Tuesday, September 1, 2009

MATCH - TMF Listing Removal

The MATCH list or TMF are blacklists maintained by Visa and MasterCard to let their member banks know of merchants that have been terminated for cause, such as excessive chargebacks. The fact of being listing on the MATCH list can cause material harm to a business because it usually results in the business not being able to obtain a normal domestic credit card processing account. From time to time, merchants that did nothing wrong are listed on the MATCH list. Adam Atlas Attorney at Law can assist merchants in that situation to ascertain whether there is an opportunity to arrange for their removal from the list. Getting removed from the MATCH list is most often accomplished through negotiation and not through litigation. Needless to say, the MATCH list raises some interesting questions as to anti-trust law and FTC regulations concerning fair business practices.

 

__________________________________

 

Adam Atlas Attorney at Law

 

150-5585 Monkland Avenue

Montreal, Quebec, Canada H4A-1E1

Direct: 514-842-0886

atlas@adamatlas.com           www.adamatlas.com

 

Of the Bars of New York and Quebec

 

Legal Columnist www.greensheet.com

Editor in Chief www.frontiertimes.ca

__________________________________

 

Tuesday, August 18, 2009

Three indicted in largest U.S. identity theft scheme

Mon Aug 17, 2009 6:29pm EDT By Daniel Trotta

NEW YORK (Reuters) - Three men were indicted on Monday for allegedly stealing more than 130 million credit and debit card numbers in what U.S. authorities said they believe is the largest hacking and identity theft case ever prosecuted.

Albert Gonzalez, a former government informant already in jail in connection with hacking cases, and two unnamed Russians were indicted on charges related to five corporate data breaches from 2006 to 2008.

Card numbers were stolen in those breaches from credit-card processor Heartland Payment Systems and retail chains 7-Eleven Inc and Hannaford Brothers Co, prosecutors said.

The men targeted two other corporations, the U.S. attorney's office in New Jersey said in the statement, without naming those companies.

Heartland Payment Systems and Hannaford Brothers had previously and separately acknowledged the breaches, but the scope of the fraud had not been known.

Authorities also for the first time tied those cases to Gonzalez, who was arrested last year on suspicion of hacking into a restaurant chain's payment system.

Attorneys for Gonzalez were not available for comment.

Prosecutors said Gonzalez and the Russians, identified as "Hacker 1" and "Hacker 2", targeted large corporations by scanning the list of Fortune 500 companies and exploring corporate websites before setting out to identify

vulnerabilities.

A year ago, Gonzalez was indicted along with 10 others from five countries on accusations of stealing 41 million credit and debit card numbers from major retailers, including TJX Cos Inc, owner of the TJ Maxx and Marshall's retail chains. Prosecutors said that ring caused more than $400 million in damages.

Prosecutors said Gonzalez and the other two men used numerous techniques to penetrate the computer systems.

Gonzalez was being held in a Brooklyn jail. Prosecutors would not comment on the whereabouts of the two Russians.

All three were charged with conspiracy to gain unauthorized access to computers, to commit fraud in connection with computers and to damage computers, and conspiracy to commit wire fraud. Each faces up to 35 years in prison and large fines if convicted.

Prosecutors said in the statement that the suspects would seek to sell the data to others who would use it to make fraudulent purchases.

They cited one example in which they said the suspects went to retail locations to identify the type of checkout machines, and after further investigation into the computer systems they uploaded information onto servers that worked as hacking platforms. 

 

Friday, June 19, 2009

Interchange Bill Reintroduced in Congress

Posted on June 9, 2009 03:35 by Ty Hardison

H.R. 2695, The Credit Card Fair Fee Act, was reintroduced with slight
differences from its 2008 version. The bill would grant limited
antitrust immunity to Interchange rates negotiated between merchants
and Visa Inc. and MasterCard Inc. with a representative of the U.S.
Department of Justice attending the negotiations.

U.S. Rep. John Conyers Jr., the Democrat who chairs the House
Judiciary Committee introduced the bill saying "It is not an attempt
at regulating the industry and does not mandate any particular
outcome; this legislation simply enhances competition by allowing
merchants to negotiate with the dominant banks for the terms and rates
of the fees."

Right now small and mid sized businesses pay the same Interchange fees
as larger chains. Having each merchant independently negotiate the
interchange-setting process will not benefit small merchants who don't
have the time, money or resources. As an advocate for small business,
this is a concern.

Interchange fees are very complex now but at least the same fee is
charged for a card issued from Bank of America as one issued from
Chase. Just wait until the government gets involved and negotiations
result in every bank having different fees. And just like the
disadvantage likely faced by small merchants over giant retailers, so
too will community banks be at a disadvantage over mega banks in these
negotiations.

In the battle between mega banks and giant retailers over Interchange,
let's not forget the benefits of today's level playing field where
small businesses and community banks are not disadvantaged because of
their size and ability to negotiate the most favorable terms.

Republished from Vantage Viewpoint.

--

Wednesday, May 27, 2009

Congress Will Study Interchange And Eyes Rules for Gift Cards

By Digital Transactions

(May 20, 2009) The U.S. House of Representatives on Wednesday overwhelmingly passed a sweeping credit card reform bill that leaves out retailer-backed regulation of interchange. The bill, which the Senate sent to the House Tuesday, includes a Congressional interchange study and could open the door to controls on gift cards.

The House earlier this month passed its version of the issuer-focused card reforms, H.R. 627, without any interchange provisions. At the urging of merchant groups, however, the Senate briefly considered amending the bill so that it would clarify federal law to make it easier for retailers to discount prices for cash, checks and debit card payments, with credit card sales being charged the base price (Digital Transactions News, May 14). The amendment didn't make it into the version that emerged from the Senate on Tuesday on a 90-5 vote, much to the relief of card issuers and bank card networks. The House adopted the Senate bill and approved it on a 361-64 vote.

But interchange opponents plan to carry on their fight. "We're disappointed that the cash discount amendment wasn't included because it would have been a significant help for consumers at a time when they need to stretch every dollar as far as possible," a spokesperson for the Washington, D.C.-based National Retail Federation tells Digital Transactions News by e-mail. "It didn't make it onto this bill, but there's a lot of momentum behind it and we hope to see it attached to some other piece of legislation."

What is in the legislation is an order for the Government Accountability Office to study interchange, the controversial transaction fee set by the bank card networks, charged to the merchant acquirer and paid to the card issuer. Acquirers typically pass the cost on to merchants, who in the past year have found lawmakers receptive to their argument that the fees have gotten too high and they have little control over them. The GAO is the non-partisan investigative arm of Congress. Findings from its studies frequently make their way into legislation, so the interchange issue is likely to come up again by year's end or in 2010. The interchange study is supposed to be done within six months of the card law's enactment.

The bill directs the GAO to investigate numerous aspects of interchange, including disclosures to merchants and consumers, how federal regulators oversee such fees, and whether interchange revenues support card issuers' advertising and rewards programs. The GAO also is to probe "the consequences of the undisclosed nature of interchange fees on merchants and consumers with regard to prices charged for goods and services," the bill says.

Title IV of the bill contains provisions that address gift card and gift certificate fees, expiration dates, and disclosures that have the prepaid card industry worried. Some fear the bill could clear the way for more regulation of retailer-issued gift cards and network-branded prepaid cards issued by banks. "There's a lot of hand-wringing and a lot of unknowns," says researcher Tim Sloane of Mercator Advisory Group Inc.

One provision would amend the Electronic Funds Transfer Act in a way that might permit states to pass gift card regulations stricter than those in the Federal Reserve's Regulation E, which implements the EFTA, according to Sloane. While the implications aren't yet clear, prepaid card issuers worry that the language could undermine the principle of federal pre-emption of state laws when a business relationship is between a consumer and a national bank. "It puts a new crack in the wall," says Sloane, director of the Prepaid Advisory Service at Maynard, Mass.-based Mercator.

President Obama had pushed Congress to give him a card bill he could sign by Memorial Day. The final bill does include an unrelated but controversial amendment added by the Senate—allowing people to carry loaded guns in national parks.



Monday, May 18, 2009

Econ4U Supports Efforts to Make Credit Card Bills Fairer, More Transparent

WASHINGTON D.C. May 13, 2009 - Econ4U today expressed its support for rules currently being considered by the United States Senate, which would make credit card bills more transparent and protect borrowers from hidden fees.  While we do not endorse all the aspects of this legislation, the bill contains some core reforms that will empower people to make responsible decisions with their finances. 

The two key provisions that will help borrowers throughout the country are:

1. Less tiny print: For starters, you can say goodbye to tiny and unreadable fine print: all disclosures must be in 12-point font or larger. This is such a no-brainer it's hard to imagine anyone but magnifying glasses manufacturers opposing it.

2. No sudden/arbitrary rate increases: When you sign up for a credit card, or any other loan, you expect to know the interest rate you'll be charged. Recently, however, a lot of credit card customers have been surprised with arbitrary rate increases, even if they never missed a payment. Under the new law, if you are carrying a balance at 10% fixed APR, you'll know that interest rate won't change (unless your monthly payment is late, or it's a promotional rate that expired). And if it does change, you'll have at least 45 days' notice, plenty of time to look around for a better card and interest rate.

"It is important that all financial institutions make a good faith effort to ensure that contracts are easier to read, that there are no surprises lurking in the fine print, and no hidden fees.  Borrowers who make their payments in full and on time should not have to fear surprise, arbitrary rate increases," said James Bowers, Managing Director of the Center for Economic and Entrepreneurial Literacy.  "There is an epidemic of financial illiteracy in this country and policy makers should work to make sure that Americans have all the tools at their disposal to make wise financial choices.  If we eliminate confusing contracts and hidden fees as well as promote a renewed focus on financial literacy, the public will be better prepared to weather this financial crisis, and less likely to make the same mistakes again in the future."

The Center for Economic and Entrepreneurial Literacy, Econ4U.org, is a non-profit organization promoting financial education. Its economic education program presents facts on personal finance, business economics, entrepreneurship, and government spending in unusual venues such as movie theaters, restaurants, and bowling centers.


Friday, May 15, 2009

Heartland Data Breach: MasterCard, Visa Impose Hefty Fines Processor says it Has Already Spent $12.5 Million in Fees, Penalties

May 14, 2009 - Linda McGlasson, Managing Editor, Bank Info Security

 

The Heartland Payment Systems (HPY) data breach has already cost the card processor millions in fines from Visa and MasterCard.

 

This news was revealed by CEO Bob Carr in Heartland's recent earnings call, wherein Carr said the much-publicized breach has already cost the company $12.5 million.

 

Other than legal fees and some related charges to the breach, much of that amount went toward fines imposed by Visa and MasterCard against Heartland's acquiring banks, Carr says. Heartland Payment Systems data breach coverage

 

A Visa source would not confirm the amount of the fine imposed, but Carr told investors that more than 50 percent of the $12.5 million relates to a fine that MasterCard assessed against its sponsor (acquiring) banks. "Ostensibly, because of an alleged failure by Heartland to take appropriate action upon having learned that its computer system may have been breached, and upon thereafter having discovered the intrusion," Carr states.

 

Heartland believes that it responded appropriately to all information that it learned regarding the possibility of a system breach and that, upon discovering the intrusion, it took immediate and extraordinary action to address the intrusion, Carr adds.

 

Heartland therefore considers the MasterCard fine to be in direct violation of both the MasterCard rules and applicable law, and the company "intends and is prepared to vigorously contest, and it has recommended to its sponsor banks that they vigorously contest through all means available, including litigation if necessary, any liability that may be asserted or imposed upon Heartland or its sponsor banks by reason of this fine," Carr says.

Click to Get Updates on the Latest Information Security News

Company*

 

MasterCard's spokesman Chris Montiero defended the fine levied against Heartland, saying, "MasterCard believes the fines it imposed were warranted and consistent with its Rules."

 

The $12.5 million Heartland has spent so far as a result of the network breach may be the beginning of costs incurred by the Princeton, NJ-based payments processor. A number of class actions suits by consumers and financial institutions impacted by the breach have yet to be heard in the courts.

 

The fines imposed by the credit card companies comes at the same time that Heartland has announced plans to offer its merchants end-to-end encryption capabilities. The plans that Heartland announced will protect the company's processing network with an end-to-end encryption system. Company officials say plans are to begin rolling out the solution to its merchants in the third quarter of this year. The merchants would pay for the installation of the equipment, but Heartland is already spending "millions" on developing the technology solution with Voltage Security, an encryption vendor.

Thursday, May 14, 2009

Credit card exec files for bankruptcy after $300M verdict Greg Daily is CEO of iPayment Inc.

By Getahn Ward • THE TENNESSEAN • May 12, 2009

 

Credit-card processing entrepreneur Greg Daily filed Monday for personal bankruptcy protection after a California venture capitalist won a $300 million jury verdict against him.

 

The award followed trial of a 6½-year-old complaint in which Douglas Shooker accused Daily of thwarting his attempts to invest in Nashville-based iPayment Inc. through an earlier agreement. In his filing in Los Angeles Superior Court that sought more than $115 million in damages, Shooker also accused Daily of stealing his research into a Web-based credit card processing system.

 

iPayment is the second successful credit-card processing venture for Daily, who paired up with Richardson Roberts to launch the erstwhile Nashville-based PMT Services Inc. in 1984 while in their ’20s. Each man netted millions from selling PMT in September 1998.

 

Upon launching iPayment, CEO Daily said that the company targeted processing of Internet-based transactions because it offered higher margins although it also involved more risk.

 

Daily’s assets are estimated at $10 million to $50 million and liabilities at $100 million to $500 million in the bankruptcy filing. He has 15 days from Monday to give the court a list of everything he owns and everyone he owes, though his lawyer could request more time.

 

By filing under Chapter 11, Daily avoids surrendering his assets to a bankruptcy trustee and instead would be required to file monthly updates on his income and expenses to the U.S. trustee’s office. "It’s likely a strategy to maintain the status quo while they appeal that big California judgment," said John McLemore, a local bankruptcy trustee, adding that Daily would be allowed to keep his assets and submit a plan to repay a portion of his debt.

 

James N. Penrod, Daily’s San Francisco-based lawyer, said he disagreed with the verdict and would likely appeal.

 

In a regulatory filing, iPayment said the suit was brought against Daily individually. "Neither the company nor any other shareholders, officers, employees or directors were a party," it said. "The company has no indemnification, reimbursement or any other contractual obligation to Mr. Daily in connection with this legal matter."

 

Last year, iPayment saw its net income rise nearly 165 percent to $14.3 million from $5.4 million. Revenues, meanwhile, increased 4.7 percent to $794.8 million from $759 million.

 

Friday, April 17, 2009

Legal Roadmap for US ISOs Coming to Canada

As a US ISO, how can I solicit Canadian merchants?

 

Canadian merchants have to place their merchant accounts with Canadian banks, unless they operate through a US subsidiary or affiliate.  There are only about a dozen Canadian banks that are seriously involved in acquiring and even fewer that have third party sales organizations, like ISOs and ISAs.  The norm in Canada is for banks to have in-house merchant services salespeople rather than outside sales organizations.  Despite that norm, some Canadian acquiring banks and processors have created third party sales programs, which are the way by which it is possible to solicit Canadian merchants to offer them merchant accounts.

 

Do I need to incorporate a Canadian company?

 

Yes. Generally speaking, Canadian ISOs need to operate through a Canadian company.  This is so because Canadian acquiring banks prefer to underwrite a Canadian company as an ISO rather than an entity that is foreign to Canada.  Incorporating a new company in Canada takes a matter of days and will cost only a bit more than the average US incorporation.  There are 10 provinces in Canada (which are like US states) and three territories, which are like provinces, but with a different constitutional status.  Each Canadian province and Canadian Federal law has a companies statute, which gives a foreign business a variety of jurisdictions to choose from.  For example, some provinces require Canadian resident directors or shareholders, while others do not.  In addition, some Canadian companies will work better from a US tax perspective.  With our experience in advising hundreds of payments businesses in the US and Canada, and the assistance of local counsel in a number of Canadian provinces, we are able to help US ISOs select the best jurisdiction in which to incorporate in Canada and deliver the incorporation to them in a timely manner.

 

Do I need a Canadian bank account?

 

Yes. The Canadian acquirer will want to settle your residuals in Canadian Dollars (each worth about USD$0.80) into a Canadian Dollar bank account in Canada.  Wiring money from Canada to the US is a simple process that can be done by instructing the Canadian bank, that would also handle the currency conversion into USD.

 

Do I have to sign a new ISO agreement?

 

Yes. Most US processors will require a US ISO to enter into a separate and distinct ISO agreement for Canada.  These agreements are negotiated in a manner not unlike those in the US.  Because third party sales are a novelty for Canadian banks, US ISOs must expect a little more resistance than they are accustomed to in the US when negotiating their ISO deal.

 

How long does this process take?

 

The following are estimates of the time these steps should take:

 

(a) new Canadian company: 1 week or less;

(b) negotiation of Canadian ISO agreement. Depending on the speed of the Canadian processor’s legal department, a week or two; and

(c) opening a Canadian bank account: 2 days.

 

How much will it all cost?

 

We would be pleased to provide a firm and reasonable estimate of our legal fees for an incorporation and advising on the ISO agreement to any interested party.

 

Disclaimer

 

Nothing in this memo shall be interpreted as legal advice.  This memo is for information purposes only.  The information in the memo may not be applicable to you.  The information in this memo is subject to change without notice.

 

About Adam Atlas Attorney at Law

 

The firm represents over 300 ISOs, agents processors and banks in the US and Canada.  Adam Atlas is licensed in the State of New York and the Province of Quebec in Canada and is therefore able to assist parties on both sides of the border.  Atlas writes a monthly column in The Green Sheet, speaks at and attends major US payments shows.  Atlas helped found the Canadian Acquirers Association and publishes a Canadian payments trade journal called The Frontier Times.  Please visit www.adamatlas.com.

 

For more information, please contact us.

 

Adam Atlas Attorney at Law

150-5585 Monkland Avenue

Montreal, Quebec, Canada H4A 1E1

Voice: 514-842-0886

atlas@adamatlas.com

www.adamatlas.com

 

 

Friday, March 27, 2009

PCI Standards

Most participants in the merchant acquiring / merchant account business are also obliged to comply with PCI standards, which are a set of guidelines for security of credit cardholder information. These standards are of immediate concern to merchants who are most at risk of being out of compliance. More information on PCI compliance as well as the Visa and MasterCard equivalent standards is available here:

Payment Card Industry Data Security Standard (PCI DSS)
Visa Cardholder Information Security Program (Visa CISP)
MasterCard Site Data Protection Program (MasterCard SDP Program)

 

The PCI Standard is the ‘flavor of the month’ in the merchant acquiring world. The recent PCI compliance issues at Heartland Payments highlights the fact that even large processors can run into PCI compliance issues. One question on the minds of may in the payments industry is if PCI compliance fees are more a profit center than a means of improving security.

Wednesday, March 25, 2009

Adam Atlas Attorney at Law - Payments Law Blog

Providing legal advice to a few hundred payments companies, we have decided to add value to our practice by blogging about payments law as well.

We welcome questions and comments on anything related to electronic payments, credit card, ATM, Visa, MasterCard, RFID, SIM, biometrics, e-wallets, virtual world payments, aggregation of payments, chargebacks, MATCH listings, TMF listings, and all other payments related issues.