Automatic

Termination Only if material breach Specific SLA threshold

Excuses General and broad Specific and limited

Bonuses Yes Depends


Issue

Bank / Processor

Perspective Merchant / Payment Facilitator Perspective

Reserve Broad rights to take

reserve of any amount to

protect against

chargebacks and other

financial exposure

Reserve account is

generally owned by Bank

and controlled by Bank /

Processor

Reserve continues

following termination to

cover trailing activity (e.g.,

180 days or until financial

exposure no longer exists)

Several issues to negotiate:

• Initial reserve amount

• Triggers

• Amount (formula; caps)

• Notice and reporting

• Timing

• Alternatives (letter of credit)

• Termination rights



Issue

Bank / Processor


Offset

and

debit

rights

Broad access to merchant

/ payfac accounts and

rights to debit any amount

owed

Rights to set-off amounts

owed by merchant /

payfac or their affiliates

under any agreement

Limit debit rights to network fees and

adjustments and undisputed processing fees

Limit set-off of amounts owed under other

agreements

Security

interest

Merchant / PayFac grants

security interest in all

funds / accounts

Narrow to reasonable scope

Consider impact on third party debt

arrangements



Issue Bank / Processor Perspective Merchant / Payment Facilitator Perspective

Personal

Guaranty

Broad rights if anything in

discretion violations rules,

regulations, violation of law or

creates other risk

Required by network rules

No personal guaranty

Bank / Processor has other ways to protect

against financial exposure

N/A for public companies or non-profits

Rights to

suspend

or cease

services

Broad rights if anything in

discretion violations rules,

regulations, violation of law or

creates other risk

Required by network rules

Notice

Materiality

Limit to offending sponsored merchant

Right to terminate




Merchant / Payment

Facilitator Perspective

Assign-

ment

Bank / Processor rights to assign

without merchant consent

Processor right to change banks

without merchant consent

Prohibition on assigning any rights

without prior consent (due diligence

and underwriting typically required)

Consent required for assignment

(and/or termination rights)

Indemni-

fication

Broad indemnity from PayFac

Limited or no indemnity from Bank /

Processor

Add reciprocal indemnities where

appropriate

Add IP infringement indemnity

Add exceptions for Bank /

Processor breach, negligence,

misconduct



Issue

Bank / Processor

Perspective


Perspective

Liability

Limitation

Exclusions of consequential

damages

Caps on direct damages

(sometimes as low as the

lesser of $10,000 and 3

months processing fees)

Generally applicable only to

Bank / Processor

(Negotiated terms may vary

between Bank / Processor)

Limits limitations should be reciprocal

Exceptions for:

• Data breach

• Network fees, fines and penalties

• Fees, chargebacks and other amounts

owed under the agreement

• Failure to pay / misdirection of settlement

funds

• Gross negligence, fraud, willful misconduct

Narrow warranty disclaimer so that it doesn’t

exclude liability altogether



Issue

Bank / Processor


Responsibility

for third

parties

Merchant / PayFac

are responsible and

liable for all

Sponsored

Merchants and all

third party software,

equipment and

service providers

Bank / Processor position is reasonable - so long

as the (i) third parties are contracting with

Merchant / PayFac and (ii) there are carve outs

for Bank / Processor breach, negligence or other

misconduct

PayFac will likewise flow obligations down to its

Sponsored Merchants

Merchants will flow-down obligations to service

providers (though negotiating indemnity / liability

terms can be difficult with some service providers)

Add reciprocal terms for Bank / Processor

affiliates, contractors and employees



Issue

Bank / Processor

Perspective


Perspective

American

Express

Merchant agreement will

often have a separate

section of terms governing

Amex OptBlue or other

programs

Generally accept flow-down terms

Dispute

Resolution

Consistent governing law

across agreements

Generally mandatory

arbitration

Business-to-business

arbitration is generally

permitted

Some Merchants / PayFacs will negotiate

but generally accept Bank / Processor

positions


PART V: ISO/Bank Referral Agreements


ISO/Bank Referral Agreements

• Structureo ISO/Bank refer merchants to an Acquirer/Processoro Merchant enters into Merchant Processing Agreement with

Acquirer/Processoro Acquirer/Processor pays negotiated compensation to

ISO/Bank

• General Issueso Term and Termination o Exclusivity (and exceptions)o Risk allocation (generally ISO/Bank but some exceptions)



• Pricingo Signing bonus (deal level and merchant level)

o Wholesale Rates vs. Revenue Share

o Incentives

o Ancillary equipment and services

o May vary by merchant category (converted, contributed, new)



• Servicingo Marketing support and personnel commitments

o Merchant servicing

o ISO/Bank servicing

o Access to systems, information and reporting



• Rights in Merchantso Who sets price to merchants

o Who controls marketing and communication

o Non-solicitation

o Portfolio ownership (right to transfer at end of deal)

• Performanceo Scope, warranty, and general commitments

o Service levels and remedies



• Legal Termso Governance process

o Confidentiality

o Data security

o Liability

o Indemnity, insurance and other allocation of risk terms

o Audit and compliance


PART V: Compliance


Who are the Regulators?

• Payments Generally

o Network Rules – enforced on flow-down basis in payments ecosystem

• Data Security and Privacy

o Networks (and flow-down entities)

o Federal Regulators – FTC, CFPB, FFIEC

o State AG / Regulators

• Consumer Protection

o Networks (and flow-down entities)

o Federal Regulators – FTC, CFPB

o State AG / Regulators

• Additional Financial Regulations and Regulators

o KYC/AML – FinCEN, OFAC

o Money Transmission – State and Federal 71 | Negotiating Payment Processing Agreements

Card Network Rules

Card Network Rules

• Maintained by each card network

• Provide rules and requirements for all players in the payments ecosystem

• Published 2x per year (April and October)

• Not legal requirements – enforced by agreement

• Incorporated by reference in payments processing agreements


Card Network Rules

• Honor All Cards – Merchants must accept all categories of debit, credit and prepaid cards

• Treat all Networks the same

• Marketing and use of logos/marks

• Flow-down of obligations and liability

• Data Security – PCI, EMV, and network-specific programs and validation requirements

• Clear communication and disclosure (return/refund policies, additional fees)

• Disputes, chargebacks, credits

• Processing requirements

• Surcharges, Convenience Fees, Service Fees, Cash Discounts, Minimums

• Stored Credentials and Recurring Payments

• Registration requirements (Processors, ISOs, PayFacs, and others)


Surcharges – Definition and Requirements

Definition - A fee assessed to a Cardholder by a Merchant in the US Region or a US Territory that is added to a Credit Card Transaction for the acceptance of a Credit Card.

Rules and Requirements• Compliance with applicable law – surcharging is prohibited and/or

regulated in several states

• Compliance with other network rules (below are Visa requirements)

• Applies to credit card charges only

• Must treat all card brands the same

• Allowed for all merchant categories

• Must be included in transaction amount (not collected separately)

• Must notify Visa in writing at least 30 days before surcharging74 | Negotiating Payment Processing Agreements

Surcharges – Rules and Requirements

Rules and Requirements • Can be a flat fee or a percentage

• May not exceed the cost of acceptance – defined as the average Merchant Discount Rate that a Merchant pays to its Acquirer for Credit Card Transactions. The average Merchant Discount Rate is calculated based on Credit Card Transactions conducted by the Merchant for the preceding one or 12 months, at the Merchant’s option.

• Disclosure to merchants at POS must include all of the following:

o The exact amount or percentage of the US Credit Card Surcharge

o A statement that the surcharge is being assessed by the Merchant and is only applicable to credit Transactions

o A statement that the surcharge amount is not greater than the applicable Merchant Discount Rate for Visa Credit Card Transactions at the Merchant


Surcharges – Disclosure Requirements

Transaction Type Point-of-Entry Point-of-Transaction

Face-to-Face

Transaction

Main entrance(s) of the Merchant Outlet, in a

minimum 32-point Arial font, but in any case, no

smaller or less prominent than surrounding text

Every customer checkout or payment location, in a



Electronic Commerce

Transaction

The first page that references credit card brands

accepted, in a minimum 10-point Arial font, but in any

case, no smaller or less prominent than surrounding

text

Checkout page, in a minimum 10-point Arial font, but

in any case, no smaller or less prominent than

surrounding text

Mail Order

Transaction

The first page of the catalog that references credit

card brands accepted, in a minimum 8-point Arial font,

but in any case, no smaller or less prominent than

surrounding text

Mail order form, in a minimum 10-point Arial font, but

in any case, no smaller or less prominent than

surrounding text

Telephone Order

Transaction

The first page of the catalog that references credit

card brands accepted, in a minimum 8-point Arial font,

but in any case, no smaller or less prominent than

surrounding text

Verbal notice from the telephone order clerk, including

US Credit Card Surcharge amount

Unattended Cardholder-

Activated Terminal

Main entrance(s) of the Merchant Outlet (if applicable)

(for example: gas [petrol] station store) in a minimum

32-point Arial font, but in any case, no smaller or less

prominent than surrounding text

On the Unattended Cardholder-Activated Terminal or

virtual disclosure on the payment terminal screen, in a




Convenience Fees

Definition- A fee charged by a Merchant for a bona fide convenience to the Cardholder (for example: an alternative channel outside the Merchant’s customary payment channel) that is not charged solely for the acceptance of the Card.

Rules and Requirements

• No registration required

• Allowed for all merchant categories

• Charged for bona fide convenience in the form of an alternative payment channel (must be an alternative channel available for which a fee doesn’t apply – e.g., a convenience fee may be charged for an online ticket sale if the customer can buy at box office without the fee)

• Applied to CNP only (but prohibited if merchant operates exclusively in CNP environment)


Convenience Fees

• Charged only by the Merchant that provides goods or services to the Cardholder

• Applicable to all forms of payment accepted in the payment channel

• Disclosed clearly to the Cardholder (i) as a charge for alternative payment channel convenience and (ii) before completion of the transaction

• Must be a flat or fixed amount, regardless of the value of the payment due

• Must be included as part of the total amount of the Transaction and not collected separately

• May not be charged in addition to a surcharge

• May not be charged on a Recurring or Installment Transaction


Service Fee

Definition - A fee assessed to a Cardholder that uses a Card to pay for goods and services in a permitted Merchant category.

Rules and Requirements

• Government and Education industries only

• Reasonable reflection of the transaction costs (e.g., discount rates and processing fees)

• Flat, fixed, banded, or ad valorem amount, regardless of the value of the payment due, as required by applicable laws or regulations

• Assessed on the final Transaction amount (after discounts/rebates)

• May not be charged in addition to a surcharge or Convenience Fee

• May be processed as a separate Transaction


Storing Payment Credentials

Obtain Cardholder’s express informed consent in an agreement containing the following:

• Information related to the Transaction, including:o Description of goods or serviceso Total purchase priceo Cancellation and refund policieso Surcharges (when permitted and assessed)

• Information about the Merchant (including location and contact information)

• Separate from general terms and conditions

• Terms regarding use of payment credentials

o The Account Number (last four digits only)

o How the Cardholder will be notified of any changes to the agreement

o Transaction amount or a description of how the Transaction amount will be determined


Storing Payment Credentials

• Terms regarding use of payment credentials

o The Transaction Currency

o How the Stored Credential will be used

o Timing and frequency of Transactions (if scheduled) or the event that will trigger a transaction (if unscheduled) – e.g., balance drops below $25

o The expiration date of the agreement, if applicable

o The length of any trial period, introductory offer, or promotional period

o The Merchant must retain this information for the duration of the agreement and provide it to the Cardholder or Issuer upon written request.

o Stored credentials may not be used for finance charges or interest


Recurring Transactions

The Merchant must do all of the following:

• Provide a simple cancellation procedure, and, if the Cardholder’s order was initially accepted online, at least an online cancellation procedure.

• Include the fixed dates or intervals on which the Transactions will be processed.

• At least 7 days before a Recurring Transaction, notify the Cardholder via email or other agreed method of communication if a trial period, introductory offer, or promotional period is going to end. The Merchant must include in the communication the Transaction amount and Transaction Date of subsequent Recurring Transactions and a link or other simple mechanism to enable the Cardholder to easily cancel Transactions online or via SMS/text message.

Additional Laws and Regulations

• Electronic Fund Transfer Act

• Restore Online Shoppers’ Confidence Act (ROSCA)

• FTC Act

• State laws governing recurring billing and subscriptions 82 | Negotiating Payment Processing Agreements

PCI Compliance

PCI-DSS (Payment Card Industry Data Security Standard)

• Administered by Visa, MC, Amex, Discover and JCB

• Applies to all companies that accept, process, store or transmit card info

o Regardless of size and solution (e.g., call center entering info into secure third-party portal)

o Includes network branded debit and prepaid cards

• Card information includes:

o Account number alone or with cardholder name, expiration data and or service code

o Sensitive Authentication Data – mag stripe, chip data or other security-related info


PCI Compliance

• Non-compliance can result in:

o Suspension of card acceptance

o Non-compliance fines of $5,000 - $100,000

o Additional exposure in event of a data breach (card replacement costs; chargebacks)

o Forensic audit

• Merchant obligations can be minimized through use of processors / solutions, but not eliminated

PA-DSS (Payment Application Data Security Standard)

• Applies to vendors who provide payment products to merchants


PCI Compliance – Goals and Requirements

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications


PCI Compliance – Goals and Requirements

Implement Strong Access Control Measures

7. 7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security for employees and contractors


PCI Compliance

• Level 4 - complete annual Self-Assessment Questionnaires (SAQ) or alternate validation permitted by its Acquirer.

• Levels 2-3 - complete an SAQ and Attestation of Compliance (AOC)

• Level 1 - file a Report on Compliance (ROC) by Qualified Security Assessor (QSA) and submit an AOC

Level Description

1 Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.

2 Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year

3 Any merchant processing 20,000 to 1M Visa e-commerce transactions per year

4 Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants (in any acceptance channel) — processing up to 1M Visa transactions per year.

Scope of PCI obligations varies depending on transaction volume


PCI Compliance

Onsite or Self-Assessment

Self-Assessment

Questionnaire (SAQ) External Vulnerability Scan

A detailed assessment performed by a PCI SSC Qualified Security Assessor (QSA) or by a PCI SSC Internal Security Assessor (ISA). The assessment validates to the acquirer that the organization is handling card data in accordance with the Payment Card Industry Data Security Standard (PCI DSS).

Validation tool for eligible merchants who self-assess their PCI DSS compliance and who are not required to undergo an onsite assessment.

Vulnerability Scanning performed by a PCI SSC Approved Scanning Vendor (ASV) of all Internet–facing system components that are a part of, or provide a path to, the cardholder data environment.

Applies to: Level 1 (Onsite required) and 2 Merchants

Applies to: Levels 2, 3 and 4 Merchant

Applies to: All Merchants (as applicable


Laws and Regulations

• Telephone Consumer Protection Act (TCPA)

• Fair Debt Collection Practices Act (FDCPA)

• Electronic Funds Transfer Act (EFTA)

• Equal Credit Opportunity Act (ECOA)

• Bank Secrecy Act (BSA) - AML

• Gramm-Leach-Bliley Act (GLBA)

• FTC and CFPB laws prohibiting unfair, deceptive and/or abusive acts or practices ((UDAAP)

• Fair Credit Reporting Act (FCRA)

• Money Transmission laws

• State laws and regulations – e.g., those governing

o Data breach and privacy laws

o Surchargingo Fee disclosureso Auto-renewal lawso Recurring billing


State Data Privacy

• California Consumer Privacy Act of 2018 (CCPA)

• Virginia Consumer Data Protection Act of 2020o Signed into law on March 2, 2021o Goes into effect January 1, 2023o Creates consumer rights in data similar to CCPA and GDPRo Requires businesses to establish “reasonable administrative, technical and

physical data security practices” and to conduct assessments for of them for their processing activities.

o Does not include private right of action – VA attorney general will enforceo Applies to persons that conduct business or promote products and that (i)

control or process data from at least 100,000 consumers or (ii) control or process personal data from at least 25,000 consumers and derive 50% of gross revenue from sales of personal data.

o Exemptions for financial institutions subject to GLBA, covered entities or business associates under HIPAA, non-profits, and higher education.

• Similar legislation pending in other states – e.g., NY, WA, FL, MN


Recent FTC Enforcement

• FDMS

o FTC charged that FDMS (through Wholesale ISO – First Pay) violated the FTC Act and Telemarketing Sales Rule in processing transactions in connection with various debt relief and business opportunity scams and other criminal activity.

o Allegations included:

• Permitted accounts to be opened under false names with deceptive information (e.g., many applications with duplicative information)

• Permitted onboarding of accounts with very high chargebacks or suspected criminal activity

• Ignored warnings from employees and sponsor banks

• Failed to properly screen sales agents

• Inadequate controls on high-risk merchants

o FDMS required to pay $40.2m and to implement stringent underwriting and monitoring programs for Wholesale ISOs

o Appointment of independent assessor to oversee high-risk merchant compliance for three years



• Qualpay

o Processed payments for a merchant that sold “get-rich-quick” business coaching services

o $46m judgement

o FTC alleged the company ignored red flags:

• Excessive chargebacks

• Negative online reviews and F-rating from the BBB

• Risky multi-level marketing business mode

• Incomplete and inconsistent information on merchant applications

• Failure to review processing statements, marketing materials and telemarketing scripts



• Madera Merchant Services, LLC, B&P Enterprises, LLC

o Enforcement by FTC and State of Ohio

• FTC Act

• Telemarketing and Consumer Fraud and Abuse Prevention Act

• Ohio Sales Practices Act

o Allegations that the defendants:

• Used remotely created payment orders and remotely created checks (RCPOs) to facilitate payments for unscrupulous merchants

• Processed millions in sham student debt reduction and credit card reduction via telemarketing schemes

o $8.6m judgement and permanent ban


Recent CFPB Enforcement

• BrightSpeed Solutions Inc

o March 3, 2021 CFPB action - Alleges processing of payments for companies that offered technical-support services and products over the internet, but instead tricked consumers, often older Americans, into purchasing expensive and unnecessary antivirus software or services

• Dwolla

o Older but representative of CFPB authority

o Allegations of inaccurate description of data security safeguards (a UDAAP) and inadequate safeguards


Enforcement – Key Takeaways

• Regulators are aggressively policing payment processors who facilitate fraudulent schemes

• Enforcement may result in permanent bans, financial liability, asset surrender

• Recommendations

o Maintain and follow policies and procedures

o Merchant (Sponsored Merchant) due diligence and underwriting

o Proactive ongoing monitoring and audit

o Payment Processors cannot “look the other way” (e.g., opening multiple accounts, incomplete or misleading applications)

o Proactive response to red flags, complaints, vulnerabilities

o Assign compliance manager and conduct employee and merchant training

o Clearly define roles and responsibilities (Bank, Processor, ISO, PayFac)

o Maintain adequate data security safeguards and policies

o Describe things clearly and accurately - Data security safeguards, fees, key terms and conditions


Contact Information

John Barton | PartnerPillsbury Winthrop Shaw Pittman LLP512-580-9625 (o)202-744-9853 (m)[email protected]


mailto:[email protected]

payment processing agreements: key ... - amazon web services

Documents