One of my favorite things is meeting new clients and helping them take advantage of all the opportunities available in payment processing. You could call it a financial gift, but as we all know, no reward comes without a little work. This seems fitting since the underwriting and compliance processes can be a bit of a challenge. When I started in this business in 2000, new merchants could easily slide through the online sign-up process with little to no Know Your Customer (KYC) information and get up and running within hours. Those days are long gone. Depending on how organized you are, the compliance process could take longer than the integration time. This holiday season, I wanted to give the gift of knowledge by sharing the top common compliance questions and how the right answers could keep you off the underwriter naughty list. And in a lot of situations, that answer is “no.”
“Can we not include the merchant’s full registered name and address on the footer of my website or in the terms and conditions?”
No! And, this information needs to be spelled out, it cannot be an image. This question comes up a lot and often it comes with some pushback. Many in the adult space want to keep their business name and addresses hidden from the public eye. With a world full of crazies and anti-adult activists, privacy is important however this regulation comes directly from the card brands. Specifically, the card brands want the consumer to know whether the transaction will be a domestic transaction or a cross-border transaction. In addition, most banks will not allow merchant information to be an image, it must be written out in text form so that it can be picked up by the different website crawler technology that acquirers and the card brands use.
“Can we withhold proof of domain ownership?”
No! Acquirers need proof that the domain they are registering with card brands belongs to the entity that they are registering. They do not want a situation in which someone hijacks a domain, sets up content and processing, and they don’t even own the domain. You can keep your domain private and simply provide a screenshot of the admin area of your domain registrar. This can then be uploaded via most processors’ portals at the time of submitting a new website.
“Can we consistently offer a lifetime membership?”
No! Acquirers don’t love lifetime memberships because they are a big credit risk for them. Should the website go out of business, the acquirer is on the hook for all the lifetime memberships from a chargeback standpoint. If the merchant has a solid processing history, can show a low chargeback ratio on lifetime memberships, and is willing to increase their reserve amount to cover the bank’s credit exposure, the acquirer might consider accepting a lifetime membership offer.
“Can we just withhold who the Beneficial Owner is and not provide KYC documentation for those individuals?”
No! This is an Anti-Money Laundering (ALM) regulatory requirement. Payment processors are obligated to identify the ownership and control structure of each merchant who it provides payment processing services to. For merchants incorporated in the EU or UK, any individual who ultimately owns or controls 25% (in some instances, this threshold may be lowered to 10%) or more of the merchant entity must submit KYC documentation. Starting in 2024, U.S. corporate entities will need to register beneficial owners with 25% or more ownership to FinCEN. This information is not published or is pubic in the U.S. In the UK, beneficial owners must be listed in the beneficial owner registrar of the relevant jurisdiction where the merchant is incorporated.
“Should I offer a large tip amount for my CAM or FAN site?”
No! Tipping on CAM or FAN sites is tricky. We know that this is an important monetization tool for the models, however large dollar tip amounts can easily be taken advantage of by bad actors. Large tip amounts can help facilitate money laundering (where the tip function is used to facilitate payment for illegal activities) or could involve model collusion where large tips are received and then changed back. We recommend that tip amounts vary by the performance of the content creators. If they are long standing, solid performers, with no issues, then slowly opening their tip amount would be considered Okay. Tipping can pose a credit risk, especially for new merchants with no previous processing experience. We suggest waiting until the merchant has built up some processing before increasing the tip amount.
“Can I get away without having content management and age verification policies if I run a membership site with studio content?”
No! This is because of two recent regulations, Mastercard regulation AN 5196 (Revised Standards for New Specialty Merchant Registration Requirements for Adult Content Merchants), that was released in October 2021 and the Visa Rule ID 0003356 which is part of the Global Brand Protection Program Guide for Acquirers released in August of 2022. They require that content creators be age verified before posting content and all content must be reviewed before posting. This has bled into traditional membership sites that focus on produced or studio content. Even if you are not offering user generated content, it is good to have a policy on your review process of production content as well as how you validate age of the model in the production
“Can I just avoid providing processing history?”
No! Providing processing history to your payment processor or acquirer helps show the strength of your program. It can help with special pricing requests, and any other unique request you might have. It will also help speed up the approval of your application. If you have previously accepted card payments most processors require an official processing history such as acquirer statements, ideally for six months but a minimum of three months, however there are some instances where it could be longer. The processing history should be per month and show the total processing volume, total transactions, total chargebacks, fraud, and refunds.
“Can you just be like my current provider who doesn’t require documents or data?”
No! Each acquirer or payment service provider has their own risk policies and are governed by different regulatory bodies. For example, at Segpay, we are a licensed payment institution in Ireland and the UK. Many of our onboarding policies are driven by the KYC and AML guidelines of those regulatory jurisdictions. We tend to take the highest standard and then apply that to all of our jurisdictions.
I sincerely hope this helps many of you understand why you’re often given a “no” to these questions and better understand why in many cases, no is the best answer.