130 likes | 294 Views
Card Regulation; Pricing and Security. Paul Russinoff State Government Relations. Interchange Fees, Defined. Interchange represents a transfer price between the Issuing and Acquiring Members involved in a transaction. Acquirers. Issuers. Acquirers pay Issuers for payment transactions
E N D
Card Regulation; Pricing and Security Paul Russinoff State Government Relations
Interchange Fees, Defined Interchange represents a transfer price between the Issuing and Acquiring Members involved in a transaction Acquirers Issuers • Acquirers pay Issuers for payment transactions • Issuers pay Acquirers for ATM transactions • Interchange flows “in reverse” for credits and chargebacks
Issuer Visa Acquirer 6 5 8 7 2 3 4 1 The Flow of Interchange Acquirer Submits Transaction to Visa - $100 Visa Submits Transaction to Issuer - $100 Issuer Pays Visa $98.25 ($100 - $1.75 IRF) Visa Pays Acquirer $98.25 Merchant Paid $97.80 ($100 – $2.20 Discount) Issuer Bills Cardholder $100 CardholderPays Issuer Merchant Submits $100 Transaction Cardholder Merchant
Why are we here today? • Member financial institutions are increasingly invested in interchange as a means of driving revenue from base of accounts • Merchants are increasingly sensitive to interchange costs, both in rate and in total amount, as consumers increase their use of cards for payment • Consumers may not be aware of interchange, but have been the primary beneficiaries of improved product features and functionality funded by interchange • Media, analysts and regulators are engaged
State Sales Tax Prohibition • FL, IN, KS, NE, NY, NV, WA • Prohibiting “merchant discount” or “interchange fees” on the state sales and use tax portions of a transaction. • Allows merchants to deduct “merchant discount” fees from sales and use taxes owed the state.
Surcharge • Currently 10 States Prohibit Surcharging. CA, CO, CONN, FL, KS, ME, MA, NY, OK, TX • TX surcharge bill modified statute to allow a surcharge on transactions under 10 dollars. • HI surcharge bill allowed surcharges with disclosure.
Rate Cap • WA capped “interchange” at 1.5% of the overall transaction. • TN capped merchant discount at .75 % • MT probable merchant discount rate cap for small businesses.
Disclosure • AL, KS, KY, NE, NY, TX • Require access to complete rules of card association/issuer and actual notification of any and every rule change. • Complete schedule of interchange credit and debit card rates and any other fees. • Failure to provide rules, or rule change results in no liability for a “charge back” and AG and civil suit against acquiring bank. • NY - Disclose “interchange” rates to NY bank regulator. • KY – Disclose “interchange” rates to card recipients (among other things), pertains to issuing banks. • TX, must allow a merchant to offer a cash discount.
Universal Default • Consumer is charged the default rate by a card issuer when consumer is in default on a separate account. Specific to the card industry with adjustable interest rates reflecting risk based pricing. • Federal “creditor practices” hearings. • 2007 Federal Legislation H 1461 (Udall), H 2146 (Ellison), S 1309 (Tester) • 2007 State Legislation: CA (SB 968); FL (HB 421, SB 748); IL (HB 292, SB 171); NV, (AB 215, SB 302); NY, (A 5325, A 7291, S 2969); TN (HB 1483), VA (SB 104) • NV Law and NY Veto
Merchant Focused Data Security • Payment Card Industry (PCI) standards • Minnesota – • Prohibit retention of full magnetic stripe data and pin numbers 48 hours after authorization • Private right of action for financial institutions, sue for cost of breach notice, card replacement and associated fraud loss. • California – • Amends current California data breach notice law, contains Gramm- Leach-Bliley Act exemption. • Prohibit retention of magnetic stripe data, CVV numbers or pin numbers, or communicating these without encryption or redaction. • New security breach reporting requirements to include the name of the breached entity. • Financial institution can sue for cost of breach notice and card replacement.
Merchant Focused Data Security • Oregon – • Data breach notification and security freeze law also includes detailed “security program” requirements which track Federal GLB requirements. • Technical requirements of program to address key controls, systems, networks and software designs. • Policies for employees access • Data destruction • System tests • Flexible for small business requires policy “appropriate to size and nature of the business and sensitivity of the data collected” (like GLB).