This is a question regarding outsourcing and the way VISA views processors who handle electronic transaction processing for members. Has anyone come across any VISA regulations requiring the processor to register as a member or follow the same strict regulations as the members? If so, which?

Are there also regulations to determine what the relationship between VISA and the processor if it takes on any other member-tasks (such as call-centre or chargebacks)?

There are numerous regulations and requirements from both Visa and MasterCard for a company to become an ISO/MSP or to become involved in transaction processing on behalf of a Member Bank.

This approval and registration process is subject to an extensive amount of due diligence, financial reviews & audits of both the business and principals and other verification procedures.

There are also upfront and annual registration fees along with numerous other costs. For ISO/MSP registration, you need to sign a contract with Visa, MasterCard in addition to your sponsoring Member Bank.

Thanks for the Info.

My probelm as a lawyer, of course is that I need to know the exact basis upon which Visa is allowed to audit processors used by members as outsourcing partners, especially in regard to transaction processing.

If you could give me any references to Sections or Articles in the By-Laws and operatiung regs, I'd be much obliged.

The way it works is this - Member Banks are the only ones privvy to the full rules, regulations and guidelines of Visa and MasterCard. They are not allowed to disclose the full documentation on this, except on an "as needed" basis to their ISO/MSP and 3rd party partners.

Any ISO/MSP agreement with a bank will clearly outline the responsibilities - fiduciary and otherwise - with respect to the handling of merchant transaction processing data. In addition, VISA usually requires the ISO/MSP to sign off on a CISP compliance statement.

Perhaps if you could elaborate further on what you are trying to accomplish, I could point you to a specific person or department at one or more companie(s) to assist you.

Thanks. I'm not sure how far I can elaborate, but while browsing through the "as needed" material, I stumbled on the relevant rule. My Co. was trying to establish the extent of it's liability (just in case, mind you), you know, the old story...

Thanks a lot for the interest.

Chris is right. Those rules & regulations are guarded & even then, they can be interpreted another way if it does not suit Visa / MasterCard. I have seen it happen so many times.

We have released a credit card to a few select groups of people for BETA testing - much like a stored value card that you see so much today. I was told 6 years ago when I came up with the idea that it would never work & now they are everywhere. The stored value card almost works just like an aggregator - the way we set it up. So now we are waiting for Visa/MasterCard to come down & tell us that it cannot be done.

We jumped thru major hoops to get this done. We have one bank in the US that sponsors us & we have one that we are doing in South America (Peru).

And the liability for your company - can be increased as well by them. They actually increased ours once they saw the potential growth for what we were doing & the people that we knew that would sponsor the card & market it

Sounds a bit like they'll send around big men with baseball bats if something doesn't suit them. So is there any way to cover our backs as a Non-Member? Or does it depend on the contracts we sign with the Members?

Well I would say I am more afraid of the 800 lb gorilla from time to time.

I was actually looking over some of my past e-mails more thoroughly, and it seems that one of my companies is an ISO. Guess I should pay more attention from time to time to that one. LOL - they only call me up when they have a problem. But this is what the e-mail had on there:

The Sponsoring Bank, or Issuer provides the following services:

Portfolio management for the card portfolio. This includes assistance in the management of the Visa ISO program with Visa, issuance and production of the cards, management of the Program Control Files, establishment and management of the settlement account (all of the fund balances reside at the issuing bank), fraud and loss prevention, customer service, settlement services, and the like. For this, the issuing bank is paid a portfolio management fee.

Support in the development of new products. This involves the assistance in the management of the projects associated with the implementation of new programs.

Visa relations. This involves running interference with Visa in getting the correct paperwork filled out, filed and approved.

Assistance in the development of “card art”.

Assistance with client relations. This entails having a contact available as a resource when we are selling a client to help the client clearly understand the roles and responsibilities associated with the program.

FFly, in terms of the specific rules that would apply to you - which "side" of the business are you on?

The issuing side - which deals with the issuance of credit cards and managing customer credit card accounts, or the acquirer side - which is involved in processing funds -from- credit cards into merchant's banks?

I am very familiar with the latter, but not as involved with the former. In terms of the liability incurred on the latter portion, basically it is not unusual for you to be liable and responsible for all cards that you transact.

OK, I must admit, what you're talking about is starting to sound somewhat complicated to me. At this stage I should perhaps disclose that I've been in the Card business for about 1 and 1/2 weeks (not counting a couple of university papers and articles I've read beforehand.

Generally, our company does the processing for various Visa-Members, including authorisation, clearing and settlement processing, but also processing applications, running a call-centre and diong the Fraud Investigation. I guess you would call us a non-Member Agent, and more specifically a Processor. At the start of my inquiry, I was just interested to know why we, as a non-Member are obliged to stick to all the Regulations and Rules Visa imposes on its members. My bosses, who have been in the business for an average of 15 years, couldn't tell me (Perhaps because their native tongue is German). By studying the Regs, this has now become clear.;)

...

So, I apologise for laying on a reeeelly beginners question on you:blush:

Now you see why I quit reading a lot of my e-mails :) No offense but once we start getting into the legal stuff, my mind just goes away. Medical - I can handle without a problem. And I love the legal shows more than I do the medical ones.

As you can see, you are given what you need to know. And that is it. Too much information & who knows where that might lead. I have had two friends sell their processing companies - one to First Data & one to Quicken (or Quickbooks). The latter refused to sign a non-competition agreement because that is his speciality - he creates the companies, & then sells them for a hefty profit.

And they might not be able to tell you because they just do not know. When I send an e-mail over to First Data or a contact at Visa, and it gets back to me a few days later, it has been forwarded to at least 5 different people to give me an answer.

I'm think I'm better understanding what you are asking now.

I think the "short answer" to your question with respect to why your company is obliged to follow the Visa rules & regs is this - they signed a contract with Visa specifically agreeing to contractually adhere to those rules and regs.

For instance, for an ISO/MSP, when you go to register with a Member Bank you have to sign three contracts at minimum - a contract with VISA, a contract with MC, and a contract with your Member Bank.

Then on top of it, you may contract with a company like yours that handles authorizations and settlements. It is not uncommon for a bank or ISO to have multiple "front-end" networks to do authorizations (and to support various terminals/POS devices) and usually just a single "back-end" settlement network.

There is often a great deal of confusion over what does what and who does what in the various pieces involved in bankcard processing, so don't feel bad that you are confused - most people are initially! And I know folks who have been in the industry for years and still don't understand it all top to bottom.

There are a lot of "moving parts" in the cogwheel that is bankcard processing. :)

Yeah, from What I'Ve been learning in the meantime I can fully agree that things ain't always the way they're supposed to. I'm learning about -INs (first letter has been left out, don't know how much I'm allowed to disclose; but you may know what I mean...) at the moment.

Are you referring to BIN's? (i.e. Bank Identification Numbers)

Yep, there are many layers to the bankcard industry from top to bottom. And nuances, complexities and interesting aspects to all of them. :)

It is possible to create your own payment page on your own secure server if the gateway provides an API