1 PROHIBITED BUSINESSES / PROHIBITED ITEMS
is Authorized Electronic Money Institution that is primarily providing e-commerce processing services with class payment schemes like VISA and MasterCard. The objective of this Acceptance Policy is to provide a list of business models which are considered unacceptable according to HIRETT Risk Policy and will be rejected for review if referred by PSP/ISO/Agents. The Acceptance Policy outlines the E-Merchant Boarding process, website due diligence requirements, KYC package and SLAs as well as Prohibited Businesses / Prohibited Items.
The below list provide business models/ items that will not be considered for review from HIRETT. The list is not all inclusive and is intended to provide basic guidelines regarding the acceptance policy of the company. This list is updated from time to time and because it is non-exhaustive, may also be extended at the sole discretion of HIRETT:
1. Illegal activities, products & services
2. Any service providing peripheral support of illegal activities (i.e. drugs)
3. Adult related to Bestiality, Child pornography, Necrophilia,Rape and other banned content
4. Alcohol, Tobacco,Marijuana Seeds, Psilocybin Mushrooms etc.
5. Online pharmacies
6. Online gaming, betting, sports forecasting targeting US and Canadian consumers
7. Weapons, firearms, munitions of any sort
8. Replica – merchants selling fake products designed to look like the designer name products
9. Multi Level marketing schemes that do not involve a “real” (of independent value) product or service (like Pyramid or Ponzi Schemes)
10. Business opportunities (“get rich quick schemes”)
11. Sales-incentive-based programs that rely on “breakage” to earn profit. “Breakage” is defined as services paid for by the cardholder but never used. Prepaid and gift card program models are not considered breakage and are not, per said, unacceptable
12. Credit counselling, repair, protection, and debt reduction and/or consolidation – includes credit protection and identity theft protection
13. Timeshares and timeshare advertising
14. Advertising or employment agencies
15. Mortgage Payments or other debt related estate products
16. Collection agencies of any type (credit repair, counseling,or other credit educational services)
17. Third party billing companies
18. Websites promoted hatred, racism or religious persecution
19. Merchants selling goods or services deemed by HIRETT to have questionable value
20. Any merchant that has been subject of a criminal investigation or is in a sanctions database
21. Any merchant that is currently in business bankruptcy or has been the subject of bankruptcy or receivership proceeding in the last 3 years
22. Adoption agencies/ Charitable organizations
23. Long-term investment and insurance companies
24. Any merchant identified in any of the Chargeback or Fraud Monitoring programs of the card schemes
25. Any merchant that represents unacceptable reputation risk to HIRETT
26. Any merchant that does not meet HIRETT policy guidelines
2 MERCHANT APPLICATION REQUIREMENTS
Minimum application content for all new merchants which contain information for:
- Company name (legal), ID and registered address
○ Company ownership - Business license, registration numbers
○ Authorized signatories - Website full URL address and DBA
○ Full Product description - Membership details
○ List of all third parties involved in the payment process - Risk related questions
○ Fraud/Risk mitigation controls - Projected volumes with HIRETT
○ Settlement bank details - Projected volume distribution by country and card type
○ 3D Secure requirement
3 UNDERWRITING PROCESS
The Underwriting Process consist of the below stages:
1. Submission of the Pre-Application to HIRETT through PSP (Pre-Application is not mandatory, and UW Process can start with stage 3)
2. Pre-approval of the business model and within 48 business hours after submission of the pre-application
3. Submission of the Merchant Application to HIRETT through PSP or as a Direct merchant
4. Review of the Merchant Application and full KYC (Know your customer) documents for the company and the respective principals, by HIRETT Underwriting team within 5 business days after submission of the merchant application
5. Merchant Agreement sign-off
6. Merchant setup process is finalized within 24-48h after merchant agreement is signed
7. Integration of the merchant
8. Collection of certified KYC original documents and application forms
9. Pilot transactions
10. First Settlement
11. Customer care & support
*A merchant cannot process any transactions until the internal set-up process is completed and the merchant is approved by Risk. Assuming allis approved on the account, the merchant ID is generated by the Service team and the merchant will receive the MID along with the risk parameters for the live processing.
4 WEBSITE DUE DILIGENCE
Homepage:
1. Clear posting of the EU company’s legal name and DBA on the website
2. Card schemes Brand Mark in full color
3. Contact us, About Us, TOS, Privacy Policy links on the homepage
4. Address of the Merchant’s permanent establishment
5. Clear posting of physical business address
6. Non-expiring test account (should be supplied for the review)
7. Link to License (if the business requires licensing from regulatory point of view)
Policies:
1. Terms and Conditions (all listed below can be incorporated within one doc or in separate documents)
2. Privacy Policy
3. Refund Policy (*if none-refundable, should be clearly stated)
4. Membership policy (*if the model is subscription based) – should be clearly communicated and actively accepted by the Cardholder
5. Delivery policy and shipping costs. Visible fulfillment time-frames (i.e. 5 business days etc.); delivery to P.O boxes – unacceptable
6. Return Policy (in case of tangible goods)
7. Cancellation Policy (*confirmation acknowledgment
Payment page:
1. Order / Payment page is SSL enabled
2. Detailed description of the products / services
3. List of products with pricing stated in the settlement currency
4. Clear posting of the all available payment methods
5. Negative option marketing checkboxes
6. Billing descriptor posted on the payment page (i.e. “Your transaction will appear as “XXXXX” on your statement, in case the descriptor is different than the URL)
Merchant Business Operations:
1. Nature of business – determine what type of goods and services the merchant sells, whether they are illegal, restricted, brand-damaging or prohibited by the card schemes
2. Does the pricing corresponds with the pricing of similar websites
3. Billing terms – one-off/ recurring payments
4. Marketing materials – request copies of all relevant marketing materials, telemarketing
5. Selling methods – review negative options, free trials, setting recurring payment without explicit consent of the cardholder, sweepstakes
6. Inventory – determine whether the merchant owns or finances its inventory
Processing statements:
1. During this stage the merchant has to provide last 6 months’ card processing statements from current acquirer (preferably the prime acquirer for this merchant in case they are more than one).
2. If the merchant has no processing for this company, ask the merchant if they ever ran a previous business that accepted bank cards. If they did, request those processing statement
3. NB: The name on the processing statement must match the legal name on the application. The name of the processor has to be visible on the processing statements and can be checked through a test transaction, performed during this stage.
4. Based on the processing statement, the Risk staff should be able to calculate (AVR ticket size; R2S ratio; CTR ratio; Chargeback Count;
5. AVR monthly volume; Monthly growth percentage; Distribution of volume by region (Europe, US, Asia etc.); by channel (E-commerce, MOTO etc.); by card type (Consumer, Corporate etc.)
Description of goods and services:
Merchant website should contain complete description of the goods or services offered for sale by the Merchant, including but not limited to characteristics, measurements, photographs, content, material, price, for the software – the system requirements, for services – how and when could be provided.
Goods and services from the website must fully comply with the goods and services listed in the application for registration, as well as in the contract with the bank-acquirer.
Information about pricing (including transaction currency):
Accurate information about price and billing currency should be provided for all goods and services presented to potential customers.
Merchant’s Permanent Establishment address, Customer Contact information:
1. Full name of legal entity;
2. Legal and actual business address (the address should not be posted as a picture);
3. State registration number of the legal entity;
4. Contact phone number and email address.
The address and contact details should be easily accessible and available for at least 120 days upon the last transaction.
Billing Descriptor:
Billing descriptor should be displayed in the way this shall appear in the credit card statement of the cardholder. In best case scenario this should be Dynamic Descriptor when the 1st part is static and the 2nd dynamic which changes depending on customer purchase. For example:
“Company name, website: iPhone 7s Plus 128GB.”
This gives to the cardholder a clear picture of what is being purchased and where.
Shipping policy:
Complete and accurate information about the delivery of goods and services should be provided by the Merchant on its website – terms, methods, conditions, and any other information required to obtain a clear understanding of the delivery of goods and services after payment with credit card.
Return policy:
Merchant should provide a description of the procedures and conditions (including possible penalties) of refund in the event of buyer’s refusal to accept the order, exchange or delivery of substitute goods / services.Website should contain a “click to accept” button, or other acknowledgement, on its website evidencing that the cardholder has accepted the return policy.
Terms and Conditions:
Purchase terms and conditions should be displayed to the Cardholder during the order process either:
1. On the same screen used as the checkout screen indicating the total transaction amount; or
2. Within the sequence of web pages accessed by the Cardholder prior to the final checkout.
Export restrictions and regulations of delivery as well as restrictions on the provision of services (if any such restrictions).
Consumer data privacy policy:
Website should carry a proper displayed privacy policy section stating that cardholder’s personal and credit card details will be handled secure to ensure confidentiality and SSL encryption will be used to ensure sensitive data protection.
3D-Secure marks:
Merchants who participate in 3-D Secure must display the Verified by Visa and MasterCard SecureCode marks in full colors.
E-shop location and website disclosures:
E-Merchant must assign the country of its principal place of business1 (should be European country) as the E-Merchant E-shop location, either:
1. On the same screen view as the checkout screen used to present the final Transaction amount;
2. Within the sequence of the web pages that the cardholder accesses during the checkout process.
E-Merchant should display the address for cardholder correspondence. Visa Europe has the right to impose fines on non-compliant E-Merchant.
Principal place of business –- The E-Merchant has permanent premises at which its employees or agents conduct business activities and operations required to provide the cardholder with the goods or services purchased for the transaction. This location must be: The E-Merchant assesses sales taxes or value-added taxes related on the transaction activity (in places where taxes apply);- The location is the legal jurisdiction that governs the contractual relationship between the E-Merchant and the cardholder.
5 KYC DOCUMENTS
KYC (Know Your Customer) is the framework of initial and ongoing customer due diligence processes which HIRETT performs on each company it is conducting business with. The KYC process involves capturing and reviewing new merchant applications for compliance with card schemes’ and legal requirements and determining HIRETT financial and reputational exposure.
KYC Documents
It is a legal requirements for HIRETT to collect documents from the merchant which will confirm the
identity both of the merchant and its business.
From Anti-Money Laundering point of view, HIRETT has to place proper controls which to:
- deter and prevent money laundering and the financing of terrorism;
- promote high ethical standards in the financial sector; and-
- prevent the institution being used, intentionally or unintentionally, by criminal elements.
List of required documents:
1. Certificate of incorporation
2. Memorandum & Articles of Association
3. Proof of address of the company – Utility Bill
4. Passport / Identity card of the CEO
5. List of Shares (shareholdership structure)/Directors/Signatories
6. Bank reference/Void Check
7. Gambling license (if MCC 7995)
8. Financial or other license if this is required by the business type
9. AML (Anti-Money laundering) policy
10. Annual report (optional)
11. Business plan (for startups and by consideration of Risk)
6 UNDERWRITING SLA (SERVICE LEVEL AGREEMENT)
Pre-approval:
- 48 business hours
KYC check:
- 5 business days
NB: The review time frame does not include the time required for enrolment of the merchant or getting the merchant live – it purely related to potential time with the underwriter.
*Incomplete applications are not covered by this SLA, though certain incomplete applications may be at the discretion of the Head of Risk or CEO
of the company.
**Applications referred for approval from Risk Committee may take up to 10 business days