How do Acquirers, ISOs, PayFacs underwrite your business?

When you start an application process with a payment provider whether they are an acquirer, ISO, or a PayFac, you must have heard or found it somewhere in the email that application is with underwriters.

It comes after the sales team or onboarding team pre-vet your website and believe that the business can be onboarded with them. 

But the decision is not made by them. Visa or Mastercard have detailed guidelines to them that not to onboard any merchant that is not in the acquirer’s appetite. It is to prevent themselves from financial and legal risks.

Acquirers enhance their underwriting process by utilizing automated systems and use diverse models which can efficiently verify a merchant’s identity, evaluate credit ratings, conduct fraud checks, and validate the business intent as per the submitted application, making the process more precise and efficient.

Based on the acquirer’s underwriting guidelines, ISOs and PayFacs have to verify the merchant as well. Although in cases like igaming, Adult or high integrity risk merchant, the application has to be shared with the acquirer for approval.

Visa has a guide called Visa Acceptance Risk Standards (VARS) that's more like a lesson to acquirers to assist them be better in risk scoring the merchant before onboarding.

What steps must be included in the Underwriting Process?

1. Robust Verification process of merchant

   1. This is to confirm the seller's authenticity including name, address, phone number, business registration number and document verification.

2. Assess the creditworthiness of the merchant

   1. This includes analyzing the credit history, financial statements, tax return statements

3. Assess Business Activity

   1. It includes verifying the merchant’s URL, their business plan (often asked to start-ups), type of service or goods they offer, return policies, terms and conditions, privacy policies.

   2. High-risk merchants like iGaming, Adult, AI companionship have to go through additional due diligence. Like for example adult sites to confirm from where the content is coming, users are uploading with consent or not.

4. Assess Merchant Business Location

   1. The acquirer has to check the business location where the merchant’s company is incorporated. Certain locations may present higher risks based on factors such as local laws and levels of fraud.

5. Assess Compliance

   1. The Merchant must comply with all relevant laws and regulations, including those related to data security and privacy. This also includes compliance with card network rules.

6. Assess Merchant Service Providers

   1. Identify the service providers that are being used by the merchant to process payment and store users card details. It is to ensure that the provider is registered with Visa and follows PCI DSS rules.

7. Assess Merchant Business History

   1. Check the processing history, excessive fraud or chargebacks history. Any instances of termination that led a merchant to MATCH list. 

8. Issue decision on the Merchant application

   1. Approve, Decline or Conditional approval which might involve exposure mitigation strategies such as reserves, holds, limitations on business activity, or guarantees.

Conditional approval comes with some restrictions like allowing only one of the card networks out of Visa and Mastercard to process for the first few months to check the business capabilities, chargebacks ratio and all.

Sometimes, acquirers can ask for upfront reserves as a mitigation strategy.

PayConsults follows all these guidelines and Visa's acceptance risk standards and Mastercard's BRAM to make your business compliant that fully suitable for a quick approval from the acquirer.