FCA and PRA licenses (authorisations) and ongoing compliance support, training, recruitment. Contact us 7 days a week, 8am-11pm. Free consultations. Phone / Whatsapp: +4478 3368 4449  Email: hirett.co.uk@gmail.com

1 PURPOSE

The procedure establishes an order, how:

  1. initiation, realization, changing and termination of cooperation with the Customer – Internet merchant;
  2. Acceptance of Payment cards;
  3. Connection and disconnection of Customer’s Internet merchant’s e-shops.

2 TERMS & ABBREVIATIONS USED

  1. Administrator – a HIRETT IT division employee whose job duties include Transaction processing in the accounting system.
  2. Payment cards data processing center the HIRETT has concluded an agreement with on Processing of Payment Cards Data, and which sends the Transaction data to HIRETT to process Transactions, solve customer complaints on the Transactions and solve other issues in cooperation with HIRETT regarding the Transactions.
  3. CHARGEBACK – a transaction that is returned by the card issuer and / or the cardholder to the processing bank, and most often dire HIRETT to the Customer, as a financial liability.
  4. Responsible employee – a HIRETT employee who is authorised to serve Internet merchants.
  5. Compliance laws, rules and standards – HIRETT operations governing laws and other legal acts, HIRETT operations related standards defined by self-regulating institutions, professional conduct standards and codes of ethics and other standards of best practice related with HIRETT activities.
  6. Authorizations – an electronic verification process of payment card data, resulting in receipt of an approval or denial for Transaction performance from the Payment card issuing bank.
  7. HIRETT – HIRETT Limited. HIRETT rates – the HIRETT Risk committee approved services price list that is valid at the day the respective operation is carried out.
  8. HIRETT IS – a set of HIRETT data processing equipment and software
  9. Registration system – an electronic registration system used by HIRETT and which ensures acceptance of Payment cards and serving the Customers
  10. Employee – e private person who is actually employed by HIRETT based on an employment contract or other legal transaction, including HIRETT Board and Council members
  11. Transaction approval code – a response code from the issuing bank of a Payment card received at the moment of authorisation.
  12. Transaction – a settlement for goods or services made with a Payment card
  13. E-shop – a customer’s – on-line merchant’s site on the Internet, where the Customer offers its goods or services.
  14. CRM – Card Risk Manager – AML and Risk department employee, who is authorised by HIRETT to carry out activities defined in the Procedure.
  15. AML manager – AML and Risk department employee, who is authorised by HIRETT to carry out activities defined in the Procedure.
  16. Account Manager – Sales department employee, who is authorised by HIRETT to carry out activities defined in the Procedure.
  17. AML/RD– HIRETT AML and Risk Department.
  18. Customer – online merchant, businessman with whom HIRETT concludes or is willing to conclude an agreement on servicing Payment cards on the Internet.
  19. Agreement – an agreement that is concluded (or to be concluded) between HIRETT and Internet merchant on servicing of Payment cards on the Internet.
  20. Payment card – payment instrument allowing to pay for goods, services and withdraw cash using special machines (ATM), POS terminals or to make payments on the Internet.
  21. Payment card user – a private person on whose name the Payment card is issued to.
  22. Monitoring software – a monitoring software, for example, G2 Web Services, Web Shield etc.
  23. Current account – a settlement account opened for a Customer in HIRETT in line with the HIRETT Customer registration, current account opening and customer file preparation procedure.
  24. Current account with a payment card – a current account with a payment card opened on the Customer’s name in HIRETT in line with HIRETT Current account with a payment card opening and servicing procedure, which is used for HIRETT operations with a Payment card.
  25. PIN – Personal Identification Number assigned to a Payment card. PIN serves for identification of Payment cards at the moment of transaction in ATM or POS terminals. The PIN replaces signature of a Payment card user when making transactions with the Payment card. Correct entry of PIN is proved by information that is saved in HIRETT Payment cards system.
  26. Procedure – HIRETT Customer – online merchant’s procedure.
  27. International payment organizations – international payment cards organizations VISA International, MasterCard International and others, each or any of these.

3 GENERAL TERMS

  1. To carry out transactions, customers have to conclude a service Agreement with HIRETT beforehand.
  2. The following items can be defined for Customers individually:
  • specific non-standard terms and servicing terms only in case it is coordinated in writing and it is approved in writing by HIRETT Chairman of the Board or Member of the Board who is supervising the respective function.
  • permanent non-standard HIRETT Tariffs if such are approved for the respective customer by HIRETT Board
  1. Upon conclusion of the Agreement, the Customer:
  • When fulfilling the Procedure requirements, HIRETT functions and employees must comply with not only the internal normative documents, but also the binding Compliance laws, regulations and standards, and they have to ensure execution of their duties in such a volume and quality that as a result HIRETT would not breach requirements of Internal normative documents and binding Compliance laws, regulations and standards, as well as Agreement terms (for example, if an Agreement defines generally that HIRETT (no particular HIRETT function or employee is indicated) shall fulfil (provide for) a respective requirement, then fulfilment of the respective requirements by HIRETT has to be provided by the HIRETT employee him/herself if he/she is authorised to perform the respective duties, or through another person.
  1. Conclusion of an Agreement with the Customer
  2. Before an Agreement is concluded with the Customer, HIRETT performs investigation of the Customer and its e-shop.

The Customer investigation takes place according to HIRETT AML Policies and Procedures requirements. The Customer’s case is assigned to an Account manager.

The Customer’s case encompasses all documents acquired during cooperation of HIRETT and the Customer, and it is stored according to the requirements of documents and information storage.

Following conclusion of the Agreement, all operations done by the Customer are assessed (monitored) according to AML Policies and Procedures, also the e-shop operation is monitored with monitoring software. Before conclusion of an Agreement the Customer has to submit additional information about the e-shop, this information is then assessed by the Account manager, CRM and AML manager. Before an Agreement is concluded, the CRM and AML manager verifies whether entries have been made about the Customer in MATCH-, VMAS systems, as well as performs the initial on-board in Monitoring software. Along with other operations, CRM and AML manager prints out reports on the Customer from the system (MATCH or VMAS) and Monitoring software and adds these to the Customer’s case.

  1. The AML manager starts the investigation process. Both the Customer and e-shop are inspected according to Item 4.1, as well as the AML manager carries out additionally required inspection according to the standards of the International payments organizations. The Monitoring software is used for inspection of the Customers and their e-shops.
  2. Conclusions (information) of the Account manager and AML manager about the Customer are attached to the Customer’s case and delivered over to the AML and Risk department head to make the final decision on the Agreement conclusion. In case of a negative decision of the Account manager and AML manager, the respective decision is coordinated by HIRETT Risk Committee.
  3. The AML manager prepares a proposal for a volume of a guarantee deposit along with the draft Agreement and submits it together with the Customer case to the AML and Risk Department head for adoption of a decision on the guarantee deposit amount. When preparing a proposal for the amount of the guarantee deposit, the AML manager considers the following criteria:

3.1. Residence of the online merchant:
3.1.1. For customers with residence addresses in low risk countries at least one of the following collaterals:
3.1.2. guarantee deposit of 5-10% of the planned monthly turnover (which is invested by the Customer when the Agreement is concluded)
3.1.3. collateral of 5-10% reservation from monetary funds of transactions processed at the respective day for 30 days (which is automatically reserved by HIRETT system in the Customer’s account);
3.2. For customers with residence addresses in moderate or high risk countries at least one of the following collaterals:
3.2.1. a guarantee deposit of 30-60% of the planned monthly turnover (which is invested by the Customer when the Agreement is concluded),
3.2.2. collateral of 5-10% reservation from monetary funds of transactions processed at the respective day for 60-180 days (which is automatically reserved by HIRETT system in the Customer’s account);
3.3. For customers with high risk regardless the residence addresses at least one of the following collaterals:
3.3.1. guarantee deposit of 30-60% of the planned monthly turnover (which is invested by the Customer when the Agreement is concluded),
3.3.2. collateral of 5-10% reservation from monetary funds of transactions processed at the respective day for 60-180 days (which is automatically reserved by HIRETT system in the Customer’s account);
3.4. For the remaining regardless the residence addresses at least one of the following collaterals:
3.4.1. guarantee deposit of 5-10% of the planned monthly turnover (which is invested by the Customer when the Agreement is concluded);
3.4.2. collateral of 5-10% reservation from monetary funds of transactions processed at the respective day for 30 days (which is automatically reserved by HIRETT system in the Customer’s account);
3.4.3. The collaterals indicated under Item 4.5.1 can be excluded for Customers with a good reputation and/or history in HIRETT and/or recommendations from HIRETT partners and trusted customers.
3.5. In case of significant changes regarding the Customer (the Customer’s risk level increases or decreases, for example, it starts selling of new products or terminates sales of a particular product, transactions that are suspicious or uncharacteristic to the Customer are found), the CRM or AML manager informs the AML and Risk department Head about the case, who then makes a decision on the collateral type and increase or decrease of its volume.

4. AML Risk department head makes a decision on conclusion of the Agreement with the Customer and on volume of the collateral deposit based on conclusions, having regard of information indicated in the Customer’s questionnaire, including information on volumes of fraudulent Transactions and complaints and methods and measures to be applied for minimising number of fraudulent Transactions and complaints, Customer’s area of business, Customer’s financial information, as well as reputation and references from former partners, if necessary. AML Risk department head may suggest organizing an additional interview with the Customer, if he/she considers that it is necessary for making a decision on conclusion of the Agreement. If the AML Risk department head makes a decision to conclude an Agreement with the Customer, then the draft Agreement is coordinated.

5. After a decision is made on conclusion of the Agreement, the AML and Risk department defines frequency of the Customer’s web-page monitoring in the Monitoring software. Monitoring of the web-page is done by AM and Risk department. If the AML and Risk department employees during the monitoring process find inconsistencies of the web-page to HIRETT and/or regulatory enactments, the information is delivered to the Sales Department and AML and Risk department heads who then agree on further steps. Frequency of monitoring activities depends on the Customer’s risk level, but it can also be defined individually. Monitoring is performed for a low risk Customers once per month, moderate risk Customers – once per week and for high risk Customers – every day. Customer risk groups are assigned according to the requirements and recommendations of the International payments organizations, as well as based on HIRETT AML policies and procedures requirements.

6. Connection of the Customer or e-shop and initiation of work

7. A Customer or a separate e-shop can be connected only after an Agreement is concluded with the Customer.

8. After conclusion of the Agreement, the CRM registers the Customer or e-shop in HIRETT system:

8.1. The following information is registered in the HIRETT system:
8.1.1. Customer registration data;
8.1.2. Financial conditions specified in the Agreement: transaction currencies, payments for transaction processing, volume of guarantee deposit, frequency of disbursements, as well as fees for transaction disputes. Deduction of fees, registration of guarantee deposit takes place according to register specified terms in the system.
8.1.3. Customer’s contact persons and contact data;
8.1.4. Information about e-shops;
8.1.5. Customer’s declared information on the planned business volumes;
8.1.6. Details of another bank in case when in the Agreement another account is given in another bank of the European Union or European Economic Area member state to which transactions arising from the Agreement will be made.
8.1.7. After registration of the Customer or e-shop, CRM informs Sales Department, AML and Risk department heads as well as the Account manager of the respective Customer, who then informs the Customer about its registration or registration, connection and readiness to work of the e-shop.
8.1.8. Following the integration tests between Customer HIRETT and receipt of a respective HIRETT notification, the Customer or e-shop can initiate acceptance of Payment cards for Transactions in the Customer’s e-shop.

9. Processing of Payment cards Transactions:

9.1. Processing of Payment cards Transactions takes place according to the Agreement between HIRETT and the Customer
9.2. Transactions are submitted for settlement according to:
9.2.1. an agreement between HIRETT and Customer;
9.2.2. Regulations and requirements of the International payments organizations.

10. During the whole cooperation period all operations of the Customer are assessed (monitored) according to the requirements of HIRETT AML Policies and Procedures, as well as regulations, requirements and recommendations of the International payments organisations through fraud prevention system.

11. Every day reports are generated in the Payment cards system for monitoring of authorisations and Customer transactions. The reports are prepared and analysed according to the regulations and requirements of the International payments organizations.

12. For control of CRM Payment cards operations the HIRETT every day prepares a report, where the following data are given:

12.1. Number of volume of fraud Transactions,
12.2. Number and volume of chargeback transactions,
12.3. Number and volume of Payment card Transactions
12.4. Number and volume or reversals,
12.5. Number and volume of purchase cancellations (unsuccessful authorisations),

13. The report results are assessed and in case suspicious transactions or inconsistencies to information available to HIRETT about a Customer are found, the information is given to AML and Risk department head who then makes a decision on further actions and on termination or continuing of cooperation with the Customer.

14. For control of Transactions the AML manager carries out operative analysis in the registration system every HIRETT business day. If necessary the AML manager makes an information request to the Account manager who gives a request to the Customer immediately.

15. In case during analysis of the recording system messages it is found that regulations of the International payments organizations or HIRETT agreement terms are breached, AML manager is authorized to cancel the process of the Customer servicing, informing the Account manager responsible for the respective Customer, as well as AML and Risk department and Sales department heads.

16. In the other cases the Customer servicing process is not cancelled. In case it is found that fraudulent operations take place with the Customer, AML manager or CRM block the parameter that seems suspicious (for example, a particular Payment card number or user, IP address, BIN number, etc.).

17. Control of fraudulent operations with payment cards is controlled according to the following indicators:

 

Customer risk level Fraud transactions (per month)      Volume of fraud transactions (per month) Proportion of fraud transactions within the whole number of purchases (per month)
1. informative lever Up to 3 At least 3000 USD 3-4.99%
2. suggestive level 4 At least 4000 USD 5-7.99%
3. high risk level 5 and more At least 5000 USD from 8%

 

18. In case the Customer corresponds to at least two indications from one risk level, then it is assigned with the respective risk level. In case the Customer corresponds to indications from different levels, then it is assigned with the highest risk level of these. If the Customer has several e-shops, then each e-shop is analysed separately.

19. In case during verification of the respective business day it is found that the Customer’s operational indicators close to the 1st risk level, then the Customer is informed about it and it is asked to provide an explanation for each fraud Transaction, as well as the Customer is informed about a necessity to carry out respective activities to avoid such situations in the future.

20. A respective entry is made in the Customer’s case, as well as all the gathered materials (customer’s explanations, etc.) are attached to the case.

21. In case during inspection of the respective day it is found that the Customers operational indicators comply with the 2nd risk level, then in addition to activities indicated under Item 6.11, HIRETT (the decision is made by the AML Risk department head), after assessing the Customer’s explanations, can suggest to carry out additional training of the Customer.

22. In case during inspection of the respective day it is found that the Customers operational indicators comply with the 3rd risk level, then the Account manager, after receiving these data from CRM, informs the Sales department, AML and Risk department heads and the Customer about the situation, and requests explanations from the Customer on each fraud Transaction. Sales department, AML Risk department heads assess the Customer’s explanations and make a decision on termination or continuing of cooperation with the Customer. In case a report is already received from the International Payments organizations about initiation of the Customer’s audit, then HIRETT has to act along with instructions given by these organizations.

23. For control of number and volume of complaints/chargebacks, the CRM employee each month prepares a complaint report on each Customer, by calculating proportion of Dispute complaint forms of the total number or operations each month for each e-shop of a Customer and each Customer. The reports are prepared according to the regulations and requirements of the International payments organizations.

24. Along with a quantitative analysis of the disputed Transactions, with increase of the indicators, CRM carries out the qualitative analysis: respective documentation is inspected which was the basis for the dispute. CRM indicates a reason, explanation, essence of the problem and inspects action of the respective Customer through placement of a request or giving requirements for improvement of a web-page.

25. If the Customer does not have any registered transactions within a month, then the Account manager has to contact the Customer, to establish the reason for it and make a decision on continuing or termination of cooperation.

26. Disconnection of Internet merchant or e-shop and termination of cooperation:

26.1. The Customer requests disconnection of Internet merchant or separate e-shop in writing.
26.2. CRM employee after receiving information indicated in Item 7.1 or the Board resolution about termination of the Agreement, registers with the IT division employees if necessary and informs of disconnection of the Customer or an e-shop.
26.3. The IT administrator together with the Account manager performs disconnection of the Customer or e-shop and informs the Sales Department and AML and Risk departments about it.
26.4. After receipt of information specified under Item 7.3 the CRM removes registration of the Customer or e-shop in the system according to the instructions of use and informs the Sales department head about disconnection of the Customer or e-shop and removal from registration.

27. Termination of an Agreement with the Customer:

27.1. Termination of an Agreement with the Customer takes place according to a procedure specified in the Agreement.
27.2. In case it is found that cases specified in the Agreement have entered when it is possible to terminate the Agreement, then Sales Department and AML and Risk department heads, who assess whether it is necessary to terminate the Agreement or continue its operation and informs HIRETT Risk committee about the decision made, which makes the final decision about termination or continuing of the Agreement.