More Burdens Placed Upon Acquirers and ISOs

Attention-to-detail skills have become an even more prominent part of a job description for a merchant acquirer or independent sales organization dealing with the most recent demands of a complex payments industry.

It seems the list of tasks screaming for attention has grown dramatically in the past couple of years.

First, the Internal Revenue Service established requirements for reporting merchant credit card sales and merchant classification codes for the 2011 tax year, and acquirers must supply an accurate tax identification number for each business in their database.

The major card brands also expect intensive monitoring of online merchants for potentially fraudulent and other illegal product sales. By carefully scrutinizing their merchants' websites, acquirers possibly could avoid fines from the card brands when merchants sell illegal goods or a Federal Trade Commission hearing prompted by a disgruntled consumer sold a replica of an advertised item believed to be authentic.

Moreover, the card brands want third-party vendors such as website hosts or online shopping cart providers registered in their databases as being PCI-compliant. ISOs must identify and register those vendors to make it more difficult for cyber attacks that could put the card data of hundreds of customers from different businesses in jeopardy.

No wonder security experts and other consultants say they are working with many frustrated and concerned ISOs and acquirers.

Indeed, clients are "jumping through hoops and going nuts" because of all of the new due diligence, says the acquiring consultant Paul Martaus of Martaus & Associates of Mountain Home, Ark.

"ISOs are stuck in the middle of this very convoluted industry," Martaus says. "I've heard it said that this is the most complex simple business on earth."

The IRS requirements make it seem as though the agency believes billions in unreported taxes stem from credit card transactions, Martaus says.

"If I were a retailer and someone said 'Next year the IRS wants to take your credit card volume and calculate it for tax purposes,' I'd probably stop taking credit card payments," Martaus says.

The IRS now requires banks and merchant service providers to report the annual gross credit and debit card payments they process for their merchants. Acquirers would not have to report to the IRS if a merchant does not exceed 200 transactions or $20,000 in payments annually.

The agency announced in October that it would not penalize acquirers working in "good faith" to comply if the IRS finds mistakes in documents related to tax identification numbers or in the placement of transaction amounts under the appropriate merchant classification codes. However, tax experts say that does not mean acquirers get a free pass on the regulations this year.

There is "a lot of anxiety" in the industry regarding the IRS regulations, says Brian Riley, senior research director and analyst with TowerGroup. ISOs view the 1099-K form submission deadline in January as a difficult task, he says. As part of the new code, acquirers must submit the form annually to report their merchant transaction data.

Acquirers and ISOs will work hard to determine the best way to handle all of the new tasks, but some will seek loopholes around the transaction thresholds, Riley says.

"I could see an ISO possibly changing a processor every quarter so as to stay at $19,999 or lower," Riley says.

Gathering accurate tax identification numbers for each business creates headaches for acquirers because some merchants have different ones for different aspects of their business, especially when a U.S. company is operating in foreign markets, he says.

As if facing the task of meeting new IRS rules is not enough to keep acquirers busy, they also face hearings with the FTC or fines from the card brands if an ISO they work with is unaware how their online merchants are conducting business.

"The whole Internet space is incredibly scary, with organized crime seeking the brightest technology professors and students to hack into credit card databases," Martaus says.

ISOs and acquirers who specialize in working with online merchants are aware of fraud tendencies and know whom to trust, he says.

"It's the dabblers [with online merchants as clients] who get in trouble and don't know what they are doing," Martaus says.

Robert Caldwell, founding partner of G2 Web Services, a Bellevue, Wash., merchant compliance monitoring and e-commerce risk management provider, talked in a panel discussion at an Oct. 27 Electronic Transactions Association compliance day event in Chicago of a new portal-based reporting system to help acquirers expose fraudulent merchants.

The International Anti-Counterfeiting Coalition, a Washington nonprofit organization, helped the major card brands establish the system for acquirers to report intellectual property rights violations and to attempt to stop "rogue websites" from selling counterfeit goods online, Caldwell said in an interview.

After confirming the data, the coalition would pass the information on to the card brand, which would identify the merchant and website and direct the acquirer to take action, Caldwell says.

"This doesn't establish new rules per se, but it is a better process," Caldwell says.

The process does not alleviate the acquirer from having to monitor an online merchant's website, but it provides "clear support" for the acquirer when going to the merchant to terminate its business, he says.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER