Definitions and Requirements Guide for Definitions

Transcription

Definitions and Requirements Guide for Definitions
Definitions and Requirements Guide for
Merchant Service Providers and Third Party Agents
Definitions
Merchant Service Providers are non-members that are registered by MasterCard International Incorporated as Member
Service Providers (MSP) to provide Program Services to a member, or any member that is registered by MasterCard
International Incorporated as an MSP to provide Third Party Processor (TPP) Program Services to another member.
MSPs are classified in two categories: Independent Sales Organization (ISO) and TPP. However, Heartland does not
board ISOs at this time. See examples below:
A MasterCard Payment Facilitator is a merchant of record who facilitates transactions on behalf of a sub-merchant
whose volume is less than USD 100,000 in MasterCard and Maestro volume combined. Merchants conducting
business in this manner must be registered by an Acquirer.
Example: A Merchant signs a number of their customer as “sub-merchants”. They accept the payment on behalf of
the cardholders and pay the individual sub-merchants their portion of the transaction. They provide reporting,
processing and customer service for the various merchants they have signed as sub-merchants.
A MasterCard High Risk Payment Facilitator is a Payment Facilitator that sponsors sub-merchants conducting
business under one of the following MCCs; 4813, 4814, 4816, 5967, 7273, 7841, 7995, 5122, 5912, 5993.
Note: This is the same as a Payment Facilitator. However, the Client becomes “High Risk” when they sign up submerchants with the MCCs listed above considered High Risk by the Card Brands.
A MasterCard Third Party Processor (TPP) Type I is a Service Provider that performs services for a large number of
Merchants or that otherwise may significantly impact the integrity of the Interchange System. Services may include
terminal operation, authorization routing, voice authorization, call referral processing, electronic data capture, clearing
file preparation and submission, settlement processing (excluding possession, ownership, or control of settlement
funds, which are prohibited), cardholder and merchant statement preparation, and chargeback processing.
Example: A client that would provide specific software that would store, process and transmit cardholder data on
behalf of a Merchant. Such as vending machines, concession stands, ticket sales, etc.
A MasterCard Third Party Processor (TPP) Type II is any Third Party Processor that MasterCard does not deem to be
a Type I TPP; may be reclassified by MC at their discretion as a Type II. A Type II TPP must be sponsored by each
Principal Licensed customer they provide program services to. Type I TPPs do not need a customer to sponsor them;
they are registered directly with MasterCard.
A MasterCard Third Party Processor (TPP) Type III is any Third Party Processor with equity stake in one or more
acquiring portfolios; effective 7/1/12.
Example: This Service Provider stores, processes and transmits data for the Acquiring Member. (i.e. Sponsor Bank)
A MasterCard Data Storage Entity (DSE) performs web hosting and external hosting of payment applications such as
shopping carts, or any other service involving storing, transmitting or processing card data and not identified by MC as
a TPP Program Service.
Example: A cardholder either swipes the card at the Merchant’s location or enters the card information online; the
card data is encrypted and sent to the third party’s server. The third party uses another third party vendor to decrypt
the card information who then sends the transaction to the HPS Gateway for processing the authorization and
settlement.
A MasterCard Service Provider Registration Facilitator (SPRF) is a third party provider that performs identification and
registration services on behalf of the Acquirer.
An Independent Sales Organization (ISO) is a Member Service Provider (MSP) that provides Program Services, other
than transaction and cardholder processing, to a member in support of the member’s Program. Such Program
Services include, but are not limited to, merchant solicitation, cardholder solicitation, customer service, and ATM
deployment. NOTE: Heartland does not board ISOs at this time.
Third Party Agents are entities that have been engaged by a Merchant or a Member to perform contracted services on
behalf of that Merchant or Member. See examples below:
A Visa Payment Service Provider (PSP) is an entity contracting with a Visa member to provide payment services to
sponsored merchants. The new term PSP replaces the old terminology IPSP which now includes all commerce type
aggregation, including face-to-face in addition to ecommerce merchant aggregation.
Example: A Merchant signs a number of their customers as “sub-merchants”. They accept the payment on behalf of
the cardholders and pay the individual sub-merchants their portion of the transaction. They provide reporting,
processing and customer service for the various merchants they have signed as sub-merchants.
A Visa High Risk Internet Payment Service Provider (HRIPSP) is an entity contracting with a Visa member to provide
payment services to sponsored merchants in MCC’s 5962, 5966, 5967, 7995, 5912, 5122.
Note: This is the same as a Visa Payment Service Provider (PSP); however, the Client becomes “High Risk” when
they sign up sub-merchants with the MCCs listed above considered to be High Risk by the Card Brands.
A Visa Merchant Servicers (MS) is an entity storing, processing, or transmitting Visa account numbers on behalf of a
Visa members (i.e., Sponsor Banks) acquired merchants.
Example: An entity that accepts transactions on behalf of a merchant with whom they have a contract and pays the
merchant for those transactions.
A Visa Corporate Franchise Servicers (CFS) owns or operates a centralized or hosted network used by franchisees
that can affect the franchisee's cardholder data environment if accessed by unauthorized parties. In some cases the
CFS may provide card payment processing services to franchisees through these network environments
Example: Many franchisors with corporate chains have a hosted network that franchisees use for processing.
A Discover Payment Service Provider (PSP) is a Merchant who facilitates authorizations, settlement, disputes and
any other related services to their sub- merchants.
Example: A Merchant that accepts transactions on behalf of a sub-merchant with whom they have a contract to pay
the individual sub-merchants their portion of the transaction. They provide reporting, processing and customer service
for the various merchants they have signed as sub-merchants.
An Independent Sales Organization (ISO) has a direct relationship with issuing and/or acquiring members and
provides one or more of the following: Merchant solicitation, sales, customer service, merchant transaction solicitation
or merchant training activities, Cardholder solicitation, card application processing services and/or customer service
activities, Acts on behalf of a member to deploy and/or service and/or maintain qualified ATMs, Acts on behalf of a
member for merchant solicitation, sales or service of Interlink capable POS terminals, Solicits other entities (i.e.,
merchant, corporate clients, government entities, other businesses etc.) to sell, activate or load prepaid cards on
behalf of an issuer. Prepaid card sales and/or activation is a primary function of their business – called and ISO
Prepaid. NOTE: Heartland does not board ISOs at this time.
Requirements
1.
2.
3.
4.
5.
6.
MC Payment Facilitators (PF) and High Risk Payment Facilitators (HRPF)
PF cannot be a sub-merchant of
7. PF may manage the following on
8. Agent must complete the Third Party
another PF
Acquirer's behalf:
Agent Registration Template, Agent
PF cannot be a PF for another PF
a. Verification sub-merchant is a
Registration and Due Diligence
PF must have written agreement with
bona fide business (must include
Submission Form and Merchant
sub-merchants
credit check, background
Servicer Registration Request.
Sub-merchant cannot exceed
investigation and reference
$100,000 in annual sales (this is
checks)
MasterCard and Maestro combined
b. Payment to sub-merchant
volume of 100K)
c. Provide supplies
PF and sub-merchants must be
d. Fraud monitoring
located with Acquirer's licensed area
e. Site inspections
Settlement funds may only be used to
f. Maintain all records for a
pay sub-merchants
minimum of two years after
agreement terminates/expires
1.
2.
MasterCard Third Party Processor (TPP) Type II and MasterCard Third Party Processor (TPP) Type III
TPP must allow periodic financial and
3. TPP must validate PCI Compliance
5. TPP must pay 50% of the annual
procedural audits
4. TPP must pay $5,000 annually and a
Acquirer License Fee per Acquirer
TPP must receive written notification
$5,000 renewal annually (Applicable to
(Applicable to Type III Only)
from MC prior to submitting
Type II Only)
transactions
NOTE: SEE ADDITIONAL MASTERCARD REQUIREMENTS LIST BELOW
MasterCard Third Party Processor (TPP) Type I
TPP must pay $5,000 annually which
2. TPP must validate PCI Compliance
is billed to the Processor
NOTE: SEE ADDITIONAL MASTERCARD REQUIREMENTS LIST BELOW
1.
MasterCard Data Storage Entity (DSE) and MasterCard Service Provider Registration Facilitator (SPRF)
TPP must complies with all applicable
2. TPP must allow periodic financial and
laws
procedural audits
NOTE: SEE ADDITIONAL MASTERCARD REQUIREMENTS LIST BELOW
1.
MasterCard Independent Sales Organization
NOTE: SEE ADDITIONAL MASTERCARD REQUIREMENTS LIST BELOW
ADDITIONAL MASTERCARD REQUIREMENTS (For TPP, DSE and SPRF):
1.
2.
3.
4.
SP must provide the customer's
contact information to the merchant
upon request
SP cannot use any MasterCard mark
on its own behalf, may not suggest
they are a customer of MC, or that
they are anything other than a service
provider. May use Mark only if
accompanied, in close proximity, by a
statement that identifies them as an
SP for a customer of MasterCard. All
documents with the MasterCard mark
must be approved
SP must not have access to any
account used for funding or fees for
the merchant
SP cannot subcontract, sublicense,
assign, license, franchise, or in any
manner extend or transfer to any third
party any right or obligation as an SP
5.
6.
7.
8.
MC may at any time perform periodic
financial and procedural audits of
customer, its SP, or both
SP is obligated to notify MC of any
failure by the customer to perform
settlement to merchants within 24
hours of becoming aware of such
failure
The merchant agreement is with the
customer and may have the SP as a
party to the agreement, and must be
signed by the customer, contain the
customer's name and contact
information
SP cannot collect discount rates or
similar charges due to the customer
from the merchant
9.
10.
11.
12.
13.
For any Type II not compliant, MC
must receive and approve a
compliance plan
The registration of a DSE will not
be completed until its compliance
is validated
Type I TPPs are registered by MC
prior to commencing to provide
TPP Program Services to
customer.
TYPE III TPP - registration and
due diligence requirements the
same as Type I and II TPP
Agent must complete the Third
Party Agent Registration
Template, Agent Registration and
Due Diligence Submission Form
and Merchant Servicer
Registration Request.
Visa Payment Service Provider (PSP) and Visa High Risk Internet Payment Service Provider (HRIPSP)
PSP/HRIPSP must pay $5000 initial
2. Uniquely identify a Consumer Mobile
4. Ensure proper monitoring of Mobile
Registration Fee and $2500 annually
Device.
Payment Solutions.
to all members who register the
3. Restrict manual PAN Entry on a
PSP/HRIPSP
Consumer Mobile Device to a
minimum.
NOTE: SEE ADDITIONAL VISA REQUIREMENTS LIST BELOW
1.
Visa Merchant Servicers (MS) and Visa Corporate Franchise Servicers (CFS)
MS/CFS must pay $5000 initial
Registration Fee and a $2500 annually
(to the first member registering the
MS) (Applicable to MS only
NOTE: SEE ADDITIONAL VISA REQUIREMENTS LIST BELOW
1.
Visa Independent Sales Organization
2. ISO must provide access to and
ensures compliant with Visa operating
regulations
NOTE: SEE ADDITIONAL VISA REQUIREMENTS LIST BELOW
1.
ISO must allow for periodic financial
and compliance reviews by Visa
ADDITIONAL VISA REQUIREMENTS (PSP,HRIPSP,MS and CFS):
1.
2.
3.
4.
Agent must not use Visa-Owned Mark
on any marketing materials, business
cards or letterhead
Agent cannot be a direct competitor of
Visa
TPA Program does not include:
a. Financial institutions performing
Agent activities
b. Co-branding or Affinity partners
c. Card manufacturers
d. Card personalizers
TPA contract with member must
include the following:
a. Policies
b. Procedures
c. Service Levels
d. Performance Standards
e. Verbiage indicating Visa is
permitted to conduct financial and
procedural audits and reviews at
any time
f. Must make available upon
request from Visa any cardholder
or merchant information
g. Appropriate notice of termination
clause
h. Permits Visa to impose risk
conditions if necessary
i.
Ensures TPA complies with
operating regulations, local laws
and PCI-DSS
j.
TPA must provide written
reporting within 7 business days
from receipt of request from
member or Visa
5.
TPA is exempt from registration if it
only provides service on behalf of its
affiliates (including parents and
subsidiary) and those affiliates are
Members that own and control at least
25% of the Third Party Agent
6. Registration must be completed prior
to any services being performed or
transaction activity.
7. Any TPA engaged by any Member's
merchant must also be registered by
the Member prior to processing
8. Effective 7/1/11 for a PSP the country
of a sponsored merchant determines
the merchant outlet location, not the
country of the PSP
9. PSP may deposit transaction receipts
on behalf of a merchant once the
following occurs:
a. the transaction is completed
b. the goods or services are
shipped/provided (unless
cardholder agrees to delayed
delivery or advance deposit)
c. cardholder consent is obtained for
a recurring transaction
10. PSP may contract with multiple
Acquirers
11. Merchant name and PSP name must
appear on the receipt and the billing
statement and both must be included
in the merchant name field of the
clearing record in Base II
12. PSP must provide customer service
for an Ecommerce merchant; the
merchant may provide customer
service for non-Ecommerce
transactions
13. PSP is considered a merchant of
the Acquirer
14. PSP cannot provide payment
services to the following merchant
types; buyers’ clubs, membership
clubs, credit counseling or repair
services, credit protection/identity
theft protection, direct marketingsubscription merchants,
infomercial merchants, internet
pharmacies, multi-level marketing,
outbound telemarketers, rebatebased, up-selling merchants
15. PSP cannot deposit on behalf of
another PSP program
16. Any CFS that does not have an
acquiring relationship is to work
with the franchisee's acquirer
17. CFS has 60 days from notification
by Visa or it's acquirer to register,
or provide documentation
indicating the registration is in
process
18. CFS must validate PCI DSS
compliance within 12 months of
initial notification from Visa or
their acquirer
19. Agent must complete the Third
Party Agent Registration
Template, Agent Registration and
Due Diligence Submission Form
and Merchant Servicer
Registration Request.
Discover Payment Service Provider (PSP)
PSP/HRIPSP must enter into written
agreement with acquirer
NOTE: SEE ADDITIONAL DISCOVER REQUIREMENTS LIST BELOW
1.
Discover Independent Service Provider (ISO)
ISO must register directly with
Discover
NOTE: SEE ADDITIONAL DISCOVER REQUIREMENTS LIST BELOW
1.
ADDITIONAL DISCOVER REQUIREMENTS (PSP AND ISO):
1.
PSP requirements include but not
limited to:
a. Must only accept and submit
to Acquirer for submission to
Discover, bona fide card
transactions conducted by its
PSP merchants
b. Enter into a merchant
agreement with each
merchant they submit
transactions on behalf of
c. Must provide customer
service to cardholders (1)
directly through the PSPs
web site if the cardholder
accesses the PSPs web site
directly (2) directly or through
the merchant if the
cardholder accesses the
PSPs web site through the
merchant
d.
e.
Is responsible for all acts and
omissions of its merchants as
if they were the acts and
omissions of the PSP,
including the merchant's
obligation to comply with the
Security Requirements
Discover may, at its
discretion require the
Acquirer to terminate an
Agent
2.
Agent must complete the Third Party
Agent Registration Template, Agent
Registration and Due Diligence
Submission Form and Merchant
Servicer Registration Request.