Do Payment Facilitators Have to Be PCI Compliant?

Data security is a critical component of the work that payment facilitators do. Proper management of sensitive data is an essential responsibility for anyone enabling access to the payments system. So every payment facilitator needs to understand the role that PCI compliance plays in their overall risk management efforts.

Read More

Payment Facilitators and PCI: “Everybody Has to Start Somewhere”

An organization’s PCI scope – the components of its business that need to be included in an assessment – can have a dramatic impact on the costs for that company to comply with the security standard’s requirements. According to Chris Bucolo, that’s the fundamental reason payment facilitators need to “engage early.”

Read More

PCI and Payment Facilitation: What are PFs Responsible For?

Companies that choose to integrate payments into their B2B software offerings must consider risk from a number of perspectives. This week, we report on some of the fundamental issues and decision points behind payment facilitators’ relationship with the industry data security standard.

Read More

Compliance from the PF Point of View: PF Day Preview

When a technology company decides to take on payments, it often seems like a natural next step. Who wouldn’t want to extend their services by enabling clients to accept payments?

Then reality sinks in. Adding the technical capability to move money is one thing. Opening the door to the complex web of federal and state regulation and card brand rules is another.

Read More

Payment Facilitators and Risk: How the Market Views Submerchants

There is plenty of evidence that the payment facilitator market will grow significantly over the next few years. There are multiple drivers for this growth, including the belief that the increased complexity of compliance/security requirements for merchants will generate more interest in this payments model.

Although there is general agreement that the growth potential is large, there is a divergent set of opinions on how risky the model is, and how risk needs to be approached.

Read More

Unregistered Third Party Regpack’s Exposure Of 324,000 Transactions Proves A Cautionary Tale For PFs

A July exposure of transaction records from 899 submerchants serviced by payment facilitator BlueSnap highlights an important lesson for PFs.

In addition to making sure their own houses are in order, they bear responsibility for their submerchants and service providers as well.
PFs who control all aspects of the card entry, where it’s impossible for a transaction to enter outside of their interface, may be able to certify compliance on behalf of all their submerchants. However, if any submerchant or service providers could conceivably get access to card data, the PF must ensure they are certified and registered. BlueSnap had to learn that the hard way.

Read More

Visa’s New SMB Rules Add PF Complexities

When Visa recently added more rules on its smallest merchants—PCI Level 4s—it created a sales opportunity for payment facilitators by giving SMBs an even stronger reason to outsource its payments activities. At the same time, it added more complexity to PCI management for those PFs.

Mike Cottrell, head of global sales and marketing at ProPay, tried to put the new rules into perspective for payment facilitators in this week’s podcast.

Read More

FTC Launches PCI Probe. Ruh-Roh

On Monday (March 7), the U.S. Federal Trade Commission (FTC) launched a government investigation of PCI, zeroing in on potentially excessive charges, inconsistency in enforcement and rampant conflicts of interest. As famed QSA Scooby Doo would have said, “Ruh-roh.”

None of this is news to the FTC and it’s part of the reason for the investigation, which FTC is officially calling a study. “We have heard these issues,” said David Lincicum, an FTC attorney in the division of privacy and identity protection, who is the lead attorney on the study and is also managing the study. “We go into this looking to get information, to get some details about what the interactions look like.”

Read More