In This Issue
ProPay Roadshow!!
Merchant Acquirer's Need for Underwriting
ProPay Announces LenderPay
Believe Nothing You Hear and Half of What You See
Quick Links
ProPay White Papers
Join Our Mailing List!

Starting a business isn't as easy as just getting a business license and setting up a merchant account.  Often, people are surprised by some of the complexities involved.  For example, ProPay is often asked about the amount of information needed to get a merchant account.  Why is the information needed and what purpose does it serve?  An article from our Risk Department helps to answer that question.  
Setting up a business online can also seem daunting, particularly in light of some of the recent regulations.  Our legal department summarizes one of the recent state laws pertaining to cybersquatting. 
Due diligence isn't just a requirement for merchant acquirers.  Merchants should also do their research on vendors, partners and, sometimes even clients.  An article from our Data Security and Compliance department imparts a word of caution about self-proclaimed "experts."  
Lastly, we bring some news about ProPay.  The company has announced the date and location of its first Payment Card Security Roadshow.  We're also excited to announce the debut of LenderPay, a service designed for banks, credit unions and other financial institutions that want to offer their members additional options for making loan payments.
As always, please feel free to forward this newsletter to anyone that might be interested. 
The ProPay Team
ProPay Roadshow!!
October 20, 2010; Dallas, Texas

ETA's ISO of the Year and the industry leader in End-to-End Payment Security, credit card processing, electronic payment services, and tokenization has scheduled the first in a series of Payment Card Security seminars designed to provide real world guidance around protecting data while achieving compliance in a more cost effective and efficient manner.  The first session will be held in Dallas, Texas, on October 20, 2010.  To register, visit
Chris Mark, a globally recognized expert in PCI DSS and Payment Security and now ProPay's Executive Vice President, will provide vital information on current PCI DSS issues, data breach trends and the technologies available to combat data thieves and minimize the risk to you and your organization. Among the topics that will be covered during the all-day event are:
  • Data Breach Trends and Examples
  • Standards and Regulations
  • Compliance and Security Strategies
  • The Value of Tokenization and End-to-End Encryption
Attendees are encouraged to bring questions, foster discussion, and generate debate about the issues facing companies as they attempt to protect their business and their customers. For more information on the event, please contact ProPay at: or call (801) 341-5609.
October 20, 2010 in Dallas, Texas
To register for the roadshow please visit
Merchant Acquirers' Need for Underwriting
by Jesse Hutcheon, Underwriting Officer

Why do merchant acquirers need to underwrite new merchants? Why is it important for ProPay to know what merchants sell, how they market their products or services and how they fulfill their client orders? Why does a merchant's credit, cash flow or financial position matter? After all they are not applying for a loan. These are questions that ProPay often receives from new and potential clients.

While merchants are generally not applying for a loan in the traditional sense of the word, there are certainly elements of risk similar to the lending of funds. Since many of the same risks are present in merchant accounts as there are for more traditional loans a similar level of due diligence is needed.
The first example of risk is that a merchant could process a transaction and have the funds in their bank account a few days later. If the buyer is not satisfied with the product or service, never receives the product or service, or for a myriad of other reasons, they can challenge the transactions. This window is typically 120 days, but it can extend beyond that timeframe depending on the card brand, as well as the type of merchant.
This challenge, or chargeback, is issued by the cardholder through the bank or financial institution that issued their credit or debit card. The card brands, such a VisaŽ and MasterCardŽ allow the funds to be taken back from the merchant and given to the cardholder during this dispute process.

A second example of risk that acquirers have to mitigate is a situation in which a merchant gets in arrears with their clients and inventory. The old saying of "Robbing Peter to pay Paul" comes into play. There are instances where a merchant may use proceeds from a sale to fulfill a previous order. This can lead to chargebacks if the merchant continues this practice.
Acquirers use many strategies to mitigate the risks that merchants pose. These include standard underwriting practices such as reviewing the business, website and the owners and/or company's financial positions. Other tactics are the use of a reserve, delayed funding, and spot checking supporting documentation for transactions. These strategies and tactics help keep overall costs down, since losses from chargebacks can lead to increased fees across the board.
It is in the best interest of both parties for the new business relationship to succeed. Merchants should do their homework in picking a processing company. Merchant acquirers should investigate new merchants that apply to make sure they are a good fit. If this process is approached as a foundation to building a strong relationship, not just another burden, then both parties can work towards to a mutually beneficial arrangement.
ProPay Announces LenderPay for Loan Payments
by Dan Urbina, Vice President, Business Development
Until now, borrowers have been quite limited in their ability to make payments to auto and home lenders with their credit or debit card.  Additionally, credit unions and community banks were restricted in their ability to accept payments from credit or debit cards issued by other institutions.  LenderPay is an extension of the powerful ProtectPay suite of services which now allows borrowers to make payments with any piece of "plastic" and allows lenders to accept those payments without requiring the lender to actually handle borrower payment card information.  By leveraging ProtectPay, lenders can accept payment without the additional risk of having third party payment card information or exposing their companies to additional regulatory burdens such as the PCI DSS.
First, it is important to note that lenders do NOT incur any transaction fees.  This is the main reason lenders have not traditionally accepted plastic in the past.  The borrower voluntarily elects to incur the processing fees by paying a flat convenience fee (not a percentage based or tiered fee). This means lenders can accept plastic for FREE.  Accepting credit and debit card payments allows lenders to reduce late payments and provides a convenient method for borrowers to pay.
Most borrowers want to pay with plastic to earn instant loyalty points and travel miles.  Others may want to pay with plastic to extend the payment due date to allow for cash flow reserves. Others may still prefer to use their cards to make payments because of a recent medical or other emergency event that may have exhausted cash or otherwise interrupted the flow of income.  Whatever the reasons, people can and do pay all their bills with their credit and debit cards. In addition, some borrowers simply don't want the hassle of hunting down their routing and account number every month for the sake of making their payments.
To learn more about LenderPay please email or call (801) 341-5642.
New Utah Law Protects Against Cybersquatting
by Tony Allen, Executive Vice President, Corporate Counsel

Utah Governor Gary Herbert recently signed a bill into law that will help Utah-based businesses fight several different nefarious Internet practices. The Utah E-Commerce Integrity Act contains sections that prohibit cybersquatting and creates statutory damages for violations.
Existing federal laws, like the Anticybersquatting Consumer Protections Act ("ACPA"), and domain name policies under the Internet Corporation for Assigned Names and Numbers' dispute resolution policy ("UDRP") address the problem of cybersquatting. The new Utah law, however, provides additional measures that businesses may use to combat cybersquatting.
It creates a remedy in Utah state courts, which may be preferable. ACPA claims generally are brought in federal court. UDRP proceedings, while generally effective, can at times be unpredictable and do not provide for damages.
In addition to allowing a plaintiff to recover court costs and attorney fees, the Utah law allows a plaintiff to also receive statutory damages, which automatically presumed to be $100,000 per domain name in cases where there is a pattern of cybersquatting.
It gives Utah state courts jurisdiction to transfer domain names that infringe marks that are protected only in Utah, even when cybersquatting may be outside the court's jurisdiction.
The sections of the law related to cybersquatting took effect on May 11, 2010. The rest of the law took effect on July 1, 2010.

Believe Nothing You Hear and Half of What You See
Chris Mark, Executive Vice President, Data Security and Compliance
Since about 2005 the payment card security space has seen an increase in self-proclaimed PCI DSS and other 'experts'.   It seems that every merchant, gateway, processor, or consultant now has some form of 'expertise' on the PCI DSS and other standards.  Unfortunately, some companies find out after a data compromise or other security breach that the information they were provided is less than expert.   As data security continues to increase in focus, it is apparent that more and more 'experts' will appear on the horizon with a goal of selling their products or services. 
Expertise is gained through education and/or experience.  Most would likely agree that experience is more important than education alone, although education can supplement experience or make experience more meaningful at times.  When considering a company and their experience, it is often necessary to do a bit of amateur sleuthing.  From where does the expertise originate?  If a person or company is claiming expertise on the PCI DSS and has never worked as a Qualified Security Assessor (QSA), been employed by a major card brand or worked on development of the standards it is difficult to understand how they can have expertise.  Is the expertise based upon real world experience?  It is easy to read and book and make proclamations about various controls but has the person or company ever actually worked with an organization on implementing the controls?  Again, real world experience is necessary to claim expertise. 
While this is not a comprehensive discussion on payment card expertise, it is intended to provide insight that will allow companies to protect themselves.  While bad advice on an account may cause a sales executive to lose a client, bad advice in data security can have very real, expensive, and deep reaching implications.  For this reason it is important to understand the expertise of the company with which you are considering doing business.
Upcoming ProPay Events
ProPay Launches ProPay Mobile Web Interface for Credit and Debit Card Processing

ProPay is pleased to announce that it has launched ProPay Mobile ( ) a Web interface that enables credit and debit card payment processing on any smartphone with an active data plan. Merchants with a smartphone and a ProPay Account can now process credit and debit card transactions virtually anytime, anyplace.
ProPay Mobile is automatically available to all ProPay merchants. Merchants can log-in to, with their ProPay credentials, and begin processing payments, check account balances, or move funds.
ProPay Mobile enables merchants to accept credit or debit card payments anywhere their smartphone's can connect to With ProPay Mobile merchants can:

ˇ         Process credit or debit cards in real time

ˇ         Transfer funds from their ProPay accounts to a validated bank account

ˇ         View account balances, transactions in process, and total monthly amount processed

DISCLAIMER:  ProPay, Inc. provides this newsletter only for general information or educational purposes.  Nothing herein should be relied upon without seeking the advice of an attorney or other professional appropriate to the subject matter.  While ProPay, Inc. strives to ensure information in this newsletter is accurate and current, ProPay, Inc. does not guarantee or represent that the information is correct, complete, or up-to-date; nor shall ProPay, Inc. be liable for any indirect, incidental or consequential damages (including lost data, information or profits) sustained or incurred in connection with the use of, operation of, or reliance upon any information contained in this newsletter.