Your Guide to Payments Compliance
Payments compliance is an area filled with organizations and acronyms. Let’s break down what these acronyms stand for and what they actually do to reduce risk for platforms and merchants.
Breaking Down Payments Compliance Lingo
You’ll hear a lot of terms thrown around when it comes to payments compliance, but it might take a while to keep them all straight. Here are some common security standards and organizations you should know about if you’re processing payments:
PCI-DSS (Payment Card Industry Data Security Standard)
KYC (Know Your Customer)
3D Secure authentication
GDPR (General Data Protection Regulation)
CCPA (California Consumer Privacy Act)
SOC
All of these standards are necessary for any business that wants to process payments, which is why it can feel like an intimidating business move. Often, compliance is managed by the ISO or PayFac that a company is working with, so that these can be met without all the heavy lifting.
Merchant Compliance Made Easy
When merchants are onboarded they need to go through a battery of compliance checks in order to reduce the risk of fraud.
The Payment Facilitator model offers additional control over both merchants and settlement, since the Payment Facilitator, as opposed to the acquiring bank, contracts directly with the sub-merchant. However, since the Payment Facilitator has a direct relationship with the sub-merchant, the Payment Facilitator takes on all risks (on behalf of the acquiring bank) and is liable for merchant chargebacks, data breaches, fraud, misappropriated funds distribution, etc.
PCI Compliance with a Payments Partner
If you’re not ready to become a payment facilitator, but want more control over the payments experience than you have with an ISO, you can take advantage of a payment facilitation partner that manages all the compliance requirements for you.
When you use a payment facilitation partner, your platform becomes the merchant, and your merchants are referred to as sub-merchants. Those sub-merchants still need to go through compliance checks, but the work on their end is simplified, along with what you, as the platform, are required to do.
The Compliance Impact of Chargebacks
Merchants with excessive chargeback rates are considered high risk for both acquirers and their processors. From a compliance standpoint, high chargeback rates are a clear indicator that the merchant may not be aligned with PCI-DSS standards or worse yet, may be engaged in some form of insider fraudulent activity.