Overview of the Payments Ecosystem
Download
Report
Transcript Overview of the Payments Ecosystem
Payments 101: Overview of the
Payments Ecosystem
ETA UNIVERSITY
MARCH 19, 2015
Deana Rich
RICH CONSULTING, INC.
Edward A. Marshall
ARNALL GOLDEN GREGORY L L P
The Ecosystem and its
Components
Open-Loop Model
Card Networks and Member Banks
Card Networks and Member Banks
Card Networks
Visa, MasterCard, and
Discover (see also American
Express)
Provide infrastructure and
brand acceptance
Clear and settle transaction
information (not funds)
Establish interchange system
and set rates (paid to issuer)
Accept dues and assessments
Establish and manage
compliance with operating
rules and regulations
Card Networks and Member Banks
Member Banks
(Acquiring and Issuing)
Regulated financial
institutions
Must comply with
network/brand rules and
regulations
May issue cards and/or
acquire transactions
directly
Card Networks and Member Banks
Issuing Banks
Consumer “on-ramp” to the
payments ecosystem
Contract directly with
consumer (cardholder); bill
and receive reimbursement
from cardholder
Receive interchange fees
from acquiring bank
Settle transactions with
acquiring banks (via
networks)
May also offer prepaid
e.g., JPMorgan Chase & Co.; Capital One;
U.S. Bank
Card Networks and Member Banks
Acquiring Banks
e.g., BMO Harris Bank; Wells Fargo; HSBC
Bank
Merchant side of payments
ecosystem
May sponsor agents,
including processors and
ISOs (“acquirers”)
Responsible for compliance
with card networks’ rules
and regulations
Carry and manage ALL risk
associated with agents and
their customers (merchants)
The Acquirers
The Acquirers
“Acquirers,” a Versatile Concept
Acquiring Banks
Processors
ISOs
Sub-ISOs
Sales Agents
Merchant “on-ramp” to the
payments ecosystem
Contract with, bill fees to
merchants
Collect interchange fees from
merchants through “discount rate”
Must comply with networks’ rules
and regulations
The Acquirers
Processors
e.g., First Data; TSYS; Global Payments;
Heartland; Worldpay
Provide connectivity to
networks for purposes of
authorization (front-end),
clearing and settlement (backend)
Provide various levels of backoffice support
Execute agreements with
Member Bank, ISOs
Can, and frequently does, also
function as an ISO (recruiting
merchants through salesforce)
The Acquirers
ISOs and Sub-ISOs
Independent Sales Organizations
Sponsored by Acquiring Bank
Sell payment acceptance access to
merchants
May also provide various levels of
back-office support (e.g., customer
service, tech support, statements
and reporting) and additional
features
May have downstream agents (subISOs or sales agents) also selling for
them
The Acquirers
Retail (Non-Risk-Bearing) ISOs
Entrust risk monitoring and
underwriting to processor or other
ISO
Wholesale (Risk-Bearing) ISOs
Conduct own underwriting and risk
monitoring, subject to oversight
Indemnify banks and processors for
losses related to returns,
chargebacks, fraud, and data
breaches
Banks and processors maintain
liability for all downstream activity
A Day in the Life of a
Transaction
A Day in the Life: Payment Authorization
A Day in the Life: Settlement
Interchange fees paid to issuing bank
Additional fees collected by processor, acquiring bank, and ISO for services
Ecosystem Risk
Minimal Cardholder Risk
Regulation E
Regulation Z
Credit CARD Act of
2009
Chargeback
Protections
Chargebacks
Dissatisfied consumer can contest a charge (e.g.,
unauthorized transaction, did not receive purchase,
defective purchase, deceptive merchant conduct)
Issuing Bank removes from statement; recoups
money from Acquiring Bank
Acquiring Bank recoups from Processor and/or Risk-
Bearing ISO, and, ultimately, Merchant*
Card Networks resolve disputes regarding
chargeback validity (consumer friendly)
Ecosystem Chargeback Risk
Merchants may lack
financial wherewithal to
pay chargeback(s)
Thus, Acquiring Bank,
Processor, and/or RiskBearing ISO may shoulder
responsibility
Importance of
Underwriting, Risk
Monitoring, and Reserves
*
Liability Value Chain and Industry Oversight
Liability Value Chain
Card Networks
Member Banks
Risk-Bearing ISOs
Merchants
Industry Oversight
Card Network Rules
Industry Guidelines (ETA)
Bank Regulators
Non-Banking Regulators
Data Breach Protection (and Risk)
PCI DSS
Evolving standards to keep
data secure
Validation and compliance
testing required by PCI
Council and card networks (by
merchant level)
EMV: Security at POS
Encryption: Security for
Authorization Transmission
Tokenization: Security Post-
Transaction
Data Breach Risk at Merchant Level
Consumer Notification (State
Law Patchwork)
Card Network Liability
Forensic investigations
Non-compliance liability
assessments
Card reissuance cost, data
breach assessments, and fraud
reimbursement schedules
Legal Risk
Consumer and shareholder
litigation
FTC action
Data Breach Risk within the Ecosystem
Accepting merchants and
consumers are largely
insulated from counterfeit
card fraud loss
Acquiring Bank, Processor,
and/or Risk Bearing ISO bear
ultimate liability for Fines,
Assessments, Reissue Costs
(by merchant level)
Issuing Bank bear risk for
remainder
Impact of EMV
Questions
© 2015 | All Rights Reserved
Deana Rich
President
RICH CONSULTING, INC.
[email protected]
818.787.5837
Edward A. Marshall
Partner
ARNALL GOLDEN GREGORY LLP
[email protected]
404.873.8536
www.deanarich.com
www.agg.com