|
|
 Thursday, June 12, 2008
By Chris Phillips
Once upon a time, there was an issue that came up in every card association sponsorship and processing agreement and in any sophisticated merchant agreement negotiation (that is, one where the merchant read their terms and conditions and actually tried to make a change). Every card processing agreement includes a covenant to abide by Card Association Rules (commonly know as "The Rules," this included Visa Operating Regulations and Bylaws and the MasterCard Bylaws and Rules, though it might also include Amex rules, Discover rules, debit network rules, etc.).
There was one very good reason everyone included this - The Rules said that an agreement to follow The Rules had to be in the contract. Or at least, that's what the bigger fish always said to the smaller fish (it had the added virtue of being true). But the quirky thing was, most of the parties agreeing to be bound by The Rules couldn't get a copy of them. Sure, the banks had the rules and the processors had the rules, but for ISOs, sub-ISOs, merchants, etc., forget about it. Sometimes, neither party to the contract knew what was really in there.
Absurd, you might say. How could you be bound by The Rules if you couldn't read them? How would you know if you violated them? What's more, violation of The Rules was usually a Big Deal (triggering termination of the agreement, cutoff of residuals, fines, etc.). So, there would be a dance. Smaller Party would agree to be bound by The Rules if they were provided by the Bigger Party. "Sorry," Bigger Party would say, The Rules are confidential. "We could show them to you, but then we'd have to kill you." Or something like that. In the end, Smaller Party would suck it up and agree to be bound by The Rules, sight unseen. If they were lucky, maybe the Bigger Party would allow immaterial violations of The Rules without triggering a really Big Deal as long as the violations were cured in a reasonable period of time. One helpful large acquiring bank did provide a handy-dandy summary of The Rules in just a few pages, but that was about as goo d as it would get. Maybe a magazine article would quote The Rules, or an ISO would go to the ETA convention and listen to the Associations talk about changes in The Rules, or new enforcement actions under The Rules.
Well, Virginia, there is a Santa Claus, and after much hand wringing, both Visa and MasterCard (no longer the club of banks they once were) have both made their Rules (or at least most of them) public. MasterCard, to its credit did this a few years ago (large excerpts anyway), but Visa just gave up the ghost last month (in fairness, it had earlier allowed merchants to access The Rules if they would executed a confidentiality agreement). (I could link to them for you, but that would be too easy, wouldn't it?)
Now everybody knows what those of us who worked for banks and processors knew. The Rules are long, complex, alternatively granular and vague and generally not that surprising. Most of the stuff that affects an ISO or merchant's daily life was already in their Agreement elsewhere (as required by The Rules, of course). But if you're taking that plane ride to Sydney or need a hefty doorstop that pulls double duty as the foundation of our wonderful retail system, warm up the printer - it's all there for you.
Tuesday, March 11, 2008
By Chris Phillips
Got an e-mail from another lawyer in the firm last week, with the lead, "I wager that there will be few, if any, Obama08 signs up around the AMEX offices."
He went on to attach a list of Senator Obama's proposed credit card reforms. Senator Clinton has a similar list, as described here. (I'm not holding my breath for Senator McCain's list, but it is, in case you haven't heard, an election year, so anything's possible.) There is also proposed federal legislation entitled "The Credit Card Holder's Bill of Rights" in the House (extensively and edifyingly discussed here)and "Stop Unfair Practices in Credit Cards Act" in the Senate (neither Clinton nor Obama listed as a sponsor).
Putting aside whatever merits and demerits there are for the various overlapping reforms, I think it likely that they would cut into profits at large card issuers and, as my colleague pointed out, create some accounting "nightmares" at these issuers.
But really, the issuing stuff is small potatoes to what came out on Thursday, and has been discussed for years, interchange reform. A couple of Congressmen (someone stepped up in each party) introduced the "Credit Card Fair Fee Act of 2008," with the purpose "To amend the antitrust laws to ensure competitive marketbased rates and terms for merchants’ access to electronic payment systems."
I'll leave the summaries to people with a little more time on their hands, but basically the bill will require the largest retailers and issuers to negotiate, then arbitrate interchange fees for a three-year term. It also would create a new class of judges to decide the rates.
On some level, this is likely modeled on the Australian system, where interchange is set by a central bank (and where merchants pay [roughly] the lowest interchange fees in the world - while the United States has [roughly] the highest). As really smart people whose job it is to study things like this have pointed out, Australia and the United States aren't directly comparable in their payments systems for a variety of reasons. What's more, the obvious idea of surcharging (allowed as part of interchange reform in Australia) isn't part of the new bill (perhaps most retailers don't want it - it seems not to have been widely adopted in Australia).
On the surface, this seems like an especially complicated way to attack an issue that is especially complicated to begin with, and I'm not sure it will have the effect of lowering prices its sponsors expect. Indeed, for the largest retailers, it seems that the card associations are already subsidizing merchant's interchange fees in some surprisingly free market ways, so these savings that are the goal may already be priced into places where most dollars are spent.
Friday, January 04, 2008
By Chris Phillips
Catching up on some reading over the holidays, I came across this older post on the Braintree Payment Solutions blog about why the merchant acquiring industry is intimidating to merchants. I think it is not well understood by (even) bankers and (most) lawyers. Fortunately, consumers are blind to the complexity of the system because of its black-box nature—they just know it (usually) works.
We've had a lot of clients come to us because their "regular lawyers" were having difficulty understanding the various players, concepts, funds/information flows and potential liabilities inherent in the system, and they wanted to deal with someone they didn't have to educate on these matters (we're always learning more from our clients, of course).
After taking (ahem) a little while off from the Payments Blog, I thought it was appropriate to sort of reset things and say that the very complexity is why we love the industry. Payments is ubiquitous in the capitalist system today—it touches everyone and (unlike, say, structured finance or derivatives) it's good cocktail party talk. But it's also a web of mostly intangible relationships controlled (we hope) by (usually complicated) contracts. We like contracts and we're interested in the business—there are so many interlocking pieces, you almost need a mental map to keep it straight.
2007 was an interesting year in payments. I won't bother to create my own list when I can link to Glenbrook's 'most read' payments news stories of 2007. It seems clear that Glenbrook's readership is issuer-heavy—these are all issuer or bank stories. As an aside the, biggest stories to me were the TJX breach/litigation, the decoupled debit cards and the beginning of the end of the true closed-loop acquiring model for Discover and Amex. I think 2008 will be even bigger and I just hope we can keep up on the Payments Blog. Please join us!
Friday, November 16, 2007
By Chris Phillips
As a follow-up to Tuesday's post, it's become clear, according to American Banker, that Visa is in fact only paying a portion of the Amex antitrust settlement. Wachovia, National City and Bank of America each took earnings charges in the nine digits in connection with the settlement.
Tuesday, November 13, 2007
By Chris Phillips
We've been busy at the Payments Blog, so I've relied more than ever on the good folks at Glenbook's Payments News for my daily news fix. The stuff below appeared there originally, and I offer my additional thoughts for your consideration.
-
Visa and Amex settled their anti-trust issuing lawsuit relating to periods before 2004, when Visa and MasterCard allowed member banks to issue Amex and Discover. Oh, yeah, Visa paid up just over TWO BILLION DOLLARS. And that's just Visa (and its member banks) - doesn't include MasterCard and doesn't address Discover's claims against any of the parties. We're not anti-trust experts here at the Payments Blog (we pick up the phone), but I'm shocked at how little attention this has gotten. I mean, the settlement made the news, but $2B...that's the GDP of Belize. And Amex's stock actually went down. Apparently the daytraders were expecting more. Waaah. (Yes, I know that Amex and Discover's stock is suffering because of the expected credit crunch coming to card issuers, but how about some love for a ten digit number? It just goes to show you how big this industry is—bigger than airllines and personal computing combined, according McKinsey & Company.
-
Lots of attention being focused on POS software security. Just a couple of days after VISA promulgated "Payment Application Best Practices", the PCI counsel adopted them as a new draft PCI standard.
-
The Treasury Institute for Higher Education published an interesting paper which you should read and all that, but what struck me as interesting is their conclusion that (i) the median data breach is between 50,000 and 100,000 card numbers and (ii) the average cost of a data breach is $182 per card number (it's not clear to me whether that figure includes fines, issuer reimbursements, etc.). If I'm TJX, I hope that isn't right (as I've noted before, I'm not a math guy, but 94,000,000 accounts X $182 = 1.7B - that's many times the reserve TJX established). The Bank Technology News says small breaches are actually more likely to result in fraud anyway.
-
Hey, speaking of TJX, we're following the litigation closely for our clients, and there's a lot of juicy stuff coming out that has implications for everyone in the acquiring chain. Please contact me if you're interested in getting our updates.
Friday, November 02, 2007
By Chris Phillips
The worst-kept secret in payments, the spin-off of TSYS from Synovus is officially on. Query whether this will give TSYS (on the issuing and acquiring side) the flexibility to move in new directions. The issuing business, while certainly profitable, is not high growth (see rampant speculation a year ago the First Data would sell off its issuing business, which it didn't). On the acquiring side, TSYS Acquiring (formerly Vital) is really the only "stand-alone" processor of its type, which could be good or bad.
Javelin Strategy has some interesting compare and contrast with StoreFrontBackTalk on the (for now) dead California Data Breach liability bill. I agree with Javelin (Bruce Cundiff) that the bill was really all about the issuing banks vs. merchants, and not about consumers (not that there's anything wrong with that). What's not being said is that a cost of $25 or $35 per compromised card could sink whole lot of merchants, and ISOs (those holding risk), processors and acquiring banks will be left holding the bag. Which is why the ETA came out against the bill.
Speaking of that, I don't think I've linked to Braintree Payment Solutions' blog, but he has an interesting post about how a breach works in the small merchant context. Enjoy. Brian Johnson actually has a bunch of posts on interesting topics, but I only recently discovered his blog.
Monday, October 15, 2007
By Chris Phillips
If you're a retailer in Cali, the sun shone a bit brighter and that wheatgrass smoothie was a little bit sweeter this morning. Yep, California's Governor refused to sign AB 779, California’s data breach notification and liability bill (see posts below). You know your industry has hit the big time when Ahnald waxes eloquent about it.
Here's the veto message and Evan Shuman's take.
Evan notes what I've heard from folks in the industry, and what the various PCI levels implicitly acknowledge. Namely, that TJX is one thing—the mom and pop corner store is quite another. The damage provisions could sink a lot of small businesses, and it's not clear that the same standards ought to apply to the largest and the smallest merchants. Benjamin Wright also notes some unclear language that he thought would have made for bad law.
Friday, October 12, 2007
By Chris Phillips
Following up on a few things from prior posts:
- TJX revised its settlement to add a little cash to the coupons, and Evan Shuman says it's likely a 'go.'
- I haven't mentioned it, but Javelin Strategy and Research writes an excellent blog, and they've written a nice devil's advocate post about the Canadian Privacy Commissioner's Report.
- Still no movement on the California data breach law sitting on the Governator's desk (AB 779), with Sunday as the deadline. Javelin has something to say about that, too. I'm not sure I agree with their conclusion (would it really have sunk TJX?), but I guess you could do the math and it would hurt really bad. Let's see, 46M cards times $25 is $1.15B, equal to about a year and a half worth of TJX's net income, and more than 7X what they have reserved so far).
Light reading while looking forward to the Electronic Transaction Association annual meeting in Las Vegas...
Last week, the Department of the Treasury and the Federal Reserve issued a set of joint proposed enforcement rules in connection with the Unlawful Internet Gambling Enforcement Act (or UIGEA to the cool kids), which was passed about a year ago. This law, while passing under the radar of most of the things I read, is no joke, particularly for companies doing quasi money transfer operations like PayPal (which had entered into settlements with the Feds even under less restrictive laws). ECHO (Electronic Clearing House, Inc., who has now gotten out of that business) even had their deal with Intuit scuttled by a federal investigation under the law (a day before the stockholders meeting - yikes).
The rules proposed last week (which are subject to a comment period) concern the activities of participants in the payment systems like card system operators (their definition could use some work - I'm not sure who they're trying to capture here), ACH systems, check clearinghouses, money service businesses and the like. Basically, the rules exempt certain participants from most aspects of the regulation, but provide that card systems and money service businesses must develop policies and procedures to identify and prevent restricted transactions (which almost every gambling transaction would be). For card system operators, some of this is almost certainly already being done pursuant to card association rules, but I've reproduced what the rules suggest:
(1) Address methods for conducting due diligence in establishing or maintaining a merchant relationship designed to ensure that the merchant will not receive restricted transactions through the card system, such as –
(i) Screening potential merchant customers to ascertain the nature of their business; and
(ii) Including as a term of the merchant customer agreement that the merchant may not receive restricted transactions through the card system;
(2) Include procedures reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions, such as –
(i) Establishing transaction codes and merchant/business category codes that are required to accompany the authorization request for a transaction and creating the operational functionality to enable the card system or the card issuer to identify and deny authorization for a restricted transaction;
(ii) Ongoing monitoring or testing to detect potential restricted transactions, including –
(A) Conducting testing to ascertain whether transaction authorization requests are coded correctly;
(B) Monitoring of web sites to detect unauthorized use of the relevant card system, including its trademark; or
(C) Monitoring and analyzing payment patterns to detect suspicious payment volumes from a merchant customer; and
(3) Include procedures to be followed with respect to a merchant customer if the card system, card issuer, or merchant acquirer becomes aware that a merchant has received restricted transactions through the card system, such as --
(i) When fines should be imposed; and
(ii) When access to the card system should be denied.
Friday, September 28, 2007
By Chris Phillips
I read with interest the "Report of an Investigation into the Security, Collection and Retention of Personal Information: TJX Companies Inc./Winners International, L.P." by the Office of the Privacy Commissioner of Canada and Office of the Information and Privacy Commissioner of Alberta. (Yes, I like long titles. I also like that Canada has a Privacy Commissioner and that it would cooperate and issue a joint report with the Privacy Commissioner of a mid-size province. Can you imagine that in the U.S.? Report of the Federal Trade Commission and the Tennessee Commissioner of Commerce and Insurance? Never happen. Anyway...)
The Payments Blog's new amigo Evan Shuman has a nice summary, and the details are a bit wonkier than this forum lends itself to on security measures (WEP vs. WPA encryption, etc.). Beyond that, these two paragraphs caught my eye:
62. With respect to collecting and retaining credit card data, TJX/WMI advised that WMI customer credit card data from 2003 had been stored for at least 18 months. When the RTS servers came on line in 2003, TJX encountered problems that required troubleshooting efforts. TJX/WMI argued that this constituted a reasonable business purpose since troubleshooting required staff to review and analyze transaction data as far back as 2003. Furthermore, TJX/WMI indicated that they are required by contract with financial institutions that process credit card transactions to retain transaction data for at least 18 months for charge-backs, audits, and other unspecified purposes.
63. With respect to the retention of credit card information to process transactions, it is our position that it may be reasonable to retain this personal information for the length of time specified in the organizations’ contracts with financial institutions as this meets the requirement of retention “for legal or business purposes.” Processing payments according to the terms and conditions of the organizations’ contract with financial institutions is directly related to the purpose for which the information was collected in the first place.
Eighteen months! I know that TJX's U.S. merchant contracts only required 12 months of transaction data, and even that seems like a long time from my perspective (since chargebacks will come in no later than 180 days). But if their Canadian contract says to keep the data for 18 months, and the U.S. contract says to keep it for 12, you know they probably aren't going to sort it by country, so they'll keep everything for 18 months. Of course, no one told them to store any data unencrypted (I can't make heads or tails of what was actually stolen from their descriptions in SEC filings, which are mostly about what was NOT stolen, but as I read it, some of the stolen data was unencrypted).
Also, it should be noted that the storing of payment data is OK, even under the new law soon(?) to be signed into law in California, AB 779, so long as it's consistent with a written retention and disposal policy and stored for reasonable business, regulatory or legal reasons, which seems to be roughly the same standards the Privacy Commissioner used in the quoted language above. California and Minnesota would both prohibit the storing of "sensitive" data, like PINs, CVVs, full stripe data, etc. (Minnesota gives the merchant 48 hours, at least).
Tuesday, September 25, 2007
By Chris Phillips
The TJX data breach consumer settlement has been announced, and Evan Schuman is not impressed with the work of the plaintiff's bar. The case brought by the issuing banks is still active, and I bet holding a big sale and offering some coupons won't cut it on that.
Friday, September 14, 2007
By Chris Phillips
I mentioned last week in a post that I was going to write more on interchange management at the point of sale, unless something else interesting happened. Well, something interesting (to me, anyway) has happened, but it ties into the topic, so I'll have a little bit of a blended post here.
As I said previously, interchange is a huge issue in retail, and if you don't believe me, read the Congressional hearings linked in the earlier post. So, if you can't surcharge, what do you do? Well, one large retailer tried to start a bank (actually an ILC) so it could become a card association member, do its own merchant acquiring, and cut out part of the discount it was paying, but that hasn't worked out to date.
Sometimes interchange management takes the form of litigation, and there were a spate of antitrust suits involving the card associations and retailers, which actually had some important effects, and some not-so-important effects. Starting with the no-so-important, merchants can now decide to only accept (lower interchange) debit cards, and not the big-interchange credit cards (Visa even has a specific sign for that). I have NEVER seen a retailer that actually uses this method, because it's too confusing and time consuming at the point of sale, I guess (try getting the check-out guy at the supermarket explain why the check-card will work, but the airline rewards card won't). More importantly, the settlement of the antitrust litigation allowed the merchant to engage in PIN-steering. PIN-steering is the practice of using the POS terminal to steer customers to the low-interchange online/PIN debit. When the customer swipes the card (no matter the type, credit or debit), the terminal asks for a PIN, and most customers comply. Voila, pennies saved by the merchant.
As an avowed nerd on this subject, I typically prefer to pay by "credit" (actually offline debit - I'm using a check card, but not entering a PIN). I do this for a variety of reasons, some of which are liability related, some of which relate to the fact that it's better for the acquirer/processor clients of the firm to get the higher interchange (their success is our success), and some of which relate to the fact that I get to keep my money for usually at least a day longer by foregoing the PIN (which takes the money out instantaneously). So I can state my opinion with some conviction that PIN-steering has gone too far, at least at some retailers.
Just try to use a credit card at some retailers. Sometimes when the PIN screen comes up, you just have to choose credit (which is easy and fine). But at others, you may have to hit cancel (which none of us wants to do) not once, but twice, or get the checker to hit some buttons, and it's too confusing and difficult. The card associations haven't stepped in on this (as far as I've heard) because of the antitrust settlement, but they've emphasized the point in the rules, and I wouldn't be surprised to see this become an issue at some point. Or maybe it's just me, and I'll get off the soapbox.
On a Related Note
Retailers are of course free to take cash only. One way you often see that is with the presence of an ATM in the lobby. Customers don't like to be told "No" and I guess that's why this isn't more common, but some savvy merchants still pull this trick (at least at bigger-ticket merchants). The merchant doesn't pay any interchange/discount, and actually gets a cut of the ATM surcharge revenue (or they should).
On this point, I noted last week the filing of the S-1 for the IPO of CardTronics, the biggest ATM operator. A look at the filings will tell investors that CardTronics routinely loses money (though not as much as the other public ATM company, TRM), and it's fairly conventional wisdom that ATM is a static if not shrinking space. But...I salute CardTronics for having a plan. ATM branding deals (I drive our clients crazy talking about these, but I think it's a big opportunity for growth) and the surcharge free Allpoint network CardTronics owns have potential for real growth (I'm less excited by some other pieces of their business model). But what really caught my attention a couple of days ago was an article in the American Banker (which had been widely reported elsewhere) that Bank of America was raising its ATM fees (in some markets) to $3, and that others might follow suit. How about a 50% revenue increase! That will cure some operating losses.
The American Banker article also quoted some unhappy consumer advocates, and there are some folks (though not the ones in the article) trotting out the familiar "there oughta be a law!" mantra. And there have been laws, especially abroad but most notably in Santa Monica, California, attempting to cap ATM surcharges. Those laws can't survive a pre-emption challenge, though, at least not under current judicial interpretations. So until Congress steps in and sets some cap (which I would think unlikely), the sky's the limit on your ATM fees, and I'll still be the guy hitting cancel at the POS terminal at the supermarket.
Monday, September 10, 2007
By Chris Phillips
Following up on a post from a couple of weeks ago, I highly recommend Evan Schuman's StoreFrontBackTalk blog post from September 7, and an earlier post to which he describes Piggly Wiggly's biometric experiment (includes a colorful anecdote about some consumer, shall we say, resistance to biometrics). His blog is well worth a daily read, and now that he's back from vacation, he's banging out the posts. Reading his blog is what has spurred my burgeoning interest in retail/POS matters, which have been the subject of several recent posts.
Friday, September 07, 2007
By Chris Phillips
Payments News and Aneace’s Blog both reported last week on an LA Times article (which is a couple of weeks old) about cash discounts at gas retailers. Back in the 1980s, it was fairly common to see different prices for cash and credit, but I can’t remember the last time I saw that. Maybe this is the start of a trend, maybe it’s a California thing. I do know from Congressional and Tennessee legislative hearings on interchange that petroleum retailers are getting squeezed like nobody else by the rising interchange. Not to mention the fact that no one ever goes inside a convenience store anymore, which is a huge margin hit for those businesses.
So, why don’t retailers charge different prices for credit and cash? Because it’s hard to make it work. Visa and MasterCard prohibit “surcharging,” which is the practice of charging MORE for Visa/MC credit cards than other forms of payment (and oh, by the way, surcharging is also against the law in most states). But merchants can charge LESS for cash transactions. That sounds like some sort of philosophy exam, but trust us, the card associations have it all figured out. The key is in the wording. The merchant has to say/act like the credit price is the “standard” price (“standard” is the word used in the Visa Rules), and the cash price is discounted from the standard. Woe unto those merchants who act like the Price= $X and the Credit Price = $X+. The Card Associations (via the acquiring banks) are levying fines of $5000 for violators.
That’s where the rubber meets the road. The retailer was threatened with a fine because his sign said “credit” instead of Visa’s preferred “Regular,” “Standard,” or “Normal.” When Visa tried to levy the fine, “state regulators” stepped in.
Looking around a little, I found this older article, which goes into a bit more detail about how this is working, at least in California. Reading through that article, there are a couple of interesting points. First, California regulators decided that “Standard,” “Regular” and “Normal” were confusing to consumers (presumably because they mean something completely different in the gasoline world) and Visa backed down, allowing the merchant to go with “Credit/Cash.” Second, California requires that cash discounts also apply to debit (not sure if that is just online/PIN debit, or includes offline/signature debit). That’s why Visa says the “Credit/Cash” dichotomy is confusing (I can believe that - regular folks don’t discriminate between credit and debit, and certainly not online/offline debit). Finally, I like the mental picture of a conference call between California bureaucrats and Visa bureaucrats, neither of whom are ever told “No” by anyone, with poor Mr. Merchant caught in the middle, waiting to be told when to jump, and how high.
I’d be interested to hear what people in the retail world are seeing and doing in response to rising interchange (yes, I know that’s a big question), outside of calling their congressman. For instance, has anyone seen a merchant surcharging Discover (whose rules allows the practice)? The next post (unless something really interesting happens between now and when I write it) will explore a couple more “OKs" and “Not OKs” in POS interchange management.
Wednesday, August 29, 2007
By Chris Phillips
Nothing seems to have ignited the imagination of the card-issuing world quite like the "decoupled debit" card offered by CapitalOne (the Vikings of card issuing have also trademarked the term). Simply put, CapitalOne will allow customers to keep their current bank account, but get a CapitalOne debit card, usable wherever MasterCard (and each of its affiliates) is accepted.
Customers get a higher reward level than with their current bank (debit rewards are typically paltry - The Aite Group estimates rewards for the new card will be two to five times higher than average debit), and the rewards get even better if the consumers shop the right merchants and have a CapitalOne credit card.
For CapitalOne’s part, it gets the high-dollar interchange on the cards and pays only the low, low cost of ACHing the customer’s bank account from the local bank. Talk about some non-interest income.
One less-discussed aspect of the card is that most will be co-branded by a merchant hoping to get the consumer’s business (something CapitalOne is well-known for in the credit space).
With a trifecta of happy campers, why didn’t anyone else ever think of this? Why didn’t I think of this? (OK, I don’t work for a bank, so that answers the last one.)
Well, the consumers’ banks aren’t excited. They’re losing that juicy interchange revenue, and in the long term, the consumers’ accounts are probably less stable. In fact, Visa (bank network that it is) prohibits such an arrangement. So, these decoupled debits are MasterCard-only, and MasterCard has a significantly smaller share of the debit market, having come late to the debit party. While people I talk to seem to think MasterCard’s allowance of decoupled debit is a historical accident, it’s no accident that MasterCard is trying to up its share of debit, and is now a public company out of bank control.
CapitalOne won’t be happy if they go to ACH those consumer funds to pay acquiring banks, and the consumer account is empty – since CapitalOne doesn’t know what’s in the account at any given time. CapitalOne takes the risk on the card, as the issuer, and they'll hold the bag if the consumer can't pay. The math wizards at CapitalOne (“What’s in your financial calculator?”), think they’ve got this figured out, and they’ve got some algorithm that tells them whether they should accept or decline a transaction, based on past history.
If I’m a consumer, I hope the algorithm is in good shape, or I’m going to be getting some unfortunate declines (or, in the alternative, a bunch of overdrafts). And if the consumer calls their depository bank to ask about the declines (or to report a lost card), the bank will tell them to call CapitalOne - finger-pointing may ensue. I hope the CapitalOne call center can explain that algorithm.
Tuesday, August 14, 2007
By Chris Phillips
Given how well-connected The Strawhecker Group is in the acquiring industry, most of the readers of this blog are probably already subscribers to their "TSG NewsFilter" service, which is a weekly collection of payments new articles from around the country and the world. If you're not a subscriber, we encourage you to sign up at their website linked above.
While I consider myself a pretty assiduous daily reader of payments news, TSG never fails to dig up some interesting piece of news I had missed. This week, they included an article from the San Jose Mercury News entitled ‘Electronic wallet' era closer to reality (8/7/07) (free registration required). The article itself is largely about the future of contactless/mobile device payments, which is of particular interest, as it has the potential to affect the payments industry in a variety of ways, far beyond the need for a bunch of new POS terminals at every retail location. It could lead to a real shift away from the Visa/MC paradigm to more of a direct ACH style model (FastLane, Tempo, etc.), though I admit this is unlikely (and I'm not sure such a shift would be a good thing, for a variety of reasons, but that's another post). Once the cardholder no longer has to pay with a "branded" device (and should they have to install a new terminal anyway...), is the center still holding on the Visa/MC model?
That said, there are (as the article points out) a lot of psychological barriers for contactless/mobile payments on the consumer side. Whenever I ask friends how they feel about paying with their mobile phone or a key fob, I get a suspicious look and a lot of questions about security. I can't dismiss those concerns out of hand (see a characteristically good overview from Aneace's always excellent blog), though I think the security is likely to be solid on these devices, given the players involved.
But it doesn't matter what I think. What matters is what the folks in the trenches think. Let me know if you have thoughts, but a few anecdotal pieces of evidence:
- While I had noticed that First Data (among many, many others) had been public in its adoption of m-commerce partnerships, I had not noticed that FDC (along with NCR) had taken an equity stake in VivoTech, which the Mercury News Article points out.
- Paul Garcia, CEO of Global Payments, is on the board of Firethorn, which likely means that either Global or Mr. Garcia individually, has an equity stake in that venture.
- The Mobile Money and Banking Blog has a good overview of the web of partnerships that is taking place.
And Now for Something Completely Different
In addition to being a payments nerd, I'm also paid to be an M&A nerd (a labor of love). I had the pleasure of serving as part of the working group of the (deep breath) American Bar Association's Section of Business Law Committee on Negotiated Acquisitions Mergers & Acquisitions Market Trends Subcommittee 2007 Private Targets Deal Points Study. The study is an in-depth analysis of acquisitions of private companies by public companies, and covers post-closing purchase price adjustments, baskets, caps, reps/warranties, covenants, indemnities, etc., for deals completed in 2006. It is a great resource for anyone who does deals. Clients and friends of Waller's payments industry practice, please let me know at chris.phillips@wallerlaw.com if you'd like to see a copy, or get an insight into any particular topic of interest.
Tuesday, August 07, 2007
By Chris Phillips
Last week, Robb Harvey, a member of both Waller Lansden's Trial and Appellate and Intellectual Property practices, and a guy who pays attention to payments industry matters, published a firm bulletin titled, "'Next Generation' Consumer Class Actions Target Retailers/Franchisors." The bulletin concerned the wave of class actions around FACTA (the Fair and Accurate Credit Transactions Act).
Robb notes that FACTA suits are targeting retailers not just for failing to truncate card numbers, but also for failing to truncate expiration dates, as the plaintiffs’ bar claims the Act provides. These suits have been especially prominent in the restaurant industry. The FTC has indicated that it might bring enforcement actions as well, but for now the lure of paid attorneys fees has the plaintiff's bar focused, while the FTC sits on the sidelines on this issue. For attorneys' fees to be paid, the violation needs to have been "willful," which Robb notes has been the focus of litigation to date. Our sense is that the processors haven't been brought into the retailer suits to date. One could well imagine that the role of the merchant acquirer could be important in the analysis of whether violation of the statute was willful, and even that the merchant might seek damages against its acquirer/processor.
Similarly, we note the coming generation of "PCI Statutes." These new statutes were up for consideration in multiple states, but only passed this session in Minnesota. In one way or another, these statutes seek to make the Payment Card Industry Data Security Standards (PCI) a statutory obligation, in addition to being a Card Association obligation. These statutes deserve their own post, but in Minnesota, at least, a retailer can be liable to card issuers for violation of data security standards (the statute does not explicitly tie to PCI, and there is no concept of different merchant levels as is the case in PCI). The retailer can also be liable for violations by its "service providers," which include processors. Again, it is quite possible that a retailer faced with liability could seek redress against its merchant acquirer, who is likely to have a deep pocket.
Take another look at the liability limitation in your merchant contract today. Every merchant processing contract should already include strict damage limitations, but those should be examined in light of the new suits and state law.
Quote of the Week:
"As the populace becomes more educated about what takes place behind the scenes after they swipe their cards, or click submit, or "tap and go", the attention of private and public investment, as well as that of government regulators, has been drawn to the general business of payment processing, the services it entails, and the rules that govern it. With institutional attention, the public spotlight grows brighter, more intense, and the business begins to change. The current environment is arriving and coinciding with organic changes already occurring in the merchant acquiring market, making this time in particular quite momentous."
— Business Models and Revenue Streams in Merchant Acquiring: Beyond the Monthly Residual Check
(Research Report by the Mercator Advisory Group, July, 2007)
Tuesday, July 31, 2007
By Chris Phillips
Kevin Kidd and I listened to an American Bar Association program last week entitled, "Deal or No Deal? Complying with Multi-State Gift Card Regulations." The program was presented by the ABA Forum on Franchising, not by any of the ABA business law subcommittees that usually focus on the payments industry. The presenters were three in-house lawyers for retailer franchisors (Starbucks, Cold Stone Creamery and Focus Brands) and one firm lawyer who primarily practices in the franchise space (Leonard Vines of Greensfelder, Hemker in St. Louis). It focused almost exclusively on the closed-loop prepaid card format (gift cards that can only be used at a single retailer, as opposed to "open-loop" or "branded" prepaid cards, which can be used at any retailer accepting the card brand (Visa/MasterCard/American Express).
As the title implied, most of the presenter's time was spent discussing state law restrictions on dormancy fees, expiration dates and the intersection of those concepts with unclaimed property/escheat law. Having written an article on these issues a few years ago (which was never published) I am fairly familiar with these topics (on a conceptual level—the laws of individual states are always in flux). Somewhat less time was devoted to discussion of recent Federal Trade Commission actions against K-Mart and Darden Restaurants relating to disclosure of terms and conditions. There was, of course, an overlay of franchise law concerns with which I have no experience (other lawyers in the firm handle franchisor/franchisee clients).
One recommendation from the panelists was to use an experienced and competent prepaid card processor, because there are complicated operational matters involved (we are happy to recommend processors who have the knowledge and technology to do the job right). What the panelists didn't say, but is true in my experience, is that the gift card processors will NOT provide advice on compliance with state law. The processors, on whom issuers may be tempted to rely, do not generally have liability for violations of state law related to issues like dormancy fees or escheat, or federal regulations regarding disclosure, but issuers do. It is incumbent upon the retailers issuing gift cards to conduct their own legal review of their prepaid card programs (preferably on an ongoing basis). I know that I routinely purchase and receive gift cards that are not compliant with Tennessee law, much less the laws of all 50 states.
This program showcases just one example of how complicated, specialized and ubiquitous the payments industry can be. Because closed-loop systems are mature, widely used technologies that don’t need to tie in to Visa/MasterCard or access consumer bank accounts, it may be tempting to see them as less daunting than other aspects of the payment system, but it pays to be cautious. State and Federal regulators know that tens of billions of dollars are flowing to retailers through these programs and those regulators are paying ever closer attention.
Monday, July 23, 2007
By Chris Phillips and Kevin Kidd
The intro to Waller Lansden's blog pages says that the blogs will offer "insights on current business and legal topics." That's exactly our goal in the Electronic Payments Blog, which won't always focus on "legal" issues (though we'll certainly take a look at interesting legal issues in the space). We strive to understand all of our clients' businesses; but in the payments industry we have an especially long history that underlies our ongoing client representations and continuing education.
The authors of this post, Chris Phillips and Kevin Kidd, will primarily maintain this blog. We make an effort to be diligent in our reading of daily, weekly and monthly news about the payments business in Glenbrook Consulting's "Payments News" and "The American Banker," among others. We also review scholarly articles and updates from professors, practitioners and regulators, as well as public filings from the largest industry players. More than that, we make an effort to get to know people in the industry whenever we can (whether clients or not) and gather their insights about the payments business and where it's going. Over the past few months, we’ve talked at length with other folks in the trenches of the industry – folks like Bob Hyer from Greenhill & Co., Kurt Strawhecker and Jamie Savant from the Strawhecker Group and Jack Dale from Entandem, just to name a few.
While we maintain this blog and focus on the payments industry to a greater extent than any other lawyers in the firm, we stand on the shoulders of many others at Waller Lansden who have worked with various clients in the industry over the past three decades. Our firm has been active in payment processing since the 1970's, when the firm was issuer's counsel in the Comdata IPO. Waller Lansden attorneys advised merchant acquiring juggernaut PMT Services in every phase of its business, from incorporation, to public offering, to its exit sale. In the decade since the sale of PMT to NOVA, the firm has leveraged its contacts and experience into representations of sponsor banks, processors, ISOs and companies involved in prepaid card operations, check services, ATMs and government payments.
Our firm has an extensive roster of M&A/Transactional attorneys with experience in the payments and financial technology space. The firm's specialists in Intellectual Property, Banking, Litigation, Bankruptcy and Government Relations also have specific and longstanding experience in the particular issues our industry clients face. We think Waller Lansden is singular in its experience as a full service firm with a focus on the payments industry.
Thanks for taking the time to follow this Blog. As we begin discussing current issues in the next post, we welcome your comments and look forward to getting to know an even larger community in the industry. Please let us know if you have thoughts on topics you would like us to address. This should be fun.
|