Payments Law Tool Kit

Venable / 12 11 / Venable Compliance with Payment Card Brand Rules • Use of Intellectual Property – The card brands have specific rules governing the use of the card brand logos and other intellectual property. These requirements apply to all participants in the payments hierarchy • Contract Requirements – On the merchant acquiring side, sponsor banks must include certain provisions in their agreements with third parties in order to protect the card brands and the payments ecosystem. Similar requirements exist for payment facilitator agreements, and even for merchant agreements • Transaction Practices – The card brands have developed specific requirements for offering card-on-file and similar recurring payment services • Data Security – The Payment Card Industry Data Security Standard (PCI-DSS) sets forth requirements designed to ensure companies that process, store, or transmit credit card information maintain a secure environment for such data In addition to the numerous federal and state laws that apply to payments, the card brands have implemented robust and sophisticated self-regulatory programs to further protect the integrity of the payments ecosystem. These programs operate by contract and apply to all participants in the payments industry. Starting at the top with the card brands, the rules flow down to the sponsor banks, payment processors, payment facilitators, and merchants. The card brand rules, for example, establish customer due diligence, contract, transaction monitoring, and data security requirements. These rules set the framework for how sponsor banks, payment processors, payment facilitators, and merchants interact on a day- to-day basis when providing payment services to merchants and consumers. Regardless of a company’s place in the payments hierarchy, it is critical that the company provide its payment services in compliance with the card brand rules, or else the company may face financial penalties or, even worse, expulsion from the card network. It is also critical to understand the differences, gaps, and areas of overlap between card brand rules and legal requirements imposed by government regulations. Examples of Card Brand Requirements • Registration of Payments Companies – The card brands have established a comprehensive registration system for the various types of third parties that partner with sponsor banks to provide payments services to merchants and consumers • Permissible Merchant Categories – The card brands require every merchant that receives card services to be classified by a merchant category code. These codes establish tailored requirements for industries, high-risk classifications, and even prohibited merchant lists