opinion

How to Stay Off the Compliance Naughty List

How to Stay Off the Compliance Naughty List

No reward comes without a little work. For merchants taking advantage of all the opportunities offered by payment processing, that work includes the underwriting and compliance processes — which can be a bit of a challenge.

Back in 2000, new merchants could still slide through the online sign-up process with little to no Know Your Customer (KYC) information and get up and running within hours. Those days are long gone. Depending on how organized you are, these days the compliance process can take longer than the integration time.

Providing processing history to your payment processor or acquirer helps show the strength of your program.

This holiday season, I want to give the gift of knowledge by answering the most common compliance questions. Knowing the right answers can help keep you off the underwriter “naughty” list. 

We’d rather not include our registered business name and address on the footer of our website, or in the terms and conditions. Is that OK?

No! This question comes up a lot, since many in the adult space want to keep their business name and address hidden from the public eye. That’s understandable. In a world full of crazies and anti-adult activists, privacy is important! However, this regulation comes directly from the card brands. They want the consumer to know whether the transaction will be a domestic transaction or a cross-border transaction. In addition, most banks will not allow merchant information to be posted as an image; it must be written out in text form so that it can be detected by acquirers’ and card brands’ website crawler technology.

Can we withhold proof of domain ownership?

No! Acquirers need proof that the domain they are registering with card brands belongs to the entity that they are registering. They do not want a situation in which someone sets up payment processing on a hijacked domain. You can keep your domain private by simply providing a screenshot of the admin area of your domain registrar. This can then be uploaded via most processors’ portals when submitting a new website.

Can we easily offer a lifetime membership?

No! Lifetime memberships are a big credit risk for acquirers. Should the website go out of business, the acquirer is on the hook for all the lifetime memberships from a chargeback standpoint. If the merchant has a solid processing history, can show a low chargeback ratio on lifetime memberships and is willing to increase their reserve amount to cover the bank’s credit exposure, the acquirer might consider accepting a lifetime membership offer.

Can we just withhold who the beneficial owner is and not provide KYC documentation for those individuals?

No! This is an Anti-Money Laundering (ALM) regulatory requirement. Payment processors are obligated to identify the ownership and control structure of each merchant to which they provide services. For merchants incorporated in the EU or U.K., any individual who ultimately owns or controls 25% or more of the merchant entity must submit KYC documentation — in some instances, this threshold may be lowered to 10%. Starting in 2024, U.S. corporate entities will need to register beneficial owners with 25% or more ownership with FinCEN. This information is not published or made public in the U.S. In the U.K., however, beneficial owners must be listed in the publicly accessible beneficial owner registrar of the relevant jurisdiction where the merchant is incorporated.

Should I allow large tip amounts on my cam or fan site?

No! Tipping on cam or fan sites is tricky. We know that this is an important monetization tool for models, but bad actors can easily take advantage of large dollar tip amounts. For instance, large tip amounts can help facilitate money laundering — where the tip function is used to facilitate payment for illegal activities — or model collusion through large tips.

We recommend basing tip amounts on content creators’ performance. For long-standing, solid performers with no issues, slowly increasing the tip amount should be OK. But know that tipping can pose a credit risk, especially for new merchants with no previous processing experience. We suggest waiting until you have built up a processing track record before increasing the tip amount.

Can I get away with not having content management and age verification policies if I run a membership site with studio content?

No! This is because of two recent regulations: Mastercard regulation AN 5196 (Revised Standards for New Specialty Merchant Registration Requirements for Adult Content Merchants), which was released in October 2021; and Visa Rule ID 0003356, which is part of the Global Brand Protection Program Guide for Acquirers released in August 2022.

Under these rules, which were implemented to address issues raised by the advent of fan sites like OnlyFans, all creators must be age-verified before posting content and all content must be reviewed before posting. This has bled into traditional membership sites that focus on professionally produced or studio content. Even if you are not offering user-generated content, it is a good idea to have a clear policy in place that defines your process for reviewing production content and validating models' ages.

Can I avoid providing processing history?

No! Providing processing history to your payment processor or acquirer helps show the strength of your operation. It can help with special pricing requests, and any other unique request you may have. It will also help speed up the approval of your application. If you have previously accepted card payments, most processors require an official processing history such as acquirer statements, covering at least three months but preferably six. However, there are some instances where the required period could be longer. The processing history should be broken down by month and should show the total processing volume, total transactions, total chargebacks, fraud and refunds.

My current provider doesn’t require documents or data. Can’t you just follow the same procedures they do?

No! Each acquirer or payment service provider has its own risk policies and is governed by different regulatory bodies. For example, at Segpay, we are a licensed payment institution in Ireland and the U.K. Many of our onboarding policies are driven by the KYC and AML guidelines of those regulatory jurisdictions. We tend to take the highest standard and then apply that to all of our jurisdictions.

I sincerely hope this helps many of you understand why you will so often hear “no” in response to these questions — and why, in many cases, it is the best answer.

Cathy Beardsley is president and CEO of Segpay, a merchant services provider offering a wide range of custom financial solutions including payment facilitator, direct merchant accounts and secure gateway services. Under her direction, Segpay has become one of four companies approved by Visa to operate as a high-risk internet payment services provider. Segpay offers secure turnkey solutions to accept online payments, with a guarantee that funds are kept safe and protected with its proprietary Fraud Mitigation System and customer service and support. For any questions or help, contact sales@segpay.com or compliance@segpay.com.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More