Payments 101: Overview of the
Payments Ecosystem
ETA UNIVERSITY
MARCH 19, 2015
Deana Rich
RICH CONSULTING, INC.
Edward A. Marshall
ARNALL GOLDEN GREGORY L L P
The Ecosystem and its
Components
Open-Loop Model
Card Networks and Member Banks
Card Networks and Member Banks
 Card Networks






Visa, MasterCard, and
Discover (see also American
Express)
Provide infrastructure and
brand acceptance
Clear and settle transaction
information (not funds)
Establish interchange system
and set rates (paid to issuer)
Accept dues and assessments
Establish and manage
compliance with operating
rules and regulations
Card Networks and Member Banks
 Member Banks
(Acquiring and Issuing)

Regulated financial
institutions

Must comply with
network/brand rules and
regulations

May issue cards and/or
acquire transactions
directly
Card Networks and Member Banks
 Issuing Banks

Consumer “on-ramp” to the
payments ecosystem

Contract directly with
consumer (cardholder); bill
and receive reimbursement
from cardholder

Receive interchange fees
from acquiring bank

Settle transactions with
acquiring banks (via
networks)

May also offer prepaid
e.g., JPMorgan Chase & Co.; Capital One;
U.S. Bank
Card Networks and Member Banks
 Acquiring Banks
e.g., BMO Harris Bank; Wells Fargo; HSBC
Bank

Merchant side of payments
ecosystem

May sponsor agents,
including processors and
ISOs (“acquirers”)

Responsible for compliance
with card networks’ rules
and regulations

Carry and manage ALL risk
associated with agents and
their customers (merchants)
The Acquirers
The Acquirers
 “Acquirers,” a Versatile Concept

Acquiring Banks

Processors

ISOs

Sub-ISOs

Sales Agents
 Merchant “on-ramp” to the
payments ecosystem
 Contract with, bill fees to
merchants
 Collect interchange fees from
merchants through “discount rate”
 Must comply with networks’ rules
and regulations
The Acquirers
 Processors
e.g., First Data; TSYS; Global Payments;
Heartland; Worldpay

Provide connectivity to
networks for purposes of
authorization (front-end),
clearing and settlement (backend)

Provide various levels of backoffice support

Execute agreements with
Member Bank, ISOs

Can, and frequently does, also
function as an ISO (recruiting
merchants through salesforce)
The Acquirers
 ISOs and Sub-ISOs

Independent Sales Organizations

Sponsored by Acquiring Bank

Sell payment acceptance access to
merchants

May also provide various levels of
back-office support (e.g., customer
service, tech support, statements
and reporting) and additional
features

May have downstream agents (subISOs or sales agents) also selling for
them
The Acquirers
 Retail (Non-Risk-Bearing) ISOs

Entrust risk monitoring and
underwriting to processor or other
ISO
 Wholesale (Risk-Bearing) ISOs

Conduct own underwriting and risk
monitoring, subject to oversight

Indemnify banks and processors for
losses related to returns,
chargebacks, fraud, and data
breaches

Banks and processors maintain
liability for all downstream activity
A Day in the Life of a
Transaction
A Day in the Life: Payment Authorization
A Day in the Life: Settlement
 Interchange fees paid to issuing bank
 Additional fees collected by processor, acquiring bank, and ISO for services
Ecosystem Risk
Minimal Cardholder Risk
 Regulation E
 Regulation Z
 Credit CARD Act of
2009
 Chargeback
Protections
Chargebacks
 Dissatisfied consumer can contest a charge (e.g.,
unauthorized transaction, did not receive purchase,
defective purchase, deceptive merchant conduct)
 Issuing Bank removes from statement; recoups
money from Acquiring Bank
 Acquiring Bank recoups from Processor and/or Risk-
Bearing ISO, and, ultimately, Merchant*
 Card Networks resolve disputes regarding
chargeback validity (consumer friendly)
Ecosystem Chargeback Risk
 Merchants may lack
financial wherewithal to
pay chargeback(s)
 Thus, Acquiring Bank,
Processor, and/or RiskBearing ISO may shoulder
responsibility
 Importance of
Underwriting, Risk
Monitoring, and Reserves
*
Liability Value Chain and Industry Oversight
 Liability Value Chain




Card Networks
Member Banks
Risk-Bearing ISOs
Merchants
 Industry Oversight




Card Network Rules
Industry Guidelines (ETA)
Bank Regulators
Non-Banking Regulators
Data Breach Protection (and Risk)
 PCI DSS

Evolving standards to keep
data secure

Validation and compliance
testing required by PCI
Council and card networks (by
merchant level)
 EMV: Security at POS
 Encryption: Security for
Authorization Transmission
 Tokenization: Security Post-
Transaction
Data Breach Risk at Merchant Level
 Consumer Notification (State
Law Patchwork)
 Card Network Liability



Forensic investigations
Non-compliance liability
assessments
Card reissuance cost, data
breach assessments, and fraud
reimbursement schedules
 Legal Risk


Consumer and shareholder
litigation
FTC action
Data Breach Risk within the Ecosystem
 Accepting merchants and
consumers are largely
insulated from counterfeit
card fraud loss
 Acquiring Bank, Processor,
and/or Risk Bearing ISO bear
ultimate liability for Fines,
Assessments, Reissue Costs
(by merchant level)
 Issuing Bank bear risk for
remainder
 Impact of EMV
Questions
© 2015 | All Rights Reserved
Deana Rich
President
RICH CONSULTING, INC.
deanarich@deanarich.com
818.787.5837
Edward A. Marshall
Partner
ARNALL GOLDEN GREGORY LLP
edward.marshall@agg.com
404.873.8536
www.deanarich.com
www.agg.com