Credit card processing company regulations are in place to protect merchants and consumers. Regulators set their own rules and processes that payment facilitators and merchant service providers must follow.
Merchants should have a general idea of payment processing regulations and the regulators that set the “rules” when processing payments.
List of Credit Card Processing Company Regulations
Card Association Network
The Card Association Network is a network consisting of the major credit card providers, including:
- American Express
Each of these networks has its own set of rules for chargebacks and branding. They’re also responsible for creating, managing and releasing Interchange rates. Every April and October, Interchange guides are released.
All processors need to read this biannual report, which will mention all regulations that processing companies must adhere to at the present time.
Business owners often don’t have direct contact with the network.
Merchant Service Providers must adhere to all the regulations of the card networks that you accept.
The Federal Government isn’t intimately involved in credit card company regulations aside from the Durbin Amendment.
Dodd-Frank put a lot of safeguards in place to limit card association fee amounts. The Act specifically limits fees on debit card transactions. Lower Interchange fees, which were reduced to $0.22 +5% for each transaction, actually impact small business owners if sales are $15 or less.
Retailers with higher sales volumes can save money under the Act.
National Automated Clearing House (NACHA) is responsible for processing companies that process ACH transactions. Any time that an ACH transaction takes place, rules must be followed. The NACHA will:
- Govern the ACH Network
- Ensure processing companies maintain current payment requirements
- Sets ACH industry rules
If the processor doesn’t accept ACH payments, the NACHA is not involved in their regulation.
The PCI DSS regulations are set by the Data Security Council, which includes members from all major credit card issuers, including:
- American Express
If a company wants to transmit, store or process credit information, it must adhere to the regulations set in PCI DSS. Merchant Service Providers, for the most part, must follow these regulations.
The Data Security Council will review all PCI issues to protect consumers. Compliance consists of four main levels, depending on the volume of payments made per year. The levels of PCI compliance include:
- PCI Level 1: The most expensive level for businesses that have 6 million or more payments.
- PCI Level 2: A tier for companies processing one to six million payments annually.
- PCI Level 3: A tier for any business processing 20,000 to a million e-commerce payments per year.
- PCI Level 4: The lowest tier designed for up to 20,000 e-commerce payments or a million in other payments.
PCI deals primarily with the hardware, software and equipment used. The standards are in place for everything from data flow to encryption and how consumer data is transmitted. Service providers that are entirely PCI compliant offer the best protection. Payment service providers can alert you to the rules and regulations that your business must follow.
Acquiring banks are part of the Card Association Network and will adhere to the agreements they have in place with credit card processors. The processing company must report all data to their sponsor bank with one exception: PCI issues.
Once information is furnished to the sponsor bank, the bank will share this information with their networks, or the members of the major networks above.
Are All Providers Regulated?
Credit card processors are regulated due to Interchange exchange rates. The presence of exchange rates isn’t part of tiered or even flat pricing models. For example, Square isn’t subject to regulations, although it maintains PCI Compliance for its hardware and readers.
Payment facilitators that have a flat pricing model only aren’t subject to:
- Durbin Amendment
- Interchange rate regulations
It’s important to note that credit card processing company regulations do not apply to the miscellaneous fees that the processor can charge. It’s important to inquire about all fees charged because some processors do charge unnecessary fees.Payment processing regulations help protect merchants and consumers who may experience unnecessary fees.