Category Archives: Information

Articles and information for adult businesses about merchant accounts and other segments of the payment processing industry.  The merchant services industry is a rapidly changing and expanding sector that affects most adult businesses.  As a result, merchants are adjusting their businesses to remain compliant with the changing landscape.

Most merchants are unaware of the many facets that make up the merchant services industry.  Scouring the internet for information is a time-consuming chore that many times confuses merchants more than it helps. Ultimately, preventing these problems is what drives Adult Merchant Services to write about these topics.

Focusing on the most common problems to affect merchants, Adult Merchant Services has taken on each issue.  By breaking down the problem along with providing solutions, providing merchants with a soup to nuts explanation on every topic.

adult merchant underwriting

Adult Merchant Underwriting Guidelines

In the merchant account industry, the payment service providers and merchant acquirers are required to follow the procedures established by Visa and MasterCard’s payment card association to complete the proper adult merchant underwriting process while higher risk payment processors and acquiring banks have additional guidelines and requirements to follow when considering an adult merchant account application. Many of these higher risk payment processors and acquiring banks also have their own internal guidelines and protocols in place that they follow in addition to the payment card association guidelines to determine the risk of a prospective business apply for adult merchant services.

Who enforces the adult merchant underwriting guidelines?

The payment card association of Visa and MasterCard has established strict rules and regulations for the members of their payment card network to follow, whether they are underwriting new merchants or are the merchants themselves. These guidelines help insure that the products or services being offered along with the other practices of the merchant members of the network fully abide by all local and federal laws and assist in the maintenance of the card brand reputation.

Underwriters from the various payment service providers, acquirers and other payment facilitating organizations are required to verify that the guidelines set forth in their payment card network agreements are maintained by merchants and prospective merchants before being admitted to the network. Failure to maintain compliance with these guidelines can jeopardize both the merchant’s and the merchant acquirer’s relationship with the card association; resulting in warnings, fines or the possible loss of their card network relationship.

What are the adult merchant underwriting guidelines?

Adult businesses operate in an environment that can open themselves up to many potential legalities or other problems that more conventional businesses do not normally face. This has lead the card brands that are part of the payment card association to create their strict guidelines and provide underwriters and payment service providers with updated information about their concerns and potential problems they may face when reviewing new or auditing existing merchant accounts.

To keep payment services providers updated and informed with the card association guidelines, each member of the payment card association has created their own acquirers program; Visa named their program the Global Brand Protection Program (GBPP) and MasterCard refers to their program as the Business Risk Assessment and Mitigation (BRAM).  Both companies regularly review and update their programs to reflect the changes and concerns that they want to inform acquirers and merchants to.

Though each program has different guidelines and regulations to follow,  higher risk industries share most of the terms and conditions, including the requirements of adult merchants accepting credit cards.  A few of the most important conditions that both companies require are:

  • 2257 Compliance
  • No Child Exploitation
  • No Offensive Adult Pornography
  • Certified Web Scan Completion
  • Members Area/Password Protected
  • Proper MCC Coding

One of the most important requirements of online adult merchants is the 2257 Compliance required by federal law, meaning that whether they produce content or publish content, they have to know that the material being used is within the guidelines of the law. Producers, both the creators of the content and the organizations that publish content, print and/or electronically, must maintain specific records that can be produced upon request by the FBI during unannounced visits, failure to maintain these records or any violations will lead to strict punishments.

Another important audit done by payment service providers checks that the content on the merchant’s website do not portray, reference or otherwise imply any type of offensive pornography, including images or speech from the webmasters or users alike. Using companies such as G2 to run onsite and offsite scans to check for any violations or questionable content is a common practice of underwriters prior to accepting a merchant and periodically during the merchant services agreement.

During the adult merchant underwriting process, the acquirers check that the content published by the merchant is legal and compliant with federal compliance guidelines and are also confirming that the website is not accessible by non paying web browsers. To maintain the security of an adult website and to prevent any potential legal ramifications, it is important for webmasters to install a members area that prevents adult material from being viewed by users that might be underage in the jurisdiction.

One of the final rules that the payment card association enforces is the use of the correct MCC (merchant category code) for the adult businesses. Content providers, publishers and other publications are generally placed in MCC 5967, requiring USA acquirers to charge merchants an annual registration fee for being an adult business.  Adult video stores and similar type businesses are generally placed in MCC 7841 whose merchants are not necessarily required to register with the card association and pay the annual fee.  This is the reason why MCC enforcement confirms that all merchants are properly coded to their correct industry to prevent any problems with the card association or other legal consequences that might be affecting the industry in its entirety.

Why are the adult merchant underwriting guidelines so strict?

The payment card association realizes that the adult industry generates a substantial amount of revenue for the themselves and the banks they partner with, but there are also large risks that come with allowing these merchants to access their payment card network. As an industry that operates in an area that attracts a significant amount of attention, and many times the attention is negative, has the potential for legal problems that can loom overhead.

Insuring that merchants are in compliance with 18 U.S.C. §2257 can help protect the merchant services companies, merchant acquirers and card brands from any potential legal problems that might arise from a violation on the business side.  Merchants can face enormous fines and up to 5 years in jail for their first violation, while companies or individuals that may not be publishing material but are otherwise benefiting from the sales of content can also potentially face large fines and up to a year a prison for a violation of 2257.

How do acquirers keep merchants compliant?

Upon approval with the payment services provider or acquirer, merchants of MCC 5967 are registered as an adult provider with MasterCard of the payment card association. The annual fee for registration in the USA is $500, charged to the merchant by the acquirer informs MasterCard that the acquirer has verified the merchant’s compliance and that the merchant remain in compliance during their tenure as an adult content publisher.

Another way that the acquirer and payment service providers check on merchants in MCC 5967 is by running site wide scans of their content along with offsite scans to verify that no violations or potential violations have occurred since the last yearly review. Protecting both the merchants and acquirers helps keep the adult industry compliant with federal laws and helps fuel its exponential online payments growth year over year.

Where do you start your adult merchant underwriting process?

Merchants operating an adult business that feel they should become compliant with the payment card association guidelines or are processing outside the USA and want to change to a domestic bank are encouraged to speak to one of our adult merchant account professionals. Our team at Adult Merchant Services will be happy to answer any questions or clear up any uncertainties about your company and help direct you to the best solution for your adult credit card processing and adult merchant account needs.

using an adult payment processor

Using An Adult Payment Processor

Using an adult payment processor can help merchants reduce long term costs of operation while insuring the longevity of their business on the internet.  Working with an adult payment processor that takes all the necessary steps for account underwriting, registration and maintenance of banking relationships can limit the potential of service outages, unnecessary fees or other costly disruptions.

A common occurrence in the merchant services industry is directly attributed to the sales person or organization that handles the merchant application submission to the payment processor, since many merchant services sales agents work on commission with a performance based pay scale, the best interests of the merchant are many times overlooked in lieu of the commission payouts. By not using an adult payment processor, this practice has lead to many adult merchants inadvertently applying for and being quickly approved as another type of business, thus avoiding registration fees and other business guidelines needed to be an adult provider.

One way to find the best adult payment processor that understand sand abides to the guidelines set forth by the card association for adult content providers is to insure that their merchants are properly set up with the payment processing partners and merchant acquiring banks. Failure to properly identify the industry of the business can result in suspension or closure of the merchant account along with funds being held for a 6 months to prevent any potential charge backs. In a worst case scenario, merchants run the risk of being placed in the Terminated Merchant File or MATCH List, a list managed by the card association that tracks merchants who have violated guidelines, their agreement or owe fees and are generally unable to apply for a merchant account in their name for up to 7 years.

One of the important questions adult merchants should ask a potential merchant services provider is about how they handle the yearly registration fee that is charged to adult merchants by the card association. Some payment processors will not charge this fee for one of two reasons; either they include the fee as part of the merchant account or they do not require the fee because they are not registering the merchant in the proper business category; while the latter can potentially cause problems in the future for the business, the adult merchant account providers that include the registration fee will generally charge higher fees during transactions, allowing the processor to recoup the registration fees and usually more.

When merchants are coded incorrectly, it means that the payment processor has set them up under a business category that does not pertain to their actual business. Merchants operating adult websites, whether its a membership website, directory site or another similar type business will generally be assigned the codes of either 5967, 7841 or 7311, requiring full review of the website and registration to insure that all guidelines are followed and compliance is maintained by the merchant.  By using an adult payment processor, merchants can know that this will not be an issue in the future.

One of the final checks that adult merchants should inquire about is the type of payment gateway being used by your merchant services providers, because not all gateways are adult friendly. One of the largest and most sold payment gateways, Authorize.net, who is part of the Visa corporate, does not allow adult oriented or pornographic websites to use their services. Similar to having their merchant account set up with the wrong business type, merchants in the adult industry will soon be relieved of gateway services once an audit is completed of the gateway account.

A simple solution to prevent any service disruptions or unnecessary fees associated with a merchant account is by using an adult payment processor from the get go, by working with a professional that understands the industry and does not try to cut corners can save merchants a lot of time and money in the future. Merchants looking to start an adult business, or currently operating an adult business and have questions are encouraged to contact one of our payment professionals for more information and to get started processing credit cards.

adult merchant annual registration fee

Adult Merchant Annual Registration Fee

A common question for experienced adult merchants, and usually a surprise for merchants new to the adult industry, is if businesses need to pay the adult merchant annual registration fee commonly required by Mastercard in order to accept credit cards. When merchants are inquiring with adult payment processors and adult merchant services providers, the answer to the question whether this registration is necessary for adult businesses might yield a different answer from every company spoken to.

The introduction of the Mastercard Business Risk and Assessment Mitigation (BRAM) program was done as a way for Mastercard to monitor and control the types of businesses and products being sold using the Mastercard network. While Mastercard do not approve or underwrite merchants that apply for network access individually, they do try to periodically check merchants for any legal or intellectual property/rights violations using web crawling programs or referrals from customers and inform the merchant acquirer to their findings.

When merchants are approved for a merchant account, they are assigned a 4 digit Merchant Category Code (MCC) number by their merchant acquirer depending on the type of products or services that their business offer. This use of MCC codes is accepted and required by Visa and Mastercard when a merchant acquire approves a business for merchant services, allowing Visa and Mastercard an easier way to manage their vast networks of merchants and easily make changes to standards or guidelines to the entire category if needed.

Merchant acquirers with merchants processing with the MCC codes pertaining to adult content providers; 7273 (dating and escort services) or 7841 (video) will be assessed a yearly compliance fee for registration of $500 per merchant for providing access to the Mastercard payment network. This fee is usually charged as a pass through cost to the merchant and the merchant is usually required to pay this fee when the acquirer is billed by Mastercard.

Its important for adult businesses to understand that some payment service providers will advertise that they do not charge these registration fees, but merchants should beware that the payment service provider will be assessed this fee by Mastercard and the payment services provider will recoup this registration fee through other excess costs or hidden fees wrapped into their merchant services program.

Another misconception that merchants have when being informed about the Mastercard adult registration fee is that they would like to decline the use of Mastercard and only accept Visa with their adult business. While the thought of saving hundreds of dollars a year by not accepting one card type runs through many merchant’s heads, the merchant acquirers and payment processors are unable to issue a merchant account with only one of the card association networks integrated into the merchant, thus making it not possible to avoid the Mastercard compliance.

Merchants in the adult industry with additional questions about the adult merchant annual registration fee or looking to lower their credit card processing fees might be interested in speaking to an adult payment processor that is familiar with the adult industry and a leader in providing low cost merchant account services. Our payment processing professionals are available to speak to any adult merchants with questions, concerns or looking for a quote for their payment processing services.

pci compliance

What is PCI Compliance?

PCI Compliance 101

As technology advances and credit card usage increases, the threat to both cardholders and merchants of payment account theft continues to grow.  Large corporations such as Home Depot, Neiman Marcus and TJ Maxx have all fallen victim to data breaches from cybertheft.  These instances end up costing corporations hundreds of millions of dollars and affect the tens of millions of cardholders who used these retailers.  In an attempt to prevent future attacks and protect the information of the cardholders, the PCI Security Standard Council was formed to combat this growing problem.

In 2006, the Payment Card Industry (PCI) council was created to help train and educate vendors, merchants, hardware and software manufacturers along with other financial institutions about fraud and securing customer payment card account information. Through educational material and industry-wide guidelines, PCI security standards were set in place to help combat fraud and provide safe and secure environments for customers shopping online, over the phone or in retail locations.

Who is the Payment Card Industry?

The Payment Card Industry council, comprised of the members who are responsible for creating the Payment Card Industry Data Security Standard (PCI-DSS) are the largest payment card brands and payment card networks in the financial services industry, including:

  • Visa
  • MasterCard
  • American Express
  • Discover
  • JCB

These members are all responsible for creating, maintaining and updating the PCI standards that vendors, merchants and financial institutions are required to abide by when handling customer card account information.

What is PCI-DSS Compliance and Why Does It Exist?

As technology has evolved and payment cards have grown to become the most common form of payment, the threat of fraud and the cost of payment card theft has also increased. In 2017 alone, over 1 million cases of payment card fraud was reported to the FTC, resulting in over $900 million worth of fraud losses by merchants, financial institutions and credit card networks.

By creating the PCI-DSS standards and requiring financial institutions to ensure vendors and merchants are compliant every year, the Payment Card Industry is working to prevent some forms of credit card fraud. The goals that were set forth by the PCI council include:

  • Building and Maintaining a Secure Payment Network
  • Protecting Cardholder Account Information
  • Maintain a Network Security Management Program
  • Require Strict Access Controls by Merchants
  • Regular Monitoring and Testing of Network Security
  • Maintain a Policy of Security Measure for Network Users

Maintaining a Secure Network: Merchants utilizing credit card terminals, point of sale systems and/or payment gateway applications are required to maintain a firewall to strengthen the network security and lessen the threat of any security breaches. When merchants are set up with new payment card services and equipment, when an employee leaves the business or as an ongoing security precaution; merchants are required to maintain strong passwords that can not be easily guessed and are encouraged to change passwords on a regular basis.

Protecting Cardholder Data: Businesses that store cardholder data for future billing are responsible for maintaining the account information in a secure manner that prevents the possibility of theft or fraud. Account information should never be written down or stored in a physical manner, rather it should be held in a PCI Compliant location that prevents full account information from being accessible. When sending card account information online from a shopping cart through a payment gateway or through a wireless card reader, card account information is required to be encrypted to prevent any possible threats from vulnerable connections or programs.

System Management Programs: Merchants operating e commerce websites or using wifi connections to transmit payment card transactions should maintain a strong system security protocols; whether its by using a secured WiFi connection, utilizing anti virus software on a computer or maintaining a TLS/SSL certificate for e commerce websites, maintaining this high level of protection will help ensure that transactions are sent through secure environments, reducing the chances of information being compromised.

Physical Access Control: One of the most common ways that cardholder account data is lost and compromised is through the physical handling of payment card information. This threat can be limited by controlling the access by employees to the cardholder information, restricting this account information to only individuals that are required to handle the cardholder data. Merchants using POS systems, using a payment gateway or virtual terminal can restrict employee access to cardholder data by implementing user accounts and controlling the permissions within those accounts. Merchants should never store cardholder account information in a physical form, rather utilize a secure PCI compliant storage application to retain this sensitive data.

Ongoing Testing of Networks: PCI Compliance requires merchants to perform annual, if not more frequent, testing of their systems to ensure that all security protocols and programs are functioning properly. These scans are conducted through various companies, whether its sponsored by the merchant acquirer or from an outside company, demonstrating that all parts of the network are fully PCI Compliant.

Maintaining Current Security Policies: Keeping employees, along with the merchants, up to date on PCI regulations and guidelines is one of the best ways to insure that the business remains compliant during the course of the year. By providing ongoing information and training, merchants can make sure that all facets of their business from their website and credit card terminals to their payment gateway and employees are fully aware and current with all aspects of the PCI-DSS regulations.

Why Does PCI Compliance matter?

The members of the Payment Card Industry came together to help create an environment for merchants and customers alike that promoted security and trust among all individuals using the payment card networks. When security is strengthened by all users, it excels the growth of the network by allowing for more customers to feel confident and use their payment cards more often while merchants will realize more sales and larger revenues.

Without guidelines for the network access, merchants and financial institutions along with the payment card brands risk losing the trust of customers, a potential threat that could cripple the industry indefinitely, this is why PCI-DSS standards and guidelines have been established and required the compliance of merchants, vendors and financial institutions.

Non-compliance by companies can create a variety of potential costly and troublesome problems with not only the Payment Card Networks but also a number of different industries closely associated with the financial system. Potential problems that could arise from non-compliance includes:

  • Increased costs of merchant services
  • Fines and penalties from the Payment Card Industry
  • Termination of merchant services by the PCI
  • Costs from legal judgments and any settlements
  • Loss of customer trust with a business
  • Decline in revenues or incomes, potential loss of job
  • Closing of the business

Though some of these scenarios can appear to be extreme, the costs associated with non-compliance can become tremendous if a theft or fraud does occur due to a merchant’s inaction to become or maintain compliance.

Who Needs to be PCI Compliant?

Any business or company that has access provides a payment service or builds hardware to accept payments is required to follow the PCI guidelines for compliance. These businesses include, but are not limited to:

  • Merchants; including all employees regardless of their industry
  • Financial institutions; including merchant acquirers and payment service providers
  • Manufacturers of credit card terminals and POS systems
  • Payment gateway service providers
  • Web hosting companies providing e Commerce hosting services
  • Online shopping cart services
  • e Wallet service providers

Some of these businesses might not directly handle payment card transactions, but the security protocols and services they provide that are used by merchants should at minimum reach the standards set forth by the Payment Card Industry.

How do Merchants become PCI Compliant?

PCI Compliance for smaller companies can be accomplished through self-assessmentss that are provided online by the merchant acquirers. Answering a series of questions as to the practices and methods of payment card acceptance, the merchant acquirer can determine if the business is operating in a way that limits their potential for payment card fraud. Some of the questions that are asked of merchants during their PCI Compliance scan are:

  • If anti-virus security software is used on their computer systems
  • If the merchant uses a firewall to prevent remote access to their computer systems
  • The strength of the passwords and the frequency of which they are changed
  • The type of software they using on their computers
  • The name of their payment gateway service
  • The name of other security services providers (SSL
  • The types of credit card terminals (if they accept EMV chip cards)
  • The practices of employees for accepting payments ( mail order, phone order and in store)
  • How card account information is stored for future billing purposes

Merchants that are located in throughout the world are required to maintain their PCI Compliance, while the level of compliance and the dates that compliance is required by might vary, the program does exist throughout the world where payment card transactions are accepted.

Merchants are classified as one of a 4 levels depending on the amount of transactions per year that they are processing through their networks. Larger merchants require additional security measures than smaller merchants. The levels of PCI Compliance are determined by the following:

  • Level 1 – More than 6,000,000 transactions annually
  • Level 2 – Between 1,000,000 and 5,999,999 transactions annually
  • Level 3 – Between 20,000 and 999,999 transactions annually
  • Level 4 – Less than 20,000 transactions annually

Level 1 merchants are required to do the annual self assessment questionnaire along with an annual onsite audit conducted by a certified security assessor. Merchants in levels 2 – 4 are required to complete a yearly self assessment questionnaire and partake in a remote scan of their merchant hardware and software.

Who Checks that Companies are PCI Compliant?

Level 1 merchants along with third party payment processors that are connected to VisaNet and MasterCard are required to participate in yearly onsite audits of their software, hardware and procedures. Level 2-4 merchants have remote scans available to them to audit their business in a rather quick and simple process, some annual audits can be finished in under 10 minutes.

Onsite PCI DSS compliance audits are administered by Qualified Security Assessors (QSA) that are located throughout the world, servicing various regions, countries and markets. With well over 100 different companies throughout the world that are recognized as qualified by the Payment Card Industry as authorized assessors, merchants and payment processors can rather quickly find an assessor to audit their company.

Questions about PCI Compliance for Adult Merchants

Merchants and other companies operating in the adult industry that have any questions or concerns about their current PCI Compliance or about becoming PCI Compliant can contact one of our adult merchant account professionals at Adult Merchant Services. Our team will be happy to speak with any merchants and help direct them in the right direction.