opinion

Merchants in Spotlight With Visa's VIRP

Merchants in Spotlight With Visa's VIRP

By now, most merchants know about the Visa Integrity Risk Program (VIRP) rolled out in spring 2023. The program is designed to ensure that acquirers and their designated agents — payment facilitators, independent sales organizations and wallets — maintain proper controls and oversight to prevent illegal transactions from entering the Visa payment system.

Since launching the VIRP over a year ago, Visa has added new fees and has been conducting regular audits. With a magnifying glass focused on your business practices, how can you best prepare? This month we are sharing some updates on the rules and some tips to get your business ready for an audit.

When an audit rolls around, you are generally given very little advance notice, so you should always be ready.

VIRP Expansion, Reinforcement and Fees

Visa has expanded its list of high-risk verticals to include adult sites, dating sites, negative option subscription sites, gaming sites, cyber lockers and financial trading platforms. VIRP has also expanded and added fees, increasing the registration fee from $500 to $950 and increasing processing fees by 10 basis points and 10 cents per transaction in the U.S., 10 basis points and 2 cents per transaction in the EU and U.K. Visa stated that the fee increase was to help build out a team to provide more oversight to high-risk verticals offering Visa products.

VIRP also reinforced the rules associated with user-generated content, with changes focused on content moderation, age verification, consent of all parties in images, and other issues. Below are some examples.

  • Content compliance: Merchants must keep CSAM, bestiality, incest and nonconsensual content off their sites.
  • Takedown requests: Merchants must enable users to report noncompliant content, and enable models to ask for content in which they are depicted to be removed. Merchants must also provide monthly reports to their payment service provider.
  • Marketing: Merchants cannot market based on noncompliant search terms or noncompliant affiliate marketing promotions.
  • Human trafficking: Merchants must have effective policies in place that prohibit the use of their websites to promote or facilitate human trafficking, sex trafficking or abuse. Participation in an anti-trafficking organization is highly recommended.
  • Age verification of consumers: Merchants are required to comply with any applicable laws requiring site viewers to be a certain age, and to ensure that such age verification takes place prior to providing access to site content.

These rules and pricing changes have been written about extensively, and we are now seeing Visa enforcing them. For instance, Visa conducts oversight through acquirers, many of whom are going through audits. In these audits, Visa is digging into their high-risk portfolios and looking at how well adult merchants are managing to adhere to the VIRP standards.

One of our acquirers, an EU bank, went through a Visa audit and unfortunately did not perform well. That acquirer ended up re-underwriting their entire portfolio. This led to many account terminations for merchants not meeting the new standards. We are getting word from our U.S. acquiring partners about similar audits, and to be on standby for reviews of our existing merchants.

Don’t Panic, Prepare

When an audit rolls around, you are generally given very little advance notice, so you should always be ready. To that end, we created the following cheat sheet looking at each policy, whom it applies to, and what specifically you need to do to be ready.

Content Moderation: If your site allows user-generated content, including cam sites and fan sites, you will need to have a detailed policy on how you moderate that content. It’s important to ensure that all recorded content is reviewed prior to posting. Be sure to include what technology, if any, you have in place to help detect noncompliant content, and how many human moderators you have to review escalated content. Sharing your training documentation is also helpful. If you’re a cam platform, be ready to outline the technology you are using to manage livestreams, detect any unverified users in streams and take down streams immediately. You should be able to prove that there is no chance for models to meet up with customers in person or engage in other noncompliant activity. Subscription sites that rely on third-party producers or produce their own content should be able to show an internal policy that details what types of content are prohibited, how the content is reviewed prior to posting and what controls are in place to ensure models are properly age/ID-verified.

Model/Creator Age Verification: Sites allowing user-generated content need to provide a detailed overview of their age verification process and third-party tools used to verify content creators. For studio-produced content, it is likely that you would be asked for a policy, a code of conduct, best practices and rules for content production. Also be ready to provide a sample model release agreement.

Human Trafficking: Make sure you outline what controls you have in place to prevent your program from promoting content featuring trafficked or abused individuals. ASACP (Association of Sites Advocating Child Protection) or NCMEC (National Center for Missing & Exploited Children) are two good organizations to get involved with.

Affiliate Marketing: It is important to have a detailed affiliate marketing policy that outlines how you vet affiliates, including what type of creative assets they are allowed to use to promote your site, and the type of data you collect on each affiliate. Just like merchants go through a “know your customer” (KYC) process when setting up with a payment service provider, KYC should also be done on the affiliates you bring on board.

Consumer Age Verification: This has previously been off the radar at the card brands, but Visa now wants to understand how merchants are complying with jurisdictional age verification requirements. It is important to have a detailed policy in place and show how you are addressing the countries and states such as Texas, Louisiana, Utah, etc. that now require age verification prior to accessing adult content.

Takedown/Complaint Process: Every website should have an easily visible takedown or complaint process link that enables consumers to flag possibly noncompliant content, and allows models to request removal of their content. Each merchant must have a policy that outlines how complaints are handled and ensures that they are addressed within seven days. Content identified as illegal must be removed immediately. Each month, the merchant must report to their payment service provider any takedown requests or complaints, and the disposition of such. Even if you receive no complaints, a report should still be filed stating that. Check with your payment service provider on how to report.

Other Documentation: If audited, you might also be asked to provide updated KYC documentation. If your directors or ultimate beneficial owners (UBOs) have changed, it is important that you let your payment service provider or acquirer know. Other items that could be requested are lease agreements confirming that you are meeting merchant location requirements, updated ID documents for directors and UBOs, a recent utility bill for directors and UBOs and a recent bank statement.

While an audit or review of your website operation can always sound a little scary, being prepared to answer audit questions in a timely manner helps show your payment provider and Visa you are on top of things. The steps above can help make sure you are ready in case VIRP enforcement shines the spotlight on your business.

Cathy Beardsley is president and CEO of Segpay, a merchant services provider offering a wide range of custom financial solutions including payment facilitator, direct merchant accounts and secure gateway services. Under her direction, Segpay has become one of four companies approved by Visa to operate as a high-risk internet payment services provider. Segpay offers secure turnkey solutions to accept online payments, with a guarantee that funds are kept safe and protected with its proprietary Fraud Mitigation System and customer service and support. For any questions or help, contact sales@segpay.com or compliance@segpay.com.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Reba Rocket

As chief operating officer and chief marketing officer of Takedown Piracy, long at the forefront of intellectual property protection in adult entertainment, Rocket is dedicated to safeguarding the livelihoods of content creators and producers while fostering a more ethical and sustainable industry.

Women In Adult ·
opinion

Protecting Content Ownership Rights When Using AI

In today’s digital age, content producers have more tools at their disposal than ever before. Among these tools, artificial intelligence (AI) content generation has emerged as a game changer, enabling creators to produce high-quality content quickly and efficiently.

Corey D. Silverstein ·
opinion

How Payment Orchestration Can Help Your Business

An emerging payment solution is making waves in the merchant world: the payment orchestration platform (POP). It’s quickly gaining traction as a powerful tool for managing online payments — but questions abound.

Cathy Beardsley ·
opinion

Fine-Tuning Refund and Cancellation Policies

For adult websites, managing refunds and cancellations isn’t just about customer service. It’s a crucial factor in maintaining compliance with the regulations of payment processors and payment networks such as Visa and Mastercard.

Jonathan Corona ·
profile

WIA Profile: Laurel Bencomo

Born in Cambridge, England but raised in Spain, Laurel Bencomo initially chose to study business at the University of Barcelona simply because it felt familiar — both of her parents are entrepreneurs. She went on to earn a master’s degree in sales and marketing management at the EADA Business School, while working in events for a group of restaurants in Barcelona.

Women In Adult ·
profile

Gregory Dorcel on Building Upon His Brand's Signature Legacy

“Whether reflected in the storyline or the cast or even the locations, the entertainment we deliver is based on fantasy,” he elaborates. “Our business is not, and never has been, reality. People who are buying our content aren’t expecting reality, or direct contact with stars like you can have with OnlyFans,” he says.

Jeff Dana ·
opinion

How to Turn Card Brand Compliance Into Effective Marketing

In the adult sector, compliance is often treated as a gauntlet of mandatory checkboxes. While it’s true that those boxes need to be ticked and regulations must be followed, sites that view compliance strictly as a chore risk missing out on a bigger opportunity.

Jonathan Corona ·
opinion

A Look at the Latest AI Tools for Online Safety

One of the defining challenges for adult businesses is helping to combat the proliferation of illegal or nonconsensual content, as well as preventing minors from accessing inappropriate or harmful material — all the more so because companies or sites unable or unwilling to do so may expose themselves to significant penalties and put their users at risk.

Gavin Worrall ·
opinion

Know When to Drop Domains You Don't Need

Do you own too many domains? If so, you’re not alone. Like other things we accumulate, every registered domain means something to us. Sometimes a domain represents a dream project we have always wanted to do but have never quite gotten around to.

Juicy Jay ·
opinion

Understanding 'Indemnification' in Business Contracts

Clients frequently tell me that they didn’t understand — or sometimes, even read — certain portions of a contract because those sections appeared to be just “standard legalese.” They are referring, of course, to the specialized language used in legal documents, including contracts.

Corey D. Silverstein ·
Show More