Compliance from the PF Point of View: PF Day Preview

When a technology company decides to take on payments, it often seems like a natural next step. Who wouldn’t want to extend their services by enabling clients to accept payments?

Then reality sinks in. Adding the technical capability to move money is one thing. Opening the door to the complex web of federal and state regulation and card brand rules is another.

Read More

Unregistered Third Party Regpack’s Exposure Of 324,000 Transactions Proves A Cautionary Tale For PFs

A July exposure of transaction records from 899 submerchants serviced by payment facilitator BlueSnap highlights an important lesson for PFs.

In addition to making sure their own houses are in order, they bear responsibility for their submerchants and service providers as well.
PFs who control all aspects of the card entry, where it’s impossible for a transaction to enter outside of their interface, may be able to certify compliance on behalf of all their submerchants. However, if any submerchant or service providers could conceivably get access to card data, the PF must ensure they are certified and registered. BlueSnap had to learn that the hard way.

Read More

Innovation In ID Technology Speeds KYC In India

Indian payment facilitator Paytm will be onboarding customers for its payments bank with eKYC enabled by India’s voluntary national identification program, Aadhaar.

As of Sep. 5, 2016, 87 percent of India’s 1.2 billion people had registered for the unique 12-digit number. To register, residents have to bring three forms of identification (proof of identity, proof of address, proof of birthdate) to an enrollment center, where their fingerprints and irises will be scanned.

Read More

Non-Profit PFs Won’t Like This – Facebook, The Latest PF, Is Going To Take Your Share

Facebook is charging back into the payments space but this time charging hard — taking 5% on every donation it processes through its recently launched non-profit features, announced to page administrators Tuesday. Facebook introduced a Donate button for 19 select non-profits in 2013, but didn’t charge a fee, instead sending 100 percent of donations to the charity. The social media giant says of each donation made through Donate buttons that keep donors on a non-profit’s page:

“We’re committed to building products that make it as easy and safe as possible for people to contribute to the causes they care about. To make this possible, starting in August, 2% of contributions will be used to cover a portion of the costs of nonprofit vetting, security, and fraud protection, operational costs and payment support and 3% of contributions will go to payment processing. The remaining 95% will go straight to the nonprofit. Facebook’s goal is to create a platform for good that’s sustainable over the long-term, and not to make a profit from these charitable giving tools.”

Read More

Fraud And Compliance And Rules, Oh My!

The pain of keeping all the rules and regulations straight for a payment facilitator is only exceeded by the pain of not keeping them straight. A PF has to protect itself from merchant problems with underwriting and monitoring, while adhering to the mandates from card brands and acquirers. It’s a lot now, but as everyone knows, there’s more coming.

As heard in this week’s edition of the podcast, the best PFs can do to mitigate excessive regulation from without is to do more within, said Rich Consulting president Deana Rich, moderator of the session Emerging Threats Cage Match: Compliance v. Fraud at the second annual Payment Facilitator Day at Transact 16 in April.

Read More

Dwolla’s $100K CFPB Security Fine Wasn’t For What It Did As Much As What It Said

Dwolla got slapped down hard on Wednesday (March 2) by the Consumer Financial Protection Bureau for a series of security violations. But due to a dearth of meaningful federal security laws, CFPB’s $100K fine of Dwolla had to follow in the footsteps of fellow federal regulator Federal Trade Commission. They can’t punish a company for what it did nearly as easily as they can punish it for not doing what it says.

That said, once Dwolla opened the door to federal investigators by boasting about its security on its Web site, every security violation discovered was fair game. Takeaway: In the same way that marketers of publicly-held companies were beaten down by senior staffers from investor relations to never say anything publicly without IR’s blessing, payment facilitators today must reign in anything involving security that even smells a little of hype. See? Our mothers were right. Boasting can deliver real problems. Once those doors were opened, according to a federal consent order published on Wednesday, security violations aplenty were found.

Read More

PF Flint Mobile Shuts Down, Turns Business Over To Stripe

Payment facilitator Flint Mobile’s payments business was effectively shuttered on Monday (Feb. 15), seemingly a victim of a payments player coming into an already-developed market too late and with insufficiently deep pockets. The beginning of the end happened on Feb. 5, when “Flint abruptly suspended all new signups and closed all card processing for current accounts. Users who tried to process cards were met with a message saying, ‘You have exceeded your processing limits.'”

A visit to the site late on Wednesday (Feb. 17) by found a seemingly active homepage, but clicking on the Sign Up Now button delivered the note “New signups suspended. We are currently transitioning to a new platform. We appreciate your patience.” Alas, it seems that patience will serve no purpose. Although it appeared that company executives, between Feb. 5 and Feb. 17, were indeed trying to find a way to keep the business going, it didn’t work out.

Read More