Payment Systems' Mechanics: The Risks And How To Deal With Them

By Nikolay Bocharov, Head of Anti-Fraud Department at the global payment network Mercuryo

All participants of the crypto-powered payment industry have their roles. Based on these roles, they establish specific relationships among each other and with regulators, including Card Schemes and authorities, and create a structured, highly efficient ecosystem. 

At the same time, this codependency bears quite a few risks that can seriously affect everyone from regulators to merchants. 

A textbook example of high-level hierarchy players suffering losses is when an acquirer bank receives a fine from a payment system because of the illegal or banned activity of the merchant. One would think that it is a merchant who has to pay the fine, but in reality, it is often the bank itself that is held accountable. 

Let’s take a look at the recent case when an acquiring bank had to pay €75,000 claimed by MasterCard as one of the merchants has violated copyright legislation. Although it was the merchant was broadcasting movies for English learning purposes, the bank was the one to pay the fine. 

So what exactly happened? 

The acquiring bank was responsible for processing subscription payments for the content that was shown unlawfully. The copyright holder sent a complaint to MasterCard about the case, and according to MasterCard rules, it is the bank, not the merchant, that had to be held accountable and pay the fine.

Payment Systems’ Mechanics: Who’s Responsible?

From a user’s point of view, the money transferring process looks easy. In reality, it is a complex system that runs like a machine. Think of it as a pyramid or an iceberg, every layer of which represents participants divided into the following categories:

• Card Schemes (VISA, MasterCard, etc.)

• Regulators, Acquires, and emitting banks

• Payment aggregators and facilitators

• Merchants

• Various vendors and service providers

Some market players are only responsible for a limited number of tasks, and others can play several roles at once. For example, a merchant can be a payment facilitator and a service provider at the same time. 

What could go wrong, one might wonder?

For the sake of example, let’s divide payment system participants into four groups that are interconnected in a single hierarchy of risk distribution and responsibility transfer. 

The highest level of the hierarchy goes to payment systems and regulators, which impose requirements on everyone that takes part in the payment ecosystem. Then we've got banks that bear risks for the participants residing at the lower level – payment facilitators or merchants. And that’s exactly how codependency works: every level carries a risk for higher-level participants and at the same time bears risks for the lower-level ones. 

While some risks may arise from lower-level participants, higher-level ones are also capable of abuse. This can be achieved by implementing control measures for minimizing risks, such as:

• Payment monitoring

• Client and merchant verification, compliance with AML procedures

• Compliance with the rules of Card Schemes

• Use of a modern automatic anti-fraud system that checks payments 24/7

• Dispute work with chargebacks and fraud

Legally, almost any issue can be fixed by an acquiring agreement, except for vendors and service providers, as they often have a simplified service agreement.

Other risks mainly concern a correctly drafted acquiring agreement related to the dynamic between a merchant, a payment facilitator, and a bank. At the end of the day, the bank carries the maximum number of risks, and the merchant bears the minimum. However, members at a lower level may suffer losses when members of a higher hierarchy abuse their position. 

Dealing With Abuses  

There are three types of the most common abuses from payment aggregators or acquiring banks that might happen: unexpected restrictions, withholding information, and unnecessary audits. Let's review them in detail.

Type 1. Restricting payment facilitators or merchants in their rights to dispute 

Here’s an example. The store receives a chargeback and provides all the necessary documents to the acquirer in due time for claiming the representment. After a while, the amount of the chargeback is withheld from the merchant's refund. Why did this happen if all the necessary documentation was provided at the stage of representment? 

It turns out that the acquirer received a notification that the issuer did not agree with the chargeback evidence and initiated the pre-arbitration process. In the overwhelming majority of cases, the acquirer will ask if the store decides to start the arbitration process. This means that the dispute case will be transferred to the payment system. 

But in this case, the acquirer independently decided not to go to arbitration and agreed with the issuer's position. Thus, it prevented the store from proving that it fulfilled all the necessary conditions of the transaction to the cardholder. 

Moreover, the store suffered a direct financial loss on this chargeback. To eliminate such a risk, it is absolutely necessary to carefully check the rights and obligations of each of the parties in the acquiring agreement. 

Type 2. Failing to provide complete and comprehensive information on payment systems fines

In some cases, the acquirer tries to hide information regarding repressive measures coming from payment systems for violating certain rules. 

For example, they can issue a fine for an incorrect MCC (Merchant Category Code) or processing payments for high-risk merchants without an appropriate license. It is quite a challenge for a merchant or a payment facilitator to get to the bottom of the issue and understand whether this violation actually happened.

Moreover, it is hard to say whether the amount of the fine is fair or whether the acquirer has imposed an additional penalty. The solution to the problem lies in contractual relations. Besides, one should always be aware of their rights during the payment process.

Type 3. Imposing a paid audit by payment systems as a way to minimize their risks. 

It’s not rare when the acquirer, having received problems regarding one or several merchants, tries to "make amends" to the payment system and propose auditing its other merchants. Then the acquirer tells its merchants that this is a forced measure as their business is high-risk or comes up with other made-up reasons. 

As a result, the merchant bears uncalled-for expenses. The audit is only beneficial to the acquirer bank that basically uses the merchant to cover its own financial charges. To avoid such situations, merchants need to choose reputable acquirer banks and be precise when signing the contract. Both sides need to make sure that all the points of the agreement are clear and particular.

The Bottom Line

Is there a way to change the situation with the abuse that happens on all the levels of payment system hierarchies? Can all participants emerge victoriously?

As for banks, the solution lies in conducting in-depth merchant verification and establishing real beneficiaries. Banks have to constantly monitor and recheck their customers and provide evidence sufficient to fight back the main types of chargebacks. 

When it comes to merchants and payment facilitators, it is necessary to amend the standard acquiring agreement, regardless of the banks' excuses about the agreement being the same for everyone and impossible to change. After all, you are responsible for your own well-being, and being extra-cautious is a step in the right direction.