The Master Keys to the New Mastercard Rules

UPDATE: Since the time of writing this column, Segpay heard from Mastercard, who wanted to clarify a few issues related to the rules beginning on October 15, 2021 that were highlighted in the column below. When it comes to consent, the merchant has to verify the uploader and the uploader has to gather consent from the participants. Live stream video needs to have tools or a team in place to moderate and review content. All content uploaded from October 15, 2021 going forward needs to be verified. Anything before that date can be verified, but is not required to be.

It’s been a hot topic this year and now we’re just over a month away from the new Mastercard regulations taking effect. The official date when enforcement begins is October 15, 2021, but many of you have likely felt the impact of the new regulations already. Banks started to implement new policies and requirements well before the enforcement start date to ensure compliance.

These new guidelines will impact all merchants in the high-risk industry and heavily focus on merchants and platforms that support user-generated content.

These new guidelines will impact all merchants in the high-risk industry and heavily focus on merchants and platforms that support user-generated content. This month, we break down the three keys to understanding Mastercard’s latest user-generated content regulations.

THE MASTER PLAN

As a refresher, these new guidelines impact all merchants in our industry and are specifically focused on premium social media sites, tube sites, cam sites and voyeur programs. They include:

• Entering into a written agreement with any individual that is contributing content to the website. This includes the individual’s consent, their identity and age.
• All persons depicted in the content must give consent for the content to be distributed and downloaded.
• Age and identity of all persons depicted is required.
• Only verified users can be permitted to upload content.
• All content must be reviewed prior to publication or in real-time if it’s live-streamed, and no content can violate the Card Brand Business or Risk Assessment and Mitigation (BRAM) policies.
• Make sure content moderation policies and internal policies outlining age verification are in place.

All merchants must adhere to the following:

• Websites must have a complaint process or take-down link for individuals to request content to be removed or notification of violating content.
• You must provide monthly reports to the acquirer or payment facilitator of flagged content and share what was taken down.
• No search terms or marketing partners can give the illusion that the content they are marketing will contain child exploitation materials or depictions of non-consensual activity.
• Have policies in place to make sure that the website cannot be used for human trafficking.

RULE RETROSPECTIVE

Questions have been circulating about user-uploaded content for months; many are wondering about what happens to content that was uploaded or produced before the October 15 enforcement date. The answer is that all content, whether produced before or after October 15, must conform to the new guidelines.

So, if you do not have a written agreement from the user, nor have you validated the ID of the performer appearing in the content prior to October 15, 2021, you must reach out and gather their consent and validate their ID.

RISKY BUSINESS

Where things are getting a little tricky, is that the new guidelines released in April are still the guidelines our acquirers are putting policies in place to manage. The problem is that each acquirer has its own interpretation of how those policies should be implemented. So, if you work with multiple banks or multiple payment facilitators, we are all interpreting the guidelines and putting in place requirements for merchants to manage.

For example, at Segpay we work with seven different acquirers that span the U.S. and Europe and each of our partners requires that we comply in a different way. Compliance usually comes in the form of a questionnaire outlining the new requirements, which we will need to send to each of our merchants to complete and confirm their compliance with a signature. Many of these acquirers are asking for supporting merchant policies for age verification, content moderation and human trafficking. In addition, we will be rolling out a form for each of our merchants to report its take-down requests and how they were handled monthly. That’s because our goal is to simplify the process by consolidating all of our acquirers’ interpretations of the rules into a single questionnaire.

With one month left, the implementation of the new regulations is still a bit of a work in progress. As we all work to get into compliance, I am sure there will be some give-and-take with Mastercard and our acquirers to help smooth out the process and answer the unknowns.

Of course, just when we think we have understood and achieved Mastercard’s compliance requirements, we have new Visa regulations coming out regarding user-generated content, also expected in October! The good news is that we have faced numerous new regulations over the years, and we have always managed to understand them and comply, with a team in place to stay on top of navigating this ever-changing world.

To read the new Mastercard regulations in full, be sure to visit the following link: https://tinyurl.com/segpay

Cathy Beardsley is president and CEO of Segpay, a global leader in merchant services offering a wide range of custom financial solutions including payment facilitator, direct merchant accounts and secure gateway services. Under her direction, Segpay has become one of four companies approved by Visa to operate as a high-risk internet payment services provider. Segpay offers secure turnkey solutions to accept online payments, with a guarantee that funds are always safe and protected with its proprietary Fraud Mitigation System and customer service and support. For any questions or help, contact sales@segpay.com or compliance@segpay.com.