With the number of payment facilitators set to grow meaningfully over the next few years, each acquirer will make a decision—embrace or abstain. Choosing which side of the fence depends on whether an acquirer primarily sees PFs as sources of growth or risk. When I hear from compliance and risk leaders, this is not a spontaneous choice. It’s a conditional, pragmatic, step-by-step journey. Even the believers have adopted a trust-but-verify stance.
The compliance and risk teams who embrace PFs envision a new scalable sales channel that fuels growth. They focus on a few PFs with which to succeed. Said one compliance head, “We choose a small number opportunistically because they take so long to get over the board.” Those teams that avoid PFs take a shorter term view of ROI, deeming PFs too hard to onboard in relation to potential fee revenue. Some even have a visceral fear over what could go wrong. “We see them as a risk we don’t want to touch, so we avoid them like the plague,” said one manager.
PF proponents plan ahead for investment in teaching and training. This includes guidance on how to avoid running afoul of card network rules. “We need to work with our PFs to ensure they implement robust controls that give us confidence,” said a risk professional. Acquirers use parental words to describe the process of teaching PFs, such as “babysitting,” “handholding,” and “nurturing.” But the protectiveness is about self-preservation, not affection. Said one bank, “even experienced PFs will slip up.” Banks are simply looking after their interests.
This is warranted, because newly minted PFs can sometimes play unsafely when unsupervised. One acquirer described a PF telling a sub merchant that it could approve sizable payments without validation because, “technically, it’s possible.” Never mind it was prohibited. It’s this kind of laxness that keeps acquirers serving PFs awake at night. Said another member of the PF community: “It is only a matter of time before a registered PF goes belly up due to a lack of understanding of the risk associated with taking liability for sub merchants and meeting the rules of the card brands.”
Vigilance is wise for successful PFs just as it is for acquirers. In the past year, G2 Web Services has identified unknown violating merchants for well-established PFs in the U.S., U.K., France, and Brazil. In addition, a PF client of G2 was able to reduce transaction laundering in its portfolio by 97 percent.
Downside and upside
Banks that believe in PFs first decide which PFs are acceptable. Initially, they usually seek to minimize the downside risk. Their first trial is often any legacy PFs they are already serving. Where to find the next batch varies. Some banks agree to work with PFs who had been quietly aggregating. These aggregators are now ready to follow new card network guidelines and bear risk. Since they have operating experience, even if previously unofficial, they have a track record of technology and processes.
Following similar logic, risk teams may avoid smaller PFs because of anxiety about micro-merchants. Along the spectrum of high transaction volume sub merchants and zero transaction volume sub merchants, the greatest risk lies in the low middle—light volume sub merchants with just enough business to hide illegitimate transactions but not enough to earn compensating fees. Other banks will only accept PFs that enable card-present transactions to avoid the downside risk of ecommerce. Some will look for a seal of approval, such as PFs that are members of the European Payment Institutions Federation (EPIF) in the EU.
The flip side of this logic seeks to maximize the upside reward. I’ve heard from some acquirers that they see PFs as a channel to open up otherwise inaccessible business. They may go for old pros in areas like gambling, adult content, or continuity marketing because they can better manage the risk of sub merchants. They also may choose PF partners because they are impressed by the technical achievements, such as a bank that sponsored a PF that provided dynamic pricing algorithms to help sub merchants maximize online revenue.
Boarding and monitoring policies
Once an acquirer has decided to partner with PFs, strict boarding rules are nearly universal. A PF’s KYC checks on sub merchants should adhere to the processes its acquirer follows for its merchants. This includes passing sub merchants through required checks like MATCH and VMAS. Acquirers will run their oversight by-the-book, such as onsite inspections of PFs’ processes and regular spot checks of boarding paperwork.
After boarding, monitoring practices are equally stringent. They are best described as parallel supervision. Also called “shadow monitoring,” this scrutiny may last a year or more and can easily be accomplished with monitoring providers. If acquirers wait for PFs to report up to them, the lag time can be 3 weeks or more. This is a blind spot that makes them uncomfortable because it creates room for illegal or illicit behavior.
“You never know if a PF is behaving well for 18 months to get you to lower your defenses so it can take advantage of you,” said one risk manager who remains optimistic but wary. Another acquirer with similar concerns “plugs in” sub merchants to its chargeback and fraud monitoring systems for added reconnaissance.
Some acquirers have an edge if they require PFs to use their gateways. That allows them to see originating IP addresses, and even to map back transactions to individual merchants if the billing descriptors are visible and unique. Parallel supervision is a source of comfort, as is an itchy trigger finger. “You can quickly tell who the cowboy is going to be and cancel him if need be,” said one acquiring compliance officer.
Team sports and solo politics
No acquiring risk or compliance team goes into the PF space without help. PFs and their acquirer partners alike use vendors like G2 Web Services to enable and automate risk and compliance steps. Acquirers in the “abstain” camp use vendors to help them spot PFs inadvertently hiding in their portfolios. The PF ecosystem is in the early stages of development. Like the start of a political season, early stages can reveal extreme opinions that later soften. Acquirers may loosen or tighten the kinds of controls mentioned above. Even sitting on the fence is still a defensible position now, but not so three years from now.
Discussions with acquirer compliance and risk leaders in Europe, Asia and the Americas suggest all of them are paying attention to the PF opportunity. Some are still sitting on the fence. But when the time comes to step down to vote, there is no climbing back on. PFs with robust boarding and monitoring practices will prosper.—Dan Frechtling is the chief marketing officer for G2 Web Services.