Prior to signing a new merchant agreement or renewing an existing one, processing banks are required to verify that the applicant is a bona fide business, has in place sufficient safeguards to protect sensitive transaction and cardholder information and that it generally complies with applicable laws. Additionally, the processor is required to ensure that each transaction processed by the merchant will reflect bona fide business between the merchant and the cardholder.
Verification procedures will typically include the following:
- Credit check, background investigations, and reference checks of the merchant.* If not satisfied by the credit check, the processor can also conduct a credit check of:
- The owner, if the merchant is a sole proprietor; or
- The partners, if the merchant is a partnership; or
- The principal shareholders, if the merchant is a corporation.
- Inspection of the applicant’s premises. The processor will want to ensure that the merchant has facilities, equipment, inventory, agreements, and personnel required to conduct the business and, if applicable, license or permit. If the merchant has multiple outlets, the processor is required to inspect at least one of them.
- Search the MasterCard Member Alert to Control (High-risk) Merchants (MATCH) system. MATCH is a database that includes information reported by processing banks about merchants and their owners whose merchant accounts have been terminated for cause. If a MATCH inquiry returns a positive result, the application will be rejected.
- Investigation of the merchant’s previous merchant agreements. Typically, merchants are required to provide their three latest processing statements. The processor will be examining the merchant’s processing volumes and transaction amounts, as well as records of chargebacks and refunds, which would help establish the risk classification.
*Credit checks are not required of public or private companies with annual sales revenue above $50 million (or the foreign currency equivalent). The processor will want to review the merchant’s most recent annual report, including audited financial statements. However, a private company that does not have a recent audited financial statement is still subject to a credit check and inspection even if its annual sales revenue exceeds $50 million.
Once the screening process is completed, the processor keeps the following documents for any merchant with which it has entered into a merchant agreement for a minimum of two years after the date that the agreement is terminated:
- Signed merchant agreement.
- Previous merchant statements.
- Corporate or personal banking statements.
- Credit reports.
- Site inspection report, including photographs of the premises, inventory verification, and the name and signature of the inspector of record.
- Merchant certificate of incorporation, licenses, or permits.
- Verification of references, including personal, business, or financial.
- Dated MATCH inquiry records.
- All correspondence with the merchant.
- Signed MSP contract, including the name of agents involved in the due diligence process.
- Any due diligence records concerning the MSP and its agents, if applicable.
Once the merchant account is set up, the processor continues to regularly review and monitor the merchant’s business activities and website to ensure compliance with the terms of the contract. Processors typically use website monitoring services to do that.
Image credit: Eldiario.net.