ISO Acquirer Relations

by Gerritt Kerkstra

   When it comes to selling payment card programs to small and medium-sized merchants, as well as managing those merchant relationships, many acquiring banks rely on Independent Sales Organizations (ISOs) for help.
   Merchants signed by ISOs generate more than $100 billion in bank card gross dollar volume annually, according to MasterCard International's research. ISOs provide a low-cost source of new accounts, help acquirers expand their geographical reach and help them penetrate niche markets. No wonder nearly all major U.S. acquirers and processors work with one or more ISO to act as their "feet on the street," to at least some degree.
   The increased prominence and expanding role of ISOs in the U.S. acquiring business over the past two decades also has created additional responsibilities and associated risks for both parties. Under MasterCard's operating rules, the acquiring member is always responsible for meeting its settlement obligations � whether the obligation is generated by the member's own merchants or by those of an ISO.
   Acquirers and ISOs will achieve a better working relationship if both sides understand the risks associated with acquiring, agree on their respective responsibilities in the relationship, and adhere to fundamental business practices.
   As part of its commitment to providing practical approaches and recommendations for this important segment of the payments industry, MasterCard most recently conducted a comprehensive review of the ISO industry and completed its new ISO Guide to Working with Acquirers.

Acquiring Risk

   An acquirer faces certain risks and it is important to recognize that these exposures increase when acquirers delegate responsibilities to ISOs and when the ISO contractually agrees to assume risk associated with acquiring merchants. These risks fall into three general categories:

Merchant Credit Risk

   When a merchant experiences financial trouble or fails, the typical result is a stream of credits or charge-backs that the card association's interchange system debits from the acquirer's account and the acquirer then seeks to deduct from the merchant's deposit account. If that merchant can't cover the charges, the acquirer and ISO both may be exposed to risk. While the acquirer may contractually pass this credit risk to the ISO, in reality, the acquirer remains liable for any loss that exceeds the ISO's capital.

Fraud Risk

   When a merchant establishes a fraudulent account and submits large-ticket transactions using lost or stolen card numbers, the perpetrator may cause a significant loss of funds reimbursements before the acquirer or ISO becomes aware of the problem. Similar liability risks can occur when a legitimate merchant accepts transactions on a lost or stolen card. While ISOs are rarely involved in fraud, lax management of the merchant relationship can lead to missteps that create risk for the acquirer, even when the ISO contractually assumes liability for fraud.

Reputation Risk

   While they comprise only a small minority of the industry, ISOs that engage in dubious business practices � such as hidden fees, price-gouging on terminal leases, bait-and-switch pricing and inadequate attention to customer service issues � can damage the reputations of acquirers and legitimate ISOs alike.
   Carefully screening and managing ISOs from the outset can help acquirers avoid these pitfalls for acquirers. ISOs should be prepared for their merchant relationship practices and policies to be closely scrutinized by any prospective acquirer.

Roles and Responsibilities

   Choosing the right type of ISO to best suit its organizational model and needs is one of the most important steps that an acquirer will take in forming a strong partnership. ISOs can be divided into four major groups, each with a different mix of roles and responsibilities.

  • Full service, or wholesale, ISOs are the largest in terms of processing volume. Full service ISOs negotiate portfolio ownership, giving them the ability to move their merchant relationships from one acquirer or processor to another. ISOs that assume portfolio ownership typically take on acquiring risk and greater overall responsibility for the acquiring program. When working with small acquirers, full service ISOs often manage front-end and back-end processing through direct relationships with third-party processors.
  • Retail ISOs, which tend to be smaller than their full-service brethren, usually do not own their portfolios and are not normally responsible for underwriting or merchant risk. They typically partner directly with acquirers or large third-party processors. In the latter case, the processor handles most front-end and back-end processing and may introduce the retail ISO to an acquirer to develop a "one-stop shopping" relationship that frees the retail ISO to focus primarily on merchant sales and limited customer service.
  • Independent contractors, typically with one to three employees and which market to fewer than 25 merchants per month � work with larger ISOs and usually do not have direct relationships with acquirers. As such, independent contractors typically focus solely on sales and have neither portfolio responsibility nor risk responsibility.
  • Agent banks, while not traditionally categorized as ISOs, carry out responsibilities similar to those of retail ISOs. Agent banks generally do not sell merchant services aggressively but rather provide passive referrals through their branch networks to an acquirer or processor. While they may provide limited account management or customer service, agent banks generally do not assume risk or own portfolios.
    For ISOs to determine which role they wish to take, and for acquirers to select the most suitable type of ISO to hire, the criteria are quite similar: Each party should analyze the business growth potential, extent of acquiring risk, required management skills, resource requirements, long-range objectives and overall profitability involved in entering the relationship.
Screening Acquirers: A "To Do List" for ISOs

   Identifying an acquiring partner that best suits the specific needs of an ISO takes work. Although pricing is an important criteria for the decision, other important factors include:

ISO Training

   Evaluate the training programs available and determine the level of support needed to succeed. In general, comprehensive ISO training offers a clear understanding of the payment programs the ISO will sell, how transactions are processed, and the benefits to the merchant. Also, look for training on equipment installation and merchant POS training, customer dispute resolution processes, and ongoing merchant calling and customer service programs.

Residual Management

   ISOs rely on residual payments as a primary source of income so it's important to ensure the accuracy and stability of the ISO's residual payments. Acquirers and processors should exhibit corporate stability, as measured by their financial strength, management staff abilities and responsiveness to key concerns, and commitment to the business.

Underwriting and Credit Policies

   Although acquirers are responsible for establishing underwriting and credit policies, ISOs play a significant implementation role. ISOs should inquire about approval rates, underwriting policies, and merchant restrictions so that ISO business plans may adhere to the appropriate guidelines.

What to Expect from Your Acquirer

   Acquirers employ a thorough screening process to ensure that the ISO is legitimate and financially stable. Therefore, it is important for the ISO to exhibit:

Sound Business Plans

   In addition to sound financial statements, an ISO should have a comprehensive business plan, including a clear explanation of its marketing strategy for the geographies and market categories it will target, a sales strategy that provides a "who's who" of the sales team and the layers employed by the ISO, and its business model for maintaining consistent residuals.

Financial Stability

   Acquirers review ISO's financial statements, balance sheets, cash flow, and income statements. The ISO should demonstrate that it has adequate liquid assets to protect against acquiring or fraud loss. Also, acquirers often obtain Dun & Bradstreet reports, or other reports, to supplement this information for an accurate assessment of the ISO's stability and financial condition.

Reference Checks

   An acquirer may also assess the ISO's reputation in the industry among terminal leasing companies and merchants, as well as review complaints that may exist at the local Better Business Bureau.

Ongoing ISO Management

   The most successful acquirers take steps to continually manage both financial and reputation risks throughout the course of their relationship with an ISO. This requires particular attention in the following areas:

Transaction Monitoring

   ISOs that take responsibility for this back-end process should demonstrate thorough knowledge of suspicious transaction activities. Their monitoring systems should scrutinize transactions particularly closely during the first few days and weeks of a merchant relationship, when fraud is most likely to occur, and provide prompt reports to the acquirer.

Managing Reputation Risk

   Shortly after the ISO brings a new merchant on board, the acquirer may follow up to verify that the merchant is satisfied with the accuracy of its first bill and that the bill is consistent with the pricing described in the agreement. This follow-up also lets the acquirer determine whether the ISO is fulfilling other responsibilities, such as training the merchant in how to screen for fraud and how to use the point-of-sale transaction terminal.

Guarding Against Hidden Charges

   Many ISOs provide services, such as terminal leasing, that carry fees that fall outside of the merchant agreement and may not be included in the bill generated by the acquirer. To avoid confusion and frustration among merchants over such charges, acquirers may consider requiring the ISO to disclose, in advance, all fees that it can charge for its acquiring services.

Successful ISO-Acquirer Business Relationships

   While controlling risk is the foundation of successful ISO and acquirer relationships, additional factors come into play as well:

  • The business interests of both partners should be based on supporting long-term merchant relationships.
  • The ISO's business model should align with the acquirer's risk tolerance level; a risk-averse acquirer will likely avoid working with ISOs that target Internet-based retailers, home businesses and other high-risk merchants.
  • Merchant agreements should have liberal term and termination provisions, and should not prevent a dissatisfied customer from leaving.
  • The ISO should maintain a physical office with full-time support staff to provide at least the first line of customer service.
  • ISOs should demonstrate that they adhere to payment card association policies, especially with regard to registration; many unethical industry practices are attributed to unregistered independent contractors that fail to operate under the name of their acquirer or parent ISO.

   In an effort to address a common desire in our research among acquirers and ISOs to enhance the level of communications with constituents in the acquiring community, MasterCard is unveiling a new process for distributing manuals and core information to registered member service providers beginning in the first quarter of 2003. All registrants will automatically receive the account management user manual, MasterCard bylaws and rules, customer interface specifications and security rules, policies and procedures, among other important items.
   Trust � the key to all business relationships � must be shared by an acquirer and ISO for their partnership to thrive. Ultimately, ISOs that demonstrate a thorough understanding of acquirers' needs and superior capabilities for managing risk will distinguish themselves in this growing field. With careful screening and proper management, acquirers can create ISO partnerships that propel their merchant acquiring programs to even greater success.