The continued growth of eCommerce carries with it several benefits for merchants and consumers alike: Ease of use, speedy transactions, and of course the ability to make a sale across borders, each day, every day. Yet there’s also the ever present risk to merchants and acquiring banks when online sellers violate their agreements by selling illegal goods.
A recent report by G2 Web Services shone a spotlight on contact lens sales online, which are regulated as medical devices, yet are sold as decorative or cosmetic items by some less than scrupulous online sellers. The upshot is that acquiring banks may be exposing themselves to regulatory backlash and financial penalties.
PYMNTS spoke with Dan Frechtling, who serves as chief product officer of G2, to get a sense of how risk pervades the contact lens markets online, and elsewhere.
PYMNTS: What steps go into the due diligence of making sure merchants are only offering goods and services that comply with any and all industry regulations?
DF: There are several steps. But before you can even begin to do due diligence you need to know the industry rules or to hire a vendor who knows the rules. The rules and regulations come from a number of different sources.
First, there are the card networks (Visa, MasterCard, American Express, Discover, etc.). Second, there are national regulations from bureaus such as the Food and Drug Administration (FDA) in the U.S., the Medicines and Healthcare Regulatory Agency (MHRA) in the U.K. and European Medicines Agency (EMA), obviously in Europe. Third, there are rules from local jurisdictions, such as state rules on medical marijuana in the U.S. and member state rules in the EU.
In all cases it’s important to know where the selling company is domiciled and where buyers are located, as both are considered in enforcing laws. As you onboard new merchants, there are series of checks to follow. There are credit checks, sanctions and law enforcement watchlist checks … and proprietary violation and fraud databases like G2’s Merchant Map.
Financial institutions perform a series of website reviews to look for prohibited content, prohibited business models and other areas. Also part of this process is assigning the right Merchant Category Code. Code 5047 covers medical, dental, ophthalmic, and hospital equipment and supplies. These reviews are standard across all merchant types. For medical devices specifically, acquirers need to ensure prescription laws are followed.
When a prescription is required, merchants must obtain them from licensed, trained professionals. It is also the acquirer’s responsibility to ensure this happens. Too often in rogue pharmacies we see unqualified staff members “prescribing” products illicitly.
As you monitor merchants, continued website assessments are paramount. Tigers don’t change their stripes, but merchants do. The frequency of reviews can be monthly or as often as weekly or daily for risky customers. This is time-consuming to do in-house, so most acquirers choose a vendor to look beyond the home page to interior pages and to connections to other undisclosed online content.
PYMNTS: It seems as if acquirers are facing much stiffer penalties regarding regulation compliance. What punishments are they facing and what more can be done to deter them?
DF: Stiffer penalties and punishment are in store whenever counterfeit, imitation, unapproved and/or non-sterile devices are sold. This is significant for parties in the payments chain because acquirers are held liable for fraudulent merchants. Further downstream, Payment Facilitators or PFs are also held liable. International law enforcement campaigns target the online sale of counterfeit and illicit medicines on an annual basis.
Because there are new drugs and new product violations all the time, there are more opportunities to be noncompliant. Just this month we added a number of product categories pertaining to medical diagnostic testing kits, catheters, body implants and more. So we are constantly updating our categories to stay consistent with the card networks and regulatory bodies such as the FDA.
What else can be done to deter this activity? The private sector, including payments and health care, must take whatever steps it can to find those culpable. But the private sector wields the power to slow by terminating accounts or remedying the aftereffects. Law enforcement has the power to stop by arresting perpetrators and dismantling networks.
This is much easier said than done because of the sheer number of criminals, number of alternative payment types such as vouchers, prepaid wallets, cyber-currency and the like. But physicians are one group that advocates for more laws.
PYMNTS: From a payments perspective, can anything be done to match a payment to health records?
DF: Unfortunately, matching accounts like credit cards to health records faces obstacles, including potential HIPAA violations.
PYMNTS: What can acquirers do regarding payments to dissuade merchants from illegally selling these unapproved goods?
DF: At the beginning there are reserve requirements. Acquirers can take larger general reserves on merchants selling medical devices to cover chargebacks and other liabilities. The dishonest players suffer a loss of reserve if they violate contract terms. The honest players incur a cash flow impact. It’s not perfect because it taxes the innocent, but it’s enough to persuade many bad actors to avoid acquirers that may cause them a financial loss.
Later in the customer relationship, monitoring takes on great importance. There are two primary areas. One type of monitoring, periodic website assessments and MCC checks, verifies no significant changes in operations have occurred. Another type of monitoring, regular scrutiny of complaints, watchlists and negative news, detects any business misconduct. Both are commonly outsourced to providers like G2 Web Services.
In parallel, acquirers should always be looking for signs of transaction laundering. Transaction laundering, also known as credit card laundering, unauthorized aggregation and factoring, occurs when a purchase from a violating merchant transacts through the merchant account of a supposedly “clean” merchant.
Finding these difficult-to-spot cases combines vendor methods and internal organizational routines. Vendors isolate transaction laundering through use of technology, data sets and expert analyst review. Acquirers practice a robust cross-communication between departments such as sales, underwriting, risk and customer support, who can identify things that are out of place. Just because you can’t see the product doesn’t mean it isn’t being purchased.
Lastly, consequences must be enforced. Acquirers should take action with the merchant, such as terminating the merchant or requiring the merchant to cease selling restricted categories. As needed, they should add violators to the card network watchlists mentioned previously. They should also report criminals to law enforcement authorities.
. . . . . . . . . . . . . . . . . . .
To Download the Online Market for Dangerous Contact Lenses Propels Liability for Acquiring Banks Report, fill out the form below: