Primer on Merchant Accounts, Part 2: Providers, ISOs, How to Choose

The digital payments industry is notoriously confusing. This post is the final installment of a 2-part series on merchant accounts, which are required for all businesses that accept credit cards. “Part 1” described the purpose of such accounts.

I’ll address in this article merchant account providers and the role of independent sales organizations. I’ll also offer tips for selecting the best provider for your business.

All of this follows my 3-part “Credit Card Processing FAQs” series, in which I explained industry jargon, pricing models, and fees.

Card Brands

Recall from “Part 1” that “acquirer,” “merchant account provider,” “merchant acquirer,” and “acquiring bank” refer to the same thing: a financial institution that has been registered and approved by one or more of the card brands (Visa, Mastercard, Discover, American Express) to accept card payments on behalf of a merchant.

Cards brands govern the business of acquiring. Their role is enormous. Acquirers must comply with the brands’ rules and regulations. Thankfully, the brands compete to register and retain acquirers.

Card brands — American Express, Mastercard, Visa, and Discover — set rules and regulations for providers of merchant accounts.

Card brands — American Express, Mastercard, Visa, and Discover — set rules and regulations for providers of merchant accounts.

The card brands charge licensing, application, and membership fees. Other merchant account roles of brands include:

  • Rules and regulations. The brands create, modify, and publish the rules for the acquiring industry.
  • Security. The industry depends on protecting sensitive card data and personal information. Many of the rules for acquirers concern security. Among other measures, acquirers, including their partners and subcontractors, must comply with PCI-DSS.
  • Technology. Card brands have created electronic systems that allow acquirers to receive, route, and secure payment transactions. This includes, for example, services that encrypt and securely store card data. Other services include fraud prevention, transaction routing, data storage, and business intelligence (data and analytics).
  • Compliance. The brands police their own acquiring networks, with frequent audits to ensure compliance with the rules. Offenders can lose their acquiring licenses, although it’s much more common for the card brand to levy a fine and help the acquirer become compliant. I’ve seen a card brand waive, usually temporarily, one or more of its rules for an acquirer. This typically occurs when an acquirer needs more time to implement a new procedure, such as PCI.

Third Parties

Understanding the merchant account needs of every type of business is a near-impossible task, even for the largest banks, who do not typically have specialized expertise. As a result, acquiring banks rely on third-party providers.

What follows are common third-parties.

  • Independent sales organization. An ISO is a company that markets acquiring services to merchants on behalf of an acquiring bank. An ISO is similar to an independent insurance agency. The ISO will tailor a range of payment-acceptance services for merchants and will receive a commission — usually a one-time fee or a percentage of the revenue generated — from the acquiring bank and payment processor. ISOs can sell the services of many different acquirers, picking and choosing the best fit for the merchant. Less reputable ISOs sell the services that offer the highest commissions or fees instead of the best option for the merchant. ISOs are typically experts in a particular industry. Some payment processors also operate as ISOs — the processor sells on behalf of an acquiring bank. Some ISOs call themselves acquirers.
  • Member service provider. MSP is Mastercard’s name for ISO.
  • Third-party agent. TPA is Visa’s name for ISO.
  • Value-added reseller. A VAR integrates the technology of third-parties into a single product or offer. An example is integrating payment gateways into point-of-sale equipment. VARs are not acquirers, but they may operate like ISOs or own ISO businesses.
  • Referral agents. Some acquirers and ISOs offer referral fees to agents, who can be ISOs but are usually unrelated to payment processing, such as accounting firms. Unlike ISOs, referral agents do not have to register with the card brands. Thus referral agents cannot call themselves acquirers or use Visa or Mastercard’s branding. They also cannot perform the functions of an acquirer.

Monitoring ISOs

The card brands have strict rules for ISOs. An ISO must register with each card brand and with each acquirer that it represents. ISOs pay sign-up and annual fees to the card brands, who audit ISOs annually for branding and other compliance rules.

The card brands have strict rules for ISOs.

The card brands hold acquirers responsible for the behavior of ISOs. If an ISO brings a fraudulent merchant into the payment network, the acquirer is responsible. If a merchant signed by an ISO incurs chargebacks, the acquirer refunds the issuer. If an ISO’s merchant accepts payments but does not fulfill orders, the acquirer remediates. Thus acquirers select, underwrite, audit, and monitor their ISOs carefully.

Merchant acquiring can be a risky business for the following reasons.

  • Chargebacks. A chargeback is a transaction reversal when a cardholder claims that he did not make a purchase. The issuing bank will return the cardholder’s money almost immediately and file a claim against the merchant’s acquirer.

According to the rules, the acquirer must first refund the issuer (which has already refunded the cardholder). Only after the refund occurs can the merchant and its acquirer dispute the process. Regardless, the acquirer will remove the funds from the merchant’s merchant account — no questions asked — plus a hefty chargeback fee. When a merchant is unable to refund chargebacks, the acquirer must cover the charges. In short, acquirers (not merchants) control merchant accounts.

  • Fund reversals. A fund reversal is a refund (or partial refund) granted to the customer by the merchant. Because the acquiring bank deposits funds in the merchant’s merchant account, often before the expiration of product warranties and guarantees, acquirers are exposed to the risk that a merchant will refuse to refund customers (resulting in chargebacks) or the risk that a merchant will go out of business before refunding its customers. In both cases, the acquirer is responsible for chargebacks if the merchant cannot perform.
  • Merchant solvency. Merchants that go out of business (i) cannot pay their merchant account fees, (ii) cannot cover chargebacks, and (iii) could fail to return an acquirer’s point-of-sale equipment.
  • Merchant fraud. Merchants that engage in fraud expose acquirers to (i) chargebacks, as explained above, (ii) fines and other penalties levied by the card brands, and (iii) reputational damage to the acquirer and the brands.

How Acquirers Make Money

The primary source of revenue for acquirers are merchant account fees, fines, and miscellaneous revenue from payment processors and other value-added providers. Acquirers do not receive interchange fees, which is revenue for the issuing banks.

Revenue from merchants includes fees for:

  • Registration,
  • Account setup, maintenance, and closure,
  • Support and service,
  • Currency conversion,
  • Chargebacks and chargeback disputes,
  • Audits,
  • PCI compliance,
  • Settlement, also known as batch or daily batch,
  • Monthly minimums.

Acquiring banks can generate additional revenue by partnering with processors to offer both merchant accounts and payment processing solutions. Some acquirers, usually the largest banks (e.g., Chase, Citi), have internal departments for acquiring, issuing, and processing.

Selecting a Merchant Account Provider

Merchant acquiring is highly competitive. Pricing and contractual terms differ among providers. Consider these tips to find the best provider for your business.

  • Know the details. Make sure the salesperson is disclosing all of the costs and restrictions, such as (i) all fees and penalties, (ii) the company’s policy for holds and reserves, (iii) when to transfer funds out of the merchant account, (iv) procedures if you’re not satisfied, (v) monthly minimum fees or other hidden fees, and (vi) the length of the contract and the early termination fees.
  • Understand your processing volume (daily, monthly, yearly) before negotiating. Knowing your transaction volume will help determine whether you need a dedicated merchant account or an aggregate account, such as Stripe, Square, PayPal. The type of account will dictate your payment processing fees as dedicated accounts allow less expensive interchange-plus pricing.
  • Understand your business’s risk profile. Take steps to reduce chargebacks. Acquirers don’t like risk. If you operate in a high-risk industry, help your acquirer understand how you plan to reduce its exposure. High-risk businesses can expect to pay higher fees or incur larger holds. Ask the acquirer if it can help avoid fraudulent payments.
  • Ask about discounts from potential acquirers if you use their payment processing services or their partners’ services.
  • Integration. Confirm that a potential acquirer can integrate with your business’s customer and accounting systems. Inquire as to the difficulty and the cost. Sometimes acquirers will absorb that cost.
Mike Eckler
Mike Eckler
Bio   •   RSS Feed