The risk surrounding credit card processing is complex and nuanced. There are a number of variables that determine merchant risk. Here are just a few: the merchant's longevity and financial stability, industry, business model, billing method, products sold / services offered, and previous processing history. The fundamental underwriting and risk management guidelines are very similar across the industry. Let's start with the fundamental reason why there is risk.
A merchant account is a line of credit
Merchants typically collect payment in advance of providing the product or service as well as providing some sort of quality assurance (e.g. will be delivered, can be returned, satisfaction guarantee, etc.). Therefore, the risk born by a provider is akin to providing a line of credit. If a merchant sells something that they can't deliver, don't deliver, partially deliver, deliver poorly, or that is defective in some way, and the business can't remedy the situation with their own financial resources, the merchant account provider is on the hook for all the chargebacks and losses. Margins are so low in the payments industry that this risk is screened and monitored very closely - especially in this economy.
Risk Variables
Any merchant account provider underwriting a business will look at a few key areas, including:
1. Company longevity and financial stability
Underwriters will consider how long a merchant has been in business, their financial wherewithal, and profitability. Here are a few variables that elevate risk: being new, expecting large volumes with minimal financial resources (e.g. requesting to process $1,000,000 in credit card volume with $10,000 in the bank), being unprofitable, having a high debt to equity ratio, a high burn rate and a high percentage of deferred revenue. None of these variables prohibit a business from getting a merchant account, they just elevate risk.
Another factor underwriters look at in conjunction with the company information is the business principals' credit worthiness. Because of the similarity in risk to a line of credit, providers will generally request a personal guaranty (especially if the business is less than 2 years old) from the business owner to try and prevent bad behavior. This can be waived if financials are provided and determined adequate to mitigate the risk. Read more about why providers ask for a personal guaranty.
2. Industry
Some industries present more risk than others. The industry risk profiles are well grounded in decades of processing history by millions of merchants. For example, restaurants, one of the lowest risk merchant categories, may have an industry average loss ratio of less than 1 basis point (100 basis points is equal to 1%). That means for a group of restaurants processing $1,000,000, the merchant account provider can expect losses of less than $100. Conversely, for the travel industry, the average loss ratio may be 10x higher. Here are some example business types by risk category :
(Note: payments taken on a website, over the phone, or through the mail or fax present much higher risk than in-person payments where the person is present and the card is swiped. Accepting tuition in person, then, is considered medium risk; if a merchant accepts tuition online, the risk is higher.)
* Aggregation: selling a product or service that a merchant does not own. This is one of the highest risk business models for credit card payments. Read more.
3. Billing Method
How a merchant accepts payment can increase or decrease the risk of their business. Accepting payments in advance increases risk; the farther in advance payment is accepted, the higher the risk. If a merchant sells annual subscriptions, for example, and then goes out of business during month 5, there's 7 months of financial liability for the merchant account provider. The same applies to merchants who sell a product that is guaranteed for a year, or a service that is available for a year. Therefore, merchant account providers will want to ensure the merchant's financial strength and previous processing history in order to approve this billing method.
On the other hand, accepting payments after the service has been provided can greatly reduce the risk on an account. A good example of this is a merchant that bills for their monthly service at month's end.
Some merchants, such as advertisers, accept payment on retainer. This allows customers to put money into an account with the merchant, who gradually deducts their fees from that account as their services are provided. Since there is no expiration date on when that money may be used, the risk is similar to annual billing.
Merchant Account Provider Risk
There is no shortage of merchant account providers. One thing that we consistently see is providers approving merchants without properly understanding or vetting the risk. No provider is perfect, and things can be missed, but there are some providers that are consistently better than others in determining risk and clearly setting expectations. If a provider does not properly assess risk during underwriting and down the road a risk manager flags the merchant, they may withhold funds, require a reserve (where they hold a certain amount of money in reserve to offset the risk) or terminate the processing relationship. So be cautious when selecting a partner. Read more about surprise reserves on post-account signup underwriting.
Tips to lower risk
- Bill monthly instead of quarterly or annual.
- Own the products you sell.
- Money in the bank is helpful.
Our credit card processing and credit card storage solutions were recently reviewed by Armando Roggio at Practical Ecommerce. He gave us 4.5 out of 5 stars. Our favorite part, "Braintree is a no-brainer...". Here is an excerpt:
Comments: 0 | Post a CommentWithout a safe, reliable means of processing payments, there would be no ecommerce. So it is not a surprise that managing payments and securing credit card and customer information is a major concern for online retailers.
Braintree Payment Solutions offers merchants a complete electronic payment service that quickly processes payments and keeps customer data secure, in most cases slashing a merchant’s payment card industry (PCI) compliance costs by 90 percent or more, according to the company.
I was a little skeptical when I was first introduced to the Braintree solution, but after reviewing its products, asking about IP spoofing (a hacking tactic wherein the hacker pretends to be a server it is not), and consulting with an experienced developer friend, I find myself awarding Braintree Payment Solutions, four and a half out of a possible five stars in this, “The PeC Review,” my weekly attempt to introduce you to products or services that have the potential to improve your ecommerce business.
According to a report released today, 70% of retailers treat PCI Compliance as a check-box. The remaining 30% are apparently taking it seriously.
PCI Compliance, whether taken seriously or as a check-box, really is an economic decision: (financial cost + reputational cost + business disruptions cost) x probability of breach is ≤ or ≥ the cost, effort and distraction of 'serious' compliance efforts. 30% apparently think the risk is too great and 70% take the business risk and do just enough to avoid being labeled as negligent.
My guess is that this 70% is also observing that no matter how intense compliant efforts are, post breach forensics will always find non-compliance (large or small) somewhere, which will eliminate much of the benefit for trying anyways.
I think that solution providers will help bridge this gap and make compliance and security achievable and worth the cost and effort regardless of risk preference.
Comments: 0 | Post a Comment© 2010 Braintree Payment Solutions. All rights reserved. Braintree is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA
