A common question for experienced adult merchants, and usually a surprise for merchants new to the adult industry, is if businesses need to pay the adult merchant annual registration fee commonly required by Mastercard in order to accept credit cards. When merchants are inquiring with adult payment processors and adult merchant services providers, the answer to the question whether this registration is necessary for adult businesses might yield a different answer from every company spoken to.
The introduction of the Mastercard Business Risk and Assessment Mitigation (BRAM) program was done as a way for Mastercard to monitor and control the types of businesses and products being sold using the Mastercard network. While Mastercard do not approve or underwrite merchants that apply for network access individually, they do try to periodically check merchants for any legal or intellectual property/rights violations using web crawling programs or referrals from customers and inform the merchant acquirer to their findings.
When merchants are approved for a merchant account, they are assigned a 4 digit Merchant Category Code (MCC) number by their merchant acquirer depending on the type of products or services that their business offer. This use of MCC codes is accepted and required by Visa and Mastercard when a merchant acquire approves a business for merchant services, allowing Visa and Mastercard an easier way to manage their vast networks of merchants and easily make changes to standards or guidelines to the entire category if needed.
Merchant acquirers with merchants processing with the MCC codes pertaining to adult content providers; 7273 (dating and escort services) or 7841 (video) will be assessed a yearly compliance fee for registration of $500 per merchant for providing access to the Mastercard payment network. This fee is usually charged as a pass through cost to the merchant and the merchant is usually required to pay this fee when the acquirer is billed by Mastercard.
Its important for adult businesses to understand that some payment service providers will advertise that they do not charge these registration fees, but merchants should beware that the payment service provider will be assessed this fee by Mastercard and the payment services provider will recoup this registration fee through other excess costs or hidden fees wrapped into their merchant services program.
Another misconception that merchants have when being informed about the Mastercard adult registration fee is that they would like to decline the use of Mastercard and only accept Visa with their adult business. While the thought of saving hundreds of dollars a year by not accepting one card type runs through many merchant’s heads, the merchant acquirers and payment processors are unable to issue a merchant account with only one of the card association networks integrated into the merchant, thus making it not possible to avoid the Mastercard compliance.
Merchants in the adult industry with additional questions about the adult merchant annual registration fee or looking to lower their credit card processing fees might be interested in speaking to an adult payment processor that is familiar with the adult industry and a leader in providing low cost merchant account services. Our payment processing professionals are available to speak to any adult merchants with questions, concerns or looking for a quote for their payment processing services.
PCI Compliance 101
As technology advances and credit card usage increase, the threat to both cardholders and merchants of bankcard account theft continues to grow. Large corporations such as Home Depot, Neiman Marcus and TJ Maxx have all fallen victim to data breaches from cybertheft. These instances end up costing corporations hundreds of millions of dollars and affect tens of millions of cardholders who used these retailers. In an attempt to prevent future attacks and protect the information of the cardholders, the PCI Security Standard Council was formed.
In a joint effort between the five major card companies; Visa, MasterCard, Discover, American Express and JCB, a standard for payment security was drafted. The requirements insure that merchants are handling cardholder information in a manner that is safe and secure. The guidelines have become mandatory for any merchant that processes or stores cardholder information. Merchants that refrain from becoming PCI Compliant may have higher fees and charges due to the increased risks associated with accept cards in a non compliant environment.
There are 6 different objectives that have a total of 12 requirements in order for a merchant to be in compliance.
1. Build and Maintain a Secure Network and Systems
- Install and Maintain a Secure Firewall to Protect Cardholder Data.
- Create Secure and Unique Passwords. Do Not Use Vendor Supplied Logins.
2. Protect Cardholder Data
- Protect Cardholder Data when Stored.
- Encrypted Transmission of Cardholder Data Across Networks.
3. Maintain a Vulnerability Management Program
- Prevent Malware by Using Updated Anti-Virus Software on all Systems.
- Develop and Maintain Secure Systems and Applications.
4. Implement Strong Access Control Measures
- Restrict Access to Cardholder Data to Only Individual Authorized to Use Data.
- Assign Unique IDs to Each Individual with Computer Access.
- Restrict Physical Access to Cardholder Data.
5. Regularly Monitor and Test Networks
- Track and Monitor All Access to Networks and Cardholder Data.
- Regularly Test Security Systems and Security Processes.
6. Maintain an Information Security Policy
- Maintain a Policy that Addresses Data Security.
PCI Compliance Levels
There are 4 levels of PCI Compliance that are given by Visa and MasterCard. Each level is determined by the number of credit card transactions processed each year.
- PCI Compliance Level 1: Over 6 million Visa and/or MasterCard transactions per year
- PCI Compliance Level 2: 1 million to 6 million Visa and/or MasterCard transactions per year
- PCI Compliance Level 3: 20,000 to 1 million Visa and/or MasterCard e-commerce transactions per year
- PCI Compliance Level 4: Less than 20,000 Visa and/or MasterCard e-commerce transactions per year
Level 1 Companies must have yearly on-site reviews by an internal auditor and a network scan by an approved scanning vendor.
Levels 2, 3 or 4 Companies must complete the PCI DSS Self Assessment Questionnaire annually and have quarterly network security scans with an approved scanning vendor.
Merchants deemed non compliant can face increased fees and additional security costs. Per the card associations agreements, merchants need to abide by the guidelines set forth or run the risk have having additional measures taken. This can include increased fees, higher processing rates or being required to be compliant at a higher level. Non Compliance can also result in merchant account closure.
As the card associations focus on eliminating fraud and data breaches, it is going to be essential for merchants to become PCI Compliant. Following the guidelines set forth and performing routine security checks is not only beneficial to merchants, but will also reduce long term costs.
In the adult payment processing industry, merchants are generally viewed to be “risky” or a “high risk merchant”, which can create complications when applying for a merchant account. Depending on the underwriting guidelines of each payment processor, a merchant can have a different perceived risk level between each processor. Most payment processors focus on general retail and eCommerce business models. Fortunately for merchants higher risk industries there are payment processors that specialize in medium to high risk businesses, including adult merchants. In this post we will try to help explain what is a high risk merchant account and how they work.
A business could be considered high risk for a number of reasons. This could vary from the financial history of the business or the business owner to the location of the business. Businesses or business owners with low credit or a history of payment processing issues could make a merchant higher risk. Businesses located outside of the USA (offshore) will also make them a higher risk. The most frequent reason for a high risk classification is the business model itself. Operating a business, such as adult, will not work with a majority of the payment processor’s underwriting guidelines after assessing their risk potential.
Merchants in adult and other high risk industries unfortunately do not have many options when it comes to finding payment processors. These higher risk payment processors tend to operate with higher fees than most retail and eCommerce processors. Merchants generally have to accept these terms and operate with the higher fees if they want to continue processing payments. During the application process, merchants should research every processor and determine if their funds are safe. Many of these higher risk payment processors have a history of closing accounts and not paying merchants. Know the companies you are dealing with and check with current merchants to see their opinions before applying for a high risk merchant account.
Another element that is important for merchants pay attention to are the fees, terms and conditions associated with the merchant accounts. Many times these processors with not only charge high transaction fees, but also have application fees and may collect a reserve. Application fees, or sometimes charged after the account is approved as a set up fee, can usually be negotiated down since they are generally a junk fee. Many times the broker is marking up this fee and just padding their pocket. Another fee, the reserve, is something put in place by the processor to insure that the merchant can cover chargebacks and other fees associated with the account. Reserves can either be collected and held or they can be set up as a rolling reserve, where funds are held for 6 months then released on a monthly basis while new fees are being collected. These funds are usually based on a % of total sales – and that number is commonly 10%.
Merchants looking for an adult merchant account need to understand what they face when searching for a payment processor. One thing is that their fees will be higher than most other e commerce businesses. Established adult websites have leverage when applying, but merchants will have to show they have good monthly volume. Adult merchants though should always pay attention to all the fees associated with their account and try to negotiate some of the setup or application fees. Though reserves might be required to approve the account, these can also be discussed with the processor and from time to time negotiated lowered. The final point for merchants to remember is to research the payment processor. Make sure you are working with a trustworthy company that will pay consistently. We hope that this post has helped clarify what a high risk merchant account is and what a merchant should know before processing payments.