Ensuring your business remains compliant with the latest payment regulations is a big challenge, especially in a time of ongoing regulatory change, escalated by a fast-evolving FinTech space. For businesses with a subscription model or products and services that require recurring payments, regulations become nuanced and complex, so being confident that your business is meeting its payment card industry compliance requirements is vital.
Fibonatix is a highly experienced payment service provider (PSP) and consultancy that helps businesses to satisfy regulatory obligations, through cutting-edge payments technology and comprehensive and global expertise. Learn more about how we can support your company.
Table of Contents
What are the risks and consequences of non-compliance?
Regulators are becoming increasingly hot on compliance breaches, handing out hefty fines to firms that fall foul of regulatory obligations around record-keeping, transactions, AML/KYC and data processing. And it’s not just financial institutions. More regulatory responsibilities now lie with businesses, and when it comes to payment card industry compliance requirements, you risk significant financial and reputational damage if your compliance processes are not robust.
For example, companies can be fined up to £80,000 ($100,000) per month for PCI DSS compliance breaches, with the size of fines depending on the size of the company and the duration and scope of non-compliance. The vast majority of recurring payments are made by card, so mastering PCI DSS (Payment Card Industry Data Security Standards) compliance is crucial.
Are you meeting your payments compliance requirements specific to subscriptions billing?
Are you following the most up-to-date requirements from card schemes, such as Visa and Mastercard? Beyond KYC and PCI DSS rules, you must ensure you’re confidently meeting payments compliance requirements that are specific to merchants using a subscription model.
Here is a summary of the key requirements set out in Mastercard’s revised standards for merchants utilising a subscription billing or recurring payments model (in effect from 22nd March 2022):
- Merchants must disclose subscription terms simultaneously with a request for card credentials that must include the price and frequency of billing. Those utilising a negative option billing model must also disclose the terms of the trial, such as any initial charges, trial period length and price/frequency of subsequent subscriptions. Ecommerce merchants must:
- Clearly and prominently display subscription terms on any payment/order summary webpages.
- Gain cardholders’ affirmative acceptance of the subscription terms before completing the subscription order. Note: Providing a link to another webpage or requiring cardholders to expand a message box or scroll down the webpage to view the subscription terms does not satisfy this requirement.
- Immediately after cardholders complete the subscription order, merchants must promptly send confirmation via email or other electronic communications methods. This must include subscription terms and clear instructions for cancellation, whilst an online (or other electronic) method for cancelling the subscription must be provided.
- Merchants must also provide a transaction receipt via these methods with instructions for cancelling the subscription (and thereby withdrawing permission for any subsequent recurring payment transactions) after each approved authorisation request – first or subsequent payment.
There are other specific requirements to be aware of if you’re using a negative option billing model as part of your offering.
If you’re not confident in your compliance capabilities or expertise, you risk losing money – through lost customers and revenue or from fines. Risks of non-compliance include:
- Fines and penalties from regulators
- Legal action and costs from clients choosing to sue as a result of data breaches
- Brand reputation being impacted
- A drop in sales/revenue from reputational damage
- Loss of trust from existing customers, impacting loyalty and lifetime value
- Reduced company stability
As you can see, non-compliance has various consequences, many of which interlink and can impact your company in a domino effect. With a good and professional payment service provider, you can easily overcome these challenges.
How can a payment service provider like Fibonatix support your business in meeting its payments compliance requirements?
There are various factors and traits that make certain PSPs more suitable than others for supporting subscription-based businesses with compliance. Below we outline the main ones you should consider.
Vast experience of working for businesses with a subscription model
Payment regulations and processes involved in running a subscription-based business are nuanced. Introducing loyalty schemes, upsells, price updates or product/service updates can mean payment processes need to be adjusted, and this can leave you exposed to risk and compliance issues.
At Fibonatix, we work with countless businesses with a subscription model, across an array of industries, from dating and gaming to nutraceuticals and digital goods and services. We understand the sectors and intricate needs of more complex business models, offering payment expertise, industry use cases and insights, plus strategic support. Our experts can assess your current set-up, audit your procedures and implement tools, processes and training to ensure your business can manage, monitor and optimise compliance.
Customised solutions to meet your business needs
Although we provide an advanced payment gateway, extensive payment processing capabilities and a robust billing system, including automated rebill and seamless recurring billing, Fibonatix is more than just a tech solution provider for payments.
We go above and beyond to ensure your immediate and future success. How do we do this? We listen and work closely with you to fully understand your audience, market and vision, offering bespoke payment solutions to meet your unique needs and providing the most suitable solutions and guidance.
From a compliance perspective, Fibonatix can provide you with a roadmap for understanding and meeting your regulatory obligations, implement processes that ensure your payment card industry compliance requirements are met and offer ongoing support to reduce the chances of breaches occurring.
A strong risk management department
Risk management and compliance are closely linked. There are both tangible and perceived risks associated with subscription-based businesses and payment rules. This can result in companies with a subscription model encountering complications with payment processing and apprehension from certain payment service providers or card issuers, etc. Also, subscription services can incur a high volume of chargebacks, impacting reputation, account stability and revenue.
Fibonatix has dedicated risk management experts and services available to manage and mitigate risks and identify potential compliance gaps and regulatory issues and restrictions that require adjustments, enhanced tools and resources, and failsafes to be implemented to improve your capabilities for meeting payment card industry compliance requirements.
We have the risk appetite to meet your needs, where other payment service providers may not – due to the nature of your business and the restrictions or complexities involved.
Accreditations, partnerships and security protocols
It’s important to ensure your business and its payment service provider has adequate security tools and accreditations that can fulfil payment card industry compliance obligations and meet the highest standards of protection. Certain factors, including your volume of card transactions, can see your business characterised at a certain level according to PCI DSS, and this means your compliance requirements vary. You need to understand these subtleties in the rules.
Fibonatix provides PCI DSS-compliant payment solutions and guidance, and we’re 3D-Secure V2 authorised. This means we can also enable tokenisation for subscription payment processing, which helps to prevent sensitive customer data from being exploited or compromised.
We also have various partnerships with advanced payment tech providers that help to bolster payments compliance and minimise risks. For example, our integrations with chargeback prevention tools enable us to reduce chargeback risks by over 50%.
As mentioned, we’re not just a payments gateway provider that facilitates fast and secure payment processing. We’re an expert advisory resource for your business and we provide ongoing and highly responsive support, to tackle any technical issues you encounter and resolve key challenges.
In terms of regulatory obligations and concerns, we can help you prevent breaches, manage risks and future-proof your payments compliance capabilities for ongoing rule changes. You’ll need to be ready to evidence compliance, for any requests from regulators and auditors, and we can prepare and enable you to confidently demonstrate compliance in the required timeframes and format.
Getting started with Fibonatix
If you’d like to learn more about how Fibonatix can support your business with its payment card industry compliance requirements, risk management and process optimisation, check out our subscription payments solutions page and book an exploratory meeting with our team.
Fibonatix is a leading global payment service provider offering bespoke payment solutions and supporting services for merchants. We’re FCA regulated, with offices in the UK, Germany and Israel, and we have vast experience working with subscription-based companies. Let us empower your businesses with cutting-edge payments processing tools and dedicated support and advice.