The Electronic Transactions Association released its updated Guidelines on Merchant and ISO Underwriting and Risk Monitoring last week, spotlighting various merchant categories that face the biggest scrutiny from law enforcement agencies.
The ETA aims to help its acquirer members stay aware of the latest fraud trends while also helping them avoid becoming the inadvertent target of a criminal investigation.
In particular, the ETA is encouraging its members to monitor potential relationships with payday lenders, debt collection services, credit repair services, fraudulent fundraising campaigns, as well as payment aggregators and facilitators.
"We are providing new information on how to examine the activities of these types of merchant categories," said Jason Oxman, president of the ETA. "But also, a lot more types of payments companies are out there besides independent sales organizations."
Fraudsters may find new entryways into payment networks as payments providers open their networks to third-party software developers and other partners. Independent software vendors, value-added resellers, payment facilitators and payment aggregators all enter the mix now, making it important for the ETA to provide more comprehensive guidelines, Oxman added.
The ETA's first effort to establish guidelines in 2014 had its foundation in trying to avoid the law enforcement scrutiny that stemmed in large part through Operation Choke Point, which can be seen as putting payments companies into the same category as the criminals committing the fraud, Oxman said.
The U.S. Department of Justice introduced Operation Choke Point in 2013 as its initiative to investigate how banks were interacting with payment processors and payday lenders or others that might be exploited for fraud or money laundering.
"The challenge is that law enforcement in some cases has decided to pursue fraudulent merchants and tie in payments providers regardless of if they are participants in the merchant fraud," Oxman said. "They are lumping the two together."
Because federal agencies have held payments companies responsible for having fraudulent merchants on their networks, the ETA wants its recommended guidelines to help members prevent fraud to begin with.
"We take fraud seriously and government would be better off pursuing the fraudulent companies, and not the payments companies," Oxman said.
The ETA finds some hope in a bill it supported that recently passed the U.S. House of Representatives and would end Operation Choke Point in favor of a new consumer protection act.
While the ETA is providing a needed service for its members with the risk guidelines, it might be too late to keep law enforcement agencies from snooping around the payments industry, said Paul Martaus of Martaus & Associates, a merchant acquirer consultant and industry researcher.
"That cat's been out of the bag," Martaus said.
The payments industry and merchant community are not much different from any other industry in that it has honest players and crooks, Martaus said.
"The problem we have is that this [payments] industry has become so complex with so many players that it is rife with potential for fraud and theft," Martaus said. "We have organized crime and petty hackers both trying to take it apart and steal data."
The updated ETA guidance also provides information about how members should review terms and conditions for merchants that engage in negative option marketing, a practice in which the business will interpret a customer's inaction on an offer or agreement as affirmative. This practice has become increasingly prevalent in e-commerce.
The guidance also tells members how to monitor attempts to conceal interrelated companies or true ownership, as well as the best procedures for moving an ISO portfolio from one processor or acquirer to another.