Thursday , November 28, 2024

ISOs Watch Their Backs As Regulators Step Up Scrutiny of the Payments Industry

A growing feeling among independent sales organizations about more eyes looking over their shoulders came through Thursday at the annual conference of the MidWest Acquirers Association, a regional trade group. Jitters over the Federal Trade Commission’s lawsuits against ISOs that processed for allegedly fraudulent telemarketers to increasing worries about data protection surfaced during sessions at a Chicago hotel.

Of particular concern to some payments executives and their advisors in the wake of the FTC lawsuits is a perception that long-standing business practices, such as increasing reserves when a merchant starts to generate significant chargebacks, are no longer good enough. Attorney Holli Targan, a partner at Jaffe Raitt Heuer & Weiss in Southfield, Mich., noted that FTC officials have spoken at recent industry conferences and told ISOs that they need to do a better job of underwriting and monitoring potentially risky merchants, especially telemarketers subject to the federal Telemarketing Sales Rule.

“The FTC … has not been not been shy about saying, ‘We are looking at the payment-processing business,’” said Targan, president-elect of the Electronic Transactions Association, the national merchant-acquiring trade group.

The government, the new thinking goes, is forcing ISOs and others in the acquiring industry to bear more responsibility when merchants, either through outright fraud or poor service, generate high levels of consumer complaints that in turn result in chargebacks. “They’re trying to choke it off at the money point, and they’re trying to make it, which is us, hurt,” said Deana Rich, chief executive of Los Angeles-based Rich Consulting, during a session that followed Targan’s presentation.

While no processor wants dissatisfied customers or, worse, fraud, some attendees at the conference said the FTC’s recent lawsuits against Newtek Merchant Solutions (Newtek’s former president also is a defendant) and Independent Resources Network Corp. suggest something onerous. That is, the government may consider it illegal to continue to process for merchants after their chargeback rates raise flags, such as the merchant being put on a list maintained by MasterCard Inc., even if the processor has taken traditional mitigation steps such as raising reserves. “To me, these are things people in the industry do every single day,” said Targan.

Attendees also noted that other federal regulators, including those with direct authority over banks, are working with the FTC to crack down on fraud involving payment card charges. “This is the tip of the iceberg,” said one attendee in reference to the Newtek and IRN lawsuits, which are in the early stages of litigation.

The focus shifted to data security in another session, where panelists urged ISOs to do a better job protecting personal and financial data about their merchants. While countless news stories have dealt with thefts of sensitive consumer data from computers, leaving merchant-account applications, reports and other papers with information about merchants on desks or public areas in offices also creates the risk of data compromises, speakers said. “We need to treat it with the same regard as we treat cardholder data,” said Nicole Palella, chief risk officer at BluePay Processing LLC, an ISO based in Naperville, Ill.

ISOs also need to sharpen their policies about who gets to see sensitive data about merchants. “There needs to be a good review of who has access to this information,” said Elizabeth “Betsy” Bohlen, vice president of sponsorship services at Pueblo Bank and Trust Co., Pueblo, Colo.

Most states now have laws requiring the reporting of data breaches, and 14 have laws requiring companies to protect personally identifiable information that they own or have custody of, Targan said. She urged ISOs to review what data they store and purge what they no longer need.

“Your big takeaway is we are responsible for everything we touch,” said Rich.

Check Also

Eye on Point of Sale: PushX Hospitality Debuts; SurgePays Completes PAX Integration

Hospitality platform provider PushX Inc. will launch its new mobile-payments and offers platform with a …

Digital Transactions