VIRP is the new four-letter word everyone loves to hate. The Visa Integrity Risk Program went into effect last year, and affects several business types — including MCC 5967, which covers adult and anything else with nudity, and MCC 7273, dating services that don’t allow nudity. There are nearly a dozen other MCCs on the list, but for the purposes of this article, we’ll stick to those two.
The biggest obstacle affected businesses are encountering is that the VIRP guidelines are not public; they’re confidential. You read that right. You have to play the game by secret rules, and if you don’t, the “noncompliance assessments” — don’t call them “fines” — start at $25,000.
Many processors and banks have significantly reduced the thresholds for disputes-to-sales ratios and decline-to-sales ratios they will tolerate.
For guidance, businesses must therefore rely largely on payment processors and their sponsor banks, which do have access to the rules. In this article, I will attempt to demystify a few key points that every adult and dating site should be covering to be compliant.
Identity, Age Verification and Consent
Adult businesses should require all models and performers to submit a consent form, a 2257 release, and a valid photo ID verified through a third party before making their content available for purchase.
Handling Complaints
A link to file a complaint should be on the footer of your site or outside the paywall, so anyone can access it. Complaints should be addressed within seven days. Complaints of a more severe nature — something potentially illegal, for example — should be addressed immediately. The flagged content should be removed and reviewed. If the complaint is unfounded, the content can be restored, but the complaint itself should be logged in the transparency report.
Transparency Reports
Every month, you should submit a report to your merchant service provider that includes takedown requests, complaints received, law enforcement interactions, legal requests and, if applicable, member/model bans.
These are just a few items to consider. This is by no means a complete and comprehensive list. Additionally, different processors may have slightly different interpretations of the rules.
Dispute and Fraud Ratios
Another aspect of transaction processing that has come under scrutiny with the enforcement of VIRP is dispute and fraud ratios. Many processors and banks have significantly reduced the thresholds for disputes-to-sales ratios and decline-to-sales ratios they will tolerate.
Several tools are available to help keep these ratios in check, and keep your merchant accounts off the radar of card brands, banks and processors. For instance, dispute resolution services issue a refund instead of a chargeback, which helps keep your chargeback ratios down and requires no human intervention.
Utilize Your Toolkit
Another way to help keep your fraud and fraud-related decline codes under control is by using tools that are included with your merchant account. Address verification service (AVS) checks the billing address and ZIP code entered during the checkout process against the information from the cardholder’s issuing bank, and card verification value (CVV), the three-digit security code on the back of the credit card, offers another layer of verification.
These two tools are already included with every merchant account and should be enabled in just about every gateway. It’s simply a matter of deciding how to treat transactions based on the responses. If you want to be super conservative, you can decline to proceed with any transaction that has a negative AVS or CVV response. If you want to be moderate, you can proceed with a positive AVS or CVV. You can fine-tune the rules however you like to fit your business needs.
Expertise is Key
When it comes down to it, only you know what’s best for your business. However, it’s also true that it takes a village, and a rising tide lifts all boats. Take advantage of available industry resources, like payments experts who will take the time to answer your questions and help guide you through the ambiguous world of banking acronyms and initialisms — including the four-letter ones.
Jonathan Corona has two decades of experience in the electronic payments processing industry. As chief operating officer of MobiusPay, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards mandated by the card associations, including, but not limited to, maintaining a working knowledge of BRAM guidelines and chargeback compliance rules defined in both Visa and Mastercard operating regulations.
