Credit card processing companies, including Merchant Service Providers and Payment Facilitators alike, are regulated by a number of organizations. The Card Association Network, the Payment Card Industry Data Security Standard (PCI DSS), the National Automated Clearing House (NACHA), sponsor banks and the federal government all play a role in credit card processing regulations.
Below we outline how each player is involved, what they regulate and, most importantly, the ways in which processing companies are not regulated.
Card Association Network
The Card Association Network is comprised of four major credit card networks: Visa, MasterCard, Discover and American Express. Each has its own set of rules for branding and chargebacks, as well as creates and manages Interchange rates. Interchange guides are released biannually in April and October, which dictates the regulations credit card processing companies must abide by.
For a business owner like yourself, you won’t ever directly work with the network. However, the Merchant Service Provider you use to process your cards must be part of the respective brand networks you wish to accept.
The PCI DSS was established by the Data Security Council, which is also made up of major credit card brands including Visa, MasterCard, Discover and American Express. PCI DSS was created to initiate an industry-wide standard and prevent fraud.
Any company that wants to process, store or transmit credit card data must follow the PCI DSS. While this typically applies to Merchant Service Providers, it too can apply to businesses or third-party vendors if their payment practices fall within PCI scope. Any PCI issues are reported directly to the Data Security Council for review.
Because most credit card processing companies also process ACH transactions, it’s important to include this regulator. NACHA manages the development, administration and governance of the ACH Network, ensures that payment processing companies are up-to-date on ACH payment requirements, and sets the ACH industry rules.
Also called acquiring banks, these banks are members of the Card Association Network and have agreements with credit card processing companies to accept deposits via credit card transactions.
Processing companies are required to report everything to their respective sponsor banks (except for PCI issues). Sponsor banks then communicate this information to the networks.
While most of the payment industry rules are handled “in house,” there is one regulation that was established by the federal government: The Durbin Amendment. This amendment, part of the Dodd-Frank Law, requires the Federal Reserve to limit fees charged to businesses processing debit card transactions. While formal credit card processing companies (a.k.a. Merchant Service Providers) follow this law, there is a loophole for others, which brings us to our next point.
What Isn’t Regulated?
Because Interchange rates are dictated by the Card Association Network, credit card processing pricing is partially regulated. This is also why Interchange-plus pricing is regulated. However, Tiered and Flat pricing plans are not.
So, depending on what pricing plans credit card processing companies offer, some regulations may apply.Payment Facilitators, which exclusively offer Flat pricing due to their unique business models, are not affected by Interchange rate regulations or the Durbin Amendment.
While the Card Associations dictate Interchange guidelines, there is no entity that owns and regulates the miscellaneous fees credit card processing companies may charge. As an industry expert and advocate for fair billing, we’ve uncovered over 20 unnecessary fees other providers commonly charge to educate businesses processing credit cards.
Were you surprised by what is and isn’t regulated? Ask us your questions below, we’re happy to answer them.